Adding webtunel bridges to whonix

Support
19

@Patrick Thanks for pointing me in the right direction. After quite some trial and error, I got it working. I created a guide that people can follow, if there are any issues, please point them out. (such as: should webtunnel be run as managed or not, is giving lyrebird the rix permission in AppArmor ok?)

How to set up lyrebird to work in whonix?

First of all, login to your whonix gateway as if you are accessing a regular sysmaint session.
Run this command to open and edit the AppArmor settings:
sudo nano /etc/apparmor.d/local/system_tor
Scroll down near the end of the file, spot ## obfsproxy and make a space above it, and add this:
## lyrebird
/usr/bin/lyrebird rix,
Save the file by clicking Ctrl + X, Y, Enter.

If you want to use the latest version of Tor, then you can add the Tor Project’s official Tor repository to the gateway by following the instructions in this link:
https://support.torproject.org/little-t-tor/getting-started/installing/
Or https://support.torproject.org/little-t-tor/getting-started/apt-over-tor/ for a .onion repository.

Now you have to install lyrebird, it’s not available in any apt repository, so you have to download it manually.
You can compile it yourself following the instructions here: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird
Or you can use an already-compiled version by copying it from the Tor Expert Bundle, which you can download here:
https://www.torproject.org/download/tor/
Copy the correct link and use this command to download it:
scurl --proxy http://127.0.0.1:8082 https://download_url -o output.tar.gz
After downloading the correct file, extract it
tar -xvf nameofthefile.tar.gz
and run these commands from the directory in which you extracted the Bundle:
sudo cp /tor/pluggable_transports/lyrebird /usr/bin/
sudo chmod +x /usr/bin/lyrebird (to make it executable)
To run lyrebird you need Go.
sudo apt install golang-go -y

You can now shut down your whonix gateway vm.
Now boot your sys-whonix instance using the sysmaint user.
Select the “Tor User Config” GUI option.
There, add something similar to this:
ClientTransportPlugin webtunnel exec /usr/bin/lyrebird managed
Bridge webtunnel … (input a bridge or several bridges that you have, or get one from the Tor Project using your preferred method of getting them: https://support.torproject.org/tor-browser/circumvention/getting-bridges/ )

Save the changes, shut down and log in to sys-whonix as the USER and check if your Tor connection works in the Tor Control Panel. You can pick ‘None’ (bridges) as a connection method there and the default configuration file will get overwritten by your custom torrc.
You can also assign other bridge types to lyrebird such as snowflake, meek, obfs4 and webtunnel.

4 Likes