Jump to: navigation, search

Tor

Version Number[edit]

To discover what Tor version is currently in use, run the following command inside Whonix-Gateway (Qubes-Whonix: sys-whonix).

anon-info

The output should be similar to the following.

INFO: version of the 'tor' package: 0.3.2.10-1~d80.jessie+1

Permissions on directory /var/run/tor are too permissive Error[edit]

To discover if you are affected by the Permissions on directory /var/run/tor are too permissive error, [1] run the following command inside Whonix-Gateway (Qubes-Whonix: sys-whonix).

sudo cat /var/run/tor/log | grep -i permissive

If a user is affected, a warning similar to the following will appear.

Aug 03 17:36:33.000 [warn] Permissions on directory /var/run/tor are too permissive.

Currently there is only one workaround, which needs to be manually applied after every reboot.

sudo chmod --recursive 700 /var/run/tor

Log Analysis[edit]

Introduction[edit]

Analysis of Tor's log can be useful if connectivity issues emerge.

Open Tor Log[edit]

Users can inspect two logs:

  • The persistent Tor log: /var/log/tor/log; and/or
  • The Tor log since last boot: /var/run/tor/log [2]


Open /var/run/tor/log in an editor with root rights.

If you are using a graphical Whonix or Qubes-Whonix, run.

kdesudo kwrite /var/run/tor/log

If you are using a terminal-only Whonix, run.

sudo nano /var/run/tor/log

Watch Tor Log[edit]

Users can also watch Tor's log as it is written.

sudo tail -f /var/run/tor/log

This command is especially useful when Tor is reloaded or restarted simultaneously in another terminal window.

To reload Tor, run the following command.

sudo service tor@default reload

To restart Tor, run the following command.

sudo service tor@default restart

Non-Issues[edit]

message / question answer
Am I compromised? Does Tor's log report leaks? Tor's output is an ineffective tool for discovering serious issues such as a compromise or leaks.
[WARN] Socks version 71 not recognized. (Tor is not an http proxy.)

This warning is caused by whonixcheck, specifically the function check_tor_socks_port_reachability which checks if a Tor SocksPort is reachable by trying to fetch it using curl. [3] No warnings appear if the function works correctly.

[NOTICE] You configured a non-loopback address '10.152.152.10:9179' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted. [1 duplicate hidden] This notice may reference other port numbers, or the DnsPort or TransPort. This notice is not a concern because Tor really listens on that IP/port - it is the internal network interface for Whonix-Gateway (sys-whonix) that is only available to Whonix-Workstations because Whonix-Gateway (sys-whonix) is firewalled. See /usr/bin/whonix_firewall or the Whonix source code for further information.
[NOTICE] New control connection opened. [2 duplicates hidden] A higher number of duplicate messages may also appear. This notice is not a concern because it is caused by whonixcheck's Tor Bootstrap Status Test, which uses Tor's ControlPort or CPFP.

See Also[edit]


Advanced Topics[edit]

Entry Guards[edit]

Introduction[edit]

What are Tor Entry Guards? If this is an unfamiliar term, please press on Expand on the right.

Current practical, low-latency, anonymity designs like Tor fail when the attacker can see both ends of the communication channel. For example, suppose the attacker controls or watches the Tor relay a user chooses to enter the network, and also controls or watches the website visited. In this case, the research community is unaware of any practical, low-latency design that can reliably prevent the attacker from correlating volume and timing information on both ends.

Mitigating this threat requires consideration of the Tor network topology. Suppose the attacker controls, or can observe, C relays from a pool of N total relays. If a user selects a new entry and exit relay each time the Tor network is used, the attacker can correlate all traffic sent with a probability of (c/n)2. For most users, profiling is as hazardous as being traced all the time. Simply put, users want to repeat activities without the attacker noticing, but being noticed once by the attacker is as detrimental as being noticed more frequently. Mathematically speaking, choosing many random entry and exit points to the network prevents the user from escaping profiling by this kind of attacker with end-to-end capabilities.

The solution to this problem is "entry guards". Each Tor client selects a few relays at random to use as entry points, and only uses those relays for the first hop. If those relays are not controlled or observed, the attacker can't use end-to-end techniques and the user is secure. If those relays are observed or controlled by the attacker, then they see a larger fraction of the user's traffic — but still the user is no more profiled than before. Thus, entry guards increase the user's chance of avoiding profiling (on the order of (n-c)/n), compared to the former case.

You can read more at An Analysis of the Degradation of Anonymous Protocols, Defending Anonymous Communication Against Passive Logging Attacks, and especially Locating Hidden Servers.

Restricting entry nodes may also help to defend against attackers who want to run a few Tor nodes and easily enumerate all of the Tor user IP addresses. [4] However, this feature won't become really useful until Tor moves to a "directory guard" design as well.

Source and License, see footnote: [5]

Persistent Tor entry guards are beneficial for security and used by Tor, Whonix, Tor Browser Bundle (TBB) and other software. The number of entry guards has changed in recent Tor releases: [6] [7]

  • Before v2.9: Tor selects three random guard nodes and rotates them every 2-3 months.
  • v2.9: Tor selects a solitary guard node and rotates it every 9-10 months. [8]
  • v3.0+: Tor selects three guard nodes, but defers to a primary guard wherever possible. Guards have a primary lifetime of 120 days. [9]



The guard relays picked by the Tor client can lead to fingerprinting of Tor use across different physical locations and access points. In some corner cases like the example described below, this may cause a user to be deanonymized. The risk of this attack is less severe now that upstream (The Tor Project) has changed its guard parameters to decrease the de-anonymization risk.

Consider the following scenario. A user runs Tor from their home address, but soon attends a prominent event or protest in a nearby city. At that location, the user decides to anonymously blog about what transpired. The fact that the Tor client is using the same entry guard normally correlated with the user's home address is problematic. Network adversaries have a high certainty that the "anonymous" posts from the city location are related to the same person who connected to that specific guard relay from their home. The relative uncommonness of Tor usage exacerbates the problem of potential deanonymization.

This adversary technique is similar to tracking users via MAC addresses. Therefore, for users facing this threat in their personal circumstances, MAC address randomization is also recommended.

Forum discussion:
https://forums.whonix.org/t/persistent-tor-entry-guard-relays-can-make-you-trackable-across-different-physical-locations/2090

[10]

Manual Rotation of Tor Guards[edit]


On occasion, users may be tempted to create a new Whonix-Gateway (Qubes-Whonix: sys-whonix) because:

  • Bootstrapping is slow or regularly fails.
  • Tor logs show warnings suggesting evidence of route manipulation attacks or other oddities.
  • Logs reveal attempted attacks on Whonix or Tor processes, for example in AppArmor logs.
  • Current Tor performance is very slow or unreliable due to collapsing circuits or other factors.
  • The user is concerned about the amount of Tor data that could be revealed if the Whonix-Gateway is infected, particularly after a long period of use.


Creating a new Whonix-Gateway or sys-whonix will likely lead to a new set of Tor entry guards, which is proven to degrade anonymity. Voluntary guard rotation via a new Whonix-Gateway is more dangerous than allowing "natural churn" as chosen by the Tor application for several reasons:

  • It increases the likelihood of a compromised or malicious Tor guard being selected, leading to a corresponding rise in the chance of a successful correlation attack if the adversary runs Tor exit relays in the network. [11]
  • The user is more likely to traverse a given set of Internet infrastructure links that are under the adversary's control, such as Autonomous Systems (ASes) or Internet Exchange Points (IXPs).
  • Every change of Tor guards acts like a fingerprinting mechanism, since other users are less likely to pick the same set. If the adversary is able to enumerate a user's Tor guards, and later observes someone with the same set, the chance is high the two observations stem from the same person. [12]


For these reasons the Tor Project has changed its design and reduced the number of primary guard nodes to 3, and increased the set period for guard rotation. [13] The user should also contemplate the possibility their current poor Tor performance is an attempt by an advanced adversary to cause frustration, leading to a manual change in Tor guards: [14] [15]

We should also consider whether an adversary can *induce* congestion or resource exhaustion to cause a target user to switch away from her guard. Such an attack could work very nicely coupled with the guard enumeration attacks discussed above.

In one sense, users should welcome slow entry guards, since "honeypot" operators on the Tor network are unlikely to have constrained bandwidth which might chase away intended targets. This thinking aligns with intelligence disclosures which deem all Tor users to be persons of interest to state-level adversaries.


Under certain circumstances, users will feel compelled to proceed despite the anonymity risks. In this instance, it may be safer to first try: [16]

  • One of the fallback primary entry guards.
  • A configured bridge.
  • Possibly combine tunnels with Tor.
  • Creating a fresh Whonix-Gateway (sys-whonix), and copying across the Tor state file.


The user can also persist with poor performance and wait for normal guard rotation. [17] Users should note that regenerating the Tor state file poses the same anonymity risks as outlined in this section.

Alternating Bridges[edit]

If bridges are already in use, alternate bridges are recommended for different locations. If bridges are not used, consideration should be given to using entry guards in your primary location and relying on alternate bridges in different locations.

Complete the following steps on Whonix-Gateway (Qubes-Whonix: sys-whonix).

1. Disable Tor using the whonix-setup-wizard (safest option).

Start the whonix-setup-wizard.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Whonix Setup

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Whonix Setup Wizard

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo whonixsetup

Choose the Disable Tor option. Press next.

2. Configure Tor to use bridges. Refer to the Bridges documentation.

3. Enable Tor using whonixsetup / whonix-setup-wizard at the new location.

4. Before leaving this location, disable Tor and add a different bridge address if traveling to a different area. To revert to the usual guard nodes used at home, remove the torrc bridge settings before enabling the network, or rollback to a VM snapshot created at home.

Copy Tor Configuration files and Settings to Another sys-whonix Instance[edit]



On occasion, Qubes-Whonix users may want to copy the Tor state along with custom configuration options from an existing sys-whonix ProxyVM to another sys-whonix instance. For example, this is useful for testing later Whonix releases without aiding deanonymization attempts by advanced adversaries, [19] or creating an identical backup that does not share any other persistent data, except for Tor state and custom torrc options.


Copy Tor State Files to Another sys-whonix Instance[edit]

The following instructions copy the Tor state from sys-whonix-old to sys-whonix-new.

1. In sys-whonix-new, stop Tor

sudo systemctl stop tor@default

2. In sys-whonix-new, remove the Tor state file.

sudo su

sudo rm /var/lib/tor/*

3. In sys-whonix-old, stop Tor

sudo systemctl stop tor@default

4. In sys-whonix-old, copy the Tor state file across to sys-whonix-new

sudo qvm-copy /var/lib/tor sys-whonix-new

If the following error appears, it can be safely ignored (hit "OK" when prompted).

qfile-agent: Fatal error: stat “VM” (error type: No such file or directory)

5. In sys-whonix-new, list the QubesIncoming directory to ensure the Tor state file was copied over successfully

ls ~/QubesIncoming/sys-whonix-old/tor

The output should include the files below.

  cached-certs cached-microdescs lock
  cached-microdesc-consensus cached-microdescs.new state

6. In sys-whonix-new, move the newly copied Tor state file to /var/lib/tor

sudo mv ~/QubesIncoming/sys-whonix-old/tor/* /var/lib/tor

7. In sys-whonix-new, change ownership of all files in the Tor state folder to debian-tor

sudo chown -R debian-tor:debian-tor /var/lib/tor

8. In sys-whonix-new, start Tor

sudo systemctl start tor@default

9. In sys-whonix-new, run whonixcheck to verify Tor is functioning properly[20]

whonixcheck

Copy Tor Configuration Options (torrc) to Another sys-whonix[edit]



The following instructions copy the custom Tor configuration options (torrc) from sys-whonix-old to sys-whonix-new.

1. In sys-whonix-old, copy the torrc options across to sys-whonix-new

qvm-copy /etc/tor/torrc sys-whonix-new

If the following error appears, it can be safely ignored (hit "OK" when prompted).

 qfile-agent: Fatal error: stat “VM” (error type: No such file or directory)

2. In sys-whonix-new, print the QubesIncoming directory to ensure the torrc options were copied over successfully

cat ~/QubesIncoming/sys-whonix-old/torrc

3. In sys-whonix-new, move the torrc options from the QubesIncoming directory to the torrc file

sudo mv ~/QubesIncoming/sys-whonix-old/torrc /etc/tor/torrc

4. In sys-whonix-new, change ownership of the Tor configuration file

sudo chown -R root:root /etc/tor

5. In sys-whonix-new, restart Tor so the newly copied torrc options take affect

sudo systemctl restart tor@default

6. In sys-whonix-new, run whonixcheck to verify Tor is functioning properly.[23]

whonixcheck

Fresh Tor Entry Guards by Regenerating the Tor State File[edit]


The following instructions manually change a user's Tor entry guards. One use case for this action is before a user permanently relocates to a new area.

Complete the following steps on Whonix-Gateway (Qubes-Whonix: sys-whonix).

1. Disable Tor using the whonix-setup-wizard (safest option).

Start the whonix-setup-wizard.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Whonix Setup

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Whonix Setup Wizard

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo whonixsetup

Choose the Disable Tor option. Press next.

2. Delete Tor's state file.

sudo rm /var/lib/tor/state

3. Enable Tor using whonixsetup / whonix-setup-wizard at the new location.

Configure Non-Persistent Entry Guards[edit]

Some users may consider configuring non-persistent entry guards so they constantly change. In almost all cases this is inadvisable, because persistent entry guards are a critical security feature as explained in the introduction. A far more secure alternative is Alternating Bridges, although this requires a considerable time investment.

To proceed in spite of the warning, press on expand on the right.

Complete these steps in Whonix-Gateway (Qubes-Whonix: sys-whonix).

1. If using Whonix 12 or earlier, adjust whonixcheck settings.

Open /etc/whonix.d/50_user.conf in an editor with root rights.

If you are using a graphical Whonix or Qubes-Whonix, run.

kdesudo kwrite /etc/whonix.d/50_user.conf

If you are using a terminal-only Whonix, run.

sudo nano /etc/whonix.d/50_user.conf

Add.

whonixcheck_skip_functions+=" check_tor_pid "

Save.

2. Disable Tor using the whonix-setup-wizard (safest option).

Start the whonix-setup-wizard.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Whonix Setup

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Whonix Setup Wizard

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo whonixsetup

Choose the Disable Tor option. Press next.

3. Modify Tor settings.


Open /etc/tor/torrc.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> /etc/tor/torrc

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo nano /etc/tor/torrc

Add.

DataDirectory /var/run/tor

Save.

4. Enable Tor using whonixsetup / whonix-setup-wizard at the new location.

5. Before leaving this location, disable Tor and repeat the above steps if traveling to a different area. To revert to the usual guard nodes at home, remove the torrc setting before enabling the network, or rollback to a VM snapshot that was created there.

Notes[edit]

  • The proposed Tails solutions towards AdvGoalTracking have disadvantages [24] [25] and are not suitable options for Whonix. The reason is Whonix does not connect directly to a user's internet LAN, so trying to remember a network based on its SSID will not work. Unlike wireless access points, physical or virtual wired networks lack SSIDs and cannot be "remembered" that way.
  • Even if it were possible, it is best to avoid letting adversaries influence guard changes in any way. Spoofing MAC addresses or SSIDs would trigger the use of the alternate entry guard recorded for another "location profile". Global networks also have generic characteristics that cannot be differentiated from the point of view of a connecting device, resulting in the same guards being used on different networks.

Blacklist Certain Onion Services from Connecting[edit]


Open /etc/tor/torrc.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> /etc/tor/torrc

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo nano /etc/tor/torrc

The following is an example onion service that is added to /etc/tor/torrc. Replace bbbbbb6qtmqg65g6.onion with the actual onion service that should be blacklisted.

MapAddress bbbbbb6qtmqg65g6.onion 127.0.0.1

Reload Tor.

After editing /etc/tor/torrc, Tor must be reloaded for changes to take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /etc/tor/torrc and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Reload Tor

If you are using a terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Additional SocksPorts[edit]

Adding additional Tor SocksPorts to /etc/tor/torrc is non-intuitive. [26]

As noted in the Tor man page (man tor):

By default, an option on the command line overrides an option found in the configuration file, and an option in a configuration file overrides one in the defaults file.

This rule is simple for options that take a single value, but it can become complicated for options that are allowed to occur more than once: if you specify four SOCKSPorts in your configuration file, and one more SOCKSPort on the command line, the option on the command line will replace all of the SOCKSPorts in the configuration file. If this is not what you want, prefix the option name with a plus sign, and it will be appended to the previous set of options instead.

Nick Mathewson from The Tor Project has also noted: [27]

So to make sure that the SocksPort in the torrc does what you want, write it as +SocksPort.

After adding custom ports, a user would also have to edit the Whonix firewall unless they were lucky. For example, various custom ports for such use cases have already been added. Those are documented here.

UDP[edit]

Reload Tor[edit]

Reload Tor.

After editing /etc/tor/torrc, Tor must be reloaded for changes to take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /etc/tor/torrc and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Reload Tor

If you are using a terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Restart Tor[edit]

Restart Tor.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Restart Tor

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Restart Tor

If you are using a terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Restart Tor.

sudo service tor@default Restart

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Disable Tor[edit]

Disable Tor using the whonix-setup-wizard (safest option).

Start the whonix-setup-wizard.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Whonix Setup

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Whonix Setup Wizard

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo whonixsetup

Choose the Disable Tor option. Press next.

Footnotes / References[edit]

  1. https://trac.torproject.org/projects/tor/ticket/19824
  2. /var/run/tor/log is a Tor configuration file specific to Whonix and an alternative to /var/log/tor/log. The former only contains Tor's output since Whonix-Gateway (sys-whonix) last booted. The latter is a permanent log that persists across reboots. The former has a small usability advantage because it is shorter and should therefore contain more relevant information.
  3. UWT_DEV_PASSTHROUGH=1 curl 10.152.152.10:9100
  4. Even though the attacker can't discover the user's destinations in the network, they still might target a list of known Tor users.
  5. Source:
    torproject.org What are Entry Guards? (w)
    license (w):
    Content on this site is Copyright The Tor Project, Inc.. Reproduction of content is permitted under a Creative Commons Attribution 3.0 United States License (w). All use under such license must be accompanied by a clear and prominent attribution that identifies The Tor Project, Inc. as the owner and originator of such content. The Tor Project Inc. reserves the right to change licenses and permissions at any time in its sole discretion.
  6. https://gitweb.torproject.org/torspec.git/tree/proposals/236-single-guard-node.txt
  7. https://gitweb.torproject.org/torspec.git/tree/proposals/271-another-guard-selection.txt
  8. If the guard node ever becomes unusable, Tor picks a new guard rather than replacing it, and adds it to the end of the list.
  9. Non-primary guards are also selected under various circumstances.
  10. As concluded in ticket research non-persistent Tor directory guards, these are covered by the following instructions.
  11. Even if the adversary cannot enumerate all websites visited by the user, it might reveal sites visited more regularly, such as whonix.org
  12. For example, the entropy associated with one, two or three guards is 9, 17 and 25 bits, respectively.
  13. https://trac.torproject.org/projects/tor/ticket/8240
  14. https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters
  15. For example if the current set of Tor guards is not under their control.
  16. This issue requires further research.
  17. Note that if the problem relates to a dead entry guard(s), Tor is configured to eventually remove them.
  18. If users where to use a alternate command to remove the Tor state folder. The outcome may be broken file persistence across reboots. This is owing to the fact that Qubes-Whonix uses bind-dirs file persistence for the Tor folder and other select directories. This in turn, at the very least would require users to unmount, and then again mount the Tor folder in the same way as bind-dirs does. This would likely be very complicated and time consuming.
  19. As the same Tor entry guard is used.
  20. If Tor fails to start, users should verify the Tor folder has the proper file permissions with the following command sudo ls -l /var/lib/tor
  21. When users reach step 3 in the instructions, move the torrc options from the QubesIncoming directory to the torrc file sudo mv ~/QubesIncoming/sys-whonix-old/torrc /usr/local/etc/torrc.d/50_user.conf
  22. Users should revise instructions as follows
    Step 1 qvm-copy /usr/local/etc/torrc.d/50_user.conf sys-whonix-new
    Step 2 cat ~/QubesIncoming/sys-whonix-old/50_user.conf
    Step 3 sudo mv ~/QubesIncoming/sys-whonix-old/50_user.conf /usr/local/etc/torrc.d/50_user.conf
    Step 4 sudo chown -R root:root /usr/local/etc/torrc.d
  23. If Tor is not running after restart, users can verify the newly migrated torrc options are valid with this command sudo -u debian-tor tor --verify-configThe output should be similar to the following.
    Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc". Configuration was valid
  24. https://tails.boum.org/blueprint/persistent_Tor_state/
  25. https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-june-17th-2015#A_persistent_Tor_state_for_Tails
  26. https://trac.torproject.org/projects/tor/ticket/15261
  27. https://trac.torproject.org/projects/tor/ticket/15261#comment:1
  28. https://trac.torproject.org/projects/tor/ticket/7830

Random News:

Have you read our Documentation, Technical Design and Developer Portal links yet?


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)