Whonix ®

Download

Windows Linux Mac VirtualBox KVM Qubes USB ISO (coming soon) More options Source Code

About

Overview Features Whonix vs VPNs Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Debugging Dante. Used in context of Template:Tor_Browser_Remove_Proxy_Settings.

General Connectivity Test[edit]

1. Check if TCP is functional.

• without DNS:
  • The following command uses an IP address 116.202.120.181.
  • UWT_DEV_PASSTHROUGH=1 curl --tlsv1.3 --proto =https -H 'Host: check.torproject.org' -k https://116.202.120.181/api/ip

2. Check if DNS + TCP is functional.

• with DNS:
  • The following command uses a hostname check.torproject.org.
  • UWT_DEV_PASSTHROUGH=1 curl --tlsv1.3 --proto =https https://check.torproject.org/api/ip

Dante Connectivity Test[edit]

1. Check dante socks server without authentication using curl (non-uwt version).

UWT_DEV_PASSTHROUGH=1 curl --tlsv1.3 --proto =https --proxy socks5h://127.0.0.1:9150 https://check.torproject.org/api/ip

2. Check dante socks server with authentication using curl (non-uwt version).

UWT_DEV_PASSTHROUGH=1 curl --tlsv1.3 --proto =https --proxy socks5h://x:y@127.0.0.1:9150 https://check.torproject.org/api/ip

Both commands are functional. It seems that curl negotiates socks authentication method none even if given a socks username and password.

DNS[edit]

/etc/resolv.conf[edit]

Maybe issue. Maybe not.

vpn-ed-anon-whonix /etc/resolv.conf might require same DNS settings as sys-vpn (Qubes VPN-Gateway) /etc/resolv.conf.

1. Look at /etc/resolv.conf in sys-vpn

2. Use the same config for /etc/resolv.conf in vpn-ed-whonix-gw-16 Template.

Tor Browser Error Messages[edit]

Hmm. We’re having trouble finding that site.

Indicates broken DNS.

Dante[edit]

Check Dante Log for DNS Issues[edit]

sudo journalctl -u danted | grep -i DNS-resolve

Why is a Modification of Dante required?[edit]

Tor Browser however does not seem to negotiate at the socks protocol level.

sudo journalctl -f --output cat | grep --invert-match kernel

Sep 25 22:35:49 (1664145349.839004) danted[5755]: debug: recv_clientrequest(): initiating negotiation with client at 127.0.0.1.47726 which connected to us on 127.0.0.1.9150
Sep 25 22:35:49 (1664145349.839025) danted[5755]: debug: recv_methods(): client 127.0.0.1.47726 offered 1 authentication method: 0x2 (username)
Sep 25 22:35:49 (1664145349.839029) danted[5755]: debug: recv_methods(): socksmethod to use not set, selecting amongst the following 1 method: none
Sep 25 22:35:49 (1664145349.839031) danted[5755]: debug: recv_methods(): sending authentication reply: VER: 5 METHOD: 255 (<no acceptable method>)
Sep 25 22:35:49 (1664145349.839092) danted[5755]: debug: run_negotiate(): recv_clientrequest() from client 127.0.0.1.47726 returned 1, errno is 0 (no error)

When using socksmethod: none username:

Sep 25 22:44:38 (1664145878.640687) danted[7218]: debug: accesscheck(): no match for authentication: could not access user "torproject.org"'s records in the system password file: no system error

Tor Browser does not seem to fall back to using no socks user name. While dante would allow using the socks proxy without authentication, dante still prohibits Tor Browser because Tor Browser unnecessarily attempts to to set a socks user name.

(Tor Browser by default sets the top level domain name as socks user name for the purpose of stream isolation (IsolateSOCKSAuth).)

Whonix The most watertight privacy operating system in the world.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Whonix is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!