Testers wanted! Upgrade Qubes-Whonix 13 -> Qubes-Whonix 14

Qubes-Whonix 14 testers-only. Upgrades are possible.

https://www.whonix.org/wiki/Upgrading_Whonix_13_to_Whonix_14

Qubes-Whonix 14 downloadable TemplateVMs will be released later.

Patrick started developing Whonix, the Anonymous Operating System in 2012, when quickly others joined efforts. He collected experiences working pseudonymous on Whonix for two years, enjoys collaboratively working on privacy preserving software.

Notable Replies

  1. I did an upgrade from Qubes-Whonix 13 -> Qubes-Whonix 14:

    After starting up the AppVM based on Whonix Workstation 14 template, along with the ProxyVM based on Whonix Gateway 14. It poped up this:

    ERROR: whonix_firewall failed to load! 
    
    The whonix_firewall failed to load for some reason. This could be due to the firewall being mis-configured or race-condition. Try restarting the VM to see if this error persists. 
    
    Failure file /var/run/anon-firewall/failed.status does not exist, ok. 
    
    output of systemctl status whonix-firewall: 
    
    ######################################## 
    ● whonix-firewall.service
    Loaded: masked (/dev/null; bad)
    Active: inactive (dead) 
    ######################################## 
    
    To see this for yourself... 
    1. Open a terminal. (dom0 -> Start Menu -> ServiceVM: sys-whonix-14-test -> Terminal) 
    2. Run. 
    systemctl status whonix-firewall
    
    2. Also see. 
    sudo journalctl -u whonix-firewall | cat
    
    3. Try to manually start Whonix firewall. 
    sudo whonix_firewall
    If you know what you are doing, feel free to disable this check. Create a file /etc/whonix.d/50_whonixcheck_user.conf and add: 
    whonixcheck_skip_functions+=" check_whonix_firewall_systemd_status "
  2. And then, when using arm in the gateway, there were established circuits, but there were neither Internet connection nor Tor control port connection in the workstation, which was as expected.

    Firewall status in gateway:

    user@host:~$ systemctl status whonix-firewall
    ● whonix-firewall.service
       Loaded: masked (/dev/null; bad)
       Active: inactive (dead)
    user@host:~$ sudo journalctl -u whonix-firewall | cat
    -- No entries --
    

    Everything works fine after doing:

    user@host:~$ sudo whonix_firewall 
    OK: Loading Whonix firewall...
    OK: Skipping firewall mode detection since already set to 'full'.
    OK: (Full torified network access allowed.)
    OK: TOR_USER: 107
    OK: CLEARNET_USER: 1001
    OK: USER_USER: 1000
    OK: ROOT_USER: 0
    OK: TUNNEL_USER: 1002
    OK: SDWDATE_USER: 108
    OK: WHONIXCHECK_USER: 113
    OK: NO_NAT_USERS:  1001 1002 107
    OK: The firewall should not show any messages,
    OK: besides output beginning with prefix OK:...
    OK: Whonix firewall loaded.
  3. Some trivial thing about the Wiki page :
    http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Upgrading_Whonix_13_to_Whonix_14

    I noticed that when using Tor Browser with media or high security level, the select code function does not work. There is no such a button anymore. What I did was double left-click my mouse to select all and the tricky thing is it actually select something like:

    \n
    code
    \n
    

    Therefore, when I copy and paste the selected thing to the Konsole, it will actually not work the first time I do a choice on [y/n].

    This is definitely not a Whonix issue, but other testers may be aware of it now. :slight_smile:


    These two commands seems inflexibly related to the name of two VMs:

    sudo qubesctl state.sls qvm.anon-whonix

    sudo qubesctl state.sls qvm.updates-via-whonix

    Should people who use Whonix in Qubes always have anon-whonix and sys-whonix?

  4. All over all, the upgrading process is very smooth. The previous problem that forever waiting on apt-get remove also disappeared. :slight_smile:

    I will keep using the newly upgraded templates and report issues if I meet one.

    Great job for everybody who has been contributing to the Whonix!

  5. I also had this experience on Qubes upgrade - both in 3.2 and 4.
    As stated, systemctl status whonix-firewall shows it is masked.
    Removing the mask and enabling the service in the template allows sys-whonix to start as expected.
    (Question - is this the right thing to do? Or is there service that will run in sys-whonix that will unmask and enable?)

    N.B Because the service is initially masked, whonixcheck takes a loooong time to produce any output.

    Once this is fixed, sys-whonix started with firewall enabled and running.

    I found that in 4.0rc5 whonixcheck in sys-whonix reports that Tor is disabled, although systemctl status shows it is running.
    Trying to enable using whonixsetup results in error 0 unable to add "DisableNetwork 0" to /usr/local/etc/torrc.d/40_anon_connection_wizard.conf.
    Indeed that file does not exist, although 95_whonix.conf does in same location.

Continue the discussion forums.whonix.org

15 more replies

Participants