Opened 10 days ago

Last modified 7 days ago

#31960 assigned defect

Hello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor network connection through snowflake bridge

Reported by: amiableclarity2011 Owned by: cohosh
Priority: Immediate Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords:
Cc: arlolra, cohosh, phw, dcf Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor network connection through snowflake bridge

Below are the Tor log messages.

10/4/19, 04:44:38.869 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/4/19, 04:44:44.387 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/4/19, 04:44:45.248 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
10/4/19, 04:44:45.250 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
10/4/19, 04:45:08.319 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
10/4/19, 04:45:38.337 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
10/4/19, 04:45:38.338 [WARN] 1 connections have failed:
10/4/19, 04:45:38.338 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
10/4/19, 04:45:38.357 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
10/4/19, 04:45:38.357 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:45:38.358 [WARN] Pluggable Transport process terminated with status code 0

snowflake-broker.azureedge.net are not blocked by China's firewall.
ajax.aspnetcdn.com are not blocked by China's firewall.
stun.ekiga.net are not blocked by China's firewall.

I will upload my state file.

Thank you very much for your help. I really appreciate it.

Child Tickets

Attachments (9)

torrc-defaults (935 bytes) - added by amiableclarity2011 10 days ago.
torrc (629 bytes) - added by amiableclarity2011 10 days ago.
state (1.7 KB) - added by amiableclarity2011 10 days ago.
control_auth_cookie (32 bytes) - added by amiableclarity2011 10 days ago.
cached-descriptors (2.3 KB) - added by amiableclarity2011 10 days ago.
cached-certs (20.0 KB) - added by amiableclarity2011 10 days ago.
torrc.2 (629 bytes) - added by amiableclarity2011 9 days ago.
state.2 (1.7 KB) - added by amiableclarity2011 9 days ago.
control_auth_cookie.2 (32 bytes) - added by amiableclarity2011 9 days ago.

Download all attachments as: .zip

Change History (15)

Changed 10 days ago by amiableclarity2011

Attachment: torrc-defaults added

Changed 10 days ago by amiableclarity2011

Attachment: torrc added

Changed 10 days ago by amiableclarity2011

Attachment: state added

Changed 10 days ago by amiableclarity2011

Attachment: control_auth_cookie added

Changed 10 days ago by amiableclarity2011

Attachment: cached-descriptors added

Changed 10 days ago by amiableclarity2011

Attachment: cached-certs added

comment:1 Changed 10 days ago by cypherpunks

It happens to me as well even though I'm not behind the Great Tienanmen Square Firewall, maybe domain fronting is rate limited or something?

comment:2 Changed 10 days ago by cohosh

Owner: set to cohosh
Status: newassigned

Thanks for the heads up. I'm looking into this today.

I'm getting the following in the snowflake logs:

2019/10/04 14:24:33 BrokerChannel Response:
504 Gateway Timeout

2019/10/04 14:24:33 BrokerChannel Error: Unexpected error, no answer.
2019/10/04 14:24:33 Failed to retrieve answer. Retrying in 10 seconds
2019/10/04 14:24:43 Negotiating via BrokerChannel...
Target URL:  snowflake-broker.azureedge.net 
Front URL:   ajax.aspnetcdn.com
2019/10/04 14:24:45 BrokerChannel Response:
200 OK

2019/10/04 14:24:45 Received Answer.
2019/10/04 14:24:45 ---- Handler: snowflake assigned ----
2019/10/04 14:24:45 Buffered 291 bytes --> WebRTC
2019/10/04 14:24:46 WebRTC: DataChannel.OnOpen
2019/10/04 14:24:46 Flushed 291 bytes.
2019/10/04 14:24:48 WebRTC: DataChannel.OnClose [remotely]

So the first try for a snowflake resulted in a timeout, and the second try resulted in the snowflake proxy closing the connection for some reason.

comment:3 Changed 10 days ago by cohosh

Possibly related: #30498

comment:4 Changed 10 days ago by cohosh

Okay I just ran a script to make 100 snowflake connections. I was able to bootstrap fully approximately 50% of the time (this is consistent with the findings in https://trac.torproject.org/projects/tor/ticket/28942#comment:65).

So while there might be an issue with the broker that is causing timeouts, it might also just be caused by poorly functioning proxies.

Changed 9 days ago by amiableclarity2011

Attachment: torrc.2 added

Changed 9 days ago by amiableclarity2011

Attachment: state.2 added

Changed 9 days ago by amiableclarity2011

Attachment: control_auth_cookie.2 added

comment:5 Changed 9 days ago by amiableclarity2011

Hello, this morning, in China, Tor Browser 9.0a7 version still can't establish a Tor network connection through snowflake bridge.

Below are the Tor log messages.

10/5/19, 01:50:06.470 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/5/19, 01:50:29.321 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/5/19, 01:50:29.321 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/5/19, 01:50:29.321 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/5/19, 01:50:29.321 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/5/19, 01:50:29.321 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/5/19, 01:50:30.117 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
10/5/19, 01:50:30.119 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
10/5/19, 01:50:56.976 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
10/5/19, 01:51:26.997 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
10/5/19, 01:51:26.997 [WARN] 1 connections have failed:
10/5/19, 01:51:26.997 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
10/5/19, 01:51:27.160 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
10/5/19, 01:51:27.160 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/5/19, 01:51:27.160 [WARN] Pluggable Transport process terminated with status code 0

Thank you very much for your help. I really appreciate it.
I upload my state file.

comment:6 Changed 7 days ago by cohosh

Thanks, this is definitely a problem with some bad snowflake proxies polluting the network. I'm working on #29206 which should allow your client to retry connections before failing, but those changes are very large and it will take a while to integrate them.

Note: See TracTickets for help on using tickets.