No tor connection for anon-whonix cube

TheGardner · October 29, 2021, 2:23pm

I recently figured out, that my anon-whonix qube can’t connect to tor anymore. Looks like the main error is " Tor's Control Port could not be reached"
Here some facts:

Qubes rc4.1 is running
all current updates done (for all qubes)
sys-net < sys-firewall < personal has internet
sys-net < sys-firewall < sys-whonix has internet (Tor connection successfull connected)
systemcheck -v on sys-whonix says:

[INFO] [systemcheck] sys-whonix | Whonix-Gateway | whonix-gw-16 TemplateBased ProxyVM | Fri 29 Oct 2021 02:24:23 PM UTC
[INFO] [systemcheck] Check sudo Result: OK
[INFO] [systemcheck] Whonix build version: 3:8.0-1
[INFO] [systemcheck] whonix-gateway-packages-dependencies-cli: 22.0-1
[INFO] [systemcheck] derivative_major_release_version /etc/whonix_version: 16
[INFO] [systemcheck] Whonix Support Status of this Major Version: Ok.
[WARNING] [systemcheck] Hardened Malloc: Disabled.
[INFO] [systemcheck] Spectre Meltdown Test: skipping since spectre_meltdown_check=false, ok.
[INFO] [systemcheck] Package Manager Consistency Check Result: Output of command dpkg --audit was empty, ok.
[INFO] [systemcheck] systemd journal check Result:
warnings:
########################################

########################################

failed:
########################################

########################################

errors:
########################################
Oct 28 22:38:29 host kernel: ACPI Error: No handler or method for GPE 00, disabling event (20200925/evgpe-839)
Oct 28 22:38:29 host kernel: ACPI Error: No handler or method for GPE 01, disabling event (20200925/evgpe-839)
Oct 28 22:38:29 host kernel: ACPI Error: No handler or method for GPE 03, disabling event (20200925/evgpe-839)
Oct 28 22:38:29 host kernel: ACPI Error: No handler or method for GPE 04, disabling event (20200925/evgpe-839)
Oct 28 22:38:29 host kernel: ACPI Error: No handler or method for GPE 05, disabling event (20200925/evgpe-839)
Oct 28 22:38:29 host kernel: ACPI Error: No handler or method for GPE 06, disabling event (20200925/evgpe-839)
Oct 28 22:38:29 host kernel: ACPI Error: No handler or method for GPE 07, disabling event (20200925/evgpe-839)
Oct 28 22:38:30 host kernel: Error: Driver 'pcspkr' is already registered, aborting...
########################################

denied:
########################################

########################################

ordering cycle:
########################################

########################################

To see this for yourself...
1. Open a terminal. (dom0 -> Start Menu -> ServiceVM: sys-whonix -> Terminal)
2. Run. sudo journalctl --boot | grep -i warn
3. Run. sudo journalctl --boot | grep -i fail
4. Run. sudo journalctl --boot | grep -i error
5. Run. sudo journalctl --boot | grep -i denied
6. Run. sudo journalctl --boot | grep -i "ordering cycle"

If you know what you are doing, feel free to disable this check.
Create a file /etc/systemcheck.d/50_user.conf and add:
systemcheck_skip_functions+=" check_journal "
[INFO] [systemcheck] check network interfaces Result: Ok.
[INFO] [systemcheck] Qubes qubes-db Test Result: Connection to local qubes-db daemon succeeded, ok.
[INFO] [systemcheck] Qubes Settings Test Result: Ok. (GATEWAY_IP: 127.0.0.1)
[INFO] [systemcheck] Qubes Settings Test Result: Ok, qubes_vm_type is ProxyVM.
[INFO] [systemcheck] Check Kernel Messages Test Result: Found nothing remarkable, ok.
[INFO] [systemcheck] Whonix firewall systemd unit check Result: Ok.
[INFO] [systemcheck] Check setup-dist Result: done, ok.
[INFO] [systemcheck] Check Package Manager Running Result: None running, ok.
[INFO] [systemcheck] Tor Check Result: "DisableNetwork 1" not active, ok.
[INFO] [systemcheck] Tor Config Check Result: Tor config ok.
[INFO] [systemcheck] Tor Pid Check Result: Pid 2502 running.
[INFO] [systemcheck] Control Port Filter Proxy Test Result: OK
[INFO] [systemcheck] check_anondate_do debugging information:

tor_consensus_status       : verified
current_time_in_valid_range: true

current_time_torish        : 2021-10-29 14:24:27
tor_consensus_valid_after  : 2021-10-29 12:00:00
tor_consensus_valid_until  : 2021-10-29 15:00:00
tor_consensus_middle_range : 2021-10-29 13:30:00

tor_cert_lifetime_output   : 
tor_cert_lifetime_valid    : true
tor_cert_valid_after       : 

tor_consensus_user_permission : debian-tor
tor_consensus_group_permission: debian-tor
[INFO] [systemcheck] Tor SocksPort Reachability Test Result: Reachable. (curl exit code: 22 | curl status message: [22] - [HTTP page not retrieved. The requested url was not found or returned another error with the HTTP error code being 400 or above. This return code only appears if -f, --fail is used.])
[INFO] [systemcheck] Tor Connection Result:
- Connecting for 0 seconds. | 100 % done. 
- Tor Circuit: not established.
- Tor reports: NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
- Timesync status: done.
- sdwdate reports: Preparation not done yet. More more information,             see: sdwdate-gui -> right click -> Open sdwdate's log

systemcheck -v on anon-whonix says:

[INFO] [systemcheck] check network interfaces Result: Ok.
[INFO] [systemcheck] Qubes qubes-db Test Result: Connection to local qubes-db daemon succeeded, ok.
[INFO] [systemcheck] Qubes Settings Test Result: Ok. (GATEWAY_IP: 10.137.0.8)
[INFO] [systemcheck] Qubes Settings Test Result: Ok, qubes_vm_type is AppVM.
[INFO] [systemcheck] Check Kernel Messages Test Result: Found nothing remarkable, ok.
[INFO] [systemcheck] Whonix firewall systemd unit check Result: Ok.
[INFO] [systemcheck] Check Package Manager Running Result: None running, ok.
[INFO] [systemcheck] Tor Check Result: Not running on Whonix-Gateway, ok.
[INFO] [systemcheck] Tor Config Check Result: Tor config ok.
[INFO] [systemcheck] Tor Pid Check Result: Not running on Whonix-Gateway, ok.
[WARNING] [systemcheck] Tor SocksPort Reachability Test Result: Unreachable! (curl exit code: 28 | curl status message: [28] - [Operation timeout. The specified time-out period was reached according to the conditions.])
[INFO] [systemcheck] Tor Connection Result:
Tor's Control Port could not be reached. Attempt 1 of 5. Could be temporary due to a Tor restart. Trying again...
[INFO] [systemcheck] Tor Connection Result:
Tor's Control Port could not be reached. Attempt 2 of 5. Could be temporary due to a Tor restart. Trying again...
[INFO] [systemcheck] Tor Connection Result:
Tor's Control Port could not be reached. Attempt 3 of 5. Could be temporary due to a Tor restart. Trying again...
[INFO] [systemcheck] Tor Connection Result:
Tor's Control Port could not be reached. Attempt 4 of 5. Could be temporary due to a Tor restart. Trying again...
[ERROR] [systemcheck] Tor Connection Result:
Tor's Control Port could not be reached!

ip link on sys-whonix says:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:16:3e:5e:6c:00 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 16:fb:fb:d9:08:17 brd ff:ff:ff:ff:ff:ff
4: vif31.0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 32
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff

ip link on anon-whonix says:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:16:3e:5e:6c:00 brd ff:ff:ff:ff:ff:ff

sudo nano /srv/formulas/base/virtual-machines-formula/qvm/whonix.jinja is correct

{% set whonix_version = salt['pillar.get']('qvm:whonix:version', '16') %}
{% set whonix_repo = salt['pillar.get']('qvm:whonix:repo', 'qubes-templates-community') %}

So question is: can anybody give me a hint, what’s wrong with my anon-whonix connection? Even the use of the “original anon-whonix” qube (which I saved and leave untouched) from the initial 4.0.4 installation can’t connect anymore during a test.
This error already appeared, when I was using the whonix 15 versions and didn’t disappear after the update to version 16.

TheGardner · November 1, 2021, 12:42am

Finally found a solution for my problem.
After I could recall, what was the last changes before this issue appeared, I was searching around this a bit. So last changes before the upper issue appeared was an enabling of IPv6 on the sys-net, sys-firewall and personal VMs (with ‘qvm-features vm-name ipv6 1’).
After the issue appeared on anon-whonix (and the whonix-dvm’s) I first tried to undo the IPv6 enabling with ‘qvm-features vm-name ipv6 0’, but this didn’t help. The tor connection wasn’t established anymore on all the whonix-ws VMs…

But in the end these both commands on the dom0 terminal helped:

qvm-features sys-whonix ipv6 ‘’
qvm-features anon-whonix ipv6 ‘’

I do not know if the second command was needed as I issued both at the same time.
I shutdown anon-whonix, restarted sys-whonix and ran anon-whonix tor browser and the issue was gone.