[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Assist in the installation of bridges


#1

Hi I know the method of installation of the bridges But the problem in Whonix Gateway There’s no browser
to copy and paste These bridges Or to get it.
So what is the solution


How to set the obfs bridge
#2

Remember you are not using the TBB (browser) method for connecting to bridges in Whonix.

You need to instead manually edit your torrc file in the Whonix Gateway using either nano in a terminal, or if using a GUI, select the torrc settings option under ‘Start Menu’.

So, follow the steps below to get your bridges, apply changes in torrc file and reload Tor so it will use the bridges:

I assume you are running non-Qubes Whonix. In your case if you already have the bridge references, then simply edit /etc/tor/torrc as follows:

If you are using a graphical Whonix-Gateway, complete the following steps:

Start Menu -> Applications -> Settings -> /etc/tor/torrc

If you are using a terminal-only Whonix-Gateway, complete the following steps:

sudo nano /etc/tor/torrc

Once inside /etc/tor/torrc, scoll all the way to the bottom, and copy-paste the following text:

UseBridges 1
ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed

Now you must add IP addresses for your bridges. For finding IP addresses, See section above, titled Finding a bridge and choosing the right protocol.

Copy-paste the IP addresses at the bottom of /etc/tor/torrc. Make sure to manually add the text “bridge” at the beginning of each line entry.

Example of text to add to /etc/tor/torrc. (Note: do not copy-paste this list; these IP’s will not work.) (Use either obfs3 or obfs4. Not both at the same time.) Get your own obfs3 bridges or better obfs4 bridges from Tor:

bridge obfs3 109.195.132.77:22321 4352e58420e68f5e40bf7c74faddccd9d1349413
bridge obfs3 55.32.27.22:38123 4352e58420e68f5e40bf7c74faddccd9d1349413
bridge obfs3 192.24.131.513:62389 4352e58420e68f5e40bf7c74faddccd9d1349413

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0
bridge obfs4 34.218.26.20:43263 DD21A551767816A0C9495 cert=7qzS6KASquPvJU82Fm7qoJw iat-mode=0
bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

Once you have completed editing /etc/tor/torrc, now save and exit.

--> press Y -->

Follow steps 3 & 4 in the link to check Tor is working correctly and to apply the changes i.e. reload Tor.

Note: obfs4 is the preferred option right now. Also, only 3% of the Tor population uses bridges and these are often blocked aggressively by censors.

If that happens to you, then manually using meek, scramblesuit, FTE or other methods may be required, although this is not recommended by Whonix for various reasons. Again, this would require manual settings to your torrc file - see Tor Project docs and quickstart guides for details.


#3

I don’t know why you misunderstood because of my English as possible
I know a way to enter bridges But in Whonix Gateway There’s no browser to get on the bridges
And I can’t keep the bridges in my head.
If you know what problem I have??


#4

scramblesuit and flashproxy are recommended against because those pluggable transports were deprecated by The Tor Project.

Others are not recommended against, just currently hard to use for those who require them. Still in development.

If anyone would create documentation on how to use currently maintained pluggable transports or otherwise help Whonix development, that would be very much welcome.

Yes.

@torjunkie did answer that question.


#5

@Fahd To obtain bridges follow the instructions here: https://www.whonix.org/wiki/Bridges#Finding_a_bridge_and_choosing_the_right_protocol

It may be that access to the bridge database is blocked so you would use Tor Browser on your host to access it or alternatively email the Tor Project to get the bridges.

To paste it in the gateway you need to enable clipboard sharing for the Gateway VM.


#6

Exactly this the only solution
Thanks


#7

Can you tell me how to make sure that Whonix Uses bridges or not?


#8

The easy way is to see if you can now connect to the Tor network if you live in a censored place.

Also the torrc configuration file should honor any settings you put in there. If you make a spelling mistake somewhere when typing Tor will give you warnings that it can’t connect which you can see in the arm console logs (that has a shortcut on the desktop).


#9

Yes. Look into arm.
https://www.whonix.org/wiki/Arm

And/or Tor’s log.
https://www.whonix.org/wiki/Tor#Log_Analysis

Technical way to do it would be using package analyizer or https://www.whonix.org/wiki/Corridor or so.


#10

1-Question-Can I change Nodes Like the TOR browser
2-And is it the same way as bridges.
I have a lot of questions.
3-When I put the bridge in Whonix Only put 3 obfs4 I didn’t put obfs3 Is this normal??? Can I add 5 or 6 bridges.


#11

Technically yes but its will be a manual process of you pasting different group of bridges.

obfs4 is the way to go as obfs3 is easily blocked. 3 bridges at a time is enough. Although they are less reliable than dedicated Tor nodes its still quite unlikely that all three bridges will go offline at the same time.

Keep more bridges than you are using handy so you can switch to them if they are blocked.


#12

The truth is what I did to you that if there is an error in the installation of the bridges will not work This make sense.
But possible to work without using the bridges He wouldn’t tell me of course if you use the bridge or didn’t use
So I was asked Is there a way to find out if it uses the bridge or not


#13

Look in arm - it will show your path thru the network and if you notice your bridge IP as the first node you connect to then you are using it :slight_smile:


#14

For any arm you mean
Forgive the intensity of my questions.


#15

Yeah, I knew the arm
But it looks not good When you open it the first time this message appears
[WARN] Proxy Client: unable to connect to [redacted]:443 (“server rejected connection”) The color of the orange
When you open it the second time this message appears
[ARM_WARN] The torrc differs from what tor’s using. You can issue a sighup to reload the torrc values by pressing x.

  • configuration values are missing from the torrc: HiddenServiceStatistics, RunAsDaemon
    Also in Orange

#16

Are you sure you pasted everything from the bridge webpage? The IP and port are followed by a string of random letters and numbers that you must also include to be allowed to connect - otherwise the bridge will ignore it. The first message means you are leaving something out.

If you are including everything but still not able to connect try other bridges and if the problem persists please try asking on the Tor mailing list: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

The second arm message is harmless.


#17

This is My file torrc in whonix :

# This file is part of Whonix
# Copyright (C) 2012 - 2013 adrelanos <adrelanos at riseup dot net>
# See the file COPYING for copying conditions.

# Use this file for your user customizations.
# Please see /etc/tor/torrc.examples for help, options, comments etc.

# Anything here will override Whonix's own Tor config customizations in
# /usr/share/tor/tor-service-defaults-torrc

# Enable Tor through whonixsetup or manually uncomment "DisableNetwork 0" by
# removing the # in front of it.
DisableNetwork 0
useBridges 1
ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed

bridge obfs4 [redacted]

Is it wrong???


#18

Please don’t use IPs of fingerprints of bridges. Announcing them in public can lead to them getting banned by censors. May also not be wise to post the IPs of bridges that you are going to use since that could aid other attacks.


#19

Thank you for fighting me.
Wait for the solution to the problem


#20

It’s case sensitive.

useBridges 1 -> UseBridges 1