Essential Whonix ™ Functionality Tests

From Whonix



Info Advanced users, developers and willing testers only.

Whonix ™ requires a critical mass of users to properly test planned updates by enabling the stable-proposed-updates or testers repository. [1] Otherwise, bugs might go undiscovered and be inadvertently introduced into the stable repository.

To ensure a stable Whonix ™ system is available at all times, willing testers should:

Then perform normal user activities.

Please only report bugs after first searching relevant Whonix ™ forums and developer portals for the problem. (Please use Search Engines and see Documentation First)

Whonix-Gateway ™ Tests[edit]

  1. After logging in, the Whonix ™ Setup Wizard / Anon Connection Wizard should appear.
  2. Check the Tor version.

  3. Check Tor config.

  4. Check Tor warnings. Some messages can be safely ignored.
    grep -i warn /var/run/tor/log

  5. Check Tor errors.
    grep -i error /var/run/tor/log

  6. Check for clock skew.
    grep -i clock /var/run/tor/log

  7. Test if arm is fully functional.

  8. Test obfsproxy bridge connectivity is functional.

Whonix-Workstation ™ Tests[edit]

Basic Tests[edit]

  1. Power off Whonix-Gateway ™. Try to ping outside or to use the browser in Whonix-Workstation ™. Obviously this should not work.
  2. Power on Whonix-Gateway ™ again. Visit [archive] with Tor Browser. You should see a “Congratulations”.
  3. Ping the Whonix-Gateway ™; this will not work. [2]

  4. Note: Ping commands should NOT work for external addresses from your Whonix-Workstation ™; ICMP traffic [3] is not proxied, and filtered by Whonix ™ Firewall (/usr/bin/whonix_firewall) because Tor does not support UDP. For more information on ping inside Whonix-Workstation ™, see Whonix-Workstation Firewall, ping.
  5. Use Tor Browser to visit an onion address - try the onion service [archive].
  6. Test Tor Button's New Identity Feature.
  7. dig must only return a single IP; compare that with the output on Whonix-Gateway ™ or Host.

  8. See if syste gets autostarted.
  9. Setup an Onion Service.
  10. Test the onion service by connecting to its address with Tor Browser.
  11. Test HexChat and connect to a an SSL protected IRC server.
  12. Test HexChat and connect to an onion IRC server.
  13. Run systemcheck leak tests.
    systemcheck --leak-tests

  14. After downloading the key, the user should verify its authenticity:
    gpg --keyid-format long --import --import-options show-only --with-fingerprint {{{source_filename}}}

  15. Before importing the key:
    gpg --import {{{source_filename}}}

  16. Test curl uwt wrapper.
    curl http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion

  17. Install lighttpd.
    sudo apt-get install lighttpd

  18. Restart lighttpd.
    sudo service lighttpd restart

  19. Try to download the local index.html.

  20. Check.
    cat index.html

  21. Install git.
    sudo apt-get install git

  22. Check if regular git servers are reachable.
    git clone

  23. Check if Tor Project git onion service [archive] is online.
  24. If yes, try to clone its onion Tor git repository.
    git clone http://xtlfhaspqtkeeqxk6umggfbr3gyfznvf4jhrge2fujz53433i2fcs3id.onion/tor.git

DNS Test[edit]

Inside Whonix-Workstation ™.



Expected output:

TCP Test[edit]

Inside Whonix-Workstation ™.


UWT_DEV_PASSTHROUGH=1 scurl -H 'Host:' -k

Expected output:


TCP and DNS Test[edit]

Inside Whonix-Workstation ™.



Expected output:


Port Tests[edit]


Inside Whonix-Workstation ™.



Expected output:

HTTP/1.0 501 Tor is not an HTTP Proxy
Content-Type: text/html; charset=iso-8859-1


Inside Whonix-Workstation ™.

Run. [4]

UWT_DEV_PASSTHROUGH=1 curl --max-time 2

Expected output:

510 Command filtered

510 Command filtered
510 Command filtered
510 Command filtered

curl: (28) Operation timed out after 2001 milliseconds with 88 bytes received

Closed Port[edit]

Inside Whonix-Workstation ™.

Run. [5]


Expected output:

curl: (7) Failed to connect to port 80: Connection refused


Inside Whonix-Workstation ™.

TransPort [archive] reachability test. Run.


Expected output:

curl: (56) Recv failure: Connection reset by peer


curl: (52) Empty reply from server

Default Browser[edit]

Quick Launcher[edit]

Check if the Tor Browser quick launcher (fav icon) next to the start menu button is visible and startable.

Text Links[edit]

1. Open a terminal.

2. Run the following command.


3. Right-click on the echoed [archive] and choose open link.

4. Check it is fully functional.

It should open and ask for confirmation to open that file in Tor Browser. Check that nothing happens when pressing No (which should be the default!) and conversely a new Tor Browser window is opened when pressing Yes.

File Links[edit]

1. Create a file ~/test.html with the following content.


2. Open Thunar (default file manager) and double-click on that file.

3. Check if it opens and asks for confirmation to open that file in Tor Browser.

Terminal Tests[edit]

1. Open a terminal.

2. Run the following command.


3. Check if it asks for confirmation to open that file in Tor Browser.

4. Check the same for.


5. Check the same for.


6. Check the same for.


7. Next, remove open-link-confirmation.

sudo apt-get purge open-link-confirmation

And repeat the tests above.


Test that all the following applications are fully functional:

  1. Metadata
  2. Tor Browser
  3. Manually Downloading Tor Browser
  4. Check if Tor Browser runs in Whonix ™ out of the box -- without use of the torbrowser script -- by running /home/user/.tb/tor-browser/start-tor-browser.

Leak Tests[edit]

See Dev/Leak Tests.

Whonix-Workstation ™ and Whonix-Gateway ™[edit]


1. Check locale.


2. Check apt config and see if periodic updates are disabled.

apt-config dump

3. Install a new kernel [archive] for testing purposes. [6]

apt-cache search linux-image

sudo apt-get install linux-image-flavour

4. Check the content of /etc/network/interfaces

cat /etc/network/interfaces

5. Check the content of /etc/resolv.conf

cat /etc/resolv.conf

6. Check /etc/apt/sources.list

cat /etc/apt/sources.list

7. Check iptables.

sudo iptables-save-deterministic

8. Reboot from terminal while X is running.

Switch to terminal.


sudo reboot

No errors should appear like "failed to kill service".

Extra Tests[edit]

1. Check if aptitude is functional.

sudo aptitude update

See the footnotes if additional manual tests are preferred. [7] [8]

2. Test the re-installation of x11-common.

sudo apt-get install --reinstall x11-common

Display Manager[edit]

Non-Qubes-Whonix ™ only.

Check lightdm stops and restarts correctly.

sudo service lightdm stop

sudo service lightdm start


  1. The developers repository is only recommended for experts or those in touch with Whonix ™ developers.
  2. You will not be able to ping the Whonix-Gateway ™ because ICMP is blocked by the firewall. If you want to test it, you have to adjust the firewall or deactivate it while testing on both, Whonix-Gateway ™ and Whonix-Workstation ™.
  3. [archive]
  4. Dev/Control Port Filter Proxy
  5. There is nothing running on Whonix-Gateway ™ on port 80.
  6. The latest Debian kernel versions can be found here [archive].
  7. These checks are not as important because relevant messages would probably be shown during sudo systemctl list-units --failed. Check if /var/run/bootclockrandomization/success exists.
    ls -la /var/run/bootclockrandomization/success

    Check the boot clock randomization log.

    cat /var/log/bootclockrandomization.log

    sudo service bootclockrandomization status

    echo $?

    Check if /var/run/timesanitycheck/success exists.

    ls -la /var/run/timesanitycheck/success

    Inspect the time sanity check log.

    cat /var/log/timesanitycheck.log

    Confirm the time sanity check status.

    sudo service timesanitycheck status

    echo $?

  8. These checks are not as important because sdwdate-gui would likely identify any issues beforehand. Check if /var/run/sdwdate/success exists.
    ls -la /var/run/sdwdate/success

    Check the sdwdate log.

    cat /var/log/sdwdate.log

    Check the sdwdate status.

    sudo service sdwdate status

    echo $?

Fosshost is sponsors Kicksecure ™ stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Essential Tests&body= link= Tests link= Tests link= Tests%20 Tests

We are looking for video makers to help create demonstration, promotional and conceptual videos or tutorials.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.