Opened 3 months ago

Last modified 3 months ago

#26103 needs_information defect

Can't use meek with any domain.

Reported by: itslannas Owned by: dcf
Priority: Medium Milestone:
Component: Obfuscation/meek Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I have been using meek-client to connect to Tor, using Cloudfront.
I know Amazon has blocked domain fronting, but in my case, there is no need for domain fronting. I'm just using https://d2cly7j4zqgua7.cloudfront.net/ without fronting to connect, as *.cloudfront.net is whitelisted on the firewall. The problem is it just won't finish the handshake. I've even tried creating a cloudfront distribution myself, or hosting it on my own domain (on another network), and testing it but it just won't connect.

May 14 22:53:09.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 6; recommendation warn; host 0000000000000000000000000000000000000000 at 0.0.0.0:2)
May 14 22:53:09.000 [warn] 6 connections have failed:
May 14 22:53:09.000 [warn] 6 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE

Child Tickets

Change History (4)

comment:1 Changed 3 months ago by itslannas

Priority: HighMedium

comment:2 Changed 3 months ago by cypherpunks

d2cly7j4zqgua7.cloudfront.net

This distribution is down by amazon request.

I've even tried creating a cloudfront distribution myself

What "Origin Domain Name" used?

hosting it on my own domain (on another network)

Which way? Reflector? Meek bridge?

comment:3 Changed 3 months ago by cypherpunks

Try using meek-azure, that bridge is still working.

comment:4 Changed 3 months ago by dcf

Status: newneeds_information
Version: Tor: 0.3.2.10

If you don't need a front, you can just connect to a bridge directly, like this:

Bridge meek 0.0.2.0:2 url=https://meek.bamsoftware.com/

comment:3 is right, for now you should be able to use the azure bridge, with or without fronting

Bridge meek 0.0.2.0:3 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com
Bridge meek 0.0.2.0:3 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/

(But also be aware that we are probably going to modify that CDN configuration soon, so the something.azureedge.net part will change.)

For hosting your own CloudFront distribution, there are some hints at doc/meek#AmazonCloudFront.

Note: See TracTickets for help on using tickets.