Connections drop on Tor 0.4.8.9

Support
1

Hello, I use a stock Whonix setup with obfs4 bridge (port 80). After upgrading to Tor 0.4.8.9 connections drop mid-flight. I could barely download the latest Tor browser update 13.0.4, it kept failing after a few bytes. After many attempts it downloaded but browsing internet is broken, many images are downloaded partially. Downloading them manually with wget results in “unable to decode TLS packet” or something like that, the connection interrupts. I tried downgrading Tor on Gateway back to the previous version and everything started working again perfectly.

EDIT by Patrick: Solution here:

1 Like
2

Please see:

3

I have the same issue with tor 0.4.8.9 in Whonix (sys-whonix in Qubes OS).
I think the same issue is reported here:

Using Tor Browser in whonix-workstation-17 based qube or using Firefox in debian-12 based qube connected to sys-whonix I can use onion sites without an issue but clearnet sites are starting to break after some time after sys-whonix startup.
Downgrading the tor packages in whonix-gateway-17 template fixes the issue:

sudo aptitude install tor=0.4.7.16-1 tor-geoipdb=0.4.7.16-1

If I use Tor Browser 13.0.5 with integrated tor 0.4.8.9 inside debian-12 based qube connected to clearnet then clearnet sites work without an issue so this problem is probably related to Whonix.

I can also see these messages in sys-whonix tor log when trying to connect to clearnet sites over sys-whonix:

[warn] Not attempting connection to [scrubbed]:80 because the network would reject it. Are you trying to send Tor traffic over Tor? This traffic can be harmful to the Tor network. If you really need it, try using a bridge as a workaround.

Maybe there’s a problem with sys-whonix configuration.

1 Like
4

I’m getting these messages in journalctl when trying to open a clearnet site:

Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 1 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: NOTICE[Sat Nov 25 05:35:08 2023]: We force-closed circuit 51
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 2 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 3 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 4 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 5 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 6 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 7 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 8 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 1 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: NOTICE[Sat Nov 25 05:35:09 2023]: We force-closed circuit 37
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 2 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 3 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 4 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 5 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 6 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
1 Like
5

In this case, Tor Generic Bug Reproduction is required.

6

related:
Vanguards - Tor Anonymity Improvement chapter Log Analysis in Whonix wiki

7

Confirmed. I was able to reproduce download issues using update-torbrowserand Tor Browser internal updater.

After a Tor version downgrade, these issues were fixed.

I wasn’t able to reproduce this. Something unrelated? Using a custom workstation with its own Tor or Tor Browser installed and Tor over Tor?

8

This seems to be unrelated to this issue, I’m seeing these messages with tor 0.4.7.16-1 as well.
I’m not using custom workstation and there shouldn’t be any tor running in any qubes connected to sys-whonix.
I’ll try to check it to be sure.

1 Like
9

Please move the potentially unrelated issue to a separate forum thread if it’s still an issue.
(It can be linked from here if you think it’s related.)

10

Due to the confirmed issue in this forum thread, I have removed the newer Tor version from deb.kicksecure.com. In other words, Whonix users who upgrade won’t receive the broken Tor version.

  • Users who already upgraded and are affected by this issue: Can downgrade the Tor version. This is now documented here: Tor Version Downgrade
  • Users who did not upgrade yet: Won’t be affected by this issue.
12

I’ve checked this in debian-12-xfce based qube with firefox-esr and I don’t have this issue there:

ii  tor                                     0.4.8.9-1~d12.bookworm+1                amd64        anonymizing overlay network for TCP
ii  vanguards                               0.3.1-2.3                               all          Additional protections for Tor Onion Services
1 Like
13

After trying it one more time after rebooting the qube instead of restarting tor/vanguards services the issue occurred in this qube as well:

Nov 25 07:14:34 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:34 2023]: Possible Tor bug, or possible attack if very frequent: Got 1 dropped cell on circ 8 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:34 tstqube vanguards[578]: NOTICE[Sat Nov 25 07:14:34 2023]: We force-closed circuit 8
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 1 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: NOTICE[Sat Nov 25 07:14:56 2023]: We force-closed circuit 11
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 2 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 3 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 4 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 5 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 6 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)

So it seems to be a generic tor/vanguards bug.

1 Like
14

This needs to be reported to upstream, The Tor Project, the developers of Tor.

most likely here:
https://gitlab.torproject.org/tpo/core/tor/-/issues/new

15

Also reproducible without vanguards installed?

16

I can’t reproduce it without vanguards, the clearnet sites are not breaking.
I guess it needs to be reported to vanguards then.

17

Yes.

18

Is this only reproducible in Qubes-Whonix or also in Non-Qubes-Whonix (such as Whonix for VirtualBox)?

Is this only reproducible in Qubes Debian templates or also reproducible on real (non-Qubes) Debian?

19

Reproducible in Whonix for VirtualBox too.

Weirdly, I couldn’t reproduce this issue on Debian (non-Qubes) yet.

In summary.

reproducible in:

  • Qubes-Whonix
  • Non-Qubes-Whonix
  • Qubes Debian

not reproducible in:

  • non-Qubes, real Debian
20

Tor Project bug report:

vanguards bug report: