Actions

Troubleshooting

From Whonix


Troubleshooting-114197640.jpg

The following steps summarize basic troubleshooting instructions, which are described in greater detail below. In basic terms:

  1. Exclude basic hardware issues.
  2. Ensure the virtual machine images have been imported into a supported virtualizer listed on the Download page.
  3. In case of connectivity issues: Check if Tor Browser [archive] works on the host. Reason: Network Obstacle
  4. In case of connectivity issues: Check if other virtual machines have Internet connectivity, such as newly created ones or those from a different vendor.

Information pertaining to these points should be included in any support request or bug report.

Troubleshooting Steps[edit]

General[edit]

1. "Forget" about Whonix ™ for a moment and imagine you had never heard of the platform. Test your host computer first.

2. Test if the host internet connection is functional. [1]

Open different websites such as whonix.org in a host web browser.

3. Check the date and time. [2]

If the host clock is more than 1 hour in the past or more than 3 hours in the future, Tor cannot connect. Fix that first if host time is wrong.

4. Linux users only: The following command should not show any errors. [3]

sudo dpkg-reconfigure -a

5. Linux users only: The following command should be silent and not show any errors or output at all. [3]

sudo dpkg --configure -a

6. Linux users only: Next attempt to retrieve all available updates.

sudo apt-get update

sudo apt-get dist-upgrade

7. Download the Tor Browser Bundle from torproject.org [archive] and test if it is working on the host.

Follow one of the methods outlined in Non-Whonix ™ Tor Browser.

If the Tor Browser Bundle is not functional on the host, then Whonix ™ is unlikely to work either. It is recommended to have a recent Tor Browser Bundle version installed at all times. This way users can test if they live in a censored area or not and whether Tor is blocked by the ISP. Further, if (private) (obfuscated) bridges are necessary for Tor Browser Bundle functionality on the host, then Whonix ™ will similarly require them.

Whonix ™ Network Connectivity Problems[edit]

If networking is unavailable inside Whonix ™, then try:

  1. Installing an operating system in a non-Whonix ™ virtual machine or downloading a regular image without Tor enforcement.
  2. Testing network functionality in a freshly downloaded non-Whonix ™ virtual machine.

If networking is still not functional, then Whonix ™ will not work either. The user must first resolve this issue, which might require re-installation of the virtualizer, followed by a reboot and further connectivity test(s).

If networking is functional, then users should note that networking is working in non-Whonix ™ VMs as part of the support request or bug report.

whonixcheck[edit]

Run whonixcheck to verify that the Whonix ™ system is up-to-date and that everything is in proper working order.

Clock Fix[edit]

In case sdwdate fails to properly randomize the system clock, it is possible [4] to manually set a random value.

The first step should be completed on the host to ensure the host clock is set to the correct time.

1. On the host (Qubes-Whonix ™: dom0), run the following command to report the time in UTC.

date -u

The output should be similar to the following.

Mon Apr 22 04:30:44 UTC 2019

2. Set the correct time in Whonix-Gateway ™ (sys-whonix).

Run the following command with the correct date and time parameters. [5] [6]

  • clock-random-manual-gui: a randomized clock setting (in UTC) is entered via a GUI.
  • clock-random-manual-cli: a randomized clock setting (in UTC) is entered on the command line. For example:
    echo "Sat Oct 26 07:18:25 UTC 2019" | /usr/bin/clock-random-manual-cli

3. Restart sdwdate.

sudo service sdwdate restart

4. If Tor is still not functional, try restarting Tor.

sudo service tor restart

Tor should work once correct clock values are set, but that can be manually tested with whonixcheck.

Clearnet Connectivity Test[edit]

Ambox warning pn.svg.png Warning: The following test might reveal the Whonix ™ platform is in use. If that is a valid concern, then omit this step.

It is possible to check if a non-torified, non-anonyomus, direct connection to check.torproject.org is functional. [7]

On Whonix-Gateway ™, run.

sudo -u clearnet UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https -H 'Host: check.torproject.org' -k https://116.202.120.181

Qubes-specific[edit]

Connectivity Issue[edit]

Complete the following steps:

  1. Shut down sys-whonix.
  2. Change the sys-whonix NetVM setting from sys-firewall to sys-net.
  3. Restart sys-whonix.

This procedure might help, but should not be considered a final solution. [8]

Low RAM Issues[edit]

When available RAM is insufficient to meet the Whonix ™ VM requirements, problems can emerge which make the VM(s) unusable. Factors that commonly contribute to low RAM issues in Whonix ™ include:

  • Unnecessary processes running and/or multi-tasking on the host OS.
  • Multiple browser tabs being open.
  • Unnecessary processes running in the Whonix ™ VM(s).
  • Allocating more RAM to the Whonix ™ VM than is available; this prevents the VM from booting.
  • Insufficient RAM allocated to the Whonix ™ VM(s).
  • Other non-Whonix ™ VMs running in parallel.

While insufficient RAM can cause a host of issues, behaviors most commonly seen with low memory resources include:

  • Applications are slow or unresponsive.
  • The virtual machine, mouse and/or keyboard freeze.
  • Scrolling causes window staggers or jumps.
  • Issues become worse when additional browser tabs or processes are spawned.
  • Overall performance is poor.

Free up Additional Memory Resources[edit]

If additional memory is needed for the virtual machine, then free up resources and/or add more RAM to the virtual machine:

  • Terminate any non-essential processes on the host.
  • Shutdown any non-essential VMs.
  • Shutdown and/or close non-essential processes and browser tabs in Whonix ™ VMs.
  • Non-Qubes-Whonix ™ only: If low memory issues are experienced in Whonix-Workstation ™, additional resources can be freed by reducing RAM in Whonix-Gateway ™ with rads.

To add additional RAM to the Whonix ™ VM(s), follow the platform-specific advice below.

KVM[edit]

1. Shutdown the virtual machine(s).

virsh -c qemu:///system shutdown <vm_name>

2. Increase the maximum memory.

virsh setmaxmem <vm_name> <memsize> --config

3. Set the actual memory.

virsh setmem <vm_name> <memsize> --config

4. Restart the virtual machine(s).

virsh -c qemu:///system start <vm_name>

Qubes-Whonix ™[edit]

Utilize Qube Manager:

  • Qube ManagerVM_nameQubes settingsAdvancedMax memory: mem_size

VirtualBox[edit]

  1. To add RAM in VirtualBox the VM must first be powered down.
  2. Virtual machineMenuSettingsAdjust Memory sliderHit: OK

See also VirtualBox/Troubleshooting.

Why can't I Ping the Whonix-Gateway ™?[edit]

The Whonix-Gateway ™ does not respond to ping or similar commands because it is firewalled for security reasons; see /usr/bin/whonix_firewall or refer to the Whonix ™ source code. In most cases it is unnecessary to ping the Whonix-Gateway ™ anyhow.

If you insist on pinging the Whonix-Gateway ™ or have a unique setup that requires it, then this can be tested by clearing all firewall rules with the dev_clearnet [archive] script. Alternatively, a script can be run to try and unload / remove every iptables rule, or the Whonix ™ firewall can be hacked to not load at all. The latter method is only for experts and it is necessary to comment out exit 0 at the beginning.

System Logs[edit]

[9]

Check Systemd Journal Log of Current Boot[edit]

To inspect the systemd journal log of the current boot, run.

sudo journalctl -b

This command requires pressing arrow keys like ↑, ↓, ←, →, as well as PgUp and PgDn for scrolling.

For convenient reading of the log (until the command is issued), the log can be dumped to file. For example, the following command would write the log to file ~/systemd-log.

sudo journalctl -b > ~/systemd-log

Use any available editor to read the log file, such as mousepad.

mousepad ~/systemd-log

Watch Systemd Journal Log of Current Boot[edit]

It is possible to to watch the systemd journal log as it is written.

sudo journalctl -b -f

Enable Persistent Systemd Journal Log[edit]

By default, a persistent systemd journal log is not enabled in Debian. [10]

Enable persistent systemd journal log:

  • Non-Qubes-Whonix: No special action is required.
  • Qubes users: The following changes must be applied in a VM with a persistent root image such as TemplateVM or StandaloneVM. It could be confusing if applied in TemplateBasedVMs since the systemd journal log might be mixed up with boots by the TemplateVM, while the AppVM systemd journal logs would not be persistent. bind-dirs [archive] might be helpful, but that requires further research.

1. Create folder /etc/systemd/journald.conf.d.

sudo mkdir -p /etc/systemd/journald.conf.d

2. Open file /etc/systemd/journald.conf.d/60_persistent_journal.conf in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security [archive]. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /etc/systemd/journald.conf.d/60_persistent_journal.conf

3. Add the following setting.

[Journal]
Storage=persistent

Save.

4. Restart systemd-journald.

sudo systemctl restart systemd-journald

A persistent systemd journal log has now been enabled.

Check Systemd Journal Log of Previous Boot[edit]

After following the Enable Persistent Systemd Journal Log steps, it is possible to inspect the systemd journal log of the previous boot.

sudo journalctl -b -1

This command requires pressing arrow keys like ↑, ↓, ←, →, as well as PgUp and PgDn for scrolling.

For convenient reading of the log until the time of issuing the command, the log can be dumped to file. For example, the following command would write the log to file ~/systemd-log-previous.

sudo journalctl -b -1 > ~/systemd-log-previous

Use any available editor to read the log file, such as mousepad.

mousepad ~/systemd-log-previous

View List of Systemd Journal Logs[edit]

sudo journalctl --list-boots

lightdm[edit]

[11]

Debugging lightdm[edit]

Configure systemd to start lightdm in debug mode[edit]

1. Make sure folder /lib/systemd/system/lightdm.service.d exists.

sudo mkdir -p /lib/systemd/system/lightdm.service.d

2. Create a file /lib/systemd/system/lightdm.service.d/40_debug-misc.conf. [12]

3. Open file /lib/systemd/system/lightdm.service.d/40_debug-misc.conf in an editor with root rights.

(Qubes-Whonix ™: In TemplateVM)

This box uses sudoedit for better security [archive]. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /lib/systemd/system/lightdm.service.d/40_debug-misc.conf

4. Paste the following contents. [13]

[Service]
ExecStart=
ExecStart=/usr/sbin/lightdm --debug

Save.

Debug[edit]

Use lightdm restart method or reboot method.

lightdm restart method[edit]

1. Switch to another virtual console.

2. Stop lightdm.

sudo systemctl stop lightdm

3. Restart lightdm.

sudo systemctl restart lightdm

4. Check lightdm log.

Check Systemd Journal Log of Current Boot for lightdm.

For convenient reading of the log, the log can be dumped to file. For example, the following command would write the log to file ~/lightdm-log.

sudo journalctl -b -u lightdm > ~/lightdm-log

reboot method[edit]

Alternatively could also reboot but then you would need to Enable Persistent Systemd Journal Log.

Check Systemd Journal Log of Previous Boot

sudo journalctl -b -1 -u lightdm

Hardware Issues[edit]

Rhetoric questions:

  • When was the last time a qualified person disassembled your computer or notebook and removed dust from the fan and checked the cooling system of your CPU?
  • How often such maintenance should be done?
  • What is your CPU temperature under heavy system load?
  • What is the temperature is it in the room?

Recommendations:

  • Make sure your computer or notebook had the proper maintenance.
  • Monitor CPU temperature. There are tools for your host operating system showing the temperature of your CPU.
  • Cooling the room might help.
  • Better placement (more air space) of your computer or notebook.
  • Consider a passive or active (notebook) cooling pad. Do you own research.

None of these issues are Whonix ™ issues. Therefore please do not ask thees questions at Whonix ™ support (until there is a Whonix-Host operating system) as per Free Support Principle.

See Also[edit]

Footnotes[edit]

  1. By using ping. For example, ping 8.8.8.8.. On the host, run.
    ping google.com

    Ping google.com and other websites.

    ping google.com

    and so on.

  2. date

  3. 3.0 3.1 This process can be lengthy.
  4. Since Whonix 14.
  5. A non-zero exit codes signifies an error, while 0 means it succeeded.
  6. Also see:
    man clock-random-manual-gui

    man clock-random-manual-cli

  7. This test only uses TCP and not DNS.
  8. This procedure was useful for Qubes-Whonix ™ R3.2 users, although the Qubes bug report is now resolved: https://github.com/QubesOS/qubes-issues/issues/2141 [archive]
  9. "user support template": https://forums.whonix.org/t/workstation-keeps-freezing/7693/6 [archive]
  10. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801906 [archive]
  11. Example debug log
    sudo journalctl -b -u lightdm -o cat
    Condition check resulted in Light Display Manager being skipped.
    Starting Light Display Manager...
    [+0.00s] DEBUG: Logging to /var/log/lightdm/lightdm.log
    [+0.00s] DEBUG: Starting Light Display Manager 1.26.0, UID=0 PID=933
    [+0.00s] DEBUG: Loading configuration dirs from /usr/share/lightdm/lightdm.conf.d
    [+0.00s] DEBUG: Loading configuration from /usr/share/lightdm/lightdm.conf.d/01_debian.conf
    [+0.00s] DEBUG: Loading configuration dirs from /usr/local/share/lightdm/lightdm.conf.d
    [+0.00s] DEBUG: Loading configuration dirs from /etc/xdg/lightdm/lightdm.conf.d
    [+0.00s] DEBUG: Loading configuration from /etc/lightdm/lightdm.conf.d/autologin.conf
    [+0.00s] DEBUG: Loading configuration from /etc/lightdm/lightdm.conf.d/whonix-autologin.conf
    [+0.00s] DEBUG:   [SeatDefaults] is now called [Seat:*], please update this configuration
    [+0.00s] DEBUG: Loading configuration from /etc/lightdm/lightdm.conf
    [+0.00s] DEBUG: Registered seat module local
    [+0.00s] DEBUG: Registered seat module xremote
    [+0.00s] DEBUG: Registered seat module unity
    [+0.00s] DEBUG: Using D-Bus name org.freedesktop.DisplayManager
    [+0.01s] DEBUG: Monitoring logind for seats
    [+0.01s] DEBUG: New seat added from logind: seat0
    [+0.01s] DEBUG: Seat seat0: Loading properties from config section Seat:*
    [+0.01s] DEBUG: Seat seat0: Starting
    [+0.01s] DEBUG: Seat seat0: Creating user session
    [+0.01s] WARNING: Error getting user list from org.freedesktop.Accounts: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.Accounts was not provided by any .ser
    [+0.01s] DEBUG: Loading user config from /etc/lightdm/users.conf
    [+0.01s] DEBUG: User user added
    [+0.01s] DEBUG: Seat seat0: Creating display server of type x
    [+0.01s] DEBUG: posix_spawn avoided (fd close requested)
    [+0.02s] DEBUG: Could not run plymouth --ping: Failed to execute child process ?plymouth? (No such file or directory)
    [+0.02s] DEBUG: Using VT 7
    [+0.02s] DEBUG: Seat seat0: Starting local X display on VT 7
    [+0.02s] DEBUG: XServer 0: Logging to /var/log/lightdm/x-0.log
    [+0.02s] DEBUG: XServer 0: Writing X server authority to /var/run/lightdm/root/:0
    [+0.02s] DEBUG: XServer 0: Launching X Server
    [+0.02s] DEBUG: Launching process 941: /usr/bin/X :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
    [+0.02s] DEBUG: XServer 0: Waiting for ready signal from X server :0
    [+0.02s] DEBUG: Acquired bus name org.freedesktop.DisplayManager
    [+0.02s] DEBUG: Registering seat with bus path /org/freedesktop/DisplayManager/Seat0
    Started Light Display Manager.
    [+0.98s] DEBUG: Got signal 10 from process 941
    [+0.98s] DEBUG: XServer 0: Got signal from X server :0
    [+0.98s] DEBUG: XServer 0: Connecting to XServer :0
    [+0.99s] DEBUG: posix_spawn avoided (fd close requested) (child_setup specified)
    [+0.99s] DEBUG: Seat seat0: Display server ready, starting session authentication
    [+0.99s] DEBUG: Session pid=970: Started with service 'lightdm-autologin', username 'user'
    Error getting user list from org.freedesktop.Accounts: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.Accounts was not provided by any .service files
    [+1.01s] DEBUG: Session pid=970: Authentication complete with return value 0: Success
    [+1.01s] DEBUG: Seat seat0: Session authenticated, running command
    [+1.01s] DEBUG: Registering session with bus path /org/freedesktop/DisplayManager/Session0
    [+1.01s] DEBUG: posix_spawn avoided (fd close requested) (child_setup specified)
    [+1.02s] DEBUG: Session pid=970: Running command /etc/X11/Xsession startxfce4
    [+1.02s] DEBUG: Creating shared data directory /var/lib/lightdm/data/user
    [+1.02s] DEBUG: Session pid=970: Logging to .xsession-errors
    pam_unix(lightdm-autologin:session): session opened for user user by (uid=0)
    pam_exec(lightdm-autologin:session): Calling /usr/lib/security-misc/permission-lockdown ...
    [+1.23s] DEBUG: Activating VT 7
    [+1.23s] DEBUG: Activating login1 session 1
    [+1.23s] DEBUG: Seat seat0 changes active session to 1
    [+1.23s] DEBUG: Session 1 is already active
    [+839.74s] DEBUG: Seat seat0 changes active session to
    [+842.35s] DEBUG: Seat seat0 changes active session to 3
    [+852.02s] DEBUG: Got signal 15 from process 1
    [+852.02s] DEBUG: Caught Terminated signal, shutting down
    [+852.02s] DEBUG: Stopping display manager
    [+852.02s] DEBUG: Seat seat0: Stopping
    [+852.02s] DEBUG: Seat seat0: Stopping display server
    [+852.02s] DEBUG: Sending signal 15 to process 941
    [+852.02s] DEBUG: Seat seat0: Stopping session
    [+852.02s] DEBUG: Terminating login1 session 1
    Stopping Light Display Manager...
    [+852.05s] DEBUG: Session pid=970: Sending SIGTERM
    [+852.05s] DEBUG: Session pid=970: Exited with return value 0
    [+852.05s] DEBUG: Seat seat0: Session stopped
    [+852.05s] DEBUG: Process 941 exited with return value 0
    [+852.05s] DEBUG: XServer 0: X server stopped
    [+852.05s] DEBUG: Releasing VT 7
    [+852.05s] DEBUG: XServer 0: Removing X server authority /var/run/lightdm/root/:0
    [+852.05s] DEBUG: Seat seat0: Display server stopped
    [+852.05s] DEBUG: Seat seat0: Stopped
    [+852.05s] DEBUG: Display manager stopped
    [+852.05s] DEBUG: Stopping daemon
    [+852.05s] DEBUG: Exiting with return value 0
    lightdm.service: Succeeded.
    Stopped Light Display Manager.
    
  12. echo "
    [Service]
    ExecStart=
    ExecStart=/usr/sbin/lightdm --debug
    " | sudo tee /lib/systemd/system/lightdm.service.d/40_debug-misc.conf

  13. ExecStart= is required to clear the original ExecStart= so it can be overwritten by ExecStart=/usr/sbin/lightdm --debug.


text=Jobs in USA
Jobs in USA


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Check out the Whonix News Blog [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.