Snowflake is not working in latest Whonix

Blackbird · December 24, 2023, 8:36am

Tried to get it work with guide at wiki wwwwhonixorg/wiki/Bridges#Snowflake
Still not working.
I get this error on tor control panel logs:
Managed proxy “/usr/bin/snowflake-client”: offer created
Managed proxy “/usr/bin/snowflake-client”: broker failure Unexpected error, no answer.
Tor status stuck at %10 “Connected to a relay” with snowflake selected.

Patrick · December 25, 2023, 8:32pm

Confirmed that connectivity is broken.

(Unspecific to VirtualBox. Also reproducible in Qubes-Whonix.)

Patrick · December 25, 2023, 8:46pm

The Tor Browser Bundle does not work for me either. If the original software does not work, this can also not work in Whonix.

Please read this one and proceed accordingly:

dragonfly · April 17, 2024, 11:43am

Posting this reply from a Qubes AppVM with latest TBB installed, connected via snowflake bridge, so the problem is not TBB, but Whonix (now it is; I’m not saying that there wasn’t another problem earlier).

Also, the Whonix Wiki for snowflake has some problems:

the instruction sudoedit /etc/resolv.conf doesn’t work as that’s a symlink…so either sudo vi needs to be used or sudoedit /etc/resolv.conf.whonix
the instruction qubesdb-read /qubes-netvm-primary-dns produces an error, both in the gateway as well as dom0, so it needs to be updated.

And as stated already, snowflake on Whonix does not currently work, even when applying the workaround for point 1 above; this may be due to the fix in point 2 not working, but I don’t know how to fix that.

dragonfly · April 17, 2024, 12:07pm

Update: running the command qubesdb-read /qubes-primary-dns in sys-whonix gives the answer mentioned as a possible return (10.139.1.1), though the same command in my sys-whonix clone where I’m making the snowflake modifications still returns an error.

Replacing the old address with the new one in /etc/resolv.conf.whonix doesn’t work…still no snowflake connectivity, so there must be another problem.

Edit: qubesdb-read /qubes-netvm-primary-dns does work in sys-whonix (non-modified), so the issue is apparently not the command, but something else about the modified sys-whonix.

dragonfly · April 17, 2024, 2:06pm

Another update: tested TBB now also on an AppVM based on Debian-12-Xfce and Debian-12 (GNOME), where Snowflake also works (in addition to the earlier test on an AppVM based on Fedora-39-Xfce). In fact, I’m writing this reply from a Debian-12 setup now, so it seems this is definitely a Whonix issue.

straitacid · April 20, 2024, 7:57pm

Can confirm the reply above.

Tested with TBB on Debian-based (non-Qubes) KVM box, connects with no issues.

Whonix-Gateway on KVM stuck at 10%. Obfs4 works as expected.

Patrick · April 21, 2024, 5:05pm

Confirmed.

For me, in a Qubes Kicksecure VM:

public Tor network: functional
obfs4: functional
snowflake: no connectivity

Since Whonix is based on Kicksecure, no surprise it’s broken there too.

For me, in a Qubes Debian VM:

Functional.

Patrick · April 22, 2024, 2:06pm

Comment for developers:
Something in security-misc is probably causing this issue. After sudo apt purge security-misc && sudo sysctl --system, this issue was fixed. It needs to be found on which file by security-misc exactly is causing this issue.