Hello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor network connection through snowflake bridge

added component::circumvention/snowflake owner::cohosh priority::immediate reporter::amiableclarity2011 resolution::duplicate severity::normal status::closed type::defect labels

Trac:
Username: amiableclarity2011

torrc-defaults

Trac:
Username: amiableclarity2011

torrc

Trac:
Username: amiableclarity2011

state

Trac:
Username: amiableclarity2011

control_auth_cookie

Trac:
Username: amiableclarity2011

cached-descriptors

Trac:
Username: amiableclarity2011

cached-certs

Trac:
Username: amiableclarity2011

It happens to me as well even though I'm not behind the Great Tienanmen Square Firewall, maybe domain fronting is rate limited or something?

Thanks for the heads up. I'm looking into this today.

I'm getting the following in the snowflake logs:

2019/10/04 14:24:33 BrokerChannel Response:
504 Gateway Timeout

2019/10/04 14:24:33 BrokerChannel Error: Unexpected error, no answer.
2019/10/04 14:24:33 Failed to retrieve answer. Retrying in 10 seconds
2019/10/04 14:24:43 Negotiating via BrokerChannel...
Target URL:  snowflake-broker.azureedge.net 
Front URL:   ajax.aspnetcdn.com
2019/10/04 14:24:45 BrokerChannel Response:
200 OK

2019/10/04 14:24:45 Received Answer.
2019/10/04 14:24:45 ---- Handler: snowflake assigned ----
2019/10/04 14:24:45 Buffered 291 bytes --> WebRTC
2019/10/04 14:24:46 WebRTC: DataChannel.OnOpen
2019/10/04 14:24:46 Flushed 291 bytes.
2019/10/04 14:24:48 WebRTC: DataChannel.OnClose [remotely]

So the first try for a snowflake resulted in a timeout, and the second try resulted in the snowflake proxy closing the connection for some reason.

Trac:
Owner: N/A to cohosh
Status: new to assigned

Possibly related: #30498 (moved)

Okay I just ran a script to make 100 snowflake connections. I was able to bootstrap fully approximately 50% of the time (this is consistent with the findings in https://trac.torproject.org/projects/tor/ticket/28942#comment:65).

So while there might be an issue with the broker that is causing timeouts, it might also just be caused by poorly functioning proxies.

Trac:
Username: amiableclarity2011

torrc.2

Trac:
Username: amiableclarity2011

state.2

Trac:
Username: amiableclarity2011

control_auth_cookie.2

Trac:
Username: amiableclarity2011

Hello, this morning, in China, Tor Browser 9.0a7 version still can't establish a Tor network connection through snowflake bridge.

Below are the Tor log messages.

10/5/19, 01:50:06.470 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/5/19, 01:50:29.321 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/5/19, 01:50:29.321 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/5/19, 01:50:29.321 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/5/19, 01:50:29.321 [NOTICE] Opening Socks listener on 127.0.0.1:9150 10/5/19, 01:50:29.321 [NOTICE] Opened Socks listener on 127.0.0.1:9150 10/5/19, 01:50:30.117 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport 10/5/19, 01:50:30.119 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport 10/5/19, 01:50:56.976 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay 10/5/19, 01:51:26.997 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1) 10/5/19, 01:51:26.997 [WARN] 1 connections have failed: 10/5/19, 01:51:26.997 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE 10/5/19, 01:51:27.160 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 10/5/19, 01:51:27.160 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/5/19, 01:51:27.160 [WARN] Pluggable Transport process terminated with status code 0

Thank you very much for your help. I really appreciate it. I upload my state file.

Trac:
Username: amiableclarity2011

Thanks, this is definitely a problem with some bad snowflake proxies polluting the network. I'm working on #29206 (moved) which should allow your client to retry connections before failing, but those changes are very large and it will take a while to integrate them.

I can confirm from the US that connections will occasionally succeed, after which point the tor browser works.

Trac:
Username: amiableclarity2011

state.3

Trac:
Username: amiableclarity2011

torrc.3

Trac:
Username: amiableclarity2011

torrc-defaults.2

Trac:
Username: amiableclarity2011

Hello, Currently, in China, Tor Browser 9.0a8 version still can't establish a Tor network connection through snowflake bridge. Below are the Tor log messages.

10/19/19, 09:08:18.779 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/19/19, 09:08:22.665 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/19/19, 09:08:22.665 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/19/19, 09:08:22.665 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/19/19, 09:08:22.665 [NOTICE] Opening Socks listener on 127.0.0.1:9150 10/19/19, 09:08:22.665 [NOTICE] Opened Socks listener on 127.0.0.1:9150 10/19/19, 09:08:23.653 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport 10/19/19, 09:08:23.655 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport 10/19/19, 09:08:43.967 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay 10/19/19, 09:09:13.983 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1) 10/19/19, 09:09:13.983 [WARN] 1 connections have failed: 10/19/19, 09:09:13.983 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE 10/19/19, 09:09:13.993 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 10/19/19, 09:09:13.993 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/19/19, 09:09:13.993 [WARN] Pluggable Transport process terminated with status code 0

Thank you very much for your help. I really appreciate it. I upload my state file.

Trac:
Username: amiableclarity2011

I still get 1 connections died in state handshaking (TLS) despite not living in China, and Tor just loves to throw "Application request when we haven't received a consensus with exits. Optimistically trying known bridges again. => Delaying directory fetches: No running bridges" and then forcing me to restart the tor instance for snowflake to reload again. The least I can say is that my experience with snowflake these days is pretty bad, rarely does a connection last more than one hour.

Thanks for the updates amiableclarity2011 and cypherpunks.

As stated before, the current issues are almost certainly not caused by the GFW.

There are two problems: 1) it takes a very long time (30s) to discover that a snowflake isn't working, and 2) there's no way to recover sent data once the client has a new snowflake. These are both being tacked in #29206 (moved). The review/revision turn around on that has been very slow, partially due to the fact that this requires large changes to both the client and the server.

In the meantime, we've been deploying smaller fixes that should help as people update their proxies: #31391 (moved) was recently deployed which should eliminate proxies that can't connect to the bridge and #32129 (moved) will hand out proxy-go instances more frequently than web-based proxies (which is likely where the problems are still coming from).

Thanks for the continued updates and your patience. This is still in alpha and we are dealing with our first ever wide-spread deployment of web-based proxies. We're still figuring out the engineering challenges of dealing with proxies that are unreliable or slow to update.

Trac:
Username: amiableclarity2011

control_auth_cookie.3

Trac:
Username: amiableclarity2011

state.4

Trac:
Username: amiableclarity2011

torrc.4

Trac:
Username: amiableclarity2011

torrc-defaults.3

Trac:
Username: amiableclarity2011

Hello, today, Tor Browser 9.5a2 still can't connect to Tor network through snowflake bridge.

Trac:
Username: amiableclarity2011

Below are the Tor log messages

Trac:
Username: amiableclarity2011

11/21/19, 06:00:03.269 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 11/21/19, 06:00:03.269 [NOTICE] Switching to guard context "bridges" (was using "default") 11/21/19, 06:00:03.269 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 11/21/19, 06:00:03.269 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 11/21/19, 06:00:03.269 [NOTICE] Opening Socks listener on 127.0.0.1:9150 11/21/19, 06:00:03.269 [NOTICE] Opened Socks listener on 127.0.0.1:9150 11/21/19, 06:00:03.270 [NOTICE] Renaming old configuration file to "/home/scientist/tor-browser-linux64-9.5a2_en-US.tar.xz 2019 11 21/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.orig.1" 11/21/19, 06:00:03.395 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport 11/21/19, 06:00:03.397 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport 11/21/19, 06:00:08.430 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay 11/21/19, 06:00:38.920 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1) 11/21/19, 06:00:38.920 [WARN] 1 connections have failed: 11/21/19, 06:00:38.930 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE 11/21/19, 06:00:38.990 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 11/21/19, 06:00:38.990 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 11/21/19, 06:00:38.990 [WARN] Pluggable Transport process terminated with status code 0

Trac:
Username: amiableclarity2011

I upload my state file. Thank you very much for your help. I really appreciate it.

Trac:
Username: amiableclarity2011

Thanks for your feedback, amiableclarity2011! We can provide you with a private obfs4 bridge which should work in China. Just send an email to phw at torproject dot org.

I'm going to close this as a duplicate of #32657 (moved) and #32653 (moved)

Trac:
Resolution: N/A to duplicate
Status: assigned to closed

Replying to phw:

Thanks for your feedback, amiableclarity2011! We can provide you with a private obfs4 bridge which should work in China. Just send an email to phw at torproject dot org.

Thank you so much for your help. I really appreciate it. My email address is amiableclarity2011@gmail.com

I have already sent the email to you. Thank you so much for your help again.

Trac:
Username: amiableclarity2011

Hello, currently, in China, Tor Browser 9.0a7 version can't establish a Tor network connection through snowflake bridge

Child items 0

Activity