Opened 11 months ago

Closed 5 months ago

#28521 closed defect (fixed)

fte is not working using default tor browser bridges

Reported by: boklm Owned by: kpdyer
Priority: Medium Milestone:
Component: Archived/FTE Version:
Severity: Normal Keywords:
Cc: tbb-team, kpdyer, phw Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When running fte using Tor Browser nightly, with the following bridges configured in torrc:

Bridge fte 128.105.214.163:8080 A17A40775FBD2CA1184BF80BFC330A77ECF9D0E9
Bridge fte 131.252.210.150:8080 0E858AC201BF0F3FA3C462F64844CBFFC7297A42
Bridge fte 128.105.214.162:8080 FC562097E1951DCC41B7D7F324D88157119BB56D
Bridge fte 128.105.214.161:8080 1E326AAFB3FCB515015250D8FCCC8E37F91A153B

We are getting the following log:

Nov 18 22:57:29.200 [notice] Tor 0.4.0.0-alpha-dev (git-bf82389e198a0cc6) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2p, Zlib 1.2.8, Liblzma N/A, and Libzstd N/A.
Nov 18 22:57:29.200 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 18 22:57:29.200 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Nov 18 22:57:29.200 [notice] Tor is running with Rust integration. Please report any bugs you encounter.
Nov 18 22:57:29.200 [notice] Read configuration file "/tmp/s8NAO70li5".
Nov 18 22:57:29.200 [notice] Read configuration file "/home/tbb-testsuite/tbb-testsuite/tmp/4vi3CfW2Ri/tor-browser_ar/Browser/TorBrowser/Data/Tor/torrc".
Nov 18 22:57:29.202 [notice] Opening Socks listener on 127.0.0.1:9550
Nov 18 22:57:29.202 [notice] Opened Socks listener on 127.0.0.1:9550
Nov 18 22:57:29.202 [notice] Opening Control listener on 127.0.0.1:9551
Nov 18 22:57:29.202 [notice] Opened Control listener on 127.0.0.1:9551
Nov 18 22:57:29.000 [notice] Parsing GEOIP IPv4 file /home/tbb-testsuite/tbb-testsuite/tmp/4vi3CfW2Ri/tor-browser_ar/Browser/TorBrowser/Data/Tor/geoip.
Nov 18 22:57:29.000 [notice] Bootstrapped 0%: Starting
Nov 18 22:57:29.000 [notice] Starting with guard context "bridges"
Nov 18 22:57:29.000 [notice] Delaying directory fetches: No running bridges
Nov 18 22:57:31.000 [notice] Bootstrapped 5%: Connecting to directory server
Nov 18 22:57:31.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Nov 18 22:57:31.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:57:31.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:57:32.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:57:32.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:57:34.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:57:34.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:57:37.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:57:39.000 [notice] New control connection opened from 127.0.0.1.
Nov 18 22:57:39.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:57:39.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:57:41.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:57:46.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:57:46.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:57:53.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:57:55.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:57:58.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:58:00.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:58:01.000 [warn] Proxy Client: unable to connect to 128.105.214.161:8080 ("TTL expired")
Nov 18 22:58:06.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:58:07.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:58:09.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:58:09.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:58:13.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:58:13.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:58:33.000 [warn] Proxy Client: unable to connect to 128.105.214.161:8080 ("TTL expired")
Nov 18 22:58:43.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:58:43.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:58:57.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:59:13.000 [warn] Proxy Client: unable to connect to 128.105.214.161:8080 ("TTL expired")
Nov 18 22:59:31.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:59:37.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 22:59:49.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 22:59:59.000 [warn] Proxy Client: unable to connect to 128.105.214.161:8080 ("TTL expired")
Nov 18 23:00:09.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 23:00:30.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 23:00:54.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 23:00:55.000 [warn] Proxy Client: unable to connect to 128.105.214.161:8080 ("TTL expired")
Nov 18 23:00:59.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 23:01:32.000 [warn] Proxy Client: unable to connect to 128.105.214.161:8080 ("TTL expired")
Nov 18 23:01:41.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 23:02:17.000 [warn] Proxy Client: unable to connect to 128.105.214.163:8080 ("Connection refused")
Nov 18 23:02:18.000 [warn] Proxy Client: unable to connect to 128.105.214.161:8080 ("TTL expired")
Nov 18 23:02:29.000 [warn] Proxy Client: unable to connect to 128.105.214.162:8080 ("Connection refused")
Nov 18 23:02:40.000 [notice] Catching signal TERM, exiting cleanly.

Child Tickets

Attachments (2)

fte-default-bridges.png (30.1 KB) - added by dcf 11 months ago.
Graph showing OONI tcp_connect results for default FTE bridges from the US.
fte-default-bridges.tar.xz (1.9 MB) - added by dcf 11 months ago.
Source code and data for fte-default-bridges.png.

Download all attachments as: .zip

Change History (15)

comment:1 Changed 11 months ago by gk

Cc: kpdyer added
Status: newneeds_information

Do we know who runs those? kpdyer: are you used to run them?

comment:2 Changed 11 months ago by kpdyer

Yep, I'm the owner for these.

  • 128.105.214.161 had a hardware failure and is permanently offline.
  • 128.105.214.162/128.105.214.163 are experiencing some sort of transient failure but I'm not physically located near these machines. I've asked someone to look into it and I should have an answer soon.
  • 131.252.210.150 was in a bad state but I was able to resolve it remotely. Can you confirm it's working for you too?
Last edited 11 months ago by kpdyer (previous) (diff)

Changed 11 months ago by dcf

Attachment: fte-default-bridges.png added

Graph showing OONI tcp_connect results for default FTE bridges from the US.

Changed 11 months ago by dcf

Attachment: fte-default-bridges.tar.xz added

Source code and data for fte-default-bridges.png.

comment:3 Changed 11 months ago by dcf

I wanted to know the start dates of the outages for Metrics Timeline purposes, so I made a graph of OONI tcp_connect tor_bridge_reachability measurements.

Ignore the top line for 192.240.101.106:80 -- that bridge was removed in #18976. Of the others,

  • 131.252.210.150:8080 is online
  • 128.105.214.163:8080 stopped on 2018-09-26
  • 128.105.214.162:8080 stopped on 2018-09-26
  • 128.105.214.161:8080 stopped on 2017-10-04

Graph showing OONI tcp_connect results for default FTE bridges from the US.

comment:4 in reply to:  2 ; Changed 11 months ago by gk

Replying to kpdyer:

Yep, I'm the owner for these.

  • 128.105.214.161 had a hardware failure and is permanently offline.

We can delete it from Tor Browser then?

  • 128.105.214.162/128.105.214.163 are experiencing some sort of transient failure but I'm not physically located near these machines. I've asked someone to look into it and I should have an answer soon.

Okay, sounds good. Let us know what we should do (if anything, like removing them, too).

  • 131.252.210.150 was in a bad state but I was able to resolve it remotely. Can you confirm it's working for you too?

Hm. Tor Browser does not seem to like it for some reason. I'll look closer at it why that's the case.

comment:5 in reply to:  4 ; Changed 11 months ago by kpdyer

Replying to gk:

Replying to kpdyer:

Yep, I'm the owner for these.

  • 128.105.214.161 had a hardware failure and is permanently offline.

We can delete it from Tor Browser then?

Yep!

comment:6 in reply to:  5 Changed 11 months ago by gk

Replying to kpdyer:

Replying to gk:

Replying to kpdyer:

Yep, I'm the owner for these.

  • 128.105.214.161 had a hardware failure and is permanently offline.

We can delete it from Tor Browser then?

Yep!

Thanks, that's tracked in #28657.

comment:7 in reply to:  3 ; Changed 11 months ago by gk

Replying to dcf:

I wanted to know the start dates of the outages for Metrics Timeline purposes, so I made a graph of OONI tcp_connect tor_bridge_reachability measurements.

Ignore the top line for 192.240.101.106:80 -- that bridge was removed in #18976. Of the others,

  • 131.252.210.150:8080 is online

How is that measured actually? Because I have tried to use FTE default bridges in the last couple of days in Tor Browser and connecting to even that one is timing out all the time. Thus, there is currently none of the FTE bridges working we ship. Have you tested Tor Browser to reproduce the "online" result? Or maybe there is a bug in Tor Browser and that bridge is indeed working as it should...

Last edited 11 months ago by gk (previous) (diff)

comment:8 Changed 11 months ago by gk

Maybe OONI's tcp_connect test does not say that much in this case which would be interesting I guess...

comment:9 in reply to:  7 Changed 11 months ago by dcf

Replying to gk:

Replying to dcf:

I wanted to know the start dates of the outages for Metrics Timeline purposes, so I made a graph of OONI tcp_connect tor_bridge_reachability measurements.

Ignore the top line for 192.240.101.106:80 -- that bridge was removed in #18976. Of the others,

  • 131.252.210.150:8080 is online

How is that measured actually? Because I have tried to use FTE default bridges in the last couple of days in Tor Browser and connecting to even that one is timing out all the time. Thus, there is currently none of the FTE bridges working we ship. Have you tested Tor Browser to reproduce the "online" result? Or maybe there is a bug in Tor Browser and that bridge is indeed working as it should...

No, I did not test it in Tor Browser. I'm sorry for giving a misleading impression, the tcp_connect test only checks TCP connectivity, not anything at the application layer. That's all I meant by "online".

Maybe OONI's tcp_connect test does not say that much in this case which would be interesting I guess...

I was interested in knowing how long the bridges had been offline. This ticket was the wrong place to do it...

comment:10 Changed 6 months ago by phw

I'm making a pass over our list of default bridges and noticed that none of our FTE bridges are working.
128.105.214.162:8080 and 128.105.214.163:8080 seem offline. My Tor Browser says:

4/9/19, 19:13:36.424 [WARN] Proxy Client: unable to connect to 128.105.214.163:8080 ("TTL expired")
4/9/19, 19:13:36.425 [WARN] Proxy Client: unable to connect to 128.105.214.162:8080 ("TTL expired")

131.252.210.150:8080 is reachable over TCP but I'm unable to use it as FTE bridge. My Tor Browser says:

4/9/19, 19:25:51.319 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay 
4/9/19, 19:25:56.620 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 0E858AC201BF0F3FA3C462F64844CBFFC7297A42 at 131.252.210.150:8080) 
4/9/19, 19:25:56.620 [WARN] 1 connections have failed: 
4/9/19, 19:25:56.621 [WARN]  1 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE 

Kevin, do you know what's going on here?

comment:11 Changed 6 months ago by phw

Cc: phw added

comment:12 Changed 6 months ago by kpdyer

Unfortunately, I don't have the time to manage these bridges anymore.

Maybe it's best to remove them from the Tor Browser? That is unless someone else is willing to assume ownership.

comment:13 in reply to:  12 Changed 5 months ago by phw

Resolution: fixed
Status: needs_informationclosed

Replying to kpdyer:

Maybe it's best to remove them from the Tor Browser? That is unless someone else is willing to assume ownership.

We retired these bridges over in #30457. Thanks for having run these, Kevin!

Note: See TracTickets for help on using tickets.