Template:Deactivate Misc Proxy Settings

From Whonix
Jump to navigation Jump to search

On the Stream Isolation page, there is a list of applications that are pre-configured to use socks proxy settings via application configuration files. To disable this the Whonix system default must be removed from the application's settings.

TODO: document and expand.

Remove proxy settings for APT repository files.

1. Platform specific notice:

2. If you previously onionized any repositories, that has to be undone; see Onionizing Repositories.

3. Remove any mention of tor+ in file /etc/apt/sources.list (if it was previously configured; that file is empty by default in Whonix / Kicksecure) or any file in folder /etc/apt/sources.list.d.

4. Open file /etc/apt/sources.list /etc/apt/sources.list.d/* in an editor with administrative ("root") rights.

1 Select your platform.

Non-Qubes-Whonix

2 Notes.

  • Sudoedit guidance: See Kicksecure logo Open File with Root RightsOnion network Logo for details on why using sudoedit improves security and how to use it.
  • Editor requirement: Close Featherpad (or the chosen text editor) before running the sudoedit command.

3 Open the file with root rights.

sudoedit /etc/apt/sources.list /etc/apt/sources.list.d/*

Qubes-Whonix

2 Notes.

  • Sudoedit guidance: See Kicksecure logo Open File with Root RightsOnion network Logo for details on why using sudoedit improves security and how to use it.
  • Editor requirement: Close Featherpad (or the chosen text editor) before running the sudoedit command.
  • Template requirement: When using Qubes-Whonix, this must be done inside the Template.

3 Open the file with root rights.

sudoedit /etc/apt/sources.list /etc/apt/sources.list.d/*

4 Notes.

  • Shut down Template: After applying this change, shut down the Template.
  • Restart App Qubes: All App Qubes based on the Template need to be restarted if they were already running.
  • Qubes persistence: See also Kicksecure logo Qubes PersistenceOnion network Logo
  • General procedure: This is a general procedure required for Qubes and is unspecific to Qubes-Whonix.

Others and Alternatives

2 Notes.

  • Example only: This is just an example. Other tools could achieve the same goal.
  • Troubleshooting and alternatives: If this example does not work for you, or if you are not using Whonix, please refer to Open File with Root Rights.

3 Open the file with root rights.

sudoedit /etc/apt/sources.list /etc/apt/sources.list.d/*

5. Remove any mention of tor+.

6. Done.

The process of removing proxy settings from APT repository files is now complete.

Remove proxy settings for Tor Browser Downloader by Whonix.

1. Platform specific notice:

2. Open file /etc/torbrowser.d/50_user.conf in an editor with administrative ("root") rights.

1 Select your platform.

Non-Qubes-Whonix

2 Notes.

  • Sudoedit guidance: See Kicksecure logo Open File with Root RightsOnion network Logo for details on why using sudoedit improves security and how to use it.
  • Editor requirement: Close Featherpad (or the chosen text editor) before running the sudoedit command.

3 Open the file with root rights.

sudoedit /etc/torbrowser.d/50_user.conf

Qubes-Whonix

2 Notes.

  • Sudoedit guidance: See Kicksecure logo Open File with Root RightsOnion network Logo for details on why using sudoedit improves security and how to use it.
  • Editor requirement: Close Featherpad (or the chosen text editor) before running the sudoedit command.
  • Template requirement: When using Qubes-Whonix, this must be done inside the Template.

3 Open the file with root rights.

sudoedit /etc/torbrowser.d/50_user.conf

4 Notes.

  • Shut down Template: After applying this change, shut down the Template.
  • Restart App Qubes: All App Qubes based on the Template need to be restarted if they were already running.
  • Qubes persistence: See also Kicksecure logo Qubes PersistenceOnion network Logo
  • General procedure: This is a general procedure required for Qubes and is unspecific to Qubes-Whonix.

Others and Alternatives

2 Notes.

  • Example only: This is just an example. Other tools could achieve the same goal.
  • Troubleshooting and alternatives: If this example does not work for you, or if you are not using Whonix, please refer to Open File with Root Rights.

3 Open the file with root rights.

sudoedit /etc/torbrowser.d/50_user.conf

3. Paste. [2] [3]

TB_NO_TOR_CON_CHECK=1 CURL_PROXY="--fail"

4. Save and exit.

5. Done.

Proxy settings have been removed from Tor Browser Downloader by Whonix (and Mullvad Browser by Kicksecure developers).

For some applications, this is impossible:

These applications can only talk to Tor Onion Services directly and cannot be configured to use the system default. Therefore you can only deactivate sdwdate and/or not use applications like OnionShare and Ricochet IM.

Footnotes

[edit]
  1. Qubes-Whonix users note: In App Qube (whonix-workstation-18) could also use file /usr/local/etc/torbrowser.d/50_user.conf instead.

    1. Create folder /usr/local/etc/torbrowser.d (if using Tor Browser Downloader by Whonix developers) and optionally /usr/local/etc/mullvadbrowser.d (if using Mullvad Browser by Kicksecure developers).

    mkdir -p /usr/local/etc/torbrowser.d

    mkdir -p /usr/local/etc/mullvadbrowser.d

    2. Open file /usr/local/etc/torbrowser.d/50_user.conf in an editor with administrative ("root") rights.

    1 Select your platform.

    Non-Qubes-Whonix

    2 Notes.

    • Sudoedit guidance: See Kicksecure logo Open File with Root RightsOnion network Logo for details on why using sudoedit improves security and how to use it.
    • Editor requirement: Close Featherpad (or the chosen text editor) before running the sudoedit command.

    3 Open the file with root rights.

    sudoedit /usr/local/etc/torbrowser.d/50_user.conf

    Qubes-Whonix

    2 Notes.

    • Sudoedit guidance: See Kicksecure logo Open File with Root RightsOnion network Logo for details on why using sudoedit improves security and how to use it.
    • Editor requirement: Close Featherpad (or the chosen text editor) before running the sudoedit command.
    • Template requirement: When using Qubes-Whonix, this must be done inside the Template.

    3 Open the file with root rights.

    sudoedit /usr/local/etc/torbrowser.d/50_user.conf

    4 Notes.

    • Shut down Template: After applying this change, shut down the Template.
    • Restart App Qubes: All App Qubes based on the Template need to be restarted if they were already running.
    • Qubes persistence: See also Kicksecure logo Qubes PersistenceOnion network Logo
    • General procedure: This is a general procedure required for Qubes and is unspecific to Qubes-Whonix.

    Others and Alternatives

    2 Notes.

    • Example only: This is just an example. Other tools could achieve the same goal.
    • Troubleshooting and alternatives: If this example does not work for you, or if you are not using Whonix, please refer to Open File with Root Rights.

    3 Open the file with root rights.

    sudoedit /usr/local/etc/torbrowser.d/50_user.conf

    And/or:

    sudoedit /usr/local/etc/mullvadbrowser.d/50_user.conf

  2. TB_NO_TOR_CON_CHECK=1 needs to be set because there is no filtered Tor ControlPort access when Whonix tunnel firewall is enabled, which would break tb-updater's Tor connectivity check.
  3. By tb-updater default, if unset, variable CURL_PROXY will be dynamically set to a Tor SocksPort on Whonix-Gateway. For example to CURL_PROXY="--proxy socks5h://user:password@10.137.6.1:9115".
    By utilizing a curl parameter we are using anyhow -- CURL_PROXY="--fail" -- the environment variable can be disabled even if it is technically still set. This will result in downloading via the system's default networking.
Notification image

We believe security software like Whonix needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 14 year success story and maybe DONATE!