tor meek bridge connection stuck at 10% handshake in vitualbox

whonix · September 2, 2018, 7:28am

NETWORK ISSUES

As I couldn’t understand why at least some of the special obfs4 bridges provides at tor’s site and one of the meek bridges worked in the standard TBB worked but not in Whonix, I wanted to check connectivity issues. I had already set both the host and the whonix gateway to UHT.

On the initial whonix gateway (WG) installation I had kept my wifi connection and let the network on WG on the default (NAT). I had followed the steps you outlined editing the torcc file yielding me a configuration ok, but still no go…

So I hooked up an ethernet cable and set the WG settings on local bridge. I tried internet connectivity with firefox on a freshly installed Debian 9.3.0 VM in Virtualbox (VB) and bingo, that went well. At least that confirmed those network settings were ok and the problem wasn’t in VB.

Now, when I tried out the anon wizard in WG again, there was still no go : not the meek_lite nor the special obfs4…

So, that makes me think there a problem with the meek_lite thing. As is stated on the following url :

https://forums.whonix.org/t/meek-lite-a-new-pluggable-transport-in-whonix-14/4500

there are actually some differences between the TBB meek bridges and the meek_lite ones, especially with TLS in the latter case, which doesn’t seem to be entirely implemented. So I wonder whether that’s not the problem ? Otherwise I simply don’t see how the same settings do work in the standard TBB and not in the WG.

Did anyone actually managed to get Tor work in the WG in highly censuring countries ? Thanks for any feedback on this. If I don’t manage to set this up properly, would TAILS be an alternative ? I think it uses the standalone TBB while still assuring anonymity.

I would also like to know what the existing options are in order to obfuscate my connection to the entry guard, just in case this one is compromised. Surely I could use a VPN for that, but that kinda deanonymizes my Tor connection. Is it possible to set my entry guard manually and avoiding it to be in my country ? If so, can this be done with an app as AdVor? But I would prefer to run Tor from whonix.