[tor-bugs] #23095 [Obfuscation]: Can't connect with TBB to my private bridge using OBFS3/4, if I use NOPROTOCOL it connects. The Bridge says it is properly set.

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Aug 3 18:14:07 UTC 2017 

#23095: Can't connect with TBB to my private bridge using OBFS3/4, if I use
NOPROTOCOL it connects. The Bridge says it is properly set.
-------------------------+-------------------------------------------------
     Reporter:  help-    |      Owner:
  OBFS4-BRIDGE           |
         Type:  defect   |     Status:  new
     Priority:  High     |  Milestone:
    Component:           |    Version:  Tor: 0.3.0.9
  Obfuscation            |   Keywords:  Bridge obfs4 Private general
     Severity:  Major    |  failure
Actual Points:           |  Parent ID:
       Points:           |   Reviewer:
      Sponsor:           |
-------------------------+-------------------------------------------------
 I Think the problem is in my private bridge, it's just unfindable to me.
 I doubt my TBB is the cause since this problem also appears using whonix.
 ========================================================================

 I have set a Private Bridge on one of my servers. When I try to use it
 with the TBB(tor browser bundle) of one of my laptops it does connect only
 if I specify no protocol, If I use obfs3 or obfs4 I get erros, and I have
 already checked it is correctly set (the obfs4 plugin) in my server.
 Weird thing is that if I connect with no protocol, and then once it is
 connected I change the bridge line and insert obfs3 or obfs4 and keep
 browsing, then it switches to using the protocol without errors, but if I
 restart the browser then I get the error. Basically it only fails at
 starting the connection when I use the obfs3/obfs4 protocols in my private
 bridge line.

 HERE ARE THE OUTPUTs of errors and configs.

 1- OUTPUT when I specify no protocol (and it connects successfully and I
 can normally browse the web with my TBB):
 [/code]
 08/03/2017 16:54:51.400 [NOTICE] Bootstrapped 85%: Finishing handshake
 with first hop
 08/03/2017 16:54:52.100 [NOTICE] Bootstrapped 90%: Establishing a Tor
 circuit
 08/03/2017 16:54:53.000 [NOTICE] new bridge descriptor 'Unnamed' (fresh):
 $HERE-IS-MY-SERVER-FINGERPRINT~Unnamed at HERE-IS-MY-SERVER-IP-ADDRESS
 08/03/2017 16:54:54.200 [NOTICE] Tor has successfully opened a circuit.
 Looks like client functionality is working.
 08/03/2017 16:54:54.200 [NOTICE] Bootstrapped 100%: Done
 08/03/2017 16:54:55.200 [NOTICE] New control connection opened from
 127.0.0.1.
 08/03/2017 16:54:55.200 [NOTICE] New control connection opened from
 127.0.0.1.
 [/code]

 2-OUTPUT when I specify protocol obfs3 ( and I restart the browser to make
 the first connection USING the protocol obfs3):
 [/code]
 08/03/2017 13:03:45.200 [NOTICE] Bootstrapped 80%: Connecting to the Tor
 network
 08/03/2017 13:03:45.700 [NOTICE] Bootstrapped 85%: Finishing handshake
 with first hop
 08/03/2017 13:03:46.200 [WARN] Proxy Client: unable to connect to HERE-IS-
 MY-SERVER-IP-ADDRESS:27654 ("general SOCKS server failure")
 08/03/2017 13:03:47.100 [WARN] Proxy Client: unable to connect to HERE-IS-
 MY-SERVER-IP-ADDRESS:27654 ("general SOCKS server failure")
 08/03/2017 13:03:47.700 [WARN] Failed to find node for hop 0 of our path.
 Discarding this circuit.
 08/03/2017 13:03:47.900 [NOTICE] Closing no-longer-configured Socks
 listener on 127.0.0.1:9150
 08/03/2017 13:03:47.900 [NOTICE] DisableNetwork is set. Tor will not make
 or accept non-control network connections. Shutting down all existing
 connections.
 08/03/2017 13:03:47.900 [NOTICE] Closing old Socks listener on
 127.0.0.1:9150
 08/03/2017 13:03:48.700 [NOTICE] Delaying directory fetches:
 DisableNetwork is set.
 [/code]

 3-OUTPUT when I specify protocol obfs4 ( and I restart the browser to make
 the first connection USING the protocol obfs4):
 [/code]
 08/03/2017 12:56:29.300 [NOTICE] Bootstrapped 80%: Connecting to the Tor
 network
 08/03/2017 12:56:29.600 [NOTICE] Bootstrapped 85%: Finishing handshake
 with first hop
 08/03/2017 12:56:29.600 [WARN] Proxy Client: unable to connect to HERE-IS-
 MY-SERVER-IP-ADDRESS:27654 ("general SOCKS server failure")
 08/03/2017 12:56:30.600 [WARN] Proxy Client: unable to connect to HERE-IS-
 MY-SERVER-IP-ADDRESS:27654 ("general SOCKS server failure")
 08/03/2017 12:56:31.600 [WARN] Failed to find node for hop 0 of our path.
 Discarding this circuit.
 08/03/2017 12:56:32.600 [WARN] Failed to find node for hop 0 of our path.
 Discarding this circuit.
 08/03/2017 12:56:33.400 [NOTICE] Closing no-longer-configured Socks
 listener on 127.0.0.1:9150
 08/03/2017 12:56:33.400 [NOTICE] DisableNetwork is set. Tor will not make
 or accept non-control network connections. Shutting down all existing
 connections.
 08/03/2017 12:56:33.400 [NOTICE] Closing old Socks listener on
 127.0.0.1:9150
 08/03/2017 12:56:33.600 [NOTICE] Delaying directory fetches:
 DisableNetwork is set.
 [/code]

 4-OUTPUT of my torrc file in my private bridge (my server):
 [/code]
 SocksPort 0
 ORPort 27654
 BridgeRelay 1
 PublishServerDescriptor 0
 Exitpolicy reject *:*

 # Use obfs4proxy to provide the obfs4 protocol.
 ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
 [/code]

 5-OUTPUT of my /var/log/syslog so you can see that my private bridge
 server successfully opens circuit and that it SUCCESSFULLY USES the OBFS4
 PLUGIN. -if you want to see /var/log/tor/log well it does not exist in my
 server, instead the /var/log/tor/log gets printed at syslog.:
 [/code]
 Aug  3 12:27:53 server1 tor[1607]: Configuration was valid
 Aug  3 12:27:53 server1 tor[1610]: Aug 03 12:27:53.488 [notice] Tor
 0.3.0.9 (git-100816d92ab5664d) running on Linux with Libevent
 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.
 Aug  3 12:27:53 server1 tor[1610]: Aug 03 12:27:53.488 [notice] Tor can't
 help you if you use it wrong! Learn how to be safe at
 https://www.torproject.org/download/download#warning
 Aug  3 12:27:53 server1 tor[1610]: Aug 03 12:27:53.488 [notice] Read
 configuration file "/usr/share/tor/tor-service-defaults-torrc".
 Aug  3 12:27:53 server1 tor[1610]: Aug 03 12:27:53.489 [notice] Read
 configuration file "/etc/tor/torrc".
 Aug  3 12:27:53 server1 tor[1610]: Aug 03 12:27:53.494 [notice] Your
 ContactInfo config option is not set. Please consider setting it, so we
 can contact you if your server is misconfigured or somet$
 Aug  3 12:27:53 server1 tor[1610]: Aug 03 12:27:53.494 [notice] Based on
 detected system memory, MaxMemInQueues is set to 768 MB. You can override
 this by setting MaxMemInQueues by hand.
 Aug  3 12:27:53 server1 tor[1610]: Aug 03 12:27:53.495 [notice] I think we
 have 64 CPUS, but only 1 of them are available. Telling Tor to only use 1.
 You can override this with the NumCPUs option
 Aug  3 12:27:53 server1 tor[1610]: Aug 03 12:27:53.496 [notice] Opening OR
 listener on 0.0.0.0:27654
 Aug  3 12:27:53 server1 Tor[1610]: Can't get entropy from getrandom().
 Aug  3 12:27:53 server1 Tor[1610]: Tor 0.3.0.9 (git-100816d92ab5664d)
 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib
 1.2.8.
 Aug  3 12:27:53 server1 Tor[1610]: Tor can't help you if you use it wrong!
 Learn how to be safe at
 https://www.torproject.org/download/download#warning
 Aug  3 12:27:53 server1 Tor[1610]: Read configuration file "/usr/share/tor
 /tor-service-defaults-torrc".
 Aug  3 12:27:53 server1 Tor[1610]: Read configuration file
 "/etc/tor/torrc".
 Aug  3 12:27:53 server1 Tor[1610]: Your ContactInfo config option is not
 set. Please consider setting it, so we can contact you if your server is
 misconfigured or something else goes wrong.
 Aug  3 12:27:53 server1 Tor[1610]: Based on detected system memory,
 MaxMemInQueues is set to 768 MB. You can override this by setting
 MaxMemInQueues by hand.
 Aug  3 12:27:53 server1 Tor[1610]: I think we have 64 CPUS, but only 1 of
 them are available. Telling Tor to only use 1. You can override this with
 the NumCPUs option
 Aug  3 12:27:53 server1 Tor[1610]: Opening OR listener on 0.0.0.0:27654
 Aug  3 12:27:53 server1 Tor[1610]: We use pluggable transports but the
 Extended ORPort is disabled. Tor and your pluggable transports proxy
 communicate with each other via the Extended ORPort so it$
 Aug  3 12:27:53 server1 Tor[1610]: Parsing GEOIP IPv4 file
 /usr/share/tor/geoip.
 Aug  3 12:27:53 server1 Tor[1610]: Parsing GEOIP IPv6 file
 /usr/share/tor/geoip6.
 Aug  3 12:27:53 server1 Tor[1610]: Configured to measure statistics. Look
 for the *-stats files that will first be written to the data directory in
 24 hours from now.
 Aug  3 12:27:54 server1 Tor[1610]: Your Tor server's identity key
 fingerprint is 'Unnamed HERE-IS-MY-SERVER-FINGERPRINT'
 Aug  3 12:27:54 server1 Tor[1610]: Your Tor bridge's hashed identity key
 fingerprint is 'Unnamed HERE-IS-MY-SERVER-bridgedhashed-FINGERPRINT'
 Aug  3 12:27:54 server1 Tor[1610]: Bootstrapped 0%: Starting
 Aug  3 12:27:56 server1 Tor[1610]: Starting with guard context "default"
 Aug  3 12:27:56 server1 Tor[1610]: Bootstrapped 80%: Connecting to the Tor
 network
 Aug  3 12:27:56 server1 systemd[1]: Started Anonymizing overlay network
 for TCP.
 Aug  3 12:27:56 server1 Tor[1610]: Signaled readiness to systemd
 Aug  3 12:27:56 server1 Tor[1610]: Opening Control listener on
 /var/run/tor/control
 Aug  3 12:27:56 server1 Tor[1610]: Bootstrapped 85%: Finishing handshake
 with first hop
 Aug  3 12:27:57 server1 Tor[1610]: Bootstrapped 90%: Establishing a Tor
 circuit
 Aug  3 12:27:57 server1 Tor[1610]: Registered server transport 'obfs4' at
 '[::]:39979'
 Aug  3 12:27:58 server1 Tor[1610]: Tor has successfully opened a circuit.
 Looks like client functionality is working.
 Aug  3 12:27:58 server1 Tor[1610]: Bootstrapped 100%: Done
 Aug  3 12:27:58 server1 Tor[1610]: Now checking whether ORPort HERE-IS-MY-
 SERVER-IP-ADDRESS:27654 is reachable... (this may take up to 20 minutes --
 look for log messages indicating success)
 Aug  3 12:27:58 server1 Tor[1610]: Self-testing indicates your ORPort is
 reachable from the outside. Excellent.
 Aug  3 12:28:03 server1 Tor[1610]: Performing bandwidth self-test...done.
 [/code]


 OUTPUT of my tor version in my private bridge server:
 [/code]
 tor:
   Installed: 0.3.0.9-1~xenial+1
 [/code]

 My private bridge server OS is Unbutu 16.04 Xenial.
 Sorry I didn't know how to put the code in the boxes since "[code]"
 doesn't work..

 When I connect from my TBB to my private bridge I used the normal syntax:
 <protocol(if any)> <myPrivateBridgeAddress>:<port,in my case is 27654>
 <fingerprint of the bridge>

 Please help me, I have even changed OS from debian to ubuntu thinking this
 would solve the problem. As a matter of fact now I have the same problem
 as before...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23095>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list