tetrahedra via qubes-users:
On Fri, Sep 27, 2019 at 01:37:06PM +0000, Claudia wrote:
Isolating apps in the same VM is a different issue, but you're saying
traffic from different VMs is appearing to come from the same address?
Hmm, that definitely should not be happening. VM isolation is enabled
out of the box. Different VMs, whonix or otherwise, should never share
circuits. IsolateClientAddr (on by default) in whonix-gw's torrc
should isolate streams originating from different addresses/VMs, no
matter what OS or apps they're running.
I don't see that setting in
/usr/local/etc/torrc.d/40_tor_control_panel.conf or in 50_user.conf ...
which torrc is that setting supposed to be in?
I don't think it matters. It would be at the end of a
SOCKSPort/TransPort/DNSPort/etc line. The syntax is
SocksPort [address:]port|unix:path|auto [flags] [isolation flags]
but IsolateClientAddr is enabled by default, so it doesn't have to be
specified at all. To turn it off you have to specify
NoIsolateClientAddr. IsolateSOCKSAuth is similarly on by default.
You can try viewing your active tor settings in Nyx (preinstalled in
Whonix) rather than from torrc directly. Just in case some setting is
being overridden or something like that. See
https://www.whonix.org/wiki/Tor_Controller and
https://nyx.torproject.org/#config_editor
Note if you specified a TrackHostExits in your config, there is a bug
that causes isolation flags to be ignored.
If you're seeing the same exit address in different whonix-ws VMs, it
sounds like IsolateSOCKSAuth isn't working either. Tor browser randomly
generates a SOCKS username and password at startup (or at least after
you hit "new identity", I forget), so Tor Browsers should always be
isolated, even from the same client address.
Try opening two Tor Browsers in different VMs, navigate to
check.torproject.org in both, then click menu -> "new Tor circuit for
this site" in both. If you still get the same address in both, then
socks auth isolation isn't working either.
You can also try reinstalling the whonix-gw template and recreating
sys-whonix. It might fix it, but more importantly it will tell us if
it's a reproducible issue.
I saw in another thread you asked about using two separate whonix-gw
VMs. Did you try this, and did it work? (It shouldn't be necessary, I'm
just wondering if it worked.)
Other than that, you might have to ask on the Whonix list/forum, but if
you find a solution please follow up here :)
-------------------------------------------------
This free account was provided by VFEmail.net - report spam to ab...@vfemail.net
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/edbaa771-91fb-edf6-a48f-1bbf2a9d666e%40vfemail.net.
