[tor-bugs] #23095 [Obfuscation]: Can't connect with TBB to my private bridge using OBFS3/4, if I use NOPROTOCOL it connects. The Bridge says it is properly set.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 4 10:04:31 UTC 2017
#23095: Can't connect with TBB to my private bridge using OBFS3/4, if I use
NOPROTOCOL it connects. The Bridge says it is properly set.
-------------------------------------------------+-------------------------
Reporter: help-OBFS4-BRIDGE | Owner:
Type: defect | Status: new
Priority: High | Milestone:
Component: Obfuscation | Version: Tor:
| 0.3.0.9
Severity: Major | Resolution:
Keywords: Bridge obfs4 Private general | Actual Points:
failure |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by help-OBFS4-BRIDGE):
* status: needs_information => new
Comment:
Quote myself:
{{{
Aug 3 12:27:54 server1 Tor[1610]: Your Tor server's identity key
fingerprint is 'Unnamed HERE-IS-MY-SERVER-FINGERPRINT'
Aug 3 12:27:54 server1 Tor[1610]: Your Tor bridge's hashed identity key
fingerprint is 'Unnamed HERE-IS-MY-SERVER-bridgedhashed-FINGERPRINT'
}}}
'''I need to use the {{{Tor server's identity key fingerprint}}} not the
{{{Tor bridge's hashed identity key fingerprint}}} to connect to the
private bridge using obfs4 right? If not I'll have to redo these tests
below.'''
#################################################################################################
Ok, I created another VM and installed the TBB (so it is a clean one,
freshly installed, never connected, never used), opened the TBB, selected
configure, my isp is blocking blabla, custom bridges, and I used the
following line as "diff" told me (using the cert parameter obtained at
/pt_state/obfs4_bridgeline.txt in my private bridge server).
'''syntax used:'''
{{{
obfs4 HERE-IS-MY-SERVER-IP-ADDRESS:39979 HERE-IS-MY-SERVER-FINGERPRINT
cert=HERE-IS-MY-SERVER-CERT iat-mode=0
}}}
Tried to connect using port '''39979''' and output was the following
'''(didn't go further than 10%)''':
{{{
08/04/2017 05:12:48.700 [NOTICE] DisableNetwork is set. Tor will not make
or accept non-control network connections. Shutting down all existing
connections.
08/04/2017 05:12:48.700 [NOTICE] Switching to guard context "bridges" (was
using "default")
08/04/2017 05:12:48.700 [NOTICE] DisableNetwork is set. Tor will not make
or accept non-control network connections. Shutting down all existing
connections.
08/04/2017 05:12:48.700 [NOTICE] DisableNetwork is set. Tor will not make
or accept non-control network connections. Shutting down all existing
connections.
08/04/2017 05:12:48.700 [NOTICE] Opening Socks listener on 127.0.0.1:9150
08/04/2017 05:12:48.700 [NOTICE] Renaming old configuration file to
"/home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.orig.1"
08/04/2017 05:12:50.100 [NOTICE] Bootstrapped 5%: Connecting to directory
server
08/04/2017 05:12:50.100 [NOTICE] Bootstrapped 10%: Finishing handshake
with directory server
08/04/2017 05:12:50.700 [WARN] Proxy Client: unable to connect to HERE-IS-
MY-SERVER-IP-ADDRESS:39979 ("general SOCKS server failure")
08/04/2017 05:13:21.600 [NOTICE] Closing no-longer-configured Socks
listener on 127.0.0.1:9150
08/04/2017 05:13:21.600 [NOTICE] DisableNetwork is set. Tor will not make
or accept non-control network connections. Shutting down all existing
connections.
08/04/2017 05:13:21.600 [NOTICE] Closing old Socks listener on
127.0.0.1:9150
}}}
After that I closed the TBB, waited for about 20 seconds, reopened the
TBB, and repeating the same procedure as before, I used the same bridge
string but with the port changed to '''27654''', output '''(didn't go
further than 10% as before)''':
{{{
08/04/2017 05:16:01.400 [NOTICE] DisableNetwork is set. Tor will not make
or accept non-control network connections. Shutting down all existing
connections.
08/04/2017 05:16:01.400 [NOTICE] DisableNetwork is set. Tor will not make
or accept non-control network connections. Shutting down all existing
connections.
08/04/2017 05:16:01.400 [NOTICE] DisableNetwork is set. Tor will not make
or accept non-control network connections. Shutting down all existing
connections.
08/04/2017 05:16:01.400 [NOTICE] Opening Socks listener on 127.0.0.1:9150
08/04/2017 05:16:03.000 [NOTICE] Bootstrapped 5%: Connecting to directory
server
08/04/2017 05:16:03.000 [NOTICE] Bootstrapped 10%: Finishing handshake
with directory server
08/04/2017 05:16:03.500 [WARN] Proxy Client: unable to connect to HERE-IS-
MY-SERVER-IP-ADDRESS:27654 ("general SOCKS server failure")
08/04/2017 05:16:13.000 [NOTICE] Closing no-longer-configured Socks
listener on 127.0.0.1:9150
08/04/2017 05:16:13.000 [NOTICE] DisableNetwork is set. Tor will not make
or accept non-control network connections. Shutting down all existing
connections.
08/04/2017 05:16:13.000 [NOTICE] Closing old Socks listener on
127.0.0.1:9150
}}}
I did not restart/reboot the server since when I opened this ticket, so no
ports have changed, nor tor service have been stopped/restarted/reloaded
in any way.
Just to make sure ports were open and functioning here's the output of
"'''netstat -nltp'''" (ports are open), the only firewall the server goes
through allows everything except udp traffic, so the firewall is not a
concern:
{{{
root at myPrivateBridge:~# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
267/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
418/master
tcp 0 0 0.0.0.0:27654 0.0.0.0:* LISTEN
1610/tor
tcp6 0 0 :::22 :::* LISTEN
267/sshd
tcp6 0 0 :::25 :::* LISTEN
418/master
tcp6 0 0 :::39979 :::* LISTEN
1611/obfs4proxy
}}}
'''Tell me what more tests I can run please. Using my private bridge
without protocol, thus not using obfs4, is useless to me..'''
__'''Please keep helping me, I'll run all the tests you want.'''__
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23095#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list