[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] I can't use Tor via "obfs3" or other methods.

On Wed, 30 Sep 2015 18:12:11 +0000 (UTC)
Jason Long <hack3rcon@xxxxxxxxx> wrote:

First, sorry for the thread necromancy. Thought it was worth responding
too, though, since the OP didn't get much of an answer.

Second, hello Jason, I have been experimenting with various
configurations and OBFS3/4 compatibility. I first noticed problems
connecting to OBFS4 bridges while using Tails on an older ASUS laptop.
I thought it was an outlier until I found several other laptop models
that had similar issues with almost identical logs to yours. 

I still don't know exactly what inhibits a network interface from
connecting to a bridge but do have some info that might help push the
issue forward and give you connectivity. Also, as you probably
inferred, I believe it has to do with the network device the laptop or
computer is using to connect. 

"iwlwifi" is a driver that has been part of debian stable for a long
time, AFAIK. This is the driver that a ton of laptops will assign to
the network interface. But on most newer lenovo's and some other
models, a different driver is used and with those laptops, OBFS4 and
sometimes OBFS3 will never connect. 

My troubleshooting steps have been as follows:
- Try connecting to OBFS4
- Try connecting to OBFS3
- Try both 3/4 but with only <obfs* {ip_address:port} {fingerprint}>,
  and not including the cert, etc. 
- Try using a different interface like a USB wifi device, I've had
  positive results with most ralink chipsets.
- Try a direct ethernet connection.

I thought that the problem had something to do with how tails clones
are made but now I'm unconvinced this is a problem. If you connect to
tor via some other setup, these suggestions should help. 

In most of the configs I've worked on, ethernet has provided me at
least OBFS3 connectivity. In another case, the user needed to include
at least 1 OBFS3 bridge and all the bridges would connect and work, but
if she used all OBFS4, tor directory would never download. 

Hope this helps.

> Any tools exist that can help me for recognize my local network and
> help you for solve my problem?
> On Wednesday, September 30, 2015 9:05 AM, isis <isis@xxxxxxxxxxxxxx>
> wrote: Jason Long transcribed 7.1K bytes:
> > Isis Agora Lovecruft wrote:
> > > Hello Jason,
> > > 
> > > First, please try not to paste Bridge IP addresses and ports (i.e.
> > > "") or Bridge fingerprints (i.e.
> > > "3BECEABD174AE41C5CCC17254A40DD24EC5372CD") into public
> > > communications channels. It's dangerous for you, because now
> > > people know which Bridges you are going to try to connect to when
> > > you start up Tor.  It's also potentially dangerous for other
> > > people, since there may be other people using these Bridges.
> > > Lastly, it's bad for the Bridges themselves, since they will
> > > likely now be blocked by several censors and will no longer work
> > > in those places.
> > > 
> > > To answer your question, it looks like your SSL connections are
> > > somehow dying. This could mean many things.  It could simply be
> > > that the router at your house/office/cafÃ/etc. is doing strange
> > > things.  Or, it might mean that someone somewhere is tampering
> > > with your connections.  Or it could mean something else entirely.
> > > 
> > > I would recommend that you email BridgeDB at
> > > mailto:bridges@xxxxxxxxxxxxxx and request some new bridges.
> > > Perhaps try using obfs4 instead, if you can?
> >
> > Thank you so much and I didn't know this problem about Bridges. I
> > just copy Tor Log and nothing else :(.
> No worries; it's not your fault at all.  I think we should be logging
> sensitive info at those levels anyway (see #17193). [0]
> > I used all methods as I said and all of them have same problem :(.
> > "obfs4" , "fte" and...
> >
> > What is your idea? Can government blocking Tor?
> Governments (and some other parties, like your network admin, your
> ISP, etc.) could certainly block Tor, including blocking Bridges.
> There are many ways that they could do this, some with various
> consequences (for that government/etc.). A simple example would be if
> your government only allowed traffic to http://cnn.com:80, and then
> block anything that doesn't look like plaintext HTTP of someone
> reading CNN articles.  Obviously, this would be ridiculous if a
> government did this, as pretty much all commerce, banking, online
> education, and a million other things would completely stop.
> However, without knowing more details about your specific situation,
> I can't really determine if/how Tor is blocked for you.
> [0]: https://bugs.torproject.org/17193

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to