Actions

Troubleshooting

From Whonix

Introduction[edit]

The following steps summarize basic troubleshooting instructions, which are described in greater detail below. In basic terms:

  1. Non-Qubes-Whonix ™ only: Verify the Whonix ™ virtual machine images if this has step has not previously been completed.
  2. Ensure the virtual machine images have been imported into a supported virtualizer.
  3. Check if Tor Browser works on the host.
  4. Check if other virtual machines have Internet connectivity, such as newly created ones or those from a different vendor.

Information pertaining to these points should be included in any support request or bug report.

Troubleshooting Steps[edit]

General[edit]

It is recommended to first test if the host Internet connection is functional by using ping. [1]

1. On the host, run.

ping google.com

2. Check the date and time.

date

3. The following command should not show any errors. [2]

sudo dpkg-reconfigure -a

4. The following command should be silent and not show any errors or output at all. [2]

sudo dpkg --configure -a

5. Next attempt to retrieve all available updates.

sudo apt-get update
sudo apt-get dist-upgrade

6. Download the Tor Browser Bundle from torproject.org and test if it is working on the host.

Follow one of the methods outlined in Non-Whonix ™ Tor Browser.

If the Tor Browser Bundle is not functional on the host, then Whonix ™ is unlikely to work either. It is recommended to have a recent Tor Browser Bundle version installed at all times. This way users can test if they live in a censored area or not and whether Tor is blocked by the ISP. Further, if (private) (obfuscated) bridges are necessary for Tor Browser Bundle functionality on the host, then Whonix ™ will similarly require them.

Whonix ™ Network Connectivity Problems[edit]

If networking is unavailable inside Whonix ™, then try:

  1. Installing an operating system in a non-Whonix ™ virtual machine or downloading a regular image without Tor enforcement.
  2. Testing network functionality in a freshly downloaded non-Whonix ™ virtual machine.

If networking is still not functional, then Whonix ™ will not work either. The user must first resolve this issue, which might require re-installation of the virtualizer, followed by a reboot and further connectivity test(s).

If networking is functional, then users should note that networking is working in non-Whonix ™ VMs as part of the support request or bug report.

whonixcheck[edit]

Run whonixcheck to verify that the Whonix ™ system is up-to-date and that everything is in proper working order.

Clock Fix[edit]

In case sdwdate fails to properly randomize the system clock, it is possible [3] to manually set a random value.

The first step should be completed on the host to ensure the host clock is set to the correct time.

1. On the host (Qubes-Whonix ™: dom0), run the following command to report the time in UTC.

date -u

The output should be similar to the following.

Mon Apr 22 04:30:44 UTC 2019

2. Set the correct time in Whonix-Gateway ™ (sys-whonix).

Run the following command with the correct date and time parameters. [4] [5]

  • clock-random-manual-gui: a randomized clock setting (in UTC) is entered via a GUI.
  • clock-random-manual-cli: a randomized clock setting (in UTC) is entered on the command line. For example:
    echo "Fri Sep 30 22:20:00 UTC 2016" | /usr/bin/clock-random-manual-cli

3. Restart sdwdate.

sudo service sdwdate restart

4. If Tor is still not functional, try restarting Tor.

sudo service tor restart

Tor should work once correct clock values are set, but that can be manually tested with whonixcheck.

Clearnet Connectivity Test[edit]

Ambox warning pn.svg.png Warning: The following test might reveal the Whonix ™ platform is in use. If that is a valid concern, then omit this step.

It is possible to check if a non-torified, non-anonyomus, direct connection to check.torproject.org is functional. [6]

On Whonix-Gateway ™, run.

sudo -u clearnet UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https -H 'Host: check.torproject.org' -k https://138.201.14.212

Qubes-specific[edit]

Connectivity Issue[edit]

Complete the following steps:

  1. Shut down sys-whonix.
  2. Change the sys-whonix NetVM setting from sys-firewall to sys-net.
  3. Restart sys-whonix.

This procedure might help, but should not be considered a final solution. [7]

Low RAM Issues[edit]

When available RAM is insufficient to meet the Whonix ™ VM requirements, problems can emerge which make the VM(s) unusable. Factors that commonly contribute to low RAM issues in Whonix ™ include:

  • Unnecessary processes running and/or multi-tasking on the host OS.
  • Multiple browser tabs being open.
  • Unnecessary processes running in the Whonix ™ VM(s).
  • Allocating more RAM to the Whonix ™ VM than is available; this prevents the VM from booting.
  • Insufficient RAM allocated to the Whonix ™ VM(s).
  • Other non-Whonix ™ VMs running in parallel.

While insufficient RAM can cause a host of issues, behaviors most commonly seen with low memory resources include:

  • Applications are slow or unresponsive.
  • The virtual machine, mouse and/or keyboard freeze.
  • Scrolling causes window staggers or jumps.
  • Issues become worse when additional browser tabs or processes are spawned.
  • Overall performance is poor.

Free up Additional Memory Resources[edit]

If additional memory is needed for the virtual machine, then free up resources and/or add more RAM to the virtual machine:

  • Terminate any non-essential processes on the host.
  • Shutdown any non-essential VMs.
  • Shutdown and/or close non-essential processes and browser tabs in Whonix ™ VMs.
  • Non-Qubes-Whonix ™ only: If low memory issues are experienced in Whonix-Workstation ™, additional resources can be freed by reducing RAM in Whonix-Gateway ™ with rads.

To add additional RAM to the Whonix ™ VM(s), follow the platform-specific advice below.

KVM[edit]

1. Shutdown the virtual machine(s).

virsh -c qemu:///system shutdown <vm_name>

2. Increase the maximum memory.

virsh setmaxmem <vm_name> <memsize> --config

3. Set the actual memory.

virsh setmem <vm_name> <memsize> --config

4. Restart the virtual machine(s).

virsh -c qemu:///system start <vm_name>

Qubes-Whonix ™[edit]

Utilize Qube Manager:

  • Qube ManagerVM_nameQubes settingsAdvancedMax memory: mem_size

VirtualBox[edit]

  1. To add RAM in VirtualBox the VM must first be powered down.
  2. Virtual machineMenuSettingsAdjust Memory sliderHit: OK

Why can't I Ping the Whonix-Gateway ™?[edit]

The Whonix-Gateway ™ does not respond to ping or similar commands because it is firewalled for security reasons; see /usr/bin/whonix_firewall or refer to the Whonix ™ source code. In most cases it is unnecessary to ping the Whonix-Gateway ™ anyhow.

If you insist on pinging the Whonix-Gateway ™ or have a unique setup that requires it, then this can be tested by clearing all firewall rules with the dev_clearnet script. Alternatively, a script can be run to try and unload / remove every iptables rule, or the Whonix ™ firewall can be hacked to not load at all. The latter method is only for experts and it is necessary to comment out exit 0 at the beginning.

System Logs[edit]

[8]

Check Systemd Journal Log of Current Boot[edit]

Users can inspect Systemd Journal Log of Current Boot.

sudo journalctl -b

The above command requires pressing arrow keys such as up, down, left, right, page up, page down for scrolling.

For convenient reading of the log until the time of issuing the command, the log could be dumped for example to file ~/systemd-log with the following command.

sudo journalctl -b > ~/systemd-log

Then use any editor of your choice to read it such as mousepad.

mousepad ~/systemd-log

Watch Systemd Journal Log of Current Boot[edit]

Users can also watch Systemd Journal Log as it is written.

sudo journalctl -b -f

Enable Persistent Systemd Journal Log[edit]

Persistent systemd journal log is not enabled by Debian default. [9]

Enable persistent systemd journal log.

  • Non-Qubes-Whonix: Nothing special to note.
  • Qubes users: The following changes need to be applied in a VM with persistent root image such as TemplateVM or StandaloneVM. Could be confusing in TemplateBasedVMs since systemd journal log might mix up with boots by TemplateVM while AppVM systemd journal logs would still not persist. If bind-dirs could help is yet to be researched.

Create folder /etc/systemd/journald.conf.d.

sudo mkdir -p /etc/systemd/journald.conf.d

Open file /etc/systemd/journald.conf.d/60_persistent_journal.conf in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security. This is an example. Other tools could archive the same goal too. If this example does not work for you or if you are not using Whonix, please see this link.

sudoedit /etc/systemd/journald.conf.d/60_persistent_journal.conf

Add.

[Journal]
Storage=persistent

Save.

Restart systemd-journald.

sudo systemctl restart systemd-journald

Done. Persistent systemd journal log has been enabled.

Check Systemd Journal Log of Previous Boot[edit]

After Enable Persistent Systemd Journal Log users can inspect Systemd Journal Log of Previous Boot.

sudo journalctl -b -1

The above command requires pressing arrow keys such as up, down, left, right, page up, page down for scrolling.

For convenient reading of the log until the time of issuing the command, the log could be dumped for example to file ~/systemd-log-previous with the following command.

sudo journalctl -b -1 > ~/systemd-log-previous

Then use any editor of your choice to read it such as mousepad.

mousepad ~/systemd-log-previous

View List of Systemd Journal Logs[edit]

sudo journalctl --list-boots

See Also[edit]

Footnotes[edit]

  1. For example, ping 8.8.8.8, ping google.com and so on.
  2. 2.0 2.1 This process can be lengthy.
  3. Since Whonix 14.
  4. A non-zero exit codes signifies an error, while 0 means it succeeded.
  5. Also see:
    man clock-random-manual-gui
    man clock-random-manual-cli
  6. This test only uses TCP and not DNS.
  7. This procedure was useful for Qubes-Whonix ™ R3.2 users, although the Qubes bug report is now resolved: https://github.com/QubesOS/qubes-issues/issues/2141
  8. "user support template": https://forums.whonix.org/t/workstation-keeps-freezing/7693/6
  9. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801906

No user support in comments. See Support. Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.


Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.


Random News:

Please consider a recurring donation!


https | (forcing) onion

Follow: Twitter | Facebook | gab.ai | Stay Tuned | Whonix News

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.