Opened 3 years ago

Last modified 9 months ago

#19408 new defect

Tor cannot work in China

Reported by: sam1275 Owned by: asn
Priority: Medium Milestone:
Component: Obfuscation/Pluggable transport Version: Tor: unspecified
Severity: Normal Keywords: block
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Sadly Tor is not working in China without VPN, it cannot even work with any plugin such as obfs4, amazon, and with new bridges also no help. This problem exist on any OS for a long time.
Here's a example log:
6/13/2016 23:36:52 PM.200 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
6/13/2016 23:37:17 PM.700 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
6/13/2016 23:37:17 PM.700 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
6/13/2016 23:37:17 PM.700 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
6/13/2016 23:37:17 PM.700 [NOTICE] Opening Socks listener on 127.0.0.1:9150
6/13/2016 23:37:24 PM.400 [NOTICE] Bootstrapped 5%: Connecting to directory server
6/13/2016 23:37:24 PM.400 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
6/13/2016 23:37:45 PM.500 [WARN] Proxy Client: unable to connect to 109.105.109.165:10527 ("general SOCKS server failure")
6/13/2016 23:37:45 PM.500 [WARN] Proxy Client: unable to connect to 154.35.22.12:80 ("general SOCKS server failure")
6/13/2016 23:37:45 PM.500 [WARN] Proxy Client: unable to connect to 154.35.22.10:443 ("general SOCKS server failure")
6/13/2016 23:37:45 PM.500 [WARN] Proxy Client: unable to connect to 83.212.101.3:41213 ("general SOCKS server failure")
6/13/2016 23:37:45 PM.500 [WARN] Proxy Client: unable to connect to 104.131.108.182:56880 ("general SOCKS server failure")
6/13/2016 23:37:45 PM.500 [WARN] Proxy Client: unable to connect to 109.105.109.147:13764 ("general SOCKS server failure")
6/13/2016 23:37:45 PM.500 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure")
6/13/2016 23:37:45 PM.500 [WARN] Proxy Client: unable to connect to 198.245.60.50:443 ("general SOCKS server failure")
6/13/2016 23:38:26 PM.000 [WARN] Proxy Client: unable to connect to 154.35.22.13:443 ("general SOCKS server failure")
6/13/2016 23:38:27 PM.900 [WARN] Proxy Client: unable to connect to 154.35.22.9:60873 ("general SOCKS server failure")
6/13/2016 23:38:27 PM.900 [WARN] Proxy Client: unable to connect to 154.35.22.11:49868 ("general SOCKS server failure")
6/13/2016 23:52:45 PM.300 [WARN] Proxy Client: unable to connect to 109.105.109.165:10527 ("general SOCKS server failure")
6/13/2016 23:52:45 PM.300 [WARN] Proxy Client: unable to connect to 154.35.22.12:80 ("general SOCKS server failure")
6/13/2016 23:52:45 PM.300 [WARN] Proxy Client: unable to connect to 154.35.22.10:443 ("general SOCKS server failure")
6/13/2016 23:52:45 PM.300 [WARN] Proxy Client: unable to connect to 154.35.22.13:443 ("general SOCKS server failure")
6/13/2016 23:52:45 PM.300 [WARN] Proxy Client: unable to connect to 83.212.101.3:41213 ("general SOCKS server failure")
6/13/2016 23:52:45 PM.300 [WARN] Proxy Client: unable to connect to 104.131.108.182:56880 ("general SOCKS server failure")
6/13/2016 23:52:45 PM.300 [WARN] Proxy Client: unable to connect to 109.105.109.147:13764 ("general SOCKS server failure")
6/13/2016 23:52:45 PM.300 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure")
6/13/2016 23:52:45 PM.700 [WARN] Proxy Client: unable to connect to 198.245.60.50:443 ("general SOCKS server failure")
6/13/2016 23:53:24 PM.700 [WARN] Proxy Client: unable to connect to 154.35.22.9:60873 ("general SOCKS server failure")
6/13/2016 23:53:26 PM.200 [WARN] Proxy Client: unable to connect to 154.35.22.11:49868 ("general SOCKS server failure")
6/14/2016 0:07:45 AM.200 [WARN] Proxy Client: unable to connect to 109.105.109.165:10527 ("general SOCKS server failure")
6/14/2016 0:07:45 AM.200 [WARN] Proxy Client: unable to connect to 154.35.22.12:80 ("general SOCKS server failure")
6/14/2016 0:07:45 AM.200 [WARN] Proxy Client: unable to connect to 154.35.22.10:443 ("general SOCKS server failure")
6/14/2016 0:07:45 AM.200 [WARN] Proxy Client: unable to connect to 83.212.101.3:41213 ("general SOCKS server failure")
6/14/2016 0:07:45 AM.200 [WARN] Proxy Client: unable to connect to 104.131.108.182:56880 ("general SOCKS server failure")
6/14/2016 0:07:45 AM.200 [WARN] Proxy Client: unable to connect to 109.105.109.147:13764 ("general SOCKS server failure")
6/14/2016 0:07:45 AM.300 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure")
6/14/2016 0:07:46 AM.900 [WARN] Proxy Client: unable to connect to 198.245.60.50:443 ("general SOCKS server failure")
6/14/2016 0:08:26 AM.000 [WARN] Proxy Client: unable to connect to 154.35.22.11:49868 ("general SOCKS server failure")
6/14/2016 0:08:27 AM.700 [WARN] Proxy Client: unable to connect to 154.35.22.13:443 ("general SOCKS server failure")
6/14/2016 0:08:28 AM.000 [WARN] Proxy Client: unable to connect to 154.35.22.9:60873 ("general SOCKS server failure")
6/14/2016 0:43:12 AM.700 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
6/14/2016 0:43:12 AM.700 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
6/14/2016 0:43:12 AM.700 [NOTICE] Closing old Socks listener on 127.0.0.1:9150

Child Tickets

Change History (3)

comment:1 Changed 3 years ago by sam1275

The above log is using obfs4, the meek log is like this:
6/14/2016 19:48:32 PM.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
6/14/2016 19:48:32 PM.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
6/14/2016 19:48:32 PM.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
6/14/2016 19:48:32 PM.400 [NOTICE] Opening Socks listener on 127.0.0.1:9150
6/14/2016 19:48:32 PM.400 [NOTICE] Renaming old configuration file to "C:\samtemp\Tor Browser\Browser\TorBrowser\Data\Tor\torrc.orig.1"
6/14/2016 19:48:36 PM.800 [NOTICE] Bootstrapped 5%: Connecting to directory server
6/14/2016 19:48:36 PM.800 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
6/14/2016 19:48:38 PM.700 [WARN] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 1; recommendation warn; host A2C13B7DFCAB1CBF3A884B6EB99A98067AB6EF44 at 0.0.2.0:3)
6/14/2016 19:48:38 PM.700 [WARN] 1 connections have failed:
6/14/2016 19:48:38 PM.700 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE
6/14/2016 19:48:45 PM.500 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
6/14/2016 19:48:45 PM.500 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
6/14/2016 19:48:45 PM.500 [NOTICE] Closing old Socks listener on 127.0.0.1:9150

comment:2 Changed 3 years ago by cypherpunks

集成的网桥都被封了,meek-amazon/azure应该可以用。试过meek-amazon吗?meek有时不稳定,可能是流量限制。

如果是windows系统,建议你先关掉(或卸载)防火墙和杀毒软件。另外,可以访问 https://bridges.torproject.org 获取一些obfs4或scramblesuit网桥。很多网桥已经用不了,可以多试几组。

另外,如果是从网站或邮件获取的网桥,建议不要公开发到网上。

如果有条件,可以自己或找人帮忙搭建网桥。

搭建网桥相关:
https://tor.stackexchange.com/questions/6370/how-to-run-an-obfs4-bridge
https://trac.torproject.org/projects/tor/wiki/doc/meek#Howtorunameek-serverbridge

comment:3 Changed 3 years ago by dcf

Component: ObfuscationObfuscation/Pluggable transport
Owner: set to asn
Priority: HighMedium
Severity: BlockerNormal

Can you tell us more about your configuration? Are you using Tor Browser? What version? Have you made any manual modifications?

This error looks like a misconfiguration, like perhaps the pluggable transports are not set up correctly.

You can try enabling error logging in the pluggable transports, using --enableLogging for obfs4proxy and --log FILENAME for meek-client.

The date format in your log lines is strange. I opened #19669 to take note of it. Is there anything unusual about your configuration?

Note: See TracTickets for help on using tickets.