The whonix instructions for corridor don’t work for Qubes 4.2. If anyone can get corridor working for qubes 4.2 I am willing to pay 75$
Try Qubes
, please. (And check Pitfalls
.)
The corridor package in the Whonix repository is outdated.
I set up a DispVM named sys-corridor
using a minimal Debian template and installed all the necessary dependencies.
The output from iptables matches the rules listed on the Whonix page. However, corridor-data returns the following errors:
corridor-data[11350]: socat[11350] E connect, AF=1 "/var/run/tor/control", 22): Connection refused
corridor-data[11357]: socat[11357] E connect, AF=1 "/var/run/tor/control", 22): Connection refused
corridor-data[11399]: socat[11399] E connect, AF=1 "/var/run/tor/control", 22): Connection refused
Additionally, there is no /var/log/syslog available.
I initially thought the issue might be related to iptables using nftables, so I switched to legacy iptables, but the problem persists.
I noticed that the corridor package in the Whonix repository is outdated compared to the original repository on Rustybird’s GitHub, which has several commits ahead. @adrelanos, are you aware of this?
I’ve updated to the latest commits, but it’s still not working. There are no errors, and everything appears to be fine, yet it still doesn’t function. I also switched to standalonevm, but there was no change in the outcome.
I am willing to add $500 dollars onto OP’s original offer. I need corridor working especially for qubes 4.3 and if we do not have it working on 4.2, the future isn’t looking too great.
500$ for a working corridor guide for 4.2 and I’ll extend an extra $250 if you are able to keep the guide up to date for when 4.3 comes out. Cheers.
(bounty is crypto only, I can’t payout in fiat)
@rustybird if interested
Are you folks sure you want to run corridor inside of your Qubes OS device? A few days ago I wrote this reply:
Generally, the Qubes OS instructions are targeted at some niche use cases for development. Users of Qubes OS should usually install corridor on their router (or on a box between their router and their notebook) as a holistic fail-safe mechanism, like with any other OS.
corridor is also not a proxifier, it’s merely a filter. It looks at a connected machine’s traffic to see if it’s going to a Tor relay (meaning something else has already torified it) - if yes: pass it through, if no: block it.
I have a vpn running on my router so I don’t believe its possible for me to run corridor on it simultaneously. I look at corridor as an extra killswitch for theoretical whonix gateway leaks. Also perhaps a way to ensure that traffic is only allowed to go to my manually chosen guard node. But that is just icing on the cake.
Why not use the normal Qubes OS firewall configuration for sys-whonix (qvm-firewall
, or qube Settings → Firewall rules) to do that?