Opened 4 months ago

Closed 7 weeks ago

Last modified 7 weeks ago

#31960 closed defect (duplicate)

Hello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor network connection through snowflake bridge

Reported by: amiableclarity2011 Owned by: cohosh
Priority: Immediate Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords:
Cc: arlolra, cohosh, phw, dcf Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor network connection through snowflake bridge

Below are the Tor log messages.

10/4/19, 04:44:38.869 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:44:44.387 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/4/19, 04:44:44.387 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/4/19, 04:44:45.248 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
10/4/19, 04:44:45.250 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
10/4/19, 04:45:08.319 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
10/4/19, 04:45:38.337 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
10/4/19, 04:45:38.338 [WARN] 1 connections have failed:
10/4/19, 04:45:38.338 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
10/4/19, 04:45:38.357 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
10/4/19, 04:45:38.357 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/4/19, 04:45:38.358 [WARN] Pluggable Transport process terminated with status code 0

snowflake-broker.azureedge.net are not blocked by China's firewall.
ajax.aspnetcdn.com are not blocked by China's firewall.
stun.ekiga.net are not blocked by China's firewall.

I will upload my state file.

Thank you very much for your help. I really appreciate it.

Child Tickets

Attachments (16)

torrc-defaults (935 bytes) - added by amiableclarity2011 4 months ago.
torrc (629 bytes) - added by amiableclarity2011 4 months ago.
state (1.7 KB) - added by amiableclarity2011 4 months ago.
control_auth_cookie (32 bytes) - added by amiableclarity2011 4 months ago.
cached-descriptors (2.3 KB) - added by amiableclarity2011 4 months ago.
cached-certs (20.0 KB) - added by amiableclarity2011 4 months ago.
torrc.2 (629 bytes) - added by amiableclarity2011 4 months ago.
state.2 (1.7 KB) - added by amiableclarity2011 4 months ago.
control_auth_cookie.2 (32 bytes) - added by amiableclarity2011 4 months ago.
state.3 (410 bytes) - added by amiableclarity2011 3 months ago.
torrc.3 (632 bytes) - added by amiableclarity2011 3 months ago.
torrc-defaults.2 (935 bytes) - added by amiableclarity2011 3 months ago.
control_auth_cookie.3 (32 bytes) - added by amiableclarity2011 2 months ago.
state.4 (411 bytes) - added by amiableclarity2011 2 months ago.
torrc.4 (632 bytes) - added by amiableclarity2011 2 months ago.
torrc-defaults.3 (935 bytes) - added by amiableclarity2011 2 months ago.

Download all attachments as: .zip

Change History (33)

Changed 4 months ago by amiableclarity2011

Attachment: torrc-defaults added

Changed 4 months ago by amiableclarity2011

Attachment: torrc added

Changed 4 months ago by amiableclarity2011

Attachment: state added

Changed 4 months ago by amiableclarity2011

Attachment: control_auth_cookie added

Changed 4 months ago by amiableclarity2011

Attachment: cached-descriptors added

Changed 4 months ago by amiableclarity2011

Attachment: cached-certs added

comment:1 Changed 4 months ago by cypherpunks

It happens to me as well even though I'm not behind the Great Tienanmen Square Firewall, maybe domain fronting is rate limited or something?

comment:2 Changed 4 months ago by cohosh

Owner: set to cohosh
Status: newassigned

Thanks for the heads up. I'm looking into this today.

I'm getting the following in the snowflake logs:

2019/10/04 14:24:33 BrokerChannel Response:
504 Gateway Timeout

2019/10/04 14:24:33 BrokerChannel Error: Unexpected error, no answer.
2019/10/04 14:24:33 Failed to retrieve answer. Retrying in 10 seconds
2019/10/04 14:24:43 Negotiating via BrokerChannel...
Target URL:  snowflake-broker.azureedge.net 
Front URL:   ajax.aspnetcdn.com
2019/10/04 14:24:45 BrokerChannel Response:
200 OK

2019/10/04 14:24:45 Received Answer.
2019/10/04 14:24:45 ---- Handler: snowflake assigned ----
2019/10/04 14:24:45 Buffered 291 bytes --> WebRTC
2019/10/04 14:24:46 WebRTC: DataChannel.OnOpen
2019/10/04 14:24:46 Flushed 291 bytes.
2019/10/04 14:24:48 WebRTC: DataChannel.OnClose [remotely]

So the first try for a snowflake resulted in a timeout, and the second try resulted in the snowflake proxy closing the connection for some reason.

comment:3 Changed 4 months ago by cohosh

Possibly related: #30498

comment:4 Changed 4 months ago by cohosh

Okay I just ran a script to make 100 snowflake connections. I was able to bootstrap fully approximately 50% of the time (this is consistent with the findings in https://trac.torproject.org/projects/tor/ticket/28942#comment:65).

So while there might be an issue with the broker that is causing timeouts, it might also just be caused by poorly functioning proxies.

Changed 4 months ago by amiableclarity2011

Attachment: torrc.2 added

Changed 4 months ago by amiableclarity2011

Attachment: state.2 added

Changed 4 months ago by amiableclarity2011

Attachment: control_auth_cookie.2 added

comment:5 Changed 4 months ago by amiableclarity2011

Hello, this morning, in China, Tor Browser 9.0a7 version still can't establish a Tor network connection through snowflake bridge.

Below are the Tor log messages.

10/5/19, 01:50:06.470 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/5/19, 01:50:29.321 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/5/19, 01:50:29.321 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/5/19, 01:50:29.321 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/5/19, 01:50:29.321 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/5/19, 01:50:29.321 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/5/19, 01:50:30.117 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
10/5/19, 01:50:30.119 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
10/5/19, 01:50:56.976 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
10/5/19, 01:51:26.997 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
10/5/19, 01:51:26.997 [WARN] 1 connections have failed:
10/5/19, 01:51:26.997 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
10/5/19, 01:51:27.160 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
10/5/19, 01:51:27.160 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/5/19, 01:51:27.160 [WARN] Pluggable Transport process terminated with status code 0

Thank you very much for your help. I really appreciate it.
I upload my state file.

comment:6 Changed 4 months ago by cohosh

Thanks, this is definitely a problem with some bad snowflake proxies polluting the network. I'm working on #29206 which should allow your client to retry connections before failing, but those changes are very large and it will take a while to integrate them.

comment:7 Changed 3 months ago by cypherpunks

I can confirm from the US that connections will occasionally succeed, after which point the tor browser works.

Changed 3 months ago by amiableclarity2011

Attachment: state.3 added

Changed 3 months ago by amiableclarity2011

Attachment: torrc.3 added

Changed 3 months ago by amiableclarity2011

Attachment: torrc-defaults.2 added

comment:8 Changed 3 months ago by amiableclarity2011

Hello, Currently, in China, Tor Browser 9.0a8 version still can't establish a Tor network connection through snowflake bridge.
Below are the Tor log messages.

10/19/19, 09:08:18.779 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/19/19, 09:08:22.665 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/19/19, 09:08:22.665 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/19/19, 09:08:22.665 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/19/19, 09:08:22.665 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/19/19, 09:08:22.665 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/19/19, 09:08:23.653 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
10/19/19, 09:08:23.655 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
10/19/19, 09:08:43.967 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
10/19/19, 09:09:13.983 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
10/19/19, 09:09:13.983 [WARN] 1 connections have failed:
10/19/19, 09:09:13.983 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
10/19/19, 09:09:13.993 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
10/19/19, 09:09:13.993 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/19/19, 09:09:13.993 [WARN] Pluggable Transport process terminated with status code 0

Thank you very much for your help. I really appreciate it.
I upload my state file.

comment:9 Changed 3 months ago by cypherpunks

I still get 1 connections died in state handshaking (TLS) despite not living in China, and Tor just loves to throw "Application request when we haven't received a consensus with exits. Optimistically trying known bridges again. => Delaying directory fetches: No running bridges" and then forcing me to restart the tor instance for snowflake to reload again. The least I can say is that my experience with snowflake these days is pretty bad, rarely does a connection last more than one hour.

comment:10 Changed 3 months ago by cohosh

Thanks for the updates amiableclarity2011 and cypherpunks.

As stated before, the current issues are almost certainly not caused by the GFW.

There are two problems: 1) it takes a very long time (30s) to discover that a snowflake isn't working, and 2) there's no way to recover sent data once the client has a new snowflake. These are both being tacked in #29206. The review/revision turn around on that has been very slow, partially due to the fact that this requires large changes to both the client and the server.

In the meantime, we've been deploying smaller fixes that should help as people update their proxies: #31391 was recently deployed which should eliminate proxies that can't connect to the bridge and #32129 will hand out proxy-go instances more frequently than web-based proxies (which is likely where the problems are still coming from).

Thanks for the continued updates and your patience. This is still in alpha and we are dealing with our first ever wide-spread deployment of web-based proxies. We're still figuring out the engineering challenges of dealing with proxies that are unreliable or slow to update.

Changed 2 months ago by amiableclarity2011

Attachment: control_auth_cookie.3 added

Changed 2 months ago by amiableclarity2011

Attachment: state.4 added

Changed 2 months ago by amiableclarity2011

Attachment: torrc.4 added

Changed 2 months ago by amiableclarity2011

Attachment: torrc-defaults.3 added

comment:11 Changed 2 months ago by amiableclarity2011

Hello, today, Tor Browser 9.5a2 still can't connect to Tor network through snowflake bridge.

comment:12 Changed 2 months ago by amiableclarity2011

Below are the Tor log messages

comment:13 Changed 2 months ago by amiableclarity2011

11/21/19, 06:00:03.269 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/21/19, 06:00:03.269 [NOTICE] Switching to guard context "bridges" (was using "default")
11/21/19, 06:00:03.269 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/21/19, 06:00:03.269 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/21/19, 06:00:03.269 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/21/19, 06:00:03.269 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/21/19, 06:00:03.270 [NOTICE] Renaming old configuration file to "/home/scientist/tor-browser-linux64-9.5a2_en-US.tar.xz 2019 11 21/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.orig.1"
11/21/19, 06:00:03.395 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
11/21/19, 06:00:03.397 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
11/21/19, 06:00:08.430 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
11/21/19, 06:00:38.920 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
11/21/19, 06:00:38.920 [WARN] 1 connections have failed:
11/21/19, 06:00:38.930 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
11/21/19, 06:00:38.990 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
11/21/19, 06:00:38.990 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/21/19, 06:00:38.990 [WARN] Pluggable Transport process terminated with status code 0

comment:14 Changed 2 months ago by amiableclarity2011

I upload my state file.
Thank you very much for your help. I really appreciate it.

comment:15 Changed 8 weeks ago by phw

Thanks for your feedback, amiableclarity2011! We can provide you with a private obfs4 bridge which should work in China. Just send an email to phw at torproject dot org.

comment:16 Changed 7 weeks ago by cohosh

Resolution: duplicate
Status: assignedclosed

I'm going to close this as a duplicate of #32657 and #32653

comment:17 in reply to:  15 Changed 7 weeks ago by amiableclarity2011

Replying to phw:

Thanks for your feedback, amiableclarity2011! We can provide you with a private obfs4 bridge which should work in China. Just send an email to phw at torproject dot org.

Thank you so much for your help. I really appreciate it. My email address is amiableclarity2011@…

I have already sent the email to you. Thank you so much for your help again.

Note: See TracTickets for help on using tickets.