How to set the obfs bridge

How to set the obfs bridge

Based on confusion the last time this was raised in the forums →

I think it’s worth pointing out that your etc/tor/torrc file, when edited, should look something like this below (these listed bridges are from the wiki example).

# This file is part of Whonix
# Copyright (C) 2012 - 2013 adrelanos
# See the file COPYING for copying conditions.

# Use this file for your user customizations.
# Please see /etc/tor/torrc.examples for help, options, comments etc.

# Anything here will override Whonix’s own Tor config customizations in /usr/share/tor/tor-service-defaults-torrc

# Enable Tor through whonixsetup or manually uncomment “DisableNetwork 0” by
# removing the # in front of it.
DisableNetwork 0
UseBridges 1
ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0
bridge obfs4 34.218.26.20:43263 DD21A551767816A0C9495 cert=7qzS6KASquPvJU82Fm7qoJw iat-mode=0
bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

Note:

  • Prefer obfs4 bridges at this time (not as easily blocked or probed as obfs3);
  • Use obfs4 OR obfs3 bridges in your torrc file - not both;
  • Capitalization in the torrc file matters;
  • Request bridges from the Tor Project (don’t use these above). This is done either by email or from their website (publicly known bridges) → https://bridges.torproject.org/options;
  • Make sure you follow all the steps in the Bridges link so that Tor is working correctly and the Tor process is reloaded; and
  • If you have connection problems, this can relate to your firewall blocking outgoing connections to the ports provided by the bridge. In that case, use bridges with ports 80 and 443, since they are used for general Internet browsing and ‘should just work’.
3 Likes

I have a Failure message with it.

Failure to start Anonymity network TCP.
File edit like yours, and do step like in Configure (Private) (Obfuscated) Tor Bridges

thanks

Have you tried connecting with bridges outside of the Whonix platform i.e. using the Tor Browser Bundle on standard Linux/Windows/Mac OS?

This would help rule out a Whonix-specific problem. I see the OP had no problem with the suggested method in their Qubes-Whonix platform.

Also, make sure you try a bridge with port 80 or 443 also (:80 :443 at the end of the bridge) to rule out firewall issues.

If you are trying to connect from a censored country e.g. Saudi Arabia, Kazakistan etc. then state-level interference is also possible. This is reported recently on the Tor Project as a problem for bridges in the Middle East, Africa, and Eastern Europe.

In that case, you will probably only be able to connect to Tor using the meek plugable transport, since blocking it requires the state to censor massive domains like Google or Amazon because the bridge is disguised to look like you are talking to their servers.

Using the meek transport in Whonix has not yet been written up in the wiki here, but not sure whether @Patrick has ever had success with it. Probably, since he is a guru at this stuff.

But to use Meek with the standard (non-Whonix) Tor Browser Bundle, follow these instructions here:

https://blog.torproject.org/blog/how-use-“meek”-pluggable-transport

meek development status is only as far as https://phabricator.whonix.org/T386. That ticket is up to date. Since meek is not in Debian stretch as far as I know, I think it will take a long time until easily available in Whonix unfortunately.