Whonix network
249 views
Skip to first unread message
Franz
Dec 28, 2015, 8:19:38 PM12/28/15
to qubes...@googlegroups.com
Hello
recently upgraded form R2 to R3.1 default with Whonix. Actually during boot Whonix tells that it connected to tor. I understand Whonix introduces some anonymity (even if my external IP is just the same as from another machine connected to the same router) and some other security improvement (that are non very clear to me, but it does not matter much).Fran
donoban
Dec 30, 2015, 5:11:45 AM12/30/15
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
El 29/12/15 a las 02:19, Franz escribió:
lot of timeouts doing bootstrap. At 5,6 or n try it finally connected
but then the speed was very slow. Frustrating.
I was running tor browser after coming to Qubes, then installed torvm
on my first day on Qubes without any problem and running good speed.
So it is sick when Whonix complains about my ISP, or similar...
I am using torvm now but I suppose that Whonix have some advantages,
specially since ITL announced official support. I can help with logs
and debug if someone is interested.
Regards.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWg63VAAoJEBQTENjj7QilZh0P/0+xG48F0LsnJR1fUlta4a3o
Zpm0m7WtQ20lJX7HJfuotywIIlGW54AbAo2+5hluPi8mKXsnlPedkAEjdZUG4bMV
MZZJxKh0zOW8pBhJG3QX4tUxXwVZ6DGlYor5LMH3HrspPJPRNHjHGmu6z3MXnJci
tpfI3zuVNI9AI42pyDh0+/7PV5dmijUnxNglE/E2RL0FH+bqbMqNtmmlKiYbL1lt
A9NszwmQ03Ech696G4/gWn5hrXzUfEtcRRjuKZdCF1/w2M7x4A4xz5uRUxhoMySD
YhmR+1W4NR94zkNxiNKFRtfK9TWObWtEZolWu0jzdzLvZL9rm5Vl8Hk36kZIZvJH
gp6HPm8HwtgcmkeszOpG2UCY1XDHyTMEcBeW45xAVU2o/rqm5aln2HyQ7KJcSxQm
jPmz8vhXJG3ibCU5HEkWVtS3WCncvYm67w1NUrPcFleIKzcGYfmtMUmvpwMGj6l/
k82t3JgwqIuCPBHYlVgQCZB5hQw92kkMpEzOvol2fD1etn6eeLHEBqVuu8+A+PA6
eJ73Av59OLY7m0aqA6dKtJV1bQsGy9YPckHJ5Z30qj1h9b6/wfdr529T3pQJGzaB
irnWk73odiIAZEzura9AiqZCmIrUJj8HD+TWSOWNyOnaCG9OZN7QytwfhWUEjn8/
PWZ5BY9W+IeLCYKyyxaA
=UBSl
-----END PGP SIGNATURE-----
Hash: SHA1
El 29/12/15 a las 02:19, Franz escribió:
> Hello recently upgraded form R2 to R3.1 default with Whonix.
> Actually during boot Whonix tells that it connected to tor. I
> understand Whonix introduces some anonymity (even if my external IP
> is just the same as from another machine connected to the same
> router) and some other security improvement (that are non very
> clear to me, but it does not matter much).
>
> Anyway, I noted also a decrease in speed, in particular Firefox
> seems less snappy. It takes more time to starting to load pages.
> Also I am unable to print to the network printer that worked under
> R2. The printer makes the usual noise for input received, but no
> paper gets out, even if it works with another Ubuntu computer.
>
I also had a very bad experience with Whonix (and Qubes 3.0), I had a
> Actually during boot Whonix tells that it connected to tor. I
> understand Whonix introduces some anonymity (even if my external IP
> is just the same as from another machine connected to the same
> router) and some other security improvement (that are non very
> clear to me, but it does not matter much).
>
> Anyway, I noted also a decrease in speed, in particular Firefox
> seems less snappy. It takes more time to starting to load pages.
> Also I am unable to print to the network printer that worked under
> R2. The printer makes the usual noise for input received, but no
> paper gets out, even if it works with another Ubuntu computer.
>
lot of timeouts doing bootstrap. At 5,6 or n try it finally connected
but then the speed was very slow. Frustrating.
I was running tor browser after coming to Qubes, then installed torvm
on my first day on Qubes without any problem and running good speed.
So it is sick when Whonix complains about my ISP, or similar...
I am using torvm now but I suppose that Whonix have some advantages,
specially since ITL announced official support. I can help with logs
and debug if someone is interested.
Regards.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWg63VAAoJEBQTENjj7QilZh0P/0+xG48F0LsnJR1fUlta4a3o
Zpm0m7WtQ20lJX7HJfuotywIIlGW54AbAo2+5hluPi8mKXsnlPedkAEjdZUG4bMV
MZZJxKh0zOW8pBhJG3QX4tUxXwVZ6DGlYor5LMH3HrspPJPRNHjHGmu6z3MXnJci
tpfI3zuVNI9AI42pyDh0+/7PV5dmijUnxNglE/E2RL0FH+bqbMqNtmmlKiYbL1lt
A9NszwmQ03Ech696G4/gWn5hrXzUfEtcRRjuKZdCF1/w2M7x4A4xz5uRUxhoMySD
YhmR+1W4NR94zkNxiNKFRtfK9TWObWtEZolWu0jzdzLvZL9rm5Vl8Hk36kZIZvJH
gp6HPm8HwtgcmkeszOpG2UCY1XDHyTMEcBeW45xAVU2o/rqm5aln2HyQ7KJcSxQm
jPmz8vhXJG3ibCU5HEkWVtS3WCncvYm67w1NUrPcFleIKzcGYfmtMUmvpwMGj6l/
k82t3JgwqIuCPBHYlVgQCZB5hQw92kkMpEzOvol2fD1etn6eeLHEBqVuu8+A+PA6
eJ73Av59OLY7m0aqA6dKtJV1bQsGy9YPckHJ5Z30qj1h9b6/wfdr529T3pQJGzaB
irnWk73odiIAZEzura9AiqZCmIrUJj8HD+TWSOWNyOnaCG9OZN7QytwfhWUEjn8/
PWZ5BY9W+IeLCYKyyxaA
=UBSl
-----END PGP SIGNATURE-----
Tim W
Dec 30, 2015, 6:03:12 AM12/30/15
to qubes-users
Not sure about differences between regular Torvm and Whjonix but there is no question what so ever that any tor connection will almost always be a good bit slower than your connection directly thru your ISP. Its having to make numerous jumps many of which can be between very large and physically distanced networks. Not to mention the effects of the throughput of different tor relays and exits. With the cycling of connections the speed can also fluctuate thru even one session. Bu that is the cost of encrypted anonymity network especially when you have numerous people misusing it to stream content etc. Not to mention if more people would help and add their own relays the issue would resolve itself quickly. When you see the connections speed people have in their homes these days or that people piggy back off of others (most without consent i.e stealing) you would think the least they could do is help by throwing up a relay which could be setup on a PC that most could likely get for free. Hell most home routers have enough power and memory to host one without an issue if there were configs.
donoban
Dec 30, 2015, 6:29:26 AM12/30/15
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
El 30/12/15 a las 12:03, Tim W escribió:
Hash: SHA1
> Not sure about differences between regular Torvm and Whjonix but
> there is no question what so ever that any tor connection will
> almost always be a good bit slower than your connection directly
> thru your ISP.
I am not comparing my speed with direct connection and also is very
> there is no question what so ever that any tor connection will
> almost always be a good bit slower than your connection directly
> thru your ISP.
rare that Whonix timeouts during bootstrap (a 180secs timeout or
similar) while Torvm and tor browser start very fast.
I will try later and post what happens, I have not tried again since I
installed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWg8APAAoJEBQTENjj7QilSZ4QAKxus0fDC7blil05vtPngvuD
Version: GnuPG v1
gWVlJl3XOgXDds8isDP0unW8rrbmSJbYYol2nbRIqFdKZDKaguFP6H1RtCPD0F5L
BVNVIHfqZ52s0SqxsU1qRVeCq+7v3Mz+ZGh5HeBUX+5MRViwJkQp8bJQvBtwx2IX
4NHm8Il+3nI8KwPuDNTZPrJL9oQMWC03vk+ExtSRWrNJ1gdyWZVMF9JXXo6GDurt
w9sEm0N2rvjq1JdBwrq5uKvcOniDlwnGOzkZMaGOvNVsh83e1oAZBc9B6rFcNTAr
QpyC906UaEIwVJvCD2QY//d0u4rtTvhhw2wk4zZKnFvemwrNaaaldFBcGNWYEh+2
KCt+Lfht8dSCqsEQSV6geN92RGUeu81SI8ISUxIkj6jPsoukCzElqtnmWX9So/pq
9d//sEVOSKXR7oLpubMC7cY+kJAUhObA6B5OsCn7Ak3iTvlM6qHtC+epsQsIVxiI
nyF7AOxIlXVKkjqG/fg8Ex7/8KP0mXc3niLOB2OJAYxP7Zv7Y4FiSgELp/e2NLvU
I1fPiBc65967s+fUbb/PHPm9t9WjPw0guGjQmgCZBq9Vw38TAX1OnTDYzDNwUwTm
ZD/UV8f7sQ1wlwvphz0pW99MtVfB8JexkCGtjrgswocBuhPP8Zf5cDzGnKQR19gh
PpKEFt3BIKoKEH/dm3M3
=Wz69
-----END PGP SIGNATURE-----
Franz
Dec 30, 2015, 9:58:33 AM12/30/15
to donoban, qubes...@googlegroups.com
On Wed, Dec 30, 2015 at 8:29 AM, donoban <don...@riseup.net> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
El 30/12/15 a las 12:03, Tim W escribió:
> Not sure about differences between regular Torvm and Whjonix but
> there is no question what so ever that any tor connection will
> almost always be a good bit slower than your connection directly
> thru your ISP.
I am not comparing my speed with direct connection and also is very
rare that Whonix timeouts during bootstrap (a 180secs timeout or
similar) while Torvm and tor browser start very fast.
I will try later and post what happens, I have not tried again since I
installed.
Thanks to all for these remarks.
Investigating a little bit more, found that in my default installation sys-whonix automatically starts at startup, but does not seems connected to the network flow that follows the same route as R2 particularly applVM -> sys-firewall -> sys-net. So if nothing seems to go through sys-whonix, why sys-whonix gets default started at all?
Well there should be a reason, obviously I'm missing something and hopefully someone may explain that. It may be that it gets default started to give me an impulse to assign sys-whonix as netVM on some of my applVM? Well, just wondering.
Best
Fran
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWg8APAAoJEBQTENjj7QilSZ4QAKxus0fDC7blil05vtPngvuD
gWVlJl3XOgXDds8isDP0unW8rrbmSJbYYol2nbRIqFdKZDKaguFP6H1RtCPD0F5L
BVNVIHfqZ52s0SqxsU1qRVeCq+7v3Mz+ZGh5HeBUX+5MRViwJkQp8bJQvBtwx2IX
4NHm8Il+3nI8KwPuDNTZPrJL9oQMWC03vk+ExtSRWrNJ1gdyWZVMF9JXXo6GDurt
w9sEm0N2rvjq1JdBwrq5uKvcOniDlwnGOzkZMaGOvNVsh83e1oAZBc9B6rFcNTAr
QpyC906UaEIwVJvCD2QY//d0u4rtTvhhw2wk4zZKnFvemwrNaaaldFBcGNWYEh+2
KCt+Lfht8dSCqsEQSV6geN92RGUeu81SI8ISUxIkj6jPsoukCzElqtnmWX9So/pq
9d//sEVOSKXR7oLpubMC7cY+kJAUhObA6B5OsCn7Ak3iTvlM6qHtC+epsQsIVxiI
nyF7AOxIlXVKkjqG/fg8Ex7/8KP0mXc3niLOB2OJAYxP7Zv7Y4FiSgELp/e2NLvU
I1fPiBc65967s+fUbb/PHPm9t9WjPw0guGjQmgCZBq9Vw38TAX1OnTDYzDNwUwTm
ZD/UV8f7sQ1wlwvphz0pW99MtVfB8JexkCGtjrgswocBuhPP8Zf5cDzGnKQR19gh
PpKEFt3BIKoKEH/dm3M3
=Wz69
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5683C00F.4030000%40riseup.net.
For more options, visit https://groups.google.com/d/optout.
Tim W
Dec 30, 2015, 10:05:08 PM12/30/15
to qubes-users, don...@riseup.net
Oh I know you were note I was speaking about Francesco. Maybe I misread it but it seemed he was comparing it to a open net connection. Your issues are something different and I got that. I think I have only had one time in the last couple months that bootstrap failed but it worked the next try but that was about 30min -1hr later.
Franz
Dec 31, 2015, 9:33:49 PM12/31/15
to Tim W, qubes-users, donoban
I found out why sys-whonix is default started. It is because there is an anon-whonix which uses sys-whonix as netVM. So it is clear now.
Best
Fran
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/53349a6a-26cf-40d9-8686-b691b93cc97c%40googlegroups.com.
George Angwin
Jan 1, 2016, 5:45:10 AM1/1/16
to qubes-users
I had a lot of timeouts (9/10 tries) connecting through my ISP. Trying to update the whonix templates was almost impossible.
After setting the sys-whonix NetVM to my VPN ProxyVM, connection to TOR takes less than 10 seconds and never had timeouts.
Tim W
Jan 1, 2016, 10:52:01 PM1/1/16
to qubes-users
You got to luv when you rISP states they give you open net access then block or greatly limit bandwidth for any tor connections.
raah...@gmail.com
Jan 3, 2016, 6:14:38 PM1/3/16
to qubes-users
wow thats crazy, if your ip is blocking or throttling tor, I hope thats not the future.
I have had similar issues, with torvm starting super fast and whonix gw taking forever. Turns out in the end though it was my router filtering ports. Giving the computer ip full access fixed all my issues with whonix bootstrap, not sure why whonix had a problem with that but torvm didnt seem to. Maybe it's a testament as to why whonix is a little more secure it complains if it doesnt' work the way it thinks it should, because it was actually in my best interest to allow the more ports for better anonymity. At first i thought it was the guard nodes i was sometimes connecting to in my area, then I blamed whonix, but seems it was on my end all along.
Tim W
Jan 12, 2016, 3:12:55 AM1/12/16
to qubes-users, raah...@gmail.com
wow thats crazy, if your ip is blocking or throttling tor, I hope thats not the future.
I have had similar issues, with torvm starting super fast and whonix gw taking forever. Turns out in the end though it was my router filtering ports. Giving the computer ip full access fixed all my issues with whonix bootstrap, not sure why whonix had a problem with that but torvm didnt seem to. Maybe it's a testament as to why whonix is a little more secure it complains if it doesn't' work the way it thinks it should, because it was actually in my best interest to allow the more ports for better anonymity. At first i thought it was the guard nodes i was sometimes connecting to in my area, then I blamed whonix, but seems it was on my end all along.
Its great that was not the case for you but I have without a doubt seen ISP throttle Tor connections. I also see plenty of sites that give your grief but that is more abuse of a given exit node. Take signing up for a email account. I literally can not with google thru some exit nodes. Even when I answer the captca correctly it still says sorry no go. With Tutanota if I connect without tor I can create a account and login immediately. If I create thru tor it has a hold to wait for manual authorization activation which they state is 24hr but I have had to wait days before. But I do get it. Its not their fault so many POS abuse Tor to send spam and botnets etc.. They have to after all protect themselves.
but its a small price to pay for more security/anonymity. Getting ready to finally setup my vpn>tor>vpn stack this week. I have had it on vb but not on qubes up to this point.
donoban
Jan 12, 2016, 7:12:31 AM1/12/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hash: SHA1
impossible to get whonnix working, but on the laptop it works like a
charm (I thought that was due Qubes 3.1 version). Moreover, both
desktop and laptop are cable connected to same router :\
I am gonna investigate router configuration and try with another IP.
If someone is interested I have attached the tor log of a non working
state.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWlO2gAAoJEBQTENjj7QilxecP/3Wv0Fc6Ra/36iHBZ/eSXoAW
Version: GnuPG v1
i6HZXDp9+XjQD13BeMMFJUcAHipV3sY5ZC97Epti4cGcnV9V0xf5TFnmFhQ0AN9v
46FXund4svIwM7zqXQsDlYTp7AOARLOiQEeXHwunl2Ik6oKvJgJSu3OM+gV303co
6C/Wlu5GYXczjcCqMwMZoljk0RFhnFYF5e9pNmYvDKw3G6ff7NYMasHlptB3dk/G
lKyMTKBi8R3XZz9STaCIqBof+Ix7atbHNlHg4lYJtgkZdI482C17fqPnXDtmlEHt
d9GJIWNdxp/udGma+bd8CUy2fLYKsTdtDKP0z634NL2m9hQxj9t2ZuRFwWQLoyWt
o8OfnYN49YlMhD3ZK8US4HXAoE51DXR0sK1unro1Kw56foddpfSt2uB6l7pd2cTz
LQS9OqjuUnW4oge8KcmAAUqnU+OqkpWXQlWgfo1R89JF1lnWPIxeSgRA4MmANoJ6
jp2GUGCKa/zyCVNWAluhEI5ezRPZw7IOuAqFr363wqULEBCda1nkMGJ0fr245o0v
zfoVcpYMYkPUZlAuePBitNlIxp2strZZH1WQoEyvE1pFQsiRwD0EO1NlmtuIsFaV
Bc17ukzg8X47BoNO3N4YqG9fwcVJD9lSLFGrH1lUFwRF1g8Xn/1mSz/FyCg38O5D
P7yazSiHyNktHbiNuDpX
=kLYJ
-----END PGP SIGNATURE-----
Patrick Schleizer
Jan 20, 2016, 11:17:26 AM1/20/16
to qubes...@googlegroups.com
Franz:
result in that NetVM being started.
So in your case likely anon-whonix was set to auto start which resulted
in sys-whonix being autostarted also.
Cheers,
Patrick
> On Thu, Dec 31, 2015 at 12:05 AM, Tim W <timw...@gmail.com> wrote:
>
>>
>>
>> On Wednesday, December 30, 2015 at 6:29:26 AM UTC-5, donoban wrote:
>>>
>
> El 30/12/15 a las 12:03, Tim W escribió:
>>>>> Not sure about differences between regular Torvm and Whjonix but
>>>>> there is no question what so ever that any tor connection will
>>>>> almost always be a good bit slower than your connection directly
>>>>> thru your ISP.
>
> I am not comparing my speed with direct connection and also is very
> rare that Whonix timeouts during bootstrap (a 180secs timeout or
> similar) while Torvm and tor browser start very fast.
>
> I will try later and post what happens, I have not tried again since I
> installed.
>>>
>>
>
>>
>>
>> On Wednesday, December 30, 2015 at 6:29:26 AM UTC-5, donoban wrote:
>>>
>
> El 30/12/15 a las 12:03, Tim W escribió:
>>>>> Not sure about differences between regular Torvm and Whjonix but
>>>>> there is no question what so ever that any tor connection will
>>>>> almost always be a good bit slower than your connection directly
>>>>> thru your ISP.
>
> I am not comparing my speed with direct connection and also is very
> rare that Whonix timeouts during bootstrap (a 180secs timeout or
> similar) while Torvm and tor browser start very fast.
>
> I will try later and post what happens, I have not tried again since I
> installed.
>>>
>>
>> Oh I know you were note I was speaking about Francesco. Maybe I misread
>> it but it seemed he was comparing it to a open net connection. Your issues
>> are something different and I got that. I think I have only had one time
>> in the last couple months that bootstrap failed but it worked the next try
>> but that was about 30min -1hr later.
>>
>>
>>
> I found out why sys-whonix is default started. It is because there is an
> anon-whonix which uses sys-whonix as netVM. So it is clear now.
> Best
> Fran
Generally speaking, any VM that [auto] starts that uses some NetVM will
>> it but it seemed he was comparing it to a open net connection. Your issues
>> are something different and I got that. I think I have only had one time
>> in the last couple months that bootstrap failed but it worked the next try
>> but that was about 30min -1hr later.
>>
>>
>>
> I found out why sys-whonix is default started. It is because there is an
> anon-whonix which uses sys-whonix as netVM. So it is clear now.
> Best
> Fran
result in that NetVM being started.
So in your case likely anon-whonix was set to auto start which resulted
in sys-whonix being autostarted also.
Cheers,
Patrick
Patrick Schleizer
Jan 20, 2016, 11:23:30 AM1/20/16
to qubes...@googlegroups.com
raah...@gmail.com:
and sorted out for other users with similar issues.
Which ports did your router filter? Some outgoing ports besides 80 and
443? Did you mean 'filter' in it's usual meaning like dropping [not
rejecting] packages on these ports? Or did it reduce the network speed
on these ports?
Why was your router filtering these ports in the first place? Did you
set these that filtering? Or was it a default setting?
Incoming ports / port forwardings are not required. If clearing those
helped, that would be really strange.
> not sure why whonix had a problem with
> that but torvm didnt seem to.
Perhaps because it picked Tor entry guards on ports that were not
limited by your router by chance.
Cheers,
Patrick
> I have had similar issues, with torvm starting super fast and whonix
> gw taking forever. Turns out in the end though it was my router
> filtering ports. Giving the computer ip full access fixed all my
> issues with whonix bootstrap,
Can you please elaborate on this? It would help getting this documented
> gw taking forever. Turns out in the end though it was my router
> filtering ports. Giving the computer ip full access fixed all my
> issues with whonix bootstrap,
and sorted out for other users with similar issues.
Which ports did your router filter? Some outgoing ports besides 80 and
443? Did you mean 'filter' in it's usual meaning like dropping [not
rejecting] packages on these ports? Or did it reduce the network speed
on these ports?
Why was your router filtering these ports in the first place? Did you
set these that filtering? Or was it a default setting?
Incoming ports / port forwardings are not required. If clearing those
helped, that would be really strange.
> not sure why whonix had a problem with
> that but torvm didnt seem to.
limited by your router by chance.
Cheers,
Patrick
Franz
Jan 20, 2016, 4:04:45 PM1/20/16
to Patrick Schleizer, qubes...@googlegroups.com
Patrick:
Not exactly. anon-whonix is NOT set to auto start, but sys-whonix is autostarted just the same.
Best
Fran
Cheers,
Patrick
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/569FB30F.9020705%40whonix.org.
c6dl...@gmail.com
Jan 21, 2016, 3:49:16 AM1/21/16
to qubes-users, patrick-ma...@whonix.org
What do u mean with:
"Not exactly. anon-whonix is NOT set to auto start, but sys-whonix is autostarted just the same. "
How can I prevent that sys-whonix is auto starting then?
Uncheck mark doesn't seem to work
Tim W
Jan 21, 2016, 4:06:43 AM1/21/16
to qubes-users, patrick-ma...@whonix.org, c6dl...@gmail.com
are you running Qubes 3.0 or 3.1?
I am running 3.1 fully updated as well is the whonix templates. I just tried unchecking sys-whoinix and it did not start when I restarted my system. So something must be wrong with your setup.
Maybe try unchecking another autostart VM like FW or net and see if with a reboot they start or not. That will narrow it to one vm or a broader issue.
c6dl...@gmail.com
Jan 21, 2016, 4:49:31 AM1/21/16
to qubes-users, patrick-ma...@whonix.org, c6dl...@gmail.com
3.1
After setup I choose the option to route all traffic through tor
Maybe this option does something within a config file that the VM is always running? :) .. sound logical
Don't know where.. because the checkmark only is not enough.
Frank Schäckermann
Jan 21, 2016, 4:57:21 AM1/21/16
to qubes-users
On 21.01.2016, at 10:06, Tim W timwelter-at-gmail.com |qubes-mailing-list/Example Allow| <treah...@sneakemail.com> wrote:
On Thursday, January 21, 2016 at 3:49:16 AM UTC-5, c6dl...@gmail.com wrote:What do u mean with:"Not exactly. anon-whonix is NOT set to auto start, but sys-whonix is autostarted just the same. "
How can I prevent that sys-whonix is auto starting then?
Uncheck mark doesn't seem to work
Maybe you have sys-whonix set as your updareVM in QubesManager -> System -> Global Settings?!? To my knowledge that will also autostart the VM.
are you running Qubes 3.0 or 3.1?
I am running 3.1 fully updated as well is the whonix templates. I just tried unchecking sys-whoinix and it did not start when I restarted my system. So something must be wrong with your setup.
Maybe try unchecking another autostart VM like FW or net and see if with a reboot they start or not. That will narrow it to one vm or a broader issue.
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/637965ba-32b2-414f-8638-6ea89141d221%40googlegroups.com.
Franz
Jan 21, 2016, 6:25:32 AM1/21/16
to Tim W, qubes-users, Patrick Schleizer, c6dl...@gmail.com
Qubes 3.1, but the issue is a little different. I was replying to Patrick who wrote:
"So in your case likely anon-whonix was set to auto start which resulted
in sys-whonix being autostarted also."
"So in your case likely anon-whonix was set to auto start which resulted
in sys-whonix being autostarted also."
So Patrick was writing about anon-whonix being set to autostarted and sys-whonix being autostarted just for that. But from Tim reply it seems this is relevant only if sys-whonix is NOT set to autostart.
In other words, resuming all that it seems there is no reason that in a default installation sys-whonix is already set to autostart, because when you start anon-whonix sys-whonix automatically starts. So there is no way that a user may get blocked. But having sys-whonix automatically autostarted may give memory problems on low memory machines of users that do not understand all these intricacies.
Best
Fran
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/637965ba-32b2-414f-8638-6ea89141d221%40googlegroups.com.
Tim W
Jan 22, 2016, 12:44:41 AM1/22/16
to qubes-users, timw...@gmail.com, patrick-ma...@whonix.org, c6dl...@gmail.com
That all sounds correct. If the anon-whonix is set to autorun of course thw syswhonix will start as there is a dependency there. But if you have chosen to have whonix installed during qubes install (but without all traffic to be routed thru tor) it is set to auto start but you can uncheck the autostart and it will no longer auto start. But if you choose the same but also have chosen the option to route all traffic thru tor it seems there is another dependency that is still starting syswhonix. As I did not have this last config I can not test it but I would be looking at the global settings for net-vm field as I think that would cause it to auto load as Frank mentioned.
Cheers,
Tim
Message has been deleted
c6dl...@gmail.com
Jan 22, 2016, 4:03:09 AM1/22/16
to qubes-users, timw...@gmail.com, patrick-ma...@whonix.org, c6dl...@gmail.com
Hi Tim,
Indeed, I choose the option to route all traffic thru tor,
so no matter what I do.. sys-whonix is always starting automatic :)
Indeed, I choose the option to route all traffic thru tor,
so no matter what I do.. sys-whonix is always starting automatic :)
I'm looking forward if you find something!
I'm also doing some research in this..
If I do the approach from the other side:
During install I do NOT select: route all thru tor..
How can I accomplish that all traffic is routed thru tor ??
I think it's only a matter to use (for every APPVM) the netVM to be the sys-whonix ?
That's all ?
raah...@gmail.com
Jan 22, 2016, 2:26:45 PM1/22/16
to qubes-users, raah...@gmail.com
For me tor is not about making my personal identity anonymous, but more for making my network anonymous. And i feel taking away things like encryption from people, only hurts honest people, not the criminals and peeping toms. It doesn't stop them, all these services still get just as spammed.
I almost never can even use tor on the oftc irc network which is the network they have their own help channel on lmao. That always cracks me up. And freenode blocked their tor onion address towards the end of last year unfortunately. During the weekend of that paris massacre the public bouncer i used for irc banned me for using tor, even though i was using tor with their service for almost year and notified them I would when i joined cause they didn't have ssl and that i always register on all networks with the same name and they never said it was an issue. I sense big brother on that, but its really everyone, probably pressure from other public networks.
Its hard for tor to get popular and respected when even their own supporters block it hypocritically and never stand up for it. The future of tor seems grim to me. The future of the internet and computers in general do, the POS, as you point out, have taken over and are the biggest voice on the net now and spread such disinformation and complacency.
The internet, and the computer security industry, for me died over 10 years ago.
Marek Marczykowski-Górecki
Jan 22, 2016, 2:39:01 PM1/22/16
to c6dl...@gmail.com, qubes-users, timw...@gmail.com, patrick-ma...@whonix.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, Jan 22, 2016 at 01:01:44AM -0800, c6dl...@gmail.com wrote:
> Op vrijdag 22 januari 2016 06:44:41 UTC+1 schreef Tim W:
default netvm. The default netvm is automatically started during system
boot, regardless of its "autostart" property.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWooVMAAoJENuP0xzK19csvfsIAJRzz/O6kNxpT0mj8xg57hYL
zyUQEzLJ/ONFrAO0oVtEmKTFthTUlx7ZjhvylUA1KTZCOG/e3Hxt6l5yyqhQphH2
Bq+grWI1YvMVRT/BFO6mHtOU/eAmyreK0kGrhjFCfDgnrGIS3jcNhTlvm3ZcBNhW
Mh4x/4fOYqMke9NNAr1T0dZl60L7BtMCL3JWsLCfxdmuOGcA4bb3zC9S6iV6A28D
u8pQ6LfQakgx8POZ2NeQ+gcmDQD9Ronbtp+YpJMc6AiMMN4pQFA2KnARwtQ+iP+9
FuOnajkfDk6OuAUH5eNhePo4AhMvGITe9zzg3Zt/WjBcttFPn8IKdcEW8Z59wxM=
=j8SK
-----END PGP SIGNATURE-----
Hash: SHA256
On Fri, Jan 22, 2016 at 01:01:44AM -0800, c6dl...@gmail.com wrote:
> Op vrijdag 22 januari 2016 06:44:41 UTC+1 schreef Tim W:
> > That all sounds correct. If the anon-whonix is set to autorun of course thw syswhonix will start as there is a dependency there. But if you have chosen to have whonix installed during qubes install (but without all traffic to be routed thru tor) it is set to auto start but you can uncheck the autostart and it will no longer auto start. But if you choose the same but also have chosen the option to route all traffic thru tor it seems there is another dependency that is still starting syswhonix. As I did not have this last config I can not test it but I would be looking at the global settings for net-vm field as I think that would cause it to auto load as Frank mentioned.
>
>
> Hi Tim,
> Indeed, I choose the option to route all traffic thru tor,
> so no matter what I do.. sys-whonix is always starting automatic :)
That option (to route all the traffic through tor), makes sys-whonix a
> Indeed, I choose the option to route all traffic thru tor,
> so no matter what I do.. sys-whonix is always starting automatic :)
default netvm. The default netvm is automatically started during system
boot, regardless of its "autostart" property.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWooVMAAoJENuP0xzK19csvfsIAJRzz/O6kNxpT0mj8xg57hYL
zyUQEzLJ/ONFrAO0oVtEmKTFthTUlx7ZjhvylUA1KTZCOG/e3Hxt6l5yyqhQphH2
Bq+grWI1YvMVRT/BFO6mHtOU/eAmyreK0kGrhjFCfDgnrGIS3jcNhTlvm3ZcBNhW
Mh4x/4fOYqMke9NNAr1T0dZl60L7BtMCL3JWsLCfxdmuOGcA4bb3zC9S6iV6A28D
u8pQ6LfQakgx8POZ2NeQ+gcmDQD9Ronbtp+YpJMc6AiMMN4pQFA2KnARwtQ+iP+9
FuOnajkfDk6OuAUH5eNhePo4AhMvGITe9zzg3Zt/WjBcttFPn8IKdcEW8Z59wxM=
=j8SK
-----END PGP SIGNATURE-----
Tim W
Jan 23, 2016, 12:39:17 AM1/23/16
to qubes-users, c6dl...@gmail.com, timw...@gmail.com, patrick-ma...@whonix.org
So to stop it you would have to remove the service from dom0? Then I guess add it back manually when you wanted to connect?
Marek Marczykowski-Górecki
Jan 23, 2016, 11:33:43 AM1/23/16
to Tim W, qubes-users, c6dl...@gmail.com, patrick-ma...@whonix.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On Fri, Jan 22, 2016 at 09:39:17PM -0800, Tim W wrote:
>
>
> On Friday, January 22, 2016 at 2:39:01 PM UTC-5, Marek Marczykowski-Górecki
> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > On Fri, Jan 22, 2016 at 01:01:44AM -0800, c6dl...@gmail.com <javascript:>
>
>
> On Friday, January 22, 2016 at 2:39:01 PM UTC-5, Marek Marczykowski-Górecki
> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > wrote:
> > > Op vrijdag 22 januari 2016 06:44:41 UTC+1 schreef Tim W:
> > > > That all sounds correct. If the anon-whonix is set to autorun of
> > course thw syswhonix will start as there is a dependency there. But if
> > you have chosen to have whonix installed during qubes install (but without
> > all traffic to be routed thru tor) it is set to auto start but you can
> > uncheck the autostart and it will no longer auto start. But if you choose
> > the same but also have chosen the option to route all traffic thru tor it
> > seems there is another dependency that is still starting syswhonix. As I
> > did not have this last config I can not test it but I would be looking at
> > the global settings for net-vm field as I think that would cause it to auto
> > load as Frank mentioned.
> > >
> > > Hi Tim,
> > > Indeed, I choose the option to route all traffic thru tor,
> > > so no matter what I do.. sys-whonix is always starting automatic :)
> >
> > That option (to route all the traffic through tor), makes sys-whonix a
> > default netvm. The default netvm is automatically started during system
> > boot, regardless of its "autostart" property.
>
> > > Op vrijdag 22 januari 2016 06:44:41 UTC+1 schreef Tim W:
> > > > That all sounds correct. If the anon-whonix is set to autorun of
> > course thw syswhonix will start as there is a dependency there. But if
> > you have chosen to have whonix installed during qubes install (but without
> > all traffic to be routed thru tor) it is set to auto start but you can
> > uncheck the autostart and it will no longer auto start. But if you choose
> > the same but also have chosen the option to route all traffic thru tor it
> > seems there is another dependency that is still starting syswhonix. As I
> > did not have this last config I can not test it but I would be looking at
> > the global settings for net-vm field as I think that would cause it to auto
> > load as Frank mentioned.
> > >
> > > Hi Tim,
> > > Indeed, I choose the option to route all traffic thru tor,
> > > so no matter what I do.. sys-whonix is always starting automatic :)
> >
> > That option (to route all the traffic through tor), makes sys-whonix a
> > default netvm. The default netvm is automatically started during system
> > boot, regardless of its "autostart" property.
>
> So to stop it you would have to remove the service from dom0? Then I
> guess add it back manually when you wanted to connect?
Theoretically you can disable qubes-netvm service for that:
> guess add it back manually when you wanted to connect?
sudo systemctl disable qubes-netvm
But be prepared to some problems (not sure what exactly may go wrong).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
R8hmxFaSRmPM5Zo7+tGcSuz5bHA9O4py/uLOnvenWemGh0SsIUpzWenRRgFWY8ft
njfDXTz1lkWF2X7DDVKKdlMUt5oOVDbUTfcZ/6IQOeagitugN85qqJi0+K5ouq/f
Y7GW6HOh24jL8k+vKeCqasQu1XvU+ZBJKziy7bLir+CRS2JE2Vg6USRovQwtcSj6
YRlG8q1doDOwTPLqAabp0MEvWBhjnovzeYfwVBA8CEept6vURcmQOCt9tqnQ09uz
1AUOIZ1o4WwA/McxiCrAJTbxFAoPjUcHYUfCrLh/R1QFiZ8DikbYRwwpPiODbic=
=cTvJ
-----END PGP SIGNATURE-----
donoban
Jan 24, 2016, 4:50:49 AM1/24/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/20/2016 05:23 PM, Patrick Schleizer wrote:
> Can you please elaborate on this? It would help getting this
> documented and sorted out for other users with similar issues.
>
> Which ports did your router filter? Some outgoing ports besides 80
> and 443? Did you mean 'filter' in it's usual meaning like dropping
> [not rejecting] packages on these ports? Or did it reduce the
> network speed on these ports?
>
> Why was your router filtering these ports in the first place? Did
> you set these that filtering? Or was it a default setting?
>
> Incoming ports / port forwardings are not required. If clearing
> those helped, that would be really strange.
>
>> not sure why whonix had a problem with that but torvm didnt seem
>> to.
>
> Perhaps because it picked Tor entry guards on ports that were not
> limited by your router by chance.
>
I personally found a working solution. I have just connect sys-whonnix
to a proxyVPN and it seems that all is working fine.
I spend a lot of hours trying to setup a obfs3 bridge with sys-whonix,
a bridge which is working perfectly with tor browser bundle on at
least three machines, but with sys-whonix it was impossible.
So I'm using: sys-whonix -> ProxyVPN -> sys-firewall -> sys-net
I suppose that if I have some router problem it is now bypassed by the
VPN tunnel.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWpJ5vAAoJEBQTENjj7Qilw4YP+wV4v/3RmrhFnIs0hR9bM8cK
S7PyqdylDn5IZqgVIfV5DGoX5iX22npqaU5yhc14dtD2Dkoemc5zLFe1CKe7oWZa
huPt3vqnJ9smH3CjEr41wMt/b0X9jdHOlxaeNFjQMFtQAf113Yyc/dyuUBvIiTxq
V/ZUFgBBw1t7XqnBp1+DikGiY/ygF4VWF+Xb5dcFK5mHWIS2kYF+lL0419c2jgWX
CFq9P+s/M/j5RVN9qjDVeACt32FlIf6CNKuR3T7PW/rQzBASbFqrKvIpE1UXUU+H
ILhEdAtFyOG+y9dFmacIp/7oRUVOjbknOvv8/l8fn4YKAvh8moCnelS6hdp739Uf
xOi82a70h9HwEzbi8TKxnTPmidBFc1FUtw4GKEzEetYNpMOIEc2+b4zPLvpgRwTB
jQsacY0PWbBAhOHoej1dUE+4cfrMN/fFzylAewszdj54ZQ8Og8u5b92Cu9XSf3nm
AhOw2KbwO2pzAdofBPR61BWeWiIUcTOB4Pi0w00s++oeSBji0O2Q+0VgssGLeiXc
0gNcPVOq8+SBshzDSRJ34vq8UbruP1yaooiWD1bQapGR1ABvR3KH1jk96kJpG9KE
ZgKinWLc0tlGC/wYTgV+rPph4KftTxpas0KJtFqdR/z2+IvG3RoEB8HG74KEtSut
wVkjI4NuQnU9APwKP1qA
=GmoI
-----END PGP SIGNATURE-----
Hash: SHA1
On 01/20/2016 05:23 PM, Patrick Schleizer wrote:
> Can you please elaborate on this? It would help getting this
> documented and sorted out for other users with similar issues.
>
> Which ports did your router filter? Some outgoing ports besides 80
> and 443? Did you mean 'filter' in it's usual meaning like dropping
> [not rejecting] packages on these ports? Or did it reduce the
> network speed on these ports?
>
> Why was your router filtering these ports in the first place? Did
> you set these that filtering? Or was it a default setting?
>
> Incoming ports / port forwardings are not required. If clearing
> those helped, that would be really strange.
>
>> not sure why whonix had a problem with that but torvm didnt seem
>> to.
>
> Perhaps because it picked Tor entry guards on ports that were not
> limited by your router by chance.
>
to a proxyVPN and it seems that all is working fine.
I spend a lot of hours trying to setup a obfs3 bridge with sys-whonix,
a bridge which is working perfectly with tor browser bundle on at
least three machines, but with sys-whonix it was impossible.
So I'm using: sys-whonix -> ProxyVPN -> sys-firewall -> sys-net
I suppose that if I have some router problem it is now bypassed by the
VPN tunnel.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWpJ5vAAoJEBQTENjj7Qilw4YP+wV4v/3RmrhFnIs0hR9bM8cK
S7PyqdylDn5IZqgVIfV5DGoX5iX22npqaU5yhc14dtD2Dkoemc5zLFe1CKe7oWZa
huPt3vqnJ9smH3CjEr41wMt/b0X9jdHOlxaeNFjQMFtQAf113Yyc/dyuUBvIiTxq
V/ZUFgBBw1t7XqnBp1+DikGiY/ygF4VWF+Xb5dcFK5mHWIS2kYF+lL0419c2jgWX
CFq9P+s/M/j5RVN9qjDVeACt32FlIf6CNKuR3T7PW/rQzBASbFqrKvIpE1UXUU+H
ILhEdAtFyOG+y9dFmacIp/7oRUVOjbknOvv8/l8fn4YKAvh8moCnelS6hdp739Uf
xOi82a70h9HwEzbi8TKxnTPmidBFc1FUtw4GKEzEetYNpMOIEc2+b4zPLvpgRwTB
jQsacY0PWbBAhOHoej1dUE+4cfrMN/fFzylAewszdj54ZQ8Og8u5b92Cu9XSf3nm
AhOw2KbwO2pzAdofBPR61BWeWiIUcTOB4Pi0w00s++oeSBji0O2Q+0VgssGLeiXc
0gNcPVOq8+SBshzDSRJ34vq8UbruP1yaooiWD1bQapGR1ABvR3KH1jk96kJpG9KE
ZgKinWLc0tlGC/wYTgV+rPph4KftTxpas0KJtFqdR/z2+IvG3RoEB8HG74KEtSut
wVkjI4NuQnU9APwKP1qA
=GmoI
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages