Jump to: navigation, search



See Troubleshooting.

Advanced users / developers and testers only[edit]

On Whonix-Gateway and Whonix-Workstation[edit]



      Local time: Sat 2015-05-16 02:27:46 UTC
  Universal time: Sat 2015-05-16 02:27:46 UTC
        RTC time: Sat 2015-05-16 02:27:46
       Time zone: Etc/UTC (UTC, +0000)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

Check locale.


Check if there are any DENIED messages from AppArmor inside /var/log/syslog.

cat /var/log/syslog

Install dpkg-dev, which is required for dpkg-vendor.

sudo apt-get install --no-install-recommends dpkg-dev
Run dpkg-vendor --query vendor.

dpkg-vendor --query vendor

The output must be "Whonix".

Check apt config and see if periodic updates are disabled.

apt-config dump

Install test wise new kernel.


Remove test wise linux-image-486 kernel.

sudo apt-get remove linux-image-486

Check content of /etc/network/interfaces.

cat /etc/network/interfaces

Check content of /etc/resolv.conf.

cat /etc/resolv.conf
Check /etc/apt/sources.list.

cat /etc/apt/sources.list

Check iptables.

sudo iptables --list

Reboot from terminal while X is running.

Switch to terminal.


sudo reboot

Should not show any errors such as "failed to kill service".


Check if aptitude is functional.

sudo aptitude update

Check if /var/run/bootclockrandomization/success exists.

ls -la /var/run/bootclockrandomization/success

Check boot clock randomization log.

cat /var/log/bootclockrandomization.log
sudo service bootclockrandomization status
echo $?

Check if /var/run/timesanitycheck/success exists.

ls -la /var/run/timesanitycheck/success

Check log of time sanity check.

cat /var/log/timesanitycheck.log

Check status of time sanity check.

sudo service timesanitycheck status
echo $?

Check if /var/run/sdwdate/success exists

ls -la /var/run/sdwdate/success

Check log of sdwdate.

cat /var/log/sdwdate.log

Check status of sdwdate.

sudo service sdwdate status
echo $?

Test re-installation of x11-common.

sudo apt-get install --reinstall x11-common

sdwdate / timesync[edit]

Create a file which will result in sdwdate failing, thus timesync should report an test error.

sudo touch /var/lib/whonix/sdw_error

Restart sdwdate.

sudo service sdwdate restart

Delete test file.

sudo rm /var/lib/whonix/sdw_error


sudo service kdm stop

sudo service kdm start

Test on Whonix-Gateway[edit]

Check Tor version.

sudo tor --version

Check obfsproxy version. Must include obfs3.

obfsproxy -h

Check Tor logs.

less /var/log/tor/log

Check Tor warnings.

grep warn /var/log/tor/log

The message [warn] Socks version 71 not recognized. (Tor is not an http proxy.) can be ignored.

Check clock skew.

grep clock /var/log/tor/log

Test if arm is fully functional.


Test if arm's new identity function is working.

After logging in you should see Whonix help/welcome/disclaimer message.

Test connecting to an obfsproxy bridge.

Check /var/log/syslog for AppArmor error messages.

grep DENIED /var/log/syslog

Test Whonix-Workstation[edit]


Ping the Whonix-Gateway. Will NOT work.

# You will not be able to ping the Whonix-Gateway,
# because ICMP is blocked by the firewall.
# If you want to test it, you have to adjust the firewall,
# or to deactivate the firewall while testing.


Power off Whonix-Gateway. Try to ping outside or to use the browser in Whonix-Workstation. Obviously, should NOT work.


Power on Whonix-Gateway again. Visit https://check.torproject.org/ with Tor Browser. You should see a “Congratulations”.


Use a Tor Browser to visit a .onion address (Try the torproject.org hidden service)


Whonix 6 and above: Test Tor Button's New Identity Feature.


Note: Ping commands should NOT work for external addresses from your Whonix-Workstation, ICMP traffic[1] is not proxied, and filtered by Whonix's Firewall (/usr/bin/whonix_firewall), because Tor does not support UDP.


dig google.com must only return a single IP, compare with the output on Whonix-Gateway or Host.

dig google.com

Test gpg. Example.

gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

Test wget uwt wrapper.

wget http://idnxcnkne4qt76tg.onion

Test wget through TransPort.

/usr/bin/wget http://idnxcnkne4qt76tg.onion

Setup a hidden service on Whonix-Gateway and test if it works. You can access your own test hidden service using Tor Browser.


See if whonixcheck gets autostarted.


Test HexChat, connect to a an SSL protected IRC server.


test HexChat, connect to a hidden IRC server.


Whonix 6 and above:

Install lighttpd.

sudo apt-get install lighttpd

Restart lighttpd.

sudo service lighttpd restart

Try to download the local index.html.



cat index.html

Let's check if git is working. A good testing target would be a hidden git server. Therefore, check if Gittor is online by visiting its list of public Gittor repositories. Test it.

git clone http://wzrtr6gpencksu3d.onion/gitlab/w00t/pgp-auth.git

Check if regular git servers are reachable as well.

git clone https://github.com/Whonix/Whonix

Default Browser[edit]

Quick Launcher[edit]

Check if the Tor Browser quick launcher (fav icon) next to the start menu button is visible and startable.

Text Links[edit]

1. Open Konsole.

2. Run the following command.


3. Right click on the echoed and choose open link.

4. Check if it opens asks for confirmation to open that file in Tor Browser. Check if nothing happens, when pressing No (which should be the default!) and check if it opens a new Tor Browser window when pressing Yes.

File Links[edit]

1. Create a file ~/test.html with the following content.


2. Open Dolphin (default file manager) and double click on that file.

3. Check if it opens asks for confirmation to open that file in Tor Browser.


1. Open Konsole.

2. Run the following command.


3. Check if it opens asks for confirmation to open that file in Tor Browser.

4. Check the same for.


5. Check the same for.


6. Check the same for.



Remove open-link-confirmation.

sudo apt-get remove open-link-confirmation

And repeat these tests.


Leak Tests[edit]

See Dev/Leak Tests.


  1. http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

Random News:

Wondering why Whonix will always be Free? Check out Why Whonix is Free Software.

Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.