Actions

Troubleshooting

From Whonix


Introduction[edit]

The following steps summarize basic troubleshooting instructions, which are described in greater detail below. In basic terms:

  1. Non-Qubes-Whonix ™ only: Verify the Whonix ™ virtual machine images if this has step has not previously been completed.
  2. Ensure the virtual machine images have been imported into a supported virtualizer.
  3. Check if Tor Browser [archive] works on the host.
  4. Check if other virtual machines have Internet connectivity, such as newly created ones or those from a different vendor.

Information pertaining to these points should be included in any support request or bug report.

Troubleshooting Steps[edit]

General[edit]

It is recommended to first test if the host Internet connection is functional by using ping. [1]

1. On the host, run.

ping google.com

2. Check the date and time.

date

3. The following command should not show any errors. [2]

sudo dpkg-reconfigure -a

4. The following command should be silent and not show any errors or output at all. [2]

sudo dpkg --configure -a

5. Next attempt to retrieve all available updates.

sudo apt-get update
sudo apt-get dist-upgrade

6. Download the Tor Browser Bundle from torproject.org [archive] and test if it is working on the host.

Follow one of the methods outlined in Non-Whonix ™ Tor Browser.

If the Tor Browser Bundle is not functional on the host, then Whonix ™ is unlikely to work either. It is recommended to have a recent Tor Browser Bundle version installed at all times. This way users can test if they live in a censored area or not and whether Tor is blocked by the ISP. Further, if (private) (obfuscated) bridges are necessary for Tor Browser Bundle functionality on the host, then Whonix ™ will similarly require them.

Whonix ™ Network Connectivity Problems[edit]

If networking is unavailable inside Whonix ™, then try:

  1. Installing an operating system in a non-Whonix ™ virtual machine or downloading a regular image without Tor enforcement.
  2. Testing network functionality in a freshly downloaded non-Whonix ™ virtual machine.

If networking is still not functional, then Whonix ™ will not work either. The user must first resolve this issue, which might require re-installation of the virtualizer, followed by a reboot and further connectivity test(s).

If networking is functional, then users should note that networking is working in non-Whonix ™ VMs as part of the support request or bug report.

whonixcheck[edit]

Run whonixcheck to verify that the Whonix ™ system is up-to-date and that everything is in proper working order.

Clock Fix[edit]

In case sdwdate fails to properly randomize the system clock, it is possible [3] to manually set a random value.

The first step should be completed on the host to ensure the host clock is set to the correct time.

1. On the host (Qubes-Whonix ™: dom0), run the following command to report the time in UTC.

date -u

The output should be similar to the following.

Mon Apr 22 04:30:44 UTC 2019

2. Set the correct time in Whonix-Gateway ™ (sys-whonix).

Run the following command with the correct date and time parameters. [4] [5]

  • clock-random-manual-gui: a randomized clock setting (in UTC) is entered via a GUI.
  • clock-random-manual-cli: a randomized clock setting (in UTC) is entered on the command line. For example:
    echo "Sat Oct 26 07:18:25 UTC 2019" | /usr/bin/clock-random-manual-cli

3. Restart sdwdate.

sudo service sdwdate restart

4. If Tor is still not functional, try restarting Tor.

sudo service tor restart

Tor should work once correct clock values are set, but that can be manually tested with whonixcheck.

Clearnet Connectivity Test[edit]

Ambox warning pn.svg.png Warning: The following test might reveal the Whonix ™ platform is in use. If that is a valid concern, then omit this step.

It is possible to check if a non-torified, non-anonyomus, direct connection to check.torproject.org is functional. [6]

On Whonix-Gateway ™, run.

sudo -u clearnet UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https -H 'Host: check.torproject.org' -k https://138.201.14.212

Qubes-specific[edit]

Connectivity Issue[edit]

Complete the following steps:

  1. Shut down sys-whonix.
  2. Change the sys-whonix NetVM setting from sys-firewall to sys-net.
  3. Restart sys-whonix.

This procedure might help, but should not be considered a final solution. [7]

Low RAM Issues[edit]

When available RAM is insufficient to meet the Whonix ™ VM requirements, problems can emerge which make the VM(s) unusable. Factors that commonly contribute to low RAM issues in Whonix ™ include:

  • Unnecessary processes running and/or multi-tasking on the host OS.
  • Multiple browser tabs being open.
  • Unnecessary processes running in the Whonix ™ VM(s).
  • Allocating more RAM to the Whonix ™ VM than is available; this prevents the VM from booting.
  • Insufficient RAM allocated to the Whonix ™ VM(s).
  • Other non-Whonix ™ VMs running in parallel.

While insufficient RAM can cause a host of issues, behaviors most commonly seen with low memory resources include:

  • Applications are slow or unresponsive.
  • The virtual machine, mouse and/or keyboard freeze.
  • Scrolling causes window staggers or jumps.
  • Issues become worse when additional browser tabs or processes are spawned.
  • Overall performance is poor.

Free up Additional Memory Resources[edit]

If additional memory is needed for the virtual machine, then free up resources and/or add more RAM to the virtual machine:

  • Terminate any non-essential processes on the host.
  • Shutdown any non-essential VMs.
  • Shutdown and/or close non-essential processes and browser tabs in Whonix ™ VMs.
  • Non-Qubes-Whonix ™ only: If low memory issues are experienced in Whonix-Workstation ™, additional resources can be freed by reducing RAM in Whonix-Gateway ™ with rads.

To add additional RAM to the Whonix ™ VM(s), follow the platform-specific advice below.

KVM[edit]

1. Shutdown the virtual machine(s).

virsh -c qemu:///system shutdown <vm_name>

2. Increase the maximum memory.

virsh setmaxmem <vm_name> <memsize> --config

3. Set the actual memory.

virsh setmem <vm_name> <memsize> --config

4. Restart the virtual machine(s).

virsh -c qemu:///system start <vm_name>

Qubes-Whonix ™[edit]

Utilize Qube Manager:

  • Qube ManagerVM_nameQubes settingsAdvancedMax memory: mem_size

VirtualBox[edit]

  1. To add RAM in VirtualBox the VM must first be powered down.
  2. Virtual machineMenuSettingsAdjust Memory sliderHit: OK

Why can't I Ping the Whonix-Gateway ™?[edit]

The Whonix-Gateway ™ does not respond to ping or similar commands because it is firewalled for security reasons; see /usr/bin/whonix_firewall or refer to the Whonix ™ source code. In most cases it is unnecessary to ping the Whonix-Gateway ™ anyhow.

If you insist on pinging the Whonix-Gateway ™ or have a unique setup that requires it, then this can be tested by clearing all firewall rules with the dev_clearnet [archive] script. Alternatively, a script can be run to try and unload / remove every iptables rule, or the Whonix ™ firewall can be hacked to not load at all. The latter method is only for experts and it is necessary to comment out exit 0 at the beginning.

System Logs[edit]

[8]

Check Systemd Journal Log of Current Boot[edit]

To inspect the systemd journal log of the current boot, run.

sudo journalctl -b

This command requires pressing arrow keys like ↑, ↓, ←, →, as well as PgUp and PgDn for scrolling.

For convenient reading of the log (until the command is issued), the log can be dumped to file. For example, the following command would write the log to file ~/systemd-log.

sudo journalctl -b > ~/systemd-log

Use any available editor to read the log file, such as mousepad.

mousepad ~/systemd-log

Watch Systemd Journal Log of Current Boot[edit]

It is possible to to watch the systemd journal log as it is written.

sudo journalctl -b -f

Enable Persistent Systemd Journal Log[edit]

By default, a persistent systemd journal log is not enabled in Debian. [9]

Enable persistent systemd journal log:

  • Non-Qubes-Whonix: No special action is required.
  • Qubes users: The following changes must be applied in a VM with a persistent root image such as TemplateVM or StandaloneVM. It could be confusing if applied in TemplateBasedVMs since the systemd journal log might be mixed up with boots by the TemplateVM, while the AppVM systemd journal logs would not be persistent. bind-dirs [archive] might be helpful, but that requires further research.

Create folder /etc/systemd/journald.conf.d.

sudo mkdir -p /etc/systemd/journald.conf.d

Open file /etc/systemd/journald.conf.d/60_persistent_journal.conf in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security [archive]. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /etc/systemd/journald.conf.d/60_persistent_journal.conf

Add.

[Journal]
Storage=persistent

Save.

Restart systemd-journald.

sudo systemctl restart systemd-journald

A persistent systemd journal log has now been enabled.

Check Systemd Journal Log of Previous Boot[edit]

After following the Enable Persistent Systemd Journal Log steps, it is possible to inspect the systemd journal log of the previous boot.

sudo journalctl -b -1

This command requires pressing arrow keys like ↑, ↓, ←, →, as well as PgUp and PgDn for scrolling.

For convenient reading of the log until the time of issuing the command, the log can be dumped to file. For example, the following command would write the log to file ~/systemd-log-previous.

sudo journalctl -b -1 > ~/systemd-log-previous

Use any available editor to read the log file, such as mousepad.

mousepad ~/systemd-log-previous

View List of Systemd Journal Logs[edit]

sudo journalctl --list-boots

See Also[edit]

Footnotes[edit]

  1. For example, ping 8.8.8.8, ping google.com and so on.
  2. 2.0 2.1 This process can be lengthy.
  3. Since Whonix 14.
  4. A non-zero exit codes signifies an error, while 0 means it succeeded.
  5. Also see:
    man clock-random-manual-gui
    man clock-random-manual-cli
  6. This test only uses TCP and not DNS.
  7. This procedure was useful for Qubes-Whonix ™ R3.2 users, although the Qubes bug report is now resolved: https://github.com/QubesOS/qubes-issues/issues/2141 [archive]
  8. "user support template": https://forums.whonix.org/t/workstation-keeps-freezing/7693/6 [archive]
  9. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801906 [archive]


Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables [archive]. Please come and introduce yourself in the development forum [archive].

https [archive] | (forcing) onion [archive]
Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.

Monero donate whonix.png