torjunkie:
May I suggest that the bootstrapping problems could relate to poor and/or malicious guards?
I had exactly the same problem as the OP in Qubes-Whonix, bootstrapping was agonizingly slow, took many minutes to finally connect, many circuits were collapsing, weird Tor logs etc.
Simply created a new sys-whonix-clone - with new fresh guards - and viola, Tor connects in seconds. So, this rules out 0.3+ Tor versions, padding, poor local network connections etc as the culprits.
So, I assume that if you hit a really poor guard with limited capacity, or potentially misconfigured, or just one of the malicious turds on the network, this could be the over-riding factor.
Might also explain why one set of guards in a test system e.g. Debian 9 work fine, while the sys-whonix one is terrible i.e. you just lucked out.
I understand the reasoning from a user’s point of view. But changing
guards because they are not working is something we should actively
discourage.
Because, perhaps the entry guards are legit, but an attacker slows them
down so the user changes entry guards increasing chances to connect to
malicious ones under the control of the attacker. Slowing down Tor so
the user gives up on it is a known attack by adversaries. It’s an
alternate strategy over fully blocking Tor.
What to do in these cases then? Change the network, use a user → tunnel
→ Tor connection and/or use bridges?
Could you document that please? @torjunkie