Skip to content
Snippets Groups Projects
New look: Off

obfs4 through proxy is not working anymore with Tor Browser 7.0 on Windows

    • Closed Issue created by Trac @tracbot

    dear all, on latest v7.0 browser package i'm unable to use obfs4 through squid proxy, on v6.x series i have no problems and works good.

    Trac:
    Username: albesp77

    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items ...

    • Activity

    • Trac added component::archived/obfsproxy priority::medium reporter::albesp77 resolution::worksforme severity::normal status::closed tbb-7.0-issues type::defect labels

      added component::archived/obfsproxy priority::medium reporter::albesp77 resolution::worksforme severity::normal status::closed tbb-7.0-issues type::defect labels

    • Georg Koppen
      Georg Koppen @gk ·

      It might be helpful if you could describe your setup and steps for us on how to reproduce your problem (starting with a clean, new Tor Browser 6.5.2/7.0).

      Trac:
      Milestone: Tor: unspecified to N/A
      Version: Tor: unspecified to N/A
      Component: - Select a component to Applications/Tor Browser
      Status: new to needs_information

    • Trac
      Trac @tracbot ·
      Author

      do a clean v7.0 install, configured as censored network, using obfs4 with a http squid proxy, there is the log

      13/06/2017 11:31:29.600 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 13/06/2017 11:31:29.600 [NOTICE] Switching to guard context "bridges" (was using "default") 13/06/2017 11:31:29.600 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 13/06/2017 11:31:29.600 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 13/06/2017 11:31:29.600 [NOTICE] Opening Socks listener on 127.0.0.1:9150 13/06/2017 11:31:29.600 [NOTICE] Renaming old configuration file to "Z:\TestTor\Browser\TorBrowser\Data\Tor\torrc.orig.1" 13/06/2017 11:31:37.000 [NOTICE] Bootstrapped 5%: Connecting to directory server 13/06/2017 11:31:37.000 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 13/06/2017 11:31:39.700 [WARN] Proxy Client: unable to connect to 109.105.109.165:10527 ("general SOCKS server failure") 13/06/2017 11:31:39.700 [WARN] Proxy Client: unable to connect to 38.229.1.78:80 ("general SOCKS server failure") 13/06/2017 11:31:39.700 [WARN] Proxy Client: unable to connect to 154.35.22.9:12166 ("general SOCKS server failure") 13/06/2017 11:31:39.700 [WARN] Proxy Client: unable to connect to 83.212.101.3:50002 ("general SOCKS server failure") 13/06/2017 11:31:39.700 [WARN] Proxy Client: unable to connect to 37.218.245.14:38224 ("general SOCKS server failure") 13/06/2017 11:31:39.700 [WARN] Proxy Client: unable to connect to 109.105.109.147:13764 ("general SOCKS server failure") 13/06/2017 11:31:39.700 [WARN] Proxy Client: unable to connect to 154.35.22.12:80 ("general SOCKS server failure") 13/06/2017 11:31:39.700 [WARN] Proxy Client: unable to connect to 38.229.33.83:80 ("general SOCKS server failure") 13/06/2017 11:31:39.700 [WARN] Proxy Client: unable to connect to 37.218.240.34:40035 ("general SOCKS server failure") 13/06/2017 11:31:39.900 [NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection 13/06/2017 11:31:40.000 [NOTICE] Bootstrapped 20%: Asking for networkstatus consensus 13/06/2017 11:31:40.000 [WARN] Proxy Client: unable to connect to 198.245.60.50:443 ("general SOCKS server failure") 13/06/2017 11:31:40.000 [NOTICE] Bridge 'NX01' has both an IPv4 and an IPv6 address. Will prefer using its IPv4 address (85.17.30.79:443) based on the configured Bridge address. 13/06/2017 11:31:40.000 [NOTICE] new bridge descriptor 'NX01' (fresh): $FC259A04A328A07FED1413E9FC6526530D9FD87ANX01 at 85.17.30.79 13/06/2017 11:31:40.000 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 13/06/2017 11:31:40.800 [NOTICE] new bridge descriptor 'noether' (fresh): $7B126FAB960E5AC6A629C729434FF84FB5074EC2noether at 192.99.11.54 13/06/2017 11:31:40.800 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 13/06/2017 11:31:40.900 [NOTICE] Bridge 'Lisbeth' has both an IPv4 and an IPv6 address. Will prefer using its IPv4 address (192.95.36.142:443) based on the configured Bridge address. 13/06/2017 11:31:40.900 [NOTICE] new bridge descriptor 'Lisbeth' (fresh): $CDF2E852BF539B82BD10E27E9115A31734E378C2Lisbeth at 192.95.36.142 13/06/2017 11:31:40.900 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 13/06/2017 11:31:41.000 [WARN] Proxy Client: unable to connect to 198.245.60.50:443 ("general SOCKS server failure") 13/06/2017 11:31:41.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:41.300 [NOTICE] new bridge descriptor 'Azadi' (fresh): $FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34DAzadi at 154.35.22.13 13/06/2017 11:31:41.300 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 13/06/2017 11:31:41.400 [NOTICE] new bridge descriptor 'MaBishomarim' (fresh): $A832D176ECD5C7C6B58825AE22FC4C90FA249637~MaBishomarim at 154.35.22.11 13/06/2017 11:31:41.400 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 13/06/2017 11:31:42.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:44.200 [NOTICE] Bootstrapped 25%: Loading networkstatus consensus 13/06/2017 11:31:54.100 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 13/06/2017 11:31:54.300 [NOTICE] Bootstrapped 40%: Loading authority key certs 13/06/2017 11:31:55.600 [NOTICE] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for some of our primary entry guards 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for some of our primary entry guards 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:55.800 [NOTICE] Bootstrapped 50%: Loading relay descriptors 13/06/2017 11:31:59.300 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:59.300 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:59.300 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:31:59.300 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:01.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:01.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:03.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:07.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:07.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:07.600 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:11.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:11.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:13.300 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:13.300 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:21.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:21.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:21.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:23.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:23.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:23.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:23.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:23.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:23.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:25.300 [NOTICE] Bootstrapped 55%: Loading relay descriptors 13/06/2017 11:32:25.300 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:25.300 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:28.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:28.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:31.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:31.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:31.100 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:31.400 [NOTICE] Bootstrapped 60%: Loading relay descriptors 13/06/2017 11:32:31.400 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:31.400 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:38.800 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:38.800 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:38.800 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:39.100 [WARN] Proxy Client: unable to connect to 154.35.22.10:443 ("general SOCKS server failure") 13/06/2017 11:32:39.200 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:39.200 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:39.200 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:40.000 [NOTICE] Bootstrapped 66%: Loading relay descriptors 13/06/2017 11:32:40.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:40.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:40.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:40.200 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:40.200 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:41.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:41.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:41.900 [NOTICE] Bootstrapped 71%: Loading relay descriptors 13/06/2017 11:32:41.900 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:41.900 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:41.900 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:32:45.300 [NOTICE] Bootstrapped 78%: Loading relay descriptors 13/06/2017 11:32:45.300 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:33:01.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:33:01.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:33:01.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:33:11.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:33:11.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:33:11.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:33:21.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:33:21.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:33:21.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:43:31.000 [NOTICE] Ignoring directory request, since no bridge nodes are available yet. 13/06/2017 11:50:48.000 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 13/06/2017 11:50:48.000 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 13/06/2017 11:50:48.000 [NOTICE] Closing old Socks listener on 127.0.0.1:9150 13/06/2017 11:50:48.000 [NOTICE] Delaying directory fetches: DisableNetwork is set.

      from the same network if i don't use squid all works good, using the old v6.5.2 with the previous config all works good, so i think there is a problem in new update!

      Trac:
      Username: albesp77

    • Georg Koppen
      Georg Koppen @gk ·

      How are you configuring your squid proxy to work with Tor Browser? I wonder whether that is actually a Tor Browser or a tor bug. Could you do the following and copy the tor.exe from 6.5.2 over to 7.0 (It can be found in Browser\TorBrowser\Tor) and try to use your old, working configuration? In case it still fails could you paste the log here as well?

    • Trac
      Trac @tracbot ·
      Author

      ok, i do a test likely your suggestion, i simple replace the folder "PluggableTransports" with the one from v6.5.2 package and now works, so the problem is on plugins!

      Trac:
      Username: albesp77

    • Georg Koppen
      Georg Koppen @gk ·

      Replying to albesp77:

      ok, i do a test likely your suggestion, i simple replace the folder "PluggableTransports" with the one from v6.5.2 package and now works, so the problem is on plugins!

      Hm. Could you double-check that by copying the 7.0 folder over again? And if that's still the issue could you narrow it more down to the exact binary that is problematic?

    • Georg Koppen
      Georg Koppen @gk ·

      Oh, and could you describe your setup in more detail so that we can reproduce it? What exactly do I have to do to get the same error as you got?

    • Trac
      Trac @tracbot ·
      Author

      ok, the problem is in file "obfs4proxy.exe", the one in v7.0 bundle give me the problem, the one in v6.5.2 bundle works good, do more then one test inverting both executable. My current setup is simple, installed bundle v7.0, run browser, select configure, select censored network, select obfs4proxy, select to use external proxy, insert HTTP, IP address and PORT, does not require authentication, proxy used to test is Squid proxy, configured as standard, on port 3128, no particular configuration is used!

      Trac:
      Username: albesp77

    • Georg Koppen
      Georg Koppen @gk ·

      Thanks, really appreciated. Now, he obfs4proxy version is the same in 6.5.2 and 7.0 the only difference is that the former is built with Go 1.7.4 and the latter with Go 1.8.3. I wonder if that could be the crucial difference...

      Trac:
      Component: Applications/Tor Browser to Obfuscation/Obfsproxy
      Status: needs_information to new
      Cc: N/A to dcf, gk

    • Georg Koppen
      Georg Koppen @gk ·

      Trac:
      Summary: obfs4 through squid to obfs4 through proxy is not working anymore with Tor Browser 7.0 on Windows

    • Georg Koppen
      Georg Koppen @gk ·

      I had hoped to get those results reproduce on my Linux box, alas the outcome is not as clear-cut as I would like to have it. :( More investigation is needed.

      Trac:
      Keywords: N/A deleted, tbb-7.0-issues added

    • Mark Smith
      Mark Smith @mcs ·

      Trac:
      Cc: dcf, gk to dcf, gk, brade, mcs

    • D
      David Fifield @dcf ·

      I haven't looked into this yet, but here is a torrc file for running obfs4proxy with an HTTPS proxy. obfs4proxy logs will appear in ./test_datadir/pt_state/obfs4proxy.log. You may need to add a SOCKSPort xxxx line if you are getting Address already in use errors.

      DataDirectory test_datadir
UseBridges 1
ClientTransportPlugin obfs4 exec obfs4proxy.exe -enableLogging -logLevel DEBUG
Bridge obfs4 85.17.30.79:443 FC259A04A328A07FED1413E9FC6526530D9FD87A cert=RutxZlu8BtyP+y0NX7bAVD41+J/qXNhHUrKjFkRSdiBAhIHIQLhKQ2HxESAKZprn/lR3KA iat-mode=0
HTTPSProxy 127.0.0.1:3128

      If it helps, you can run obfs4proxy in the command line, separate from tor, by setting some environment variables:

      set TOR_PT_MANAGED_TRANSPORT_VER=1
set TOR_PT_STATE_LOCATION=./test_datadir/pt_state
set TOR_PT_CLIENT_TRANSPORTS=obfs4
set TOR_PT_PROXY=http://127.0.0.1:3128
obfs4proxy.exe -enableLogging -logLevel DEBUG
    • D
      David Fifield @dcf ·

      The multiple Proxy Client: unable to connect errors in comment:2 are probably the result of this default Squid configuration that only allows CONNECT to port 443:

      acl SSL_ports port 443

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

      (The two errors for bridges that actually are on port 443 appear to be because the bridges are down.)

      When I installed squid locally (apt-get install squid), I couldn't connect to any non-443 bridges until I commented out the http_access deny line in /etc/squid/squid.conf.

      I don't think this configuration is the source of the trouble on this ticket, just FYI.

    • Trac
      Trac @tracbot ·
      Author

      my squid.conf that works with old obfs4proxy and not with new one:

      acl localnet src 10.0.0.0/8 acl localnet src 172.16.0.0/12 acl localnet src 192.168.0.0/16 acl localnet src fc00::/7 acl localnet src fe80::/10 acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all always_direct allow all ssl_bump splice all ssl_bump bump all ssl_bump peek all ssl_bump splice all http_port 3128 https_port 3130 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5

      if you need me for test write here test detail, thanks!

      Trac:
      Username: albesp77

    • Georg Koppen
      Georg Koppen @gk ·

      So, testing on Windows with a default Squid installation and 7.0/7.0.1 works for me. Seems I at least can't reproduce your problem. :(

    • Trac
      Trac @tracbot ·
      Author

      seems to be incredible but with 7.0.1 works now! i want to confirm that previous i made a huge number of start and stop of tor browser changing obfs4proxy.exe to confirm the problem!

      Trac:
      Username: albesp77

    • C
      cypherpunks @cypherpunks ·

      do a binary comparison and see the diff ;)

    • Georg Koppen
      Georg Koppen @gk ·

      Replying to albesp77:

      seems to be incredible but with 7.0.1 works now! i want to confirm that previous i made a huge number of start and stop of tor browser changing obfs4proxy.exe to confirm the problem!

      Glad it works now!

      Trac:
      Resolution: N/A to worksforme
      Status: new to closed

    • Trac closed

      closed

    • Georg Koppen mentioned in issue #22592 (moved)

      mentioned in issue #22592 (moved)

    • teor mentioned in issue #22653 (moved)

      mentioned in issue #22653 (moved)

    • Trac mentioned in issue tpo/applications/tor-launcher#22592 (closed)

      mentioned in issue tpo/applications/tor-launcher#22592 (closed)

    Please register or sign in to reply