Whonix-Workstation VM and associate AppVMs not connecting in Qubes 3.2

[Setherson]

I am using Qubes 3.2. All TemplateVMs and dom0 have been updated sometime within the past week. 

Since about the same time, my Workstation TemplateVM and every AppVM based on it has been unable to connect to the internet. 

The Whonix Gateway TemplateVM works fine, as does the sys-whonix NetVM. Furthermore, all the AppVMs based on the Fedora and Debian templates work even when routed through sys-whonix. I also have all the TemplateVMs set to update through sys-whonix, and every one of them is able to do this with the sole exception of whonix-ws-14. So if I had to guess, I’d say the problem lies with the Whonix Workstation TemplateVM itself.

When I try updating whonix-ws-14, it “hits” everything until the 10th repository. Once it gets there, the screen shows “[working]” and stays there.

Has anyone else run into this problem? What steps can I take to begin troubleshooting it?

Thanks in advance!

[awokd]

'Setherson' via qubes-users wrote on 9/30/18 2:12 AM:

You might have caught a bad update last week, and it sounds like one of
the repositories you're using is unavailable right now. You can try the
suggestions in
https://forums.whonix.org/t/errors-updating-september-2018/6028/8, or
wait a day or so and try updating again.

[John S.Recdep]

yes, same here for many days now Whonix-ws-14 dies at Hit 8
ftp.us.debian.org/debian Stretch Release

[John S.Recdep]

actually the method from the whonix forum still fails : (# commenting
out the 2 onion repo references

sudo apt-get dist-upgrade works but not , as below

user@host:~$ sudo apt-get update
Hit:1 http://deb.whonix.org stretch InRelease

Hit:2 http://deb.qubes-os.org/r4.0/vm stretch InRelease

Hit:3 http://security.debian.org stretch/updates InRelease
Ign:4 http://ftp.us.debian.org/debian stretch InRelease
Hit:5 http://ftp.us.debian.org/debian stretch Release
Reading package lists... Done
E: The method driver /usr/lib/apt/methods/tor+http could not be found.
N: Is the package apt-transport-tor installed?
E: Failed to fetch
tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/dists/stretch/InRelease

E: Some index files failed to download. They have been ignored, or old
ones used instead.

[Setherson]

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ffa818ac-b732-a43f-657f-b679dcb5ad93%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Thanks for the link! I did what they advised and the Workstation-14 TemplateVM seems to have updated fine.

However, the most serious issues remain.

I am still unable to access the internet from any of my Workstation-based AppVMs. Here’s what happens:

When I first open the Tor Browser, I receive a warning that my activities may be linked if the Tor Browser is already running. I have gotten this sort of warning in the past when I already have an instance of the TB running, but that’s not the case here.

I click “yes” to get rid of the warning box and the Tor Browser proceeds to open. The first sign that something is (still) not right is that it’s unable to find the local Whonix splash page file that always pops up when the browser first starts. Weird, but certainly not a huge issue. 

Then, when I try to do a random search (I use DDG’s Onion service to conduct searches), I’m told that the server has reloaded while the request was being made (or something to that effect; it’s a super-common error message). Whatever the cause may be, the result is that I’m unable to visit any website; Google, DDG Onion, DDG Clearnet, and so on all give me the same error.

It occurred to me that this might be a Tor Browser problem, so I opened up the Electrum bitcoin client in the same AppVM to see if that works. Unfortunately, Electrum doesn’t connect either. 

Then—again in the same AppVM—I open up konsole and ping google (both google.com and 8.8.8.8): Interestingly, when I ping google.com the terminal shows me the site’s corresponding numerical IPv4 address, so there must be some sort of DNS access, right? Anyway, aside from seeing the IPv4 address I get no feedback whatsoever for the next 20-30 seconds, so I finally Ctrl-C the process and see a packet loss of 100%.

Finally, I open Firefox in my “Untrusted” AppVM, which uses Fedora 28 as its template and sys-whonix as its NetVM. It takes me to Google without a hitch. 

Any ideas? Is this just a bad update I’m going to have to wait out, or are there steps I can take to remedy the situation in the meantime? 

[Setherson]

-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7c777292-fdd6-0c1c-91b0-0334cb4e1a67%40riseup.net.

For more options, visit https://groups.google.com/d/optout.

I should have said in my previous email that I got the same error you just pasted. What I did was comment out the onion server in /etc/apt/sources.list.d/whonix.list as well. 

That fixed the problem for me.

[john s.]

>> Hit:1 [http://deb.whonix.org](http://deb.whonix.org/) stretch InRelease

>>
>> Hit:2 http://deb.qubes-os.org/r4.0/vm stretch InRelease
>>

>> Hit:3 [http://security.debian.org](http://security.debian.org/) stretch/updates InRelease

>> Ign:4 http://ftp.us.debian.org/debian stretch InRelease
>> Hit:5 http://ftp.us.debian.org/debian stretch Release
>> Reading package lists... Done
>> E: The method driver /usr/lib/apt/methods/tor+http could not be found.
>> N: Is the package apt-transport-tor installed?
>> E: Failed to fetch
>> tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/dists/stretch/InRelease
>>
>> E: Some index files failed to download. They have been ignored, or old
>> ones used instead.
>>
>> --
>> You received this message because you are subscribed to the Google Groups "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
>> To post to this group, send email to qubes...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7c777292-fdd6-0c1c-91b0-0334cb4e1a67%40riseup.net.
>> For more options, visit https://groups.google.com/d/optout.
>
> I should have said in my previous email that I got the same error you just pasted. What I did was comment out the onion server in /etc/apt/sources.list.d/whonix.list as well.
>
> That fixed the problem for me.
>

What I'm seeing in the sources list is this :

# kdesudo xdg-open /etc/apt/sources.list.d/user.list

deb tor+http://sgvtcaew4bxjd7ln.onion stretch/updates main contrib non-free
deb http://security.debian.org stretch/updates main contrib non-free

deb tor+http://vwakviie2ienjx6t.onion/debian stretch main contrib non-free
deb http://ftp.us.debian.org/debian stretch main contrib non-free



If I comment out both tor+http references and restart the Template it
still fails,

Which one are you saying is THE "onion server" ?




--
A895 0C7C A244 8E2E FD77 A3DB 180B 7D4D D158 F8B6

[Setherson]

I should have said in my previous email that I got the same error you just pasted. What I did was comment out the onion server in /etc/apt/sources.list.d/whonix.list as well. 

That fixed the problem for me.

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/14B90DBC-970F-44E7-8613-4ABBA7018C5B%40protonmail.ch.

For more options, visit https://groups.google.com/d/optout.

Just to be absolutely clear, I meant that commenting out the onion server in whonix.list fixed the updating problem, not any of the other ones.

[john s.]

On 10/1/18 10:23 AM, Setherson wrote:
>> I should have said in my previous email that I got the same error you just pasted. What I did was comment out the onion server in /etc/apt/sources.list.d/whonix.list as well.
>>
>> That fixed the problem for me.
>>
>> --
>> You received this message because you are subscribed to the Google Groups "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
>> To post to this group, send email to qubes...@googlegroups.com.

>> To view this discussion on the web visit [https://groups.google.com/d/msgid/qubes-users/14B90DBC-970F-44E7-8613-4ABBA7018C5B%40protonmail.ch](https://groups.google.com/d/msgid/qubes-users/14B90DBC-970F-44E7-8613-4ABBA7018C5B%40protonmail.ch?utm_medium=email&utm_source=footer).

>> For more options, visit https://groups.google.com/d/optout.
>
> Just to be absolutely clear, I meant that commenting out the onion server in whonix.list fixed the updating problem, not any of the other ones.
>

....sorry my bad, read the email to fast, seems to be working for me as
well #'ing out the 3 references in both lists .....

apparently per the instructions in the file list, it says this file can
and may be written over, so maybe the solution won't last

appreciate your help , fixed for now

whonix forum is calling the debian .onion servers "dodgy" ..... not
sure whats thats based anyhow cheers

[John S.Recdep]

On 10/1/18 10:13 AM, 'Setherson' via qubes-users wrote:
>> On Oct 1, 2018, at 3:18 AM, 'awokd' via qubes-users <qubes...@googlegroups.com> wrote:
>>
>> 'Setherson' via qubes-users wrote on 9/30/18 2:12 AM:
>>
>>> I am using Qubes 3.2. All TemplateVMs and dom0 have been updated sometime within the past week.
>>>
>>> Since about the same time, my Workstation TemplateVM and every AppVM based on it has been unable to connect to the internet.
>>>
>>> The Whonix Gateway TemplateVM works fine, as does the sys-whonix NetVM. Furthermore, all the AppVMs based on the Fedora and Debian templates work even when routed through sys-whonix. I also have all the TemplateVMs set to update through sys-whonix, and every one of them is able to do this with the sole exception of whonix-ws-14. So if I had to guess, I’d say the problem lies with the Whonix Workstation TemplateVM itself.
>>>
>>> When I try updating whonix-ws-14, it “hits” everything until the 10th repository. Once it gets there, the screen shows “[working]” and stays there.
>>>
>>> Has anyone else run into this problem? What steps can I take to begin troubleshooting it?
>>>
>>> Thanks in advance!
>>
>> You might have caught a bad update last week, and it sounds like one of
>> the repositories you're using is unavailable right now. You can try the
>> suggestions in
>> https://forums.whonix.org/t/errors-updating-september-2018/6028/8, or
>> wait a day or so and try updating again.
>>
>> --
>> You received this message because you are subscribed to the Google Groups "qubes-users" group.

>> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6Z...@public.gmane.org
>> To post to this group, send email to qubes-users-/JYPxA39Uh5TLH3MbocFF+G/Ez6Z...@public.gmane.org

>> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ffa818ac-b732-a43f-657f-b679dcb5ad93%40danwin1210.me.
>> For more options, visit https://groups.google.com/d/optout.
>
> Thanks for the link! I did what they advised and the Workstation-14 TemplateVM seems to have updated fine.
>
> However, the most serious issues remain.
>
> I am still unable to access the internet from any of my Workstation-based AppVMs. Here’s what happens:
>
> When I first open the Tor Browser, I receive a warning that my activities may be linked if the Tor Browser is already running. I have gotten this sort of warning in the past when I already have an instance of the TB running, but that’s not the case here.
>
> I click “yes” to get rid of the warning box and the Tor Browser proceeds to open. The first sign that something is (still) not right is that it’s unable to find the local Whonix splash page file that always pops up when the browser first starts. Weird, but certainly not a huge issue.
>
> Then, when I try to do a random search (I use DDG’s Onion service to conduct searches), I’m told that the server has reloaded while the request was being made (or something to that effect; it’s a super-common error message). Whatever the cause may be, the result is that I’m unable to visit any website; Google, DDG Onion, DDG Clearnet, and so on all give me the same error.
>
> It occurred to me that this might be a Tor Browser problem, so I opened up the Electrum bitcoin client in the same AppVM to see if that works. Unfortunately, Electrum doesn’t connect either.
>
> Then—again in the same AppVM—I open up konsole and ping google (both google.com and 8.8.8.8): Interestingly, when I ping google.com the terminal shows me the site’s corresponding numerical IPv4 address, so there must be some sort of DNS access, right? Anyway, aside from seeing the IPv4 address I get no feedback whatsoever for the next 20-30 seconds, so I finally Ctrl-C the process and see a packet loss of 100%.
>
> Finally, I open Firefox in my “Untrusted” AppVM, which uses Fedora 28 as its template and sys-whonix as its NetVM. It takes me to Google without a hitch.
>
> Any ideas? Is this just a bad update I’m going to have to wait out, or are there steps I can take to remedy the situation in the meantime?
>

Yes, exactly the same here, commenting out allows update but I've been
noticing these DDG .onion resets for maybe a week or more ....

and just last few days , maybe because I haven't rebooted the AppVM for
a while the warning about activity "being linked" ....

two other things: 1) the Qube manager despite sucessfully updates, the
green arrow to need update persists , even after restarting the Q
manager and
2) update-torbrowser gives a scary warning in whonix-ws-14 to
override it two options , I haven't tried either ..

btw, this is all in Q4.0 with the latest dom0 patches , most recent
just a few days ago .....

[john s.]

On 10/1/18 10:23 AM, Setherson wrote:

>> I should have said in my previous email that I got the same error you just pasted. What I did was comment out the onion server in /etc/apt/sources.list.d/whonix.list as well.
>>
>> That fixed the problem for me.
>>
>> --
>> You received this message because you are subscribed to the Google Groups "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
>> To post to this group, send email to qubes...@googlegroups.com.

>> To view this discussion on the web visit [https://groups.google.com/d/msgid/qubes-users/14B90DBC-970F-44E7-8613-4ABBA7018C5B%40protonmail.ch](https://groups.google.com/d/msgid/qubes-users/14B90DBC-970F-44E7-8613-4ABBA7018C5B%40protonmail.ch?utm_medium=email&utm_source=footer).

>> For more options, visit https://groups.google.com/d/optout.
>
> Just to be absolutely clear, I meant that commenting out the onion server in whonix.list fixed the updating problem, not any of the other ones.
>

Another symptom is that in anon-whonix NOR whonix-ws-14 , there is
no whonixcheck available

strange

sys-whonix-14 has whonixcheck which seems to complete fine, maybe
thing to do is reinstall whonix-ws-14 at this stage ??

[John S.Recdep]

On 9/29/18 4:12 PM, 'Setherson' via qubes-users wrote:

OK looks solved

https://forums.whonix.org/t/unable-to-connect-to-internet-from-within-whonix-workstation-based-appvms-qubes-3-2/6092/5

issue was autoremove removed the workstation , sigh

sudo apt-get install qubes-whonix-workstation which looks to be about
1000 packages LOL