Opened 12 months ago

Last modified 2 months ago

#27435 new defect

Poland, PLAY operator and OBFS4

Reported by: VeryVeryBadUser Owned by: dcf
Priority: High Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: pl, needs-proposal
Cc: anadahz Actual Points:
Parent ID: #21969 Points:
Reviewer: Sponsor:

Description

The OBFS4 looks to be blocked by PLAY in Poland.

The router was restarted, the computer with Tor Browser was restarted. It doesn't help me.

I can connect via Firefox to other web pages but not via Tor.

[NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
[NOTICE] Opening Socks listener on 127.0.0.1:9150
[NOTICE] Ignoring directory request, since no bridge nodes are available yet.
[NOTICE] Bootstrapped 5%: Connecting to directory server
[NOTICE] Bootstrapped 10%: Finishing handshake with directory server
[NOTICE] Bridge 'Lisbeth' has both an IPv4 and an IPv6 address. Will prefer using its IPv6 address ([2001:470:b381:bfff:216:3eff:fe23:d6c3]:443) based on the configured Bridge address.
[NOTICE] Bridge 'Lisbeth' has both an IPv4 and an IPv6 address. Will prefer using its IPv4 address (192.95.36.142:443) based on the configured Bridge address.
[NOTICE] Bridge 'NX01' has both an IPv4 and an IPv6 address. Will prefer using its IPv4 address (85.17.30.79:443) based on the configured Bridge address.
[NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection
[NOTICE] Bootstrapped 20%: Asking for networkstatus consensus
[NOTICE] new bridge descriptor 'noisebridge01' (fresh): [removed] at 216.252.162.21
[WARN] Proxy Client: unable to connect to 154.35.22.9:443 ("general SOCKS server failure")
[WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure")
[WARN] Proxy Client: unable to connect to 154.35.22.13:16815 ("general SOCKS server failure")
9[WARN] Proxy Client: unable to connect to 154.35.22.11:443 ("general SOCKS server failure")
[WARN] Proxy Client: unable to connect to 154.35.22.12:4304 ("general SOCKS server failure")
[WARN] Proxy Client: unable to connect to 154.35.22.10:443 ("general SOCKS server failure")
[NOTICE] Ignoring directory request, since no bridge nodes are available yet.
[NOTICE] Bootstrapped 25%: Loading networkstatus consensus
[NOTICE] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 6360/6377).
[NOTICE] Ignoring directory request, since no bridge nodes are available yet.
[NOTICE] Ignoring directory request, since no bridge nodes are available yet.
[NOTICE] Bootstrapped 50%: Loading relay descriptors

After last notice there is no progress.
Version: 7.5.6 (based on Mozilla Firefox 52.9.0) (32-bit)
Maybe security / privacy problem.

Child Tickets

Change History (6)

comment:1 Changed 7 months ago by dcf

Component: Obfuscation/ObfsproxyObfuscation/Censorship analysis
Milestone: Tor: unspecified
Owner: changed from asn to dcf
Severity: BlockerNormal
Version: Tor: unspecified

comment:2 Changed 6 months ago by anadahz

Cc: anadahz added

Could you please provide more details such as the type of connection (broadband or mobile) use, the AS number and any other information that could help us better understand this?

Below an excerpt from a Tor vanilla successful bootstrap using Tor Browser from PLAY ISP in Poland:

2/25/19, 10:02:07.410 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
2/25/19, 10:02:07.420 [NOTICE] Bootstrapped 80%: Connecting to the Tor network 
2/25/19, 10:02:07.208 [NOTICE] Bootstrapped 90%: Establishing a Tor circuit 
2/25/19, 10:02:08.910 [NOTICE] Bootstrapped 100%: Done 
2/25/19, 10:02:08.922 [NOTICE] New control connection opened from 127.0.0.1. 
2/25/19, 10:02:09.500 [NOTICE] New control connection opened from 127.0.0.1. 
2/25/19, 10:04:41.971 [NOTICE] Switching to guard context "bridges" (was using "default") 
2/25/19, 10:04:41.971 [NOTICE] Delaying directory fetches: No running bridges 
2/25/19, 10:04:44.274 [WARN] Proxy Client: unable to connect to 37.218.240.34:40035 ("general SOCKS server failure") 
2/25/19, 10:04:45.498 [WARN] Proxy Client: unable to connect to 37.218.240.34:40035 ("general SOCKS server failure") 
2/25/19, 10:04:45.796 [NOTICE] new bridge descriptor 'dragon' (fresh): $D9A82D2F9C2F65A18407B1D2B764F130847F8B5D~dragon at 37.218.245.14 
2/25/19, 10:04:45.796 [NOTICE] Our directory information is no longer up-to-date enough to build circuits: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 6446/6446). 
2/25/19, 10:04:45.948 [NOTICE] new bridge descriptor 'zipfelmuetze' (fresh): $91A6354697E6B02A386312F68D82CF86824D3606~zipfelmuetze at 85.31.186.26 
2/25/19, 10:04:46.216 [NOTICE] new bridge descriptor 'griinchux' (fresh): $011F2599C0E9B27EE74B353155E244813763C3E5~griinchux at 85.31.186.98 
2/25/19, 10:04:46.307 [NOTICE] new bridge descriptor 'ndnop3' (fresh): $8DFCD8FB3285E855F5A55EDDA35696C743ABFC4E~ndnop3 at 109.105.109.165 
2/25/19, 10:04:46.386 [NOTICE] new bridge descriptor 'ndnop5' (fresh): $BBB28DF0F201E706BE564EFE690FE9577DD8386D~ndnop5 at 109.105.109.147 
2/25/19, 10:04:46.426 [NOTICE] Bridge 'NX01' has both an IPv4 and an IPv6 address.  Will prefer using its IPv4 address (85.17.30.79:443) based on the configured Bridge address. 
2/25/19, 10:04:46.426 [NOTICE] new bridge descriptor 'NX01' (fresh): $FC259A04A328A07FED1413E9FC6526530D9FD87A~NX01 at 85.17.30.79 
2/25/19, 10:04:46.511 [NOTICE] new bridge descriptor 'cymrubridge31' (fresh): $C8CBDB2464FC9804A69531437BCF2BE31FDD2EE4~cymrubridge31 at 38.229.1.78 
2/25/19, 10:04:46.604 [NOTICE] new bridge descriptor 'smallerRichard' (fresh): $FB70B257C162BF1038CA669D568D76F5B7F0BABB~smallerRichard at 144.217.20.138 
2/25/19, 10:04:46.783 [WARN] Proxy Client: unable to connect to 37.218.240.34:40035 ("general SOCKS server failure") 
2/25/19, 10:04:46.854 [NOTICE] new bridge descriptor 'cymrubridge33' (fresh): $0BAC39417268B96B9F514E7F63FA6FBA1A788955~cymrubridge33 at 38.229.33.83 
2/25/19, 10:04:46.916 [NOTICE] new bridge descriptor 'noisebridge01' (fresh): $0DB8799466902192B6C7576D58D4F7F714EC87C1~noisebridge01 at 216.252.162.21 
2/25/19, 10:05:06.594 [NOTICE] New control connection opened from 127.0.0.1. 
2/25/19, 10:06:54.649 [WARN] Proxy Client: unable to connect to 154.35.22.10:15937 ("general SOCKS server failure") 
2/25/19, 10:06:54.650 [WARN] Proxy Client: unable to connect to 154.35.22.13:16815 ("general SOCKS server failure") 
2/25/19, 10:06:54.652 [WARN] Proxy Client: unable to connect to 154.35.22.9:12166 ("general SOCKS server failure") 
2/25/19, 10:06:54.653 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure") 
2/25/19, 10:06:54.653 [WARN] Proxy Client: unable to connect to 154.35.22.12:4304 ("general SOCKS server failure") 
2/25/19, 10:06:54.654 [WARN] Proxy Client: unable to connect to 154.35.22.11:80 ("general SOCKS server failure") 
2/25/19, 10:06:54.655 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure")

Similar Tor Browser bootstraped using obfs4:

2/25/19, 10:10:02.624 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
2/25/19, 10:10:02.624 [NOTICE] Opening Socks listener on 127.0.0.1:9150 
2/25/19, 10:10:02.624 [NOTICE] Opened Socks listener on 127.0.0.1:9150 
2/25/19, 10:10:04.675 [NOTICE] Bridge 'NX01' has both an IPv4 and an IPv6 address.  Will prefer using its IPv4 address (85.17.30.79:443) based on the configured Bridge address. 
2/25/19, 10:10:04.675 [NOTICE] Bootstrapped 5%: Connecting to directory server 
2/25/19, 10:10:04.686 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
2/25/19, 10:10:04.687 [NOTICE] Bootstrapped 80%: Connecting to the Tor network 
2/25/19, 10:10:04.688 [NOTICE] Bootstrapped 85%: Finishing handshake with first hop 
2/25/19, 10:10:05.580 [WARN] Proxy Client: unable to connect to 37.218.240.34:40035 ("general SOCKS server failure") 
2/25/19, 10:10:05.958 [NOTICE] new bridge descriptor 'ndnop5' (fresh): $BBB28DF0F201E706BE564EFE690FE9577DD8386D~ndnop5 at 109.105.109.147 
2/25/19, 10:10:06.180 [WARN] Proxy Client: unable to connect to 37.218.240.34:40035 ("general SOCKS server failure") 
2/25/19, 10:10:06.380 [NOTICE] Bootstrapped 90%: Establishing a Tor circuit 
2/25/19, 10:10:06.163 [NOTICE] Bridge 'NX01' has both an IPv4 and an IPv6 address.  Will prefer using its IPv4 address (85.17.30.79:443) based on the configured Bridge address. 
2/25/19, 10:10:06.163 [NOTICE] new bridge descriptor 'NX01' (fresh): $FC259A04A328A07FED1413E9FC6526530D9FD87A~NX01 at 85.17.30.79 
2/25/19, 10:10:06.743 [NOTICE] Bootstrapped 100%: Done 
2/25/19, 10:10:07.585 [NOTICE] New control connection opened from 127.0.0.1. 
2/25/19, 10:10:07.872 [NOTICE] New control connection opened from 127.0.0.1. 
2/25/19, 10:10:08.173 [WARN] Proxy Client: unable to connect to 37.218.240.34:40035 ("general SOCKS server failure")

The tests were made possible thanks to Warsaw Hackerspace.

comment:3 Changed 3 months ago by teor

Component: Circumvention/Censorship analysisCore Tor/Tor
Parent ID: #21969

Looks like an instance of tor bug #21969

comment:4 Changed 2 months ago by dcf

Keywords: pl added

comment:5 Changed 2 months ago by teor

Keywords: needs-proposal added

#16844 and #21969 have conflicting goals, so we need to write a proposal that balances these goals. See #30817.

comment:6 Changed 2 months ago by nickm

Milestone: Tor: unspecified
Note: See TracTickets for help on using tickets.