[tor-bugs] #30350 [Obfuscation/Snowflake]: Hello, in China, currently, Tor Browser 8.5a11 version can't connect to Tor network through Snowflake bridge.

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 2 06:34:14 UTC 2019 

#30350: Hello, in China, currently, Tor Browser 8.5a11 version can't connect to Tor
network through Snowflake bridge.
-----------------------------------+--------------------------
 Reporter:  amiableclarity2011     |          Owner:  cohosh
     Type:  defect                 |         Status:  accepted
 Priority:  Immediate              |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+--------------------------

Old description:

> Hello, in China, currently, Tor Browser 8.5a11 version can't connect to
> Tor network through Snowflake bridge. On this April 17th, in China, Tor
> Browser 8.5a11 version can connect to Tor network through Snowflake
> bridge. But currently, in China, Tor Browser 8.5a11 version can't connect
> to Tor network through Snowflake bridge. Does China's firewall block all
> of the Snowflake bridges? " Tor failed to establish a Tor network
> connection. Connected to a Tor relay failed. (done - 0.0.3.0:1) " is
> showed in connection interface.
>
> Below is Tor log messages.
>

> 5/1/19, 05:10:31.667 [NOTICE] DisableNetwork is set. Tor will not make or
> accept non-control network connections. Shutting down all existing
> connections.
> 5/1/19, 05:10:37.818 [NOTICE] DisableNetwork is set. Tor will not make or
> accept non-control network connections. Shutting down all existing
> connections.
> 5/1/19, 05:10:37.818 [NOTICE] DisableNetwork is set. Tor will not make or
> accept non-control network connections. Shutting down all existing
> connections.
> 5/1/19, 05:10:37.818 [NOTICE] DisableNetwork is set. Tor will not make or
> accept non-control network connections. Shutting down all existing
> connections.
> 5/1/19, 05:10:37.818 [NOTICE] Opening Socks listener on 127.0.0.1:9150
> 5/1/19, 05:10:37.818 [NOTICE] Opened Socks listener on 127.0.0.1:9150
> 5/1/19, 05:10:38.802 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to
> pluggable transport
> 5/1/19, 05:10:38.803 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected
> to pluggable transport
> 5/1/19, 05:11:21.559 [NOTICE] Bootstrapped 10% (conn_done): Connected to
> a relay
> 5/1/19, 05:11:51.686 [WARN] Problem bootstrapping. Stuck at 10%
> (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation
> warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
> 5/1/19, 05:11:51.687 [WARN] 1 connections have failed:
> 5/1/19, 05:11:51.687 [WARN]  1 connections died in state handshaking
> (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE
> 5/1/19, 05:11:51.702 [NOTICE] Closing no-longer-configured Socks listener
> on 127.0.0.1:9150
> 5/1/19, 05:11:51.702 [NOTICE] DisableNetwork is set. Tor will not make or
> accept non-control network connections. Shutting down all existing
> connections.
> 5/1/19, 05:11:51.702 [WARN] Pluggable Transport process terminated with
> status code 0
>

> Could you please solve this problem? Thank you very much for your help. I
> really appreciate it.

New description:

 Hello, in China, currently, Tor Browser 8.5a11 version can't connect to
 Tor network through Snowflake bridge. On this April 17th, in China, Tor
 Browser 8.5a11 version can connect to Tor network through Snowflake
 bridge. But currently, in China, Tor Browser 8.5a11 version can't connect
 to Tor network through Snowflake bridge. Does China's firewall block all
 of the Snowflake bridges? " Tor failed to establish a Tor network
 connection. Connected to a Tor relay failed. (done - 0.0.3.0:1) " is
 showed in connection interface.

 Below is Tor log messages.

 {{{
 5/1/19, 05:10:31.667 [NOTICE] DisableNetwork is set. Tor will not make or
 accept non-control network connections. Shutting down all existing
 connections.
 5/1/19, 05:10:37.818 [NOTICE] DisableNetwork is set. Tor will not make or
 accept non-control network connections. Shutting down all existing
 connections.
 5/1/19, 05:10:37.818 [NOTICE] DisableNetwork is set. Tor will not make or
 accept non-control network connections. Shutting down all existing
 connections.
 5/1/19, 05:10:37.818 [NOTICE] DisableNetwork is set. Tor will not make or
 accept non-control network connections. Shutting down all existing
 connections.
 5/1/19, 05:10:37.818 [NOTICE] Opening Socks listener on 127.0.0.1:9150
 5/1/19, 05:10:37.818 [NOTICE] Opened Socks listener on 127.0.0.1:9150
 5/1/19, 05:10:38.802 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to
 pluggable transport
 5/1/19, 05:10:38.803 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to
 pluggable transport
 5/1/19, 05:11:21.559 [NOTICE] Bootstrapped 10% (conn_done): Connected to a
 relay
 5/1/19, 05:11:51.686 [WARN] Problem bootstrapping. Stuck at 10%
 (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation
 warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
 5/1/19, 05:11:51.687 [WARN] 1 connections have failed:
 5/1/19, 05:11:51.687 [WARN]  1 connections died in state handshaking (TLS)
 with SSL state SSLv2/v3 read server hello A in HANDSHAKE
 5/1/19, 05:11:51.702 [NOTICE] Closing no-longer-configured Socks listener
 on 127.0.0.1:9150
 5/1/19, 05:11:51.702 [NOTICE] DisableNetwork is set. Tor will not make or
 accept non-control network connections. Shutting down all existing
 connections.
 5/1/19, 05:11:51.702 [WARN] Pluggable Transport process terminated with
 status code 0
 }}}

 Could you please solve this problem? Thank you very much for your help. I
 really appreciate it.

--

Comment (by dcf):

 Replying to [comment:6 cohosh]:
 > I started running a new proxy-go instance on a different server. It took
 me a few tries in order to get it as a snowflake from the VPS, but when I
 eventually did, the connection was successful.
 >
 > I'm going to say that this a proxy blocking problem and what we need is:
 >
 > 1. New, unblocked proxies
 > 2. Something better on the client side than the 30 second timeout to
 figure out that the connection has been blocked we need a different proxy
 (I'll add these notes to #25429).
 > 3. Some way at the broker to hand out proxies in a smarter way so that
 we aren't repeatedly giving clients snowflakes that are blocked in their
 region

 Thanks for running these tests so quickly.

 Blocking the single IP address of the current fallback proxies is what I
 would have expected to happen first, and it looks like that's what
 happened in this case. Anyway, a blocking reaction by the GFW is a
 milestone for us. (It took [[comment:16:ticket:18628|at least 19 months]]
 of the proxies running at a static IP for even this small blocking event
 to happen.) I honestly thought that Snowflake didn't work in China anyway
 because of our use of a Google STUN server, but I guess I was wrong.

 I'm not sure item 3, tracking where proxies are blocked, is necessarily a
 priority. Round-the-clock proxy-go was never meant to be a permanent
 thing, only a stopgap until we have actual organic proxies (#20813). The
 idea is that eventually we don't rely on long-lived proxies running at
 static IP addresses, because if we do that we're playing the bridge
 distribution game, and doing it worse than BridgeDB does. IMO the browser
 extension (#23888) is the priority for getting actually diverse
 snowflakes.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30350#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list