Cannot connect using bridges

I’m trying to connect using bridges
I was using this https://www.whonix.org/wiki/Bridges

I tried to add it using kdesudo anon-connection-wizard
but this command just gives me a pop-up window with some error( I see there some Red X) but it disappear in 0.5seconds so I didn’t have enought time to look at it.

When I use whonix setup wizard and I click Tor is censored or dangerous in my area I can’t click Next>

I tried to edit /etc/tor/torrc
I just get the example for a complete obfs4 torrc file is below. and just change the specific bridge entries.

After I edit torrc and save it, when I try to click I’m ready to enable Tor it says
Something is wrong with torrc!
Press “Next” and try and fix the problem as per the instructions, or as a last resort, report a bug.

"sudo service tor@default status" returned non-zero exit code , which means Tor does NOT work.
Maybe your Whonix-Gateway has only one network card attached? Most likely there is something wrong with your /etc/tor/torrc.
You can try to manually edit /etc/tor/torrc: 
Start Menu -> Applications -> Torrc
Running: 
sudo service tor@default restart
might help with troubleshooting.

If I try to reload Tor it says

Type: “whonix” for help.

    sudo service tor@default reload
    Job for tor@default.service failed. See ‘systemctl status tor@default.service’ and ‘journalctl -xn’ for details.
    sudo service tor@default status
    ● tor@default.service - Anonymizing overlay network for TCP
    Loaded: loaded (/lib/systemd/system/tor@default.service; static)
    Active: failed (Result: start-limit) since Sun 2017-11-12 08:22:32 UTC; 5s ago
    Process: 1328 ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 (code=exited, status=0/SUCCESS)
    Process: 6473 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=1/FAILURE)
    Process: 6472 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /var/run/tor (code=exited, status=0/SUCCESS)
    Main PID: 1328 (code=exited, status=0/SUCCESS)

Nov 12 08:22:32 host systemd[1]: tor@default.service: control process exited, code=exited status=1
Nov 12 08:22:32 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
Nov 12 08:22:32 host systemd[1]: Unit tor@default.service entered failed state.
Nov 12 08:22:32 host systemd[1]: tor@default.service holdoff time over, scheduling restart.
Nov 12 08:22:32 host systemd[1]: Stopping Anonymizing overlay network for TCP…
Nov 12 08:22:32 host systemd[1]: Starting Anonymizing overlay network for TCP…
Nov 12 08:22:32 host systemd[1]: tor@default.service start request repeated too quickly, refusing to start.
Nov 12 08:22:32 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
Nov 12 08:22:32 host systemd[1]: Unit tor@default.service entered failed state.
Nov 12 08:22:38 host systemd[1]: Unit tor@default.service cannot be reloaded because it is inactive.

    true 3
    true ‘Feel free to close this window.’
    sleep 86400
    ^C

Warning: Program ‘/usr/lib/gateway-shortcuts/reloadtor’ crashed..

Hi Ayon

Whonix 13 ( what you are using now ) does not support anon-connection-wizard. It will not be available until Whonix 14.

Tip: Until Whonix 14 is released, there is no wizard available to help set up bridges before connecting to Tor. The graphical tor-launcher (screenshots) that some users might know from The Tor Project’s Tor Browser cannot be used in Whonix.

The problem may be that you copied your bridge lines incorrectly. You can remove your current bridges and get net ones from this site:

https://bridges.torproject.org/bridges?transport=obfs4

If you are using VirtualBox it would be a good idea to use VirtualBox Clipboard Sharing . If you are using KVM you can use Shared Folders. This will prevent errors when coping.

When you are done your torrc should look like this:

# This file is part of Whonix
# Copyright (C) 2012 - 2013 adrelanos
# See the file COPYING for copying conditions.

# Use this file for your user customizations.
# Please see /etc/tor/torrc.examples for help, options, comments etc.

# Anything here will override Whonix's own Tor config customizations in /usr/share/tor/tor-service-defaults-torrc

# Enable Tor through whonixsetup or manually uncomment "DisableNetwork 0" by
# removing the # in front of it.
DisableNetwork 0
UseBridges 1 
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0
bridge obfs4 34.218.26.20:43263 DD21A551767816A0C9495 cert=7qzS6KASquPvJU82Fm7qoJw iat-mode=0
bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

If your torrc looks OK, type this command in your konsole and press enter. ( hopefully output will be “/etc/tor/torrc config valid” )

sudo -u debian-tor tor --verify-config

If your torrc configuration is valid you can start where you left off ( Bridges Wiki Step 3 Enable Tor )

https://whonix.org/wiki/Bridges#Step_3:_Enable_Tor

Hi Ayon

You should always redact your IP addresses when posting on the forum i.e. when posting bridge lines, logs files etc.

The output of sudo -u debian-tor tor --verify-config indicates there is problem with your bridge line(s). Usually a typo or you’re missing part of the config. In your case you forgot to type " bridge " at the beginning of your bridge lines:

bridge obfs4 *************** “Fingerprint Redacted” cert=“Cert Also Redacted” iat-mode=0
bridge obfs4 **************** “Fingerprint Redacted” cert=“Cert Also Redacted” iat-mode=0
bridge obfs4 *************** “Fingerprint Redacted” cert=“Cert Also Redacted” iat-mode=0

lol I spent almost 1 week and all I had to do was put bridge hahaha shame on me. Thanks sir.

I don’t know if this is related but when you input bridges using Anon Connection Wizard and choosing Enter custom bridges if you input your bridges as:

bridge obfs4 *************** “Fngerprint Redacted” cert=“Cert Redacted” iat-mode=0

you get the error message:

Warning
Custom bridge list is blank or invalid
Please input valid custom bridges or use provided bridges instead.

whereas if you input your bridges as:

obfs4 *************** “Fingerprint Redacted” cert=“Cert Redacted” iat-mode=0

without “bridge” then it works but you get this message in Arm:

 02:33:04 [ARM_WARN] The torrc differs from what tor's using. You can issue a
 │   sighup to reload the torrc values by pressing x.
 │   - torrc value differs on line: 6
 │   - configuration values are missing from the torrc: Bridge, Bridge, Bridge, Bridge, Bridge, Bridge, Bridge, Bridge, Bridge, Bridge, Bridge, Bridge, Bridge, ClientTransportPlugin, DisableNetwork, RunAsDaemon, UseBridges

The same error shows up in Arm when you input bridges inside the 50_user.conf file using:

bridge obfs4 *************** “Fingerprint Redacted” cert=“Cert Redacted” iat-mode=0

@iry

HI Whoa-nix

Was not able to reproduce this error message but was able to reproduce Tor Bridges will not connect.

• Was not able to reproduce this Debian VM (Tor Brower). Tor Bridges will connect.
• Moved Tor state from Debian Tor -> sys-whonix VM and Tor Bridges will not connect.

Was not able to reproduce remove “bridge” option to connect to Tor.

Was able to reproduce:

Arm Error message

The - torcc value differs on line: 6
-configuration values are missing....
-configuration values are missing from the torrc: Bridge, Bridge, ... ClientTransportPlugin, DisableNetwork, RunAsDaemon, UseBridges

This is nothing to worry about. You will get that same message when not using bridges and functionality is not affected.

Wait! I updated whonix-gw TemplateVM, restarted sys-whonix and Tor will connect.

Please try:

sudo apt-get update && sudo apt-get dist-upgrade

Hi @Whoa-nix !

Anon-connection-wizard expects to have line(s) without the pretending “Bridge”. So the following format is correct:

obfs4 *************** “Fingerprint Redacted” cert=“Cert Redacted” iat-mode=0

However, when adding bridges manually by modifying torrc files, it is expected to have the pretending “Bridge”, so the following format is correct:

bridge obfs4 *************** “Fingerprint Redacted” cert=“Cert Redacted” iat-mode=0

That is strange, in such a case you can either try reconnecting using anon-connection-wizard again, or you can press ‘x’ in arm to reload Tor.

Possible to add support for both formats? I guess this could be a common source for mistakes?

Yes! Sounds great for usability!

Done: https://github.com/irykoon/anon-connection-wizard/commit/cfeeba3a3e400d9938a45bdab1406a16d6b4cdcd

I think this is an arm usability bug. This specific [ARM_Warning] is a little different than what we are used to seeing [1] i.e. (additional) torrc value differs on line: n

I have had this exact warning since starting to use Tor Versioning; Tor 0.3.4.9 . When nyx (arm renamed) is backported, (possible?) or when Whonix is based on current testing “buster” this error should no longer appear.