Actions

Tor

From Whonix


Tor Icon

Configuration[edit]

Introduction[edit]

Info All unique Tor configurations should be stored in /usr/local/etc/torrc.d/50_user.conf and nowhere else. [1] [2] Note that Whonix will not modify /usr/local/etc/torrc.d/50_user.conf once it is created, therefore the user is responsible for adding or removing specific configurations in this file.

Edit Tor Configuration[edit]

Open /usr/local/etc/torrc.d/50_user.conf.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named sys-whonix)Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSettings/usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Whonix-Gateway ™, complete the following steps.

sudo nano /usr/local/etc/torrc.d/50_user.conf

Configuration Check[edit]

To discover if there are any Tor configuration syntax errors and to see which Tor configuration files are processed in which order, run the following command inside Whonix-Gateway ™ (Qubes-Whonix ™: sys-whonix).

anon-verify

The output should be similar to the following.

/===================================================================\
|                      Report Summary                               |
\===================================================================/
No error detected in your Tor configuration.
Tor verify exit code: 0
/===================================================================\
|                      Tor Full Report                              |
\===================================================================/
Aug 09 19:29:56.669 [notice] Tor 0.3.3.9 (git-ca1a436fa8e53a32) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
Aug 09 19:29:56.669 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 09 19:29:56.669 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Aug 09 19:29:56.669 [notice] Read configuration file "/etc/tor/torrc".
Aug 09 19:29:56.672 [notice] You configured a non-loopback address '10.137.8.1:5300' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Aug 09 19:29:56.672 [notice] You configured a non-loopback address '10.137.8.1:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Configuration was valid
/===================================================================\
|                 Used Tor Configuration Files                      |
\===================================================================/
5 files are used as Tor configuration files: 
/usr/share/tor/tor-service-defaults-torrc /etc/tor/torrc /etc/torrc.d/95_whonix.conf /usr/local/etc/torrc.d/40_tor_control_panel.conf /usr/local/etc/torrc.d/50_user.conf
=====================================================================

Log Analysis[edit]

Introduction[edit]

Analysis of Tor's log can be useful if connectivity issues emerge.

Open Tor Log[edit]

Users can inspect two logs:

  • The persistent Tor log: /var/log/tor/log; and/or
  • The Tor log since last boot: /var/run/tor/log [3]

Open file /var/run/tor/log in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security [archive]. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /var/run/tor/log

Watch Tor Log[edit]

Users can also watch Tor's log as it is written.

sudo tail -f /var/run/tor/log

This command is especially useful when Tor is reloaded or restarted simultaneously in another terminal window.

To reload Tor, run the following command.

sudo service tor@default reload

To restart Tor, run the following command.

sudo service tor@default restart

Permissions Fix[edit]

If error messages like the following appear.

Oct 24 07:22:15.693 [warn] Directory /var/lib/tor/.tor cannot be read: Permission denied
Oct 25 12:35:07.460 [warn] Directory /var/lib/tor cannot be read: Permission denied
Oct 25 12:35:07.460 [warn] Failed to parse/validate config: Couldn't access private data directory "/var/lib/tor"

Then apply the following steps.

1. Open a terminal.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named sys-whonix)Xfce Terminal

If you are using a graphical Whonix with XFCE, run.

Start MenuXfce Terminal

2. Apply a permissions fix for the Tor data folder.

sudo chown --recursive debian-tor:debian-tor /var/lib/tor

3. Restart Tor.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named 'sys-whonix')Restart Tor

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSettingsRestart Tor

If you are using a terminal-only Whonix-Gateway ™, press on Expand on the right.

Complete the following steps.

Restart Tor.

sudo service tor@default Restart

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

anon-verify

The output should be similar to the following.

/===================================================================\
|                      Report Summary                               |
\===================================================================/
No error detected in your Tor configuration.

Error messages should no longer appear after completing these steps. [4]

Non-Issues[edit]

Message / Question Answer
Am I compromised? Does Tor's log report leaks? Tor's output is an ineffective tool for discovering serious issues such as a compromise or leaks.
[WARN] Socks version 71 not recognized. (Tor is not an http proxy.)

This warning is caused by whonixcheck, specifically the function check_tor_socks_port_reachability which checks if a Tor SocksPort is reachable by trying to fetch it using curl. [5] No warnings appear if the function works correctly.

[warn] Socks version 71 not recognized. (This port is not an HTTP proxy; did you want to use HTTPTunnelPort?) Similar to above.
[NOTICE] You configured a non-loopback address '10.152.152.10:9179' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted. [1 duplicate hidden] This notice may reference other port numbers, or the DnsPort or TransPort. This notice is not a concern because Tor really listens on that IP/port - it is the internal network interface for Whonix-Gateway ™ (sys-whonix) that is only available to Whonix-Workstation ™s because Whonix-Gateway ™ (sys-whonix) is firewalled. See /usr/bin/whonix_firewall or the Whonix ™ source code for further information.
[NOTICE] New control connection opened. [2 duplicates hidden] A higher number of duplicate messages may also appear. This notice is not a concern because it is caused by whonixcheck's Tor Bootstrap Status Test, which uses Tor's ControlPort or CPFP.

Version Number[edit]

To discover what Tor version is currently in use, run the following command inside Whonix-Gateway ™ (Qubes-Whonix ™: sys-whonix).

anon-info

The output should be similar to the following.

INFO: version of the 'tor' package: 0.4.2.7-1~d10.buster+1

Advanced Topics[edit]

Additional SocksPorts[edit]

Adding additional Tor SocksPorts to /usr/local/etc/torrc.d/50_user.conf is non-intuitive. [6]

As noted in the Tor man page (man tor):

By default, an option on the command line overrides an option found in the configuration file, and an option in a configuration file overrides one in the defaults file.

This rule is simple for options that take a single value, but it can become complicated for options that are allowed to occur more than once: if you specify four SOCKSPorts in your configuration file, and one more SOCKSPort on the command line, the option on the command line will replace all of the SOCKSPorts in the configuration file. If this is not what you want, prefix the option name with a plus sign, and it will be appended to the previous set of options instead.

Nick Mathewson from The Tor Project has also noted: [7]

So to make sure that the SocksPort in the torrc does what you want, write it as +SocksPort.

After adding custom ports, a user would also have to edit the Whonix ™ firewall unless they were lucky. For example, various custom ports for such use cases have already been added. Those are documented here.

Blacklist Certain Onion Services from Connecting[edit]

Info This procedure is experimental. Testers only.

Open /usr/local/etc/torrc.d/50_user.conf.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named sys-whonix)Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSettings/usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Whonix-Gateway ™, complete the following steps.

sudo nano /usr/local/etc/torrc.d/50_user.conf

The following is an example onion service that is added to /usr/local/etc/torrc.d/50_user.conf. Replace bbbbbb6qtmqg65g6.onion with the actual onion service that should be blacklisted.

MapAddress bbbbbb6qtmqg65g6.onion 127.0.0.1

Reload Tor.

After editing /usr/local/etc/torrc.d/50_user.conf, Tor must be reloaded for changes to take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /usr/local/etc/torrc.d/50_user.conf and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named 'sys-whonix')Reload Tor

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSettingsReload Tor

If you are using a terminal-only Whonix-Gateway ™, click HERE for instructions.

Complete the following steps.

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/usr/local/etc/torrc.d/50_user.conf".
Configuration was valid

Entry Guards[edit]

This entry has been moved here.

Manual Bridge Configuration[edit]

It is recommended to first read the main Bridges article.

For the majority of users, the Anon Connection Wizard GUI application is suitable for bridge configuration. The manual bridge configuration steps below are only recommended for advanced users.

Step 1: Access Tor Configuration to Add Bridges[edit]

Open /usr/local/etc/torrc.d/50_user.conf.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named sys-whonix)Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSettings/usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Whonix-Gateway ™, complete the following steps.

sudo nano /usr/local/etc/torrc.d/50_user.conf

Step 2: Edit Tor Configuration[edit]

Use obfs4 Bridges[edit]

1. Open /usr/local/etc/torrc.d/50_user.conf in an editor.

Copy and paste the following text to enable the use of obfs4 bridges. [8] [9]

UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy

2. Add the bridge IP addresses that were sourced in the Finding a Bridge and Choosing the Right Protocol section.

Copy and paste the IP addresses to the very bottom of /usr/local/etc/torrc.d/50_user.conf, after the ClientTransportPlugin entries. Users must ensure that "bridge" appears at the beginning of each line.

Info In the obfs4 example below:

  • Do not copy and paste this list of bridge entries to the 50_user.conf file. They will not work.
  • Retrieve obfs4 bridges [archive] from The Tor Project before editing this file.
  • Capitalization in the 50_user.conf file matters. For example, bridges will not connect if users type "Bridge" instead of "bridge".

Obfs4 example text to add to /usr/local/etc/torrc.d/50_user.conf.

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0
bridge obfs4 34.218.26.20:43263 DD21A551767816A0C9495 cert=7qzS6KASquPvJU82Fm7qoJw iat-mode=0
bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

The sample text for a complete obfs4 torrc file is below. Check your file is similar, except for the specific bridge entries.

# This file is part of Whonix
# Copyright (C) 2012 - 2013 adrelanos
# See the file COPYING for copying conditions.

# Use this file for your user customizations.
# Please see /usr/local/etc/torrc.d/50_user.conf.examples for help, options, comments etc.

# Anything here will override {{project name}} own Tor config customizations in /usr/share/tor/tor-service-defaults-torrc

# Enable Tor through whonixsetup or manually uncomment "DisableNetwork 0" by
# removing the # in front of it.
DisableNetwork 0
UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0
bridge obfs4 34.218.26.20:43263 DD21A551767816A0C9495 cert=7qzS6KASquPvJU82Fm7qoJw iat-mode=0
bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

[10]

3. After /usr/local/etc/torrc.d/50_user.conf editing is finished, save and exit.

<Ctrl-X> --> press Y --> <Enter>

Use meek_lite Bridges[edit]

meek_lite bridges are available. To use them, simply add one more line to the /usr/local/etc/torrc.d/50_user.conf file. Take note the bridge type is called meek_lite, not meek which is used in Tor Browser Bundle. [11]

1. Open /usr/local/etc/torrc.d/50_user.conf in an editor.

Copy and paste the following text to enable meek_lite bridges.

UseBridges 1
ClientTransportPlugin meek_lite exec /usr/bin/obfs4proxy

2. Add a meek_lite bridge to the configuration file.

An example of meek_lite text that must be added to the /usr/local/etc/torrc.d/50_user.conf file is below. The bridge in this example is functional, so a search for other meek_lite bridges is unnecessary.

bridge meek_lite 0.0.2.0:2 B9E7141C594AF25699E0079C1F0146F409495296 url=https://d2cly7j4zqgua7.cloudfront.net/ front=a0.awsstatic.com

3. After /usr/local/etc/torrc.d/50_user.conf editing is finished, save and exit.

<Ctrl-X> --> press Y --> <Enter>

Step 3: Enable Tor[edit]

Follow this procedure if it has not been previously completed.

Enable Tor using Anon Connection Wizard (easiest option).

Start Anon Connection Wizard.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named sys-whonix)Anon Connection Wizard

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSystemAnon Connection Wizard

If you are using a terminal Whonix-Gateway ™, type.

lxsudo anon-connection-wizard

Choose the Enable Tor option. Press next.

Step 4: Have /usr/local/etc/torrc.d/50_user.conf Changes Take Effect[edit]

Reload Tor.

After editing /usr/local/etc/torrc.d/50_user.conf, Tor must be reloaded for changes to take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /usr/local/etc/torrc.d/50_user.conf and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named 'sys-whonix')Reload Tor

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSettingsReload Tor

If you are using a terminal-only Whonix-Gateway ™, click HERE for instructions.

Complete the following steps.

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/usr/local/etc/torrc.d/50_user.conf".
Configuration was valid

Tor Functions[edit]

Disable Tor[edit]

Disable Tor using Anon Connection Wizard (safest option).

Start Anon Connection Wizard.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named sys-whonix)Anon Connection Wizard

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSystemAnon Connection Wizard

If you are using a terminal Whonix-Gateway ™, type.

lxsudo anon-connection-wizard

Choose the Disable Tor option. Press next.

Reload Tor[edit]

Reload Tor.

After editing /usr/local/etc/torrc.d/50_user.conf, Tor must be reloaded for changes to take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /usr/local/etc/torrc.d/50_user.conf and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named 'sys-whonix')Reload Tor

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSettingsReload Tor

If you are using a terminal-only Whonix-Gateway ™, click HERE for instructions.

Complete the following steps.

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/usr/local/etc/torrc.d/50_user.conf".
Configuration was valid

Restart Tor[edit]

Restart Tor.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named 'sys-whonix')Restart Tor

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSettingsRestart Tor

If you are using a terminal-only Whonix-Gateway ™, press on Expand on the right.

Complete the following steps.

Restart Tor.

sudo service tor@default Restart

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

anon-verify

The output should be similar to the following.

/===================================================================\
|                      Report Summary                               |
\===================================================================/
No error detected in your Tor configuration.

vanguards[edit]

See Vanguards.

UDP[edit]

Ambox notice.png The Tor software does not yet support UDP, [12] although Tor provides a DnsPort.

If UDP is urgently required in Whonix ™, a limited workaround is provided. For the most secure method, see Tunnel UDP over Tor.

ICMP[edit]

Same as above.

FAQ[edit]

Whonix ™ is Preventing Tor from Bootstrapping![edit]

Refer to the related Whonix ™ has Slowed Tor Connections Dramatically! wiki entry. Bootstrapping problems can relate to nation state or ISP censorship of Tor, or relate to the Tor guard in operation. In the latter case, temporarily changing the Tor guard might resolve the issue.

If that is ineffective, users can also:

Can I Speed Up Tor or the Whonix-Gateway ™?[edit]

Is there a way to configure the number of nodes in a circuit and to allow selection according to their speeds?

Info Reminder: Whonix ™ Reliance on Debian (and Tor) - "Whonix ™ is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Whonix ™." Tor configurations are not limited by using Whonix ™.

Those who already know how to configure Tor in this way on the command line in vanilla Debian can follow the same procedure in Whonix-Gateway ™. This is not an endorsement for making these manual Tor changes because it is not recommended by Tor developers and thus the Whonix ™ team. [13] This is also the reason there are no instructions in the Whonix ™ documentation to manipulate Tor nodes in this way.

That said, if general instructions were found describing how to achieve this on the host, then the same procedure could simply be repeated in Whonix-Gateway ™.

Does Whonix ™ Modify Tor?[edit]

Info Tor [archive] is an anonymizer developed by The Tor Project. Tor Browser is a web browser developed by the Tor Project [archive] which is optimized for privacy. Please do not confuse Tor with Tor Browser when conversing about Whonix ™ topics.

For differences of Tor Browser by Tor Project compared to Tor Browser in Whonix ™ see Whonix ™ Tor Browser Differences.

Info Whonix ™ does not modify the Tor package itself.

Although Whonix ™ does not modify Tor, the Tor configuration file has been adapted for Whonix ™. To inspect the relevant files, check the following on Whonix-Gateway ™: [14]

  • /etc/tor/torrc file.
  • /etc/torrc.d folder.
  • /usr/local/etc/torrc.d/ folder.
  • /usr/share/tor/tor-service-defaults-torrc file.

Tor is not patched and the normal Tor deb package is used in Whonix ™ from deb.torproject.org.

Any changes to the Tor routing algorithm should be proposed, discussed and eventually implemented upstream in Tor on torproject.org. [15] If proposed changes are not adopted by The Tor Project, then the option to create a Tor fork [16] is available. Tor has already been forked at least once.

A general Whonix ™ design principle is to keep the Tor process as uniform as possible, in order to simplify any security audits. Diverging from this practice would introduce unnecessary complexity, possibly worsen fingerprinting or degrade anonymity, and limit Whonix ™ discussions to the security impacts of the modified routing algorithm. For these reasons, the Whonix ™ team is strongly disinclined to make any direct changes to the Tor package.

Can Whonix ™ Improve Tor?[edit]

As outlined in the previous section, Whonix ™ will not implement any changes to Tor directly and any suggested improvements or bug fixes are proposed upstream on torproject.org. This has already happened on occasion. Creating Whonix ™ is a difficult and time consuming endeavor, so Tor improvements are better left to dedicated, skilled developers who are more knowledgeable in this area.

Skilled coders can always provide upstream patches to Tor, or as a last resort, fork [16] it. Hypothetically, if a fork [16] developed a greater following than the original project due to proven security / anonymity benefits, then Whonix ™ would seriously consider making a switch.

Tor Routing Algorithm[edit]

Quote Tor Project FAQ Can I control which nodes (or country) are used for entry/exit? [archive]

Yes. You can set preferred entry and exit nodes as well as inform Tor which nodes you do not want to use. The following options can be added to your config file torrc or specified on the command line:

[...]

We recommend you do not use these — they are intended for testing and may disappear in future versions. You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand.

To make changes to the Tor routing algorithm which benefit anonymity and not actually worsen anonymity it is required to be more clever than the Tor developers. Many questions, suggestions and discussions online only scratch the surface and are unaware of the informational resources:

The following resources describe the organizational structure of the Whonix ™ project in relation to The Tor Project, Debian and other upstream sources.

See also:

How do I Change Other Tor Settings?[edit]

Questions are often raised in forums about how other Tor-specific changes can be made in Whonix ™, such as excluding specific exit nodes. [17]

In many cases, making such changes is already documented Whonix ™ Documentation. In other cases such changes are discouraged.

In all instances:

  1. Changes must be made to the Tor configuration file as per Edit Tor Configuration.
  2. Refer to the Tor Project Manual [archive] for specific configuration details.

For example, to exclude exit nodes from the Five Eyes countries the Tor configuration would include the following lines:

Discouraged!

ExcludeExitNodes {us},{au},{ca},{nz},{gb}
StrictNodes 1

A Configuration Check should be run afterwards inside Whonix-Gateway ™ (Qubes-Whonix ™: sys-whonix) to confirm there are no Tor configuration syntax errors. As these configurations are specific to Tor (and not Whonix ™), the Free Support Principle applies.

How do I Install the Latest Tor Version?[edit]

Follow the instructions here to install later Tor versions from either:

  • the Whonix ™ repository; or
  • Tor Project APT repositories; or
  • Tor Project source code.

Further Reading[edit]

Footnotes / References[edit]

  1. Folder /usr/local/etc/torrc.d is not a real drop-in folder yet due to an upstream issue [archive].
  2. /usr/local/etc/torrc.d/40_tor_control_panel.conf is auto generated. It can be examined but changes should only be made to /usr/local/etc/torrc.d/50_user.conf.
  3. /var/run/tor/log is a Tor configuration file specific to Whonix ™ and an alternative to /var/log/tor/log. The former only contains Tor's output since Whonix-Gateway ™ (sys-whonix) last booted. The latter is a permanent log that persists across reboots. The former has a small usability advantage because it is shorter and should therefore contain more relevant information.
  4. whonixcheck check /var/lib/tor folder permission [archive]
  5. UWT_DEV_PASSTHROUGH=1 curl 10.152.152.10:9100

  6. https://trac.torproject.org/projects/tor/ticket/15261 [archive]
  7. https://trac.torproject.org/projects/tor/ticket/15261#comment:1 [archive]
  8. obfs3 bridges have been deprecated.
  9. ClientTransportPlugin fte exec /usr/bin/fteproxy --managed

  10. fte example text to add to /usr/local/etc/torrc.d/50_user.conf. fte is supported in Whonix ™ 15, but further testing is required; see: https://phabricator.whonix.org/T520 [archive]
    ClientTransportPlugin fte exec /usr/bin/fteproxy --managed
    bridge fte 10.200.100.60:95128 4352e58420e68f5e40bf7c74faddccd9d1349413
    bridge fte 300.100.300.80:23521 4352e58420e68f5e40bf7c74faddccd9d1349413

  11. meek_lite actually uses a different implementation of obfs4proxy. Forum discussion: https://forums.whonix.org/t/censorship-circumvention-tor-pluggable-transports/2601/3 [archive]
  12. https://trac.torproject.org/projects/tor/ticket/7830 [archive]
  13. Deferring to their expertise on the possible adverse anonymity effects.
  14. Changes to the configuration file are made by the anon-gw-anonymizer-config [archive] package.
  15. This means changes occur for all Tor users and not a subset relying on a particular distribution.
  16. 16.0 16.1 16.2 https://en.wikipedia.org/wiki/Fork_(software_development) [archive]
  17. http://forums.whonix.org/t/how-to-set-an-exit-node-in-wonix-of-qubesos/9070 [archive]


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

We are looking for video makers to help create demonstration, promotional and conceptual videos or tutorials.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.