any update on this?
The Tor Project released an addon for Firefox and Chrome so that one can easily run snowflake proxies. You can find their links in this page: snowflake (dot) torproject (dot) org
Snowflake if you don’t know is a WebRTC pluggable transport for Tor.
By the way what is the current status on Snowflake support in Whonix? Is there anything more recent than github (dot) com/Whonix/anon-connection-wizard/pull/22 ?
Merged your post into this thread.
The non-progress on the Whonix side is documented in this thread. Since I don’t think there was progress on Make a deb of snowflake and get into Debian (#19409) · Issues · Legacy / Trac · GitLab and since no one else volunteers to work on it, I don’t think any progress should be expected anytime soon.
Ability to connect to Snowflake bridges has been added to TBB alpha 9.x
I’m using Qubes 4. I really need to use snowflake since that’s basically the only thing that can work in my work network (right now I’m writing this using a qubes vm with tor browser alpha - not whonix so not the best thing out there from the security standpoint). I can get snowflake-client and move it to whonix-gw but what do I need to do after?
Using snowflake is now documented. Unfortunately for advanced users only.
Configure (Private) (Obfuscated) Tor Bridges
Advanced users only, because:
The difficult part is getting
snowflake-client
into Whonix-Gateway ™. This is why this is for advanced users only. The binarysnowflake-client
can be found for example in/var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/snowflake-client
in Whonix-Workstation ™ [10] or in the Tor Browser download for Linux from torproject.org. Once extracted it is in thetor-browser
folder in sub folder./Browser/TorBrowser/Tor/PluggableTransports/snowflake-client
. Oncesnowflake-client
is somewhere in Whonix-Gateway ™, it needs to be copied to/usr/bin/snowflake-client
.
Thanks a lot Patrick for that entry! Unfortunately that’s not working currently since it’s lacking certain steps and there’s an another bug going on (if a workaround is known please let us know since it’s the only blocker to using snowflake):
sudo chmod +rx /usr/bin/snowflake-client
is needed otherwise one gets a permission denied when tor tries to launch snowflake.
One also needs to add this line:
/usr/bin/snowflake-client ix,
to /etc/apparmor.d/abstractions/tor
and then reload apparmor using sudo service apparmor restart
(thanks to David Fifield for posting these instructions on
https:// trac. torproject. org/projects/tor/ticket/24203 )
Yet after all this snowflake doesn’t start and the reason is found when running /usr/bin/snowflake-client -h
:
/usr/bin/snowflake-client: /usr/lib/x86_64-linux-gnu/libstdc++.so.6: version `CXXABI_1.3.11' not found (required by /usr/bin/snowflake-client)
How can I fix this issue? Which package would need updating?
Apparently this should be fixed in the next Tor Browser alpha, /usr/lib/x86_64-linux-gnu/libstdc++.so.6: version `CXXABI_1.3.11' not found (required by ./TorBrowser/Tor/PluggableTransports/snowflake-client) (#31380) · Issues · Legacy / Trac · GitLab
In the meantime I will try another snowflake-client
from an earlier version and see how it goes.
PS: Another important thing, when connecting to Tor through snowflake fails then Tor immediately switches to a direct connection to the Tor network, this is potentially dangerous in many environments. Does anyone know how to avoid this?
I tested on Qubes-Whonix only but should be same in Non-Qubes-Whonix.
r:
Outdated version of Whonix / security-misc where we had umask
changes.
x:
should be already. But depending on how the file was transferred in Whonix-Gateway this may be required indeed.
Already there. See footnote.
Do you have file /usr/lib/x86_64-linux-gnu/libstdc++.so.6
on your system?
dpkg -S /usr/lib/x86_64-linux-gnu/libstdc++.so.6
libstdc++6:amd64: /usr/lib/x86_64-linux-gnu/libstdc++.so.6
Install.
sudo apt install libstdc++6
I don’t think it’s possible to not have that package installed.
I used Tor Browser version 9.0a6
to extract snowflake-client
. That might make a difference too.
Yes it’s a brand new sys-whonix
from Qubes,
libstdc++6 is already the newest version (6.3.0-18+deb9u1).
me:
libstdc++6 is already the newest version (8.3.0-6).
Are you sure you have Whonix 15 (Debian buster based)? And not Whonix 14 (Debian stretch based) (deprecated)? For me:
cat /etc/whonix_version
15
Are you sure?
If yes, please reproduce on Debian (buster) and then report to The Tor Project https://trac.torproject.org.
Thanks again for all of the valuable help, so it seems I only have Whonix 14, I just upgraded to 15.
Yes, since I didn’t put UseBridges 1
in 50_user.conf
, please add it to the wiki as well. Now snowflake works!!!
Last question: Whenever I restart sys-whonix
the /usr/bin/snowflake-client gets deleted, so should I make thse changes to the whonix gateway template??
Yes.
Hi everyone! I’m the “i0k0rw” in the thread above (had to make a new account since I lost the password of that one lol)
Unfortunately snowflake stopped working after 11-06-2020 (after Whonix updates?). I still don’t know what the issue is but I followed all the steps on installing snowflake (from the latest Tor Browser alpha) and it’s not working. /usr/bin/snowflake-client is able to load up, however when I see on nyx all I find is:
[NOTICE] New control connection opened.
[NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
[NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
[NOTICE] Tor 0.4.2.7 opening log file.
I’d appreciate any help.
Edit: Precision: snowflake is working fine with the Tor Browser alpha on a debian-9 Qubes VM.
Since July 6, Tor browser has included Snowflake as a pre-packaged proxy option.
I love Snowflake, and I use it often to connect to the Tor network. I see that the Wiki describes how to add Snowflake to Whonix.
However, now that Snowflake is included in Tor Browser by default, I hope that Whonix Anon Connection Wizard will soon include Snowflake by default too. Is there any chance of this happening soon?
Snowflake is in Debian, almost
Contribution always welcome.
Do you know f it’s in backports?