Opened 2 years ago

Closed 14 months ago

#22653 closed defect (user disappeared)

upgrading Tor-0.2.9.10 to Tor-0.3.0.8 or Tor-0.3.1.3_alpha fails to build circuits

Reported by: t0r Owned by:
Priority: High Milestone: Tor: 0.3.4.x-final
Component: Core Tor/Tor Version: Tor: 0.3.0.8
Severity: Normal Keywords: tor-guard, tor-client, 034-triage-20180328
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

My GNU/Linux Gentoo compiles Tor manually instead of Tor-browser. I use pluggable transports obfs4 and bridge.

Tor-0.2.9.10 worked like a charm with current torrc. When upgrading to Tor-0.3.0.8 with the same torrc configuration, it no longer builds circuits.

My /etc/tor/torrc configuration:

User tor
PIDFile /var/run/tor/tor.pid
AvoidDiskWrites 1
DirReqStatistics 0
DataDirectory /var/lib/tor/data
Log notice syslog
Log notice file /var/lib/tor/notice.log
StrictNodes 1
GeoIPExcludeUnknown 1
ExcludeNodes {vn},{pk}
NodeFamily {vn},{pk}
EnforceDistinctSubnets 1
UseEntryGuards 1
PathsNeededToBuildCircuits 0.95
UseBridges 1
UpdateBridgesFromAuthority 1
ClientTransportPlugin obfs4 exec /opt/bin/obfs4proxy --enableLogging --logLevel ERROR
Bridge obfs4 12.34.56.78 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA cert=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB iat-mode=0
...
Bridge obfs4 12.34.56.78 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA cert=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB iat-mode=0
DNSPort auto
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit,.onion
TransPort auto

Tor 0.2.9.10 log:

Jun 18 19:27:42.000 [notice] Tor 0.2.9.10 (git-1f6c8eda0073f464) opening new log file.
Jun 18 19:27:42.352 [warn] You have asked to exclude certain relays from all positions in your circuits. Expect hidden services and other Tor features to be broken in un\
predictable ways.
Jun 18 19:27:42.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jun 18 19:27:42.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jun 18 19:27:42.000 [notice] Bootstrapped 0%: Starting
Jun 18 19:27:43.000 [notice] new bridge descriptor 'acanthdisorienta' (cached): $AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA~acanthdisorienta at 12.34.56.78
Jun 18 19:27:43.000 [notice] new bridge descriptor 'acanthdisorienta' (cached): $AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA~acanthdisorienta at 12.34.56.78
Jun 18 19:27:44.000 [notice] new bridge descriptor 'acanthdisorienta' (cached): $AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA~acanthdisorienta at 12.34.56.78
Jun 18 19:27:44.000 [notice] Delaying directory fetches: Pluggable transport proxies still configuring
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
Jun 18 19:27:46.000 [notice] Bootstrapped 5%: Connecting to directory server
Jun 18 19:27:46.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Jun 18 19:27:48.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
Jun 18 19:27:48.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
Jun 18 19:27:48.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Jun 18 19:27:52.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Jun 18 19:27:53.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jun 18 19:27:54.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jun 18 19:27:54.000 [notice] Bootstrapped 100%: Done

Tor-0.3.0.8 log

Jun 18 17:07:10.000 [notice] Tor 0.3.0.8 (git-802d30d9b71a6d54) opening new log file.
Jun 18 17:07:10.861 [warn] You have asked to exclude certain relays from all positions in your circuits. Expect hidden services and other Tor features to be broken in un\
predictable ways.
Jun 18 17:07:10.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jun 18 17:07:11.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jun 18 17:07:11.000 [notice] Bootstrapped 0%: Starting
Jun 18 17:07:12.000 [notice] Starting with guard context "bridges"
Jun 18 17:07:12.000 [notice] new bridge descriptor 'acanthdisorienta' (cached): $37AB6046C23F2385102D0D380AD827070E26E528~acanthdisorienta at 12.34.56.78
Jun 18 17:07:12.000 [notice] Delaying directory fetches: Pluggable transport proxies still configuring
Jun 18 17:09:14.000 [notice] Bootstrapped 5%: Connecting to directory server
Jun 18 17:09:14.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Jun 18 17:09:15.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
Jun 18 17:09:16.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
Jun 18 17:09:16.000 [warn] Proxy Client: unable to connect to 12.34.56.78:443 ("general SOCKS server failure")
Jun 18 17:11:24.000 [warn] Proxy Client: unable to connect to 12.34.56.78:34095 ("general SOCKS server failure")
Jun 18 17:11:24.000 [warn] Proxy Client: unable to connect to 12.34.56.78:60491 ("general SOCKS server failure")
Jun 18 17:11:24.000 [warn] Proxy Client: unable to connect to 12.34.56.78:50211 ("general SOCKS server failure")
...
Jun 18 17:31:24.000 [warn] Proxy Client: unable to connect to 12.34.56.78:34095 ("general SOCKS server failure")
Jun 18 17:53:40.000 [notice] new bridge descriptor 'acanthdisorienta' (fresh): $37AB6046C23F2385102D0D380AD827070E26E528~acanthdisorienta at 12.34.56.78
Jun 18 17:53:40.000 [notice] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for some of our primary entry guards
Jun 18 17:09:16.000 [warn] Proxy Client: unable to connect to 12.34.56.78:443 ("general SOCKS server failure")
Jun 18 17:11:24.000 [warn] Proxy Client: unable to connect to 12.34.56.78:34095 ("general SOCKS server failure")
Jun 18 17:11:24.000 [warn] Proxy Client: unable to connect to 12.34.56.78:60491 ("general SOCKS server failure")
Jun 18 17:11:24.000 [warn] Proxy Client: unable to connect to 12.34.56.78:50211 ("general SOCKS server failure")

Child Tickets

Change History (27)

comment:1 Changed 2 years ago by t0r

I also tried the tor-browser-linux64-7.0.1_en-US.tar.xz with obfs4 and bridge selected, it failed either.

Unfortunately, I cannot Copy Tor Log To Clipboard of `tor-browser-linux64-7.0.1_en-US'.

Last edited 2 years ago by t0r (previous) (diff)

comment:2 Changed 2 years ago by gk

Cc: gk added

comment:3 Changed 2 years ago by t0r

Summary: upgrading Tor-0.2.9.10 to Tor-0.3.0.8 fails to build circuitsupgrading Tor-0.2.9.10 to Tor-0.3.0.8 or Tor-0.3.1.3_alpha fails to build circuits

Please be noted, even Tor-0.3.1.3_alpha fails to build circuits with above torrc configuration.

The only solution I found is downgrading to Tor-0.2.9.10.

Last edited 2 years ago by t0r (previous) (diff)

comment:4 Changed 2 years ago by cypherpunks

Component: Core Tor/TorObfuscation/Obfsproxy
Keywords: no circuit removed
Status: newneeds_information

Do default obfs4 bridges work for you?

Unfortunately, I cannot copy Tor log to clipboard of `tor-browser-linux64-7.0.1_en-US'.

How so?

@gk: why does obfs4proxy use SSE2 by default now?

comment:5 in reply to:  4 Changed 2 years ago by t0r

Replying to cypherpunks:

Do default obfs4 bridges work for you?

No. The only way to bypass ISP censorship is combining private bridge and obfs4.

Unfortunately, I cannot copy Tor log to clipboard of `tor-browser-linux64-7.0.1_en-US'.
How so?

I cannot get the log of tor-browser-linux64-7.0.1_en-US during connecting. There is an yellow an exclamation mark before the Copy Tor Log To Clipboard box. After clicking to box, none of log copied to clipboard. This is the screenshot: http://i.imgur.com/KGo5Rkf.png

http://i.imgur.com/KGo5Rkf.png

Last edited 2 years ago by t0r (previous) (diff)

comment:6 Changed 2 years ago by cypherpunks

Oh, you're really in the situation Tor Browser is intended for :(
Log is working "as is", as usually, just has no lines. :(
You can try a trick: overwrite your obfs4proxy.exe with the same from 6.5.2 and try again. (By "downgrading to Tor-0.2.9.10" you mean "overwrite the whole directory, right?)

Last edited 2 years ago by cypherpunks (previous) (diff)

comment:7 Changed 2 years ago by t0r

@cypherpunks

Please be noted, I am using manually compiled Tor instead of Tor browser on Linux (Gentoo). The Tor Browser screenshot above is further demonstration to show that Tor-0.3 forward does not build circuits with bridge and obfs4.

I know Tor browser does not write log file. However the yellow exclamation mark prevents me from copying the log to clipboard, meaning the way "as is" broke now. I cannot paste the log here.

I think it's not obfs4proxy's problem since it works with Tor-0.2.9.10 with the same torrc. What's was worse, Tor browser 6.5.2 is removed from official dist mirror.

By downgrading to Tor-2.9.10, I mean compile Tor-2.9.10 on Linux (Gentoo).

BTW, my current obfs4proxy version is 0.0.8-dev.

comment:8 in reply to:  7 Changed 2 years ago by gk

Replying to t0r:

@cypherpunks

Please be noted, I am using manually compiled Tor instead of Tor browser on Linux (Gentoo). The Tor Browser screenshot above is further demonstration to show that Tor-0.3 forward does not build circuits with bridge and obfs4.

I know Tor browser does not write log file. However the yellow exclamation mark prevents me from copying the log to clipboard, meaning the way "as is" broke now. I cannot paste the log here.

Hm. But you can easily get the output by starting Tor Browser in a terminal with ./start-tor-browser.desktop --debug --log. You'll see it in a terminal and in tor-browser.log

I think it's not obfs4proxy's problem since it works with Tor-0.2.9.10 with the same torrc. What's was worse, Tor browser 6.5.2 is removed from official dist mirror.

You can always find older versions here: https://archive.torproject.org/tor-package-archive/torbrowser/

By downgrading to Tor-2.9.10, I mean compile Tor-2.9.10 on Linux (Gentoo).

BTW, my current obfs4proxy version is 0.0.8-dev.

comment:9 in reply to:  4 Changed 2 years ago by gk

Replying to cypherpunks:

@gk: why does obfs4proxy use SSE2 by default now?

Which platform? We did not change anything in regard to obfs4proxy and SSE2 compilation as far as I can tell.

comment:10 Changed 2 years ago by cypherpunks

Component: Obfuscation/ObfsproxyCore Tor/Tor
Status: needs_informationnew

Manual compiling could mess a lot of stuff...
Narrower regression range is required to proceed this ticket further...
Moving the ticket back to Tor as you are so sure...

gk is faster here https://dist.torproject.org/README.old_versions

@gk: it's Go upgrade...

comment:11 Changed 2 years ago by teor

Keywords: tor-guard added
Milestone: Tor: 0.3.0.x-finalTor: 0.3.1.x-final
Priority: HighMedium
Severity: CriticalNormal

This looks similar to #22576.
If it is, it's not a bug in Tor, it's likely a bug in the pluggable transport: either the config, or the compilation. Please check that ticket for details.

We also need to check and see if it's a guard issue in tor.

comment:12 Changed 2 years ago by t0r

obfs4proxy binary version in tor-browser-linux64-7.0.1_en-US is 0.0.5

tor-browser-linux64-7.0.1_en-US default bridge log:

Jun 19 11:44:32.140 [notice] Tor 0.3.0.8 (git-802d30d9b71a6d54) running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2k and Zlib 1.2.11.
Jun 19 11:44:32.140 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 19 11:44:32.141 [notice] Read configuration file "/home/bobme/opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc-defaults".
Jun 19 11:44:32.141 [notice] Read configuration file "/home/bobme/opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc".
Jun 19 11:44:32.155 [notice] Opening Control listener on 127.0.0.1:9151
Jun 19 11:44:32.155 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:44:32.000 [notice] Parsing GEOIP IPv4 file /home/bobme/opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip.
Jun 19 11:44:32.000 [notice] Parsing GEOIP IPv6 file /home/bobme/opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip6.
Jun 19 11:44:32.000 [notice] Bootstrapped 0%: Starting
Jun 19 11:44:32.000 [notice] Starting with guard context "bridges"
Jun 19 11:44:32.000 [notice] new bridge descriptor 'acanthdisorienta' (cached): $37CD6046C23F385102D0D1BF0AD827070E26E528~acanthdisorienta at 138.197.219.241
Jun 19 11:44:32.000 [notice] Delaying directory fetches: DisableNetwork is set.
Jun 19 11:44:32.000 [notice] New control connection opened from 127.0.0.1.
Jun 19 11:44:32.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:44:32.000 [notice] New control connection opened from 127.0.0.1.
Jun 19 11:44:47.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:44:47.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:44:47.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:44:48.000 [notice] Opening Socks listener on 127.0.0.1:9150
Jun 19 11:44:49.000 [notice] Bootstrapped 5%: Connecting to directory server
Jun 19 11:44:49.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Jun 19 11:44:50.000 [warn] Proxy Client: unable to connect to 12.34.56.78:40035 ("general SOCKS server failure")
...
Jun 19 11:47:01.000 [warn] Proxy Client: unable to connect to 12.34.56.78:443 ("general SOCKS server failure")
Jun 19 11:47:12.000 [notice] Closing no-longer-configured Socks listener on 127.0.0.1:9150
Jun 19 11:47:12.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:47:12.000 [notice] Closing old Socks listener on 127.0.0.1:9150
Jun 19 11:47:15.000 [notice] Owning controller connection has closed -- exiting now.
Jun 19 11:47:15.000 [notice] Catching signal TERM, exiting cleanly.

tor-browser-linux64-7.0.1_en-US private bridge log:

Jun 19 11:37:14.440 [notice] Tor 0.3.0.8 (git-802d30d9b71a6d54) running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2k and Zlib 1.2.11.
Jun 19 11:37:14.440 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 19 11:37:14.440 [notice] Read configuration file "/home/bobme/opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc-defaults".
Jun 19 11:37:14.440 [notice] Read configuration file "/home/bobme/opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc".
Jun 19 11:37:14.456 [notice] Opening Control listener on 127.0.0.1:9151
Jun 19 11:37:14.456 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:37:14.000 [notice] Parsing GEOIP IPv4 file /home/bobme/opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip.
Jun 19 11:37:14.000 [notice] Parsing GEOIP IPv6 file /home/bobme/opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip6.
Jun 19 11:37:15.000 [notice] Bootstrapped 0%: Starting
Jun 19 11:37:15.000 [notice] Starting with guard context "bridges"
Jun 19 11:37:15.000 [notice] new bridge descriptor 'acanthdisorienta' (cached): $37CD6046C23F385102D0D1BF0AD827070E26E528~acanthdisorienta at 138.197.219.241
Jun 19 11:37:15.000 [notice] Delaying directory fetches: DisableNetwork is set.
Jun 19 11:37:15.000 [notice] New control connection opened from 127.0.0.1.
Jun 19 11:37:15.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:37:15.000 [notice] New control connection opened from 127.0.0.1.
Jun 19 11:38:22.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:38:22.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:38:22.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:38:22.000 [notice] Opening Socks listener on 127.0.0.1:9150
Jun 19 11:38:25.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:38:25.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:38:25.000 [notice] Bootstrapped 5%: Connecting to directory server
Jun 19 11:38:25.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Jun 19 11:38:26.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:38:28.000 [warn] Proxy Client: unable to connect to 12.34.56.78:443 ("general SOCKS server failure")
...
Jun 19 11:38:28.000 [warn] Proxy Client: unable to connect to 12.34.56.78:443 ("general SOCKS server failure")
Jun 19 11:38:29.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:38:31.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:38:39.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:38:39.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:38:54.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:39:00.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:39:24.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:40:15.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:40:31.000 [notice] Ignoring directory request, since no bridge nodes are available yet.
Jun 19 11:41:52.000 [notice] Closing no-longer-configured Socks listener on 127.0.0.1:9150
Jun 19 11:41:52.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Jun 19 11:41:52.000 [notice] Closing old Socks listener on 127.0.0.1:9150
Jun 19 11:41:53.000 [notice] Delaying directory fetches: DisableNetwork is set.
Jun 19 11:41:54.000 [notice] Owning controller connection has closed -- exiting now.
Jun 19 11:41:54.000 [notice] Catching signal TERM, exiting cleanly.

comment:13 in reply to:  6 Changed 2 years ago by t0r

Replying to cypherpunks:

Oh, you're really in the situation Tor Browser is intended for :(
Log is working "as is", as usually, just has no lines. :(
You can try a trick: overwrite your obfs4proxy.exe with the same from 6.5.2 and try again.

I have examined obfs4proxy in 6.5.2 and 7.0.1, both are obfs4proxy-0.0.5. Taking Go lang version into consideration, I copy 6.5.2's obfs4proxy to overwrite 7.0.1's. But that does NOT make any difference.

tor-browser-linux64-6.5.2_en-US works like a charm. To be confirmative, I copied Tor binary from 7.0.1 to 6.5.2, resulting in no circuits.

Note: tor-browser-linux64-6.5.2_en-US automatically updates to tor-browser-linux64-7.0.1_en-US. Turn off by setting Preferences -> advanced -> Update

Last edited 2 years ago by t0r (previous) (diff)

comment:14 Changed 2 years ago by t0r

In short, Tor-0.2.9.10 succeeds in building circuits while Tor-0.3.0.8 and Tor-0.3.1.3_alpha do not, irrespective of Tor browser, compiled Tor binary or which obfs4proxy.

Last edited 2 years ago by t0r (previous) (diff)

comment:15 in reply to:  11 Changed 2 years ago by t0r

Replying to teor:

This looks similar to #22576.
If it is, it's not a bug in Tor, it's likely a bug in the pluggable transport: either the config, or the compilation. Please check that ticket for details.

After reading through #22576, I think they are not related. I don't use squid HTTP proxy.
I added more tests above, and pretty sure it's not obfs4proxy problem.

We also need to check and see if it's a guard issue in tor.

It's probably the new guard feature drawn into Tor-0.3. There exists two clues:

  1. Based on all comments so far, I narrowed down the issue to Tor-0.3 binary. I also tried to replace Tor binary in 7.0.1 with 6.5.2. But it reports error:
Launching './Browser/start-tor-browser --detach --debug --log'...
Logging Tor Browser debug information to tor-browser.log
Jun 19 12:54:49.584 [notice] Tor 0.2.9.10 (git-1f6c8eda0073f464) running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2k and Zlib 1.2.11.
Jun 19 12:54:49.584 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 19 12:54:49.584 [notice] Read configuration file "/home/bobme/opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc-defaults".
Jun 19 12:54:49.584 [notice] Read configuration file "/home/bobme/opt/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc".
Jun 19 12:54:49.594 [warn] Failed to parse/validate config: Unknown option '__ControlPort'.  Failing.
Jun 19 12:54:49.594 [err] Reading config failed--see warnings above.
  1. If we compare the log difference between Tor-0.2 and Tor-0.3 above, the later exclusively contains a special line:
Starting with guard context "bridges"
  1. Although no circuits built with bridge and obfs4proxy, Tor-0.3 onward works greatly with Socks5Proxy option support since that proxy bypasses censorship successively.

comment:16 Changed 2 years ago by t0r

Keywords: tor-bridge obfs4proxy added
Priority: MediumHigh

comment:17 Changed 2 years ago by t0r

Any help?

Maybe we are too busy to handle this issue. I will first downgraded to Tor-0.2.9.10

comment:18 Changed 2 years ago by cypherpunks

Keywords: tor-client added; tor-bridge obfs4proxy removed

It looks like new Tor tries to connect to default guards which are blocked in your case.
You can start from https://dist.torproject.org/tor-0.3.0.1-alpha.tar.gz to find out the first version with new behavior.

comment:19 Changed 2 years ago by t0r

@cypherpunks Is it possible to let user choose the guards to connect to? I cannot find option related to guard setting in Tor-0.3.0.3's man page.

comment:20 in reply to:  19 ; Changed 2 years ago by cypherpunks

Replying to t0r:

@cypherpunks Is it possible to let user choose the guards to connect to? I cannot find option related to guard setting in Tor-0.3.0.3's man page.

https://www.torproject.org/docs/faq.html.en#ChooseEntryExit

comment:21 in reply to:  20 Changed 2 years ago by t0r

Replying to cypherpunks:

Replying to t0r:

@cypherpunks Is it possible to let user choose the guards to connect to? I cannot find option related to guard setting in Tor-0.3.0.3's man page.

https://www.torproject.org/docs/faq.html.en#ChooseEntryExit

Tor guards turn out to be special hop, namely entry node. The link above discourage manually setting EntryExit:

We recommend you do not use these — they are intended for testing and may disappear in future versions. You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand.


comment:22 Changed 2 years ago by asn

It's quite likely that the issue of this ticket is the bridge-case of #21969 (aka #22325) since IIUC the fix is still not merged in 0.3.0 .

At least the first log of this ticket definitely includes We're missing descriptors for some of our primary entry guards not sure what's going on with the other logs.

comment:24 Changed 23 months ago by nickm

oops, that was on the wrong ticket; never mind.

comment:25 Changed 23 months ago by nickm

Status: newneeds_information

Does this happen with 0.3.0.10 or 0.3.1.4-alpha?

comment:26 Changed 16 months ago by teor

Milestone: Tor: 0.3.1.x-finalTor: 0.3.4.x-final

These feature and bugfix tickets have no patches. The earliest they will get done is 0.3.4.

comment:27 Changed 15 months ago by nickm

Keywords: 034-triage-20180328 added

comment:28 Changed 14 months ago by nickm

Resolution: user disappeared
Status: needs_informationclosed

No response from reporter in last 9 months.

Note: See TracTickets for help on using tickets.