Hello, I use a stock Whonix setup with obfs4 bridge (port 80). After upgrading to Tor 0.4.8.9 connections drop mid-flight. I could barely download the latest Tor browser update 13.0.4, it kept failing after a few bytes. After many attempts it downloaded but browsing internet is broken, many images are downloaded partially. Downloading them manually with wget results in “unable to decode TLS packet” or something like that, the connection interrupts. I tried downgrading Tor on Gateway back to the previous version and everything started working again perfectly.
I have the same issue with tor 0.4.8.9 in Whonix (sys-whonix in Qubes OS).
I think the same issue is reported here:
Using Tor Browser in whonix-workstation-17 based qube or using Firefox in debian-12 based qube connected to sys-whonix I can use onion sites without an issue but clearnet sites are starting to break after some time after sys-whonix startup.
Downgrading the tor packages in whonix-gateway-17 template fixes the issue:
If I use Tor Browser 13.0.5 with integrated tor 0.4.8.9 inside debian-12 based qube connected to clearnet then clearnet sites work without an issue so this problem is probably related to Whonix.
I can also see these messages in sys-whonix tor log when trying to connect to clearnet sites over sys-whonix:
[warn] Not attempting connection to [scrubbed]:80 because the network would reject it. Are you trying to send Tor traffic over Tor? This traffic can be harmful to the Tor network. If you really need it, try using a bridge as a workaround.
Maybe there’s a problem with sys-whonix configuration.
I’m getting these messages in journalctl when trying to open a clearnet site:
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 1 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: NOTICE[Sat Nov 25 05:35:08 2023]: We force-closed circuit 51
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 2 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 3 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 4 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 5 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 6 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 7 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:08 host vanguards[869]: WARNING[Sat Nov 25 05:35:08 2023]: Possible Tor bug, or possible attack if very frequent: Got 8 dropped cell on circ 51 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 1 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: NOTICE[Sat Nov 25 05:35:09 2023]: We force-closed circuit 37
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 2 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 3 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 4 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 5 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 05:35:09 host vanguards[869]: WARNING[Sat Nov 25 05:35:09 2023]: Possible Tor bug, or possible attack if very frequent: Got 6 dropped cell on circ 37 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
This seems to be unrelated to this issue, I’m seeing these messages with tor 0.4.7.16-1 as well.
I’m not using custom workstation and there shouldn’t be any tor running in any qubes connected to sys-whonix.
I’ll try to check it to be sure.
Due to the confirmed issue in this forum thread, I have removed the newer Tor version from deb.kicksecure.com. In other words, Whonix users who upgrade won’t receive the broken Tor version.
Users who already upgraded and are affected by this issue: Can downgrade the Tor version. This is now documented here: Tor Version Downgrade
Users who did not upgrade yet: Won’t be affected by this issue.
After trying it one more time after rebooting the qube instead of restarting tor/vanguards services the issue occurred in this qube as well:
Nov 25 07:14:34 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:34 2023]: Possible Tor bug, or possible attack if very frequent: Got 1 dropped cell on circ 8 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:34 tstqube vanguards[578]: NOTICE[Sat Nov 25 07:14:34 2023]: We force-closed circuit 8
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 1 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: NOTICE[Sat Nov 25 07:14:56 2023]: We force-closed circuit 11
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 2 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 3 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 4 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 5 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)
Nov 25 07:14:56 tstqube vanguards[578]: WARNING[Sat Nov 25 07:14:56 2023]: Possible Tor bug, or possible attack if very frequent: Got 6 dropped cell on circ 11 (in state CONFLUX_LINKED None; old state CONFLUX_UNLINKED None)