ID: 322PHID: PHID-TASK-jxk5bccxqosyz7xqqfmnAuthor: nrgawayStatus at Migration Time: resolvedPriority at Migration Time: High
[[ Whonix Forum | Whonix Forum ]]
I have no idea why, but obfsproxy isn't working on R3. arm shows no network traffic.
Before it's asked:
* Yes, Whonix has worked before, I've been using Whonix on Qubes (R2) for several months.
* No, I haven't changed the configuration. I spent around 13 hours (tempered by coffee making breaks!) yesterday trying to get it to work, but then I removed qubes-gw-experimental and installed it again (actually, twice) to make sure it wasn't some fuckwittery of my own.
* I managed to get plain Tor to "work" once, I have no idea how since configuration didn't change between rebooting the domain.
* I've tried connecting it directly to the netvm
* I've tried disabling ipv6 (ipv6.disable) in the netvm, firewallvm, and gateway
* I've tried the R2 kernel
* Yes, tbb does work (thank God...) in the Fedora template.
Any help would be greatly appreciated.
I will create an issue for this. I have never used obsproxy before so do not know how to test it off hand. First thing to look into is to make sure it works in regular Whonix 10. Maybe I missed some startup file or firewall rule.
2015-05-22 08:31:11 UTC
@Patrick I was wondering if this is working in regular Whonix 10? If so can you give me some clues on how to troubleshoot it (startup scripts, configuration locations, expected firewall rules) since I have never used it before
2015-05-22 13:33:03 UTC
works for me in Whonix 10
Documentation: Configure (Private) (Obfuscated) Tor Bridges
obfsproxy: Configure (Private) (Obfuscated) Tor Bridges
no different firewall rules required for obfs3
no startup scripts required
no other fancy stuff required
user configuration is simply added to /etc/tor/torrc
make sure the obfsproxy package is installed
apparmor was an issue in past, try obfsproxy yourself and check /var/log/kern.log
for now, just try it out yourself. Does it work for you? If it works for you, if you can confirm from /var/log/tor/log and arm, that Tor is in fact connecting only to the obfs3 bridges you configured, then it’s more likely a user configuration error than Whonix bug.
2015-05-22 13:52:46 UTC
2015-06-04 19:52:05 UTC
This seems to have gotten lost in the backlog.
Seeing that nrgaway mentioned init scripts and firewalls, here’s the output of iptables-save:
{P1}
In case either are useful, tor log:
[warn] Problem bootstrapping. Stuck at 15%: Establishing an encrypted directory connection. (DONE; DONE; count 2; recommendation warn)
obfsproxy log:
torrc matches the guide, with:
DisableNetwork 0
UseBridges 1
ClientTransportPlugin scramblesuit exec /usr/bin/obfsproxy managed
bridge scramblesuit [ip]:[port] [id] password=[password]
Both tor and obfsproxy are running as uid 104.
2015-06-04 23:13:26 UTC
2015-06-26 17:48:30 UTC
For the record, slightly off-topic.
DisableNetwork 0
UseBridges 1
ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
Bridge obfs3 <ip> <fingerprint>
Without any firewall modifications. Works for me.
scramblesuit not yet tested by me.
2015-08-15 20:12:29 UTC
2015-08-17 13:27:07 UTC
Qubes Q3 RC1, Whonix 11.
UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed
Bridge obfs4 141.201.27.48:420 gibberish cert=more-gibberish iat-mode=0
Now also documented here:Configure (Private) (Obfuscated) Tor Bridges
2015-08-17 14:15:09 UTC
(No firewall rule changes required.)
Before it’s asked:
This was a good list by the way. A perhaps missing item:
Try getting Tor / pluggable transport to work with Tor from deb.torproject.org on a Debian template.
Since this works for me with Qubes Q3 RC1, Whonix 11 [release announcement most likely follows today, already in the Qubes archive], I consider this fixed. Otherwise please reopen.