Bridges Description and User Groups[edit]

When Tor is used with Whonix in the default configuration, anybody observing the flow of network traffic from the Internet connection can determine that Tor is being used. Potential observers include the Internet Service Provider (ISP), advanced adversaries, censorship enforcement bodies, and other interested parties.

Tor bridges ("Tor bridge relays") are alternative entry points to the Tor network, not all of which are listed publicly. Using a bridge makes it harder, but not impossible, for the ISP to determine a user is connecting to Tor.

If a website cannot be reached over Tor, this does not necessarily relate to network level censorship that requires a bridge to be configured; it may relate to blacklisting of Tor IP addresses by the server. In that case, simple bypass methods usually succeed in circumventing censorship by destination servers. It is rarely necessary to combine Tor with a proxy, VPN or SSH tunnel in order to access content or services that are blocked.

Intended User Groups[edit]

Tor non-functionality is often related to local configuration problems rather than ISP or state-level censorship.

For the majority of Whonix users, connecting to Tor with the default configuration is appropriate and will work successfully. The minority of users requiring a bridge normally fall into three categories: ^[1]

• Tor is blocked, and some way - any way - to reach the network has to be found. The adversary is not very dangerous, but very annoying.

• Tor may or may not be blocked, but the user is trying to hide the fact they're using Tor. The adversary may be extremely dangerous.

• Other bridge users: Testing whether the bridge works (automated or manual), probing, people using bridges without their knowledge because they came pre-configured in their bundle.

The first group of users is only concerned with circumventing Tor censorship that is based on IP address or fingerprinting of protocols. Circumvention is necessary because Whonix would otherwise be rendered useless for most activities except working offline on documents and so on, since all Internet traffic is routed through Tor by default. This group is not worried about hiding the use of Tor and will need to use bridges or possibly other circumvention tools.

The second user group is unable to safely start Whonix in the default configuration due to Tor being considered dangerous or suspicious in their locality. In this case private bridges or a VPN/SSH tunnel should be utilized instead of public obfuscated bridges, as this makes it harder (not impossible) to detect Tor. ^[2] Note that meek_lite pluggable transports may be necessary to deal with highly aggressive ISP censorship or national firewalls, like those found in China and the Middle East.

The third group is only concerned with testing bridge connections.

Before Configuring a Bridge[edit]

Warning: Bridges are important tools that work in many cases but they are not an absolute protection against the technical progress an adversary might make in identifying Tor users. Using bridges might be advisable to prevent identification as a Tor user, but the Tor Project's documentation on bridges is primarily focused on censorship circumvention, that is, overcoming attempts by ISPs or governments to block Tor use.

Users falling into one of the three groups described above should consider using Tor bridges in Whonix. Before taking this step, please read The Tor Project's dedicated page about bridges to get a better understanding of their design and operation. It is also recommended to review how Obfsproxy works, since it is the most commonly used application for connecting bridges.

It is important to remember that bridges are not bullet-proof. The following is a reminder about bridge versus non-bridge anonymity: ^[3]

Bridges are less reliable and tend to have lower performance than other entry points. If you live in a uncensored area, they are not necessarily more secure than entry guards.

If a user is only concerned with connectivity (getting Whonix connected) and there is no need to Hide Tor and Whonix from your ISP and/or local ISPs do not usually hinder connections to the public Tor network, then something simpler than Bridges can be tried. See Better Connectivity without real Censorship Circumvention.

Additional Information and Recommendations[edit]

When Whonix starts for the first time, it will not automatically connect to the public Tor network, which is beneficial for safety reasons. Users are guided by the Whonix Setup Wizard, which is automatically started.

When deciding on what kind of bridge to configure, it is recommended to:

• Only use obfuscated bridges, since they are harder to identify than other bridges.
• Use less publicly known bridges, since it is safer. ^[4]
• Consider whether Hiding Tor and Whonix from your ISP is advisable in your circumstances.
• Avoid using a meek provider that also runs DNS core servers, like Google's (now defunct) bridge. ^[5]
• Note that domain fronting has been pulled by Google and Amazon, limiting the meek_lite pluggable transport options.
• For greater safety, use a private obfuscated bridge bridge run by a trusted friend or organization in a different country. In this case "private" means that the bridge is configured with the option PublishServerDescriptor 0. ^[6]

Finding a Bridge and Choosing the Right Protocol[edit]

In order to use bridges, the address of at least one bridge must be known in advance. It is preferable to have a private obfuscated bridge because the alternative - public obfuscated bridges - have a greater likelihood of being censored, since they are publicly listed. The Tor Project distributes public bridge addresses in several ways, including from their website and via email. The easiest way to find a list of public bridges is from The Tor Project Bridge Database.

As of early 2017, The Tor Project advice is that the recommended bridge type has been changed: ^[7]

... in Tor Browser to obfs4, given that we now have several high capacity obfs4 bridges and obfs4 is more likely to work in more regions than obfs3."

As time goes on and more obfs4 bridge operators go online, it may be preferable to use obfs4 instead of obfs3, as obfs4: ^[8]

... should be able to defend more effectively against active probing.

The Tor Project provides a database of public obfs3 bridges and public obfs4 bridges A more exhaustive list of public obfuscated bridges is available at The Tor Project Bridge Database. It is not recommended to use obfs and obfs2 bridges, which: ^[9]

... are now deprecated and were replaced by obfs3 . . . and obfs4.

Do not select the "IPv6 compatible" check box when sourcing bridges from the database, as they cannot be used in Whonix yet.

How to Use Bridges in Whonix[edit]

Use Bridges in Whonix 13[edit]

This section will explain how to use obfuscated bridges in Whonix 13. Click the expand button for further instructions.

obfs2, obfs3 and obfs4 are the three types of bridges available in Whonix 13.

Tip: Until Whonix 14 is released, there is no wizard available to help set up bridges before connecting to Tor. The graphical tor-launcher (screenshots) that is associated with The Tor Project's Tor Browser cannot be used in Whonix.

The only way to use Tor bridges in Whonix 13 is to edit the /etc/tor/torrc file in Whonix-Gateway (sys-whonix). ^[10]

Step 1: Access /etc/tor/torrc to Add Bridges[edit]

For Whonix 14 and later releases, all unique Tor configurations should be stored in /usr/local/etc/torrc.d/50_user.conf. Users should not edit /etc/tor/torrc directly.

Open /etc/tor/torrc.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> /etc/tor/torrc

If you are using a terminal-only Whonix-Gateway, complete the following steps.

[select code]

sudo nano /etc/tor/torrc

sudo nano /etc/tor/torrc

Step 2: Edit /etc/tor/torrc[edit]

Open /etc/tor/torrc in an editor, then copy and paste the following text to enable the use of obfs2, obfs3 and obfs4 bridges.

[select code]

UseBridges 1
ClientTransportPlugin obfs2,obfs3,obfs4 exec /usr/bin/obfs4proxy

UseBridges 1 ClientTransportPlugin obfs2,obfs3,obfs4 exec /usr/bin/obfs4proxy

Now add the bridge IP addresses that were discovered in the section Finding a Bridge and Choosing the Right Protocol to the file.

Copy and paste those IP addresses to the very bottom of /etc/tor/torrc, after the ClientTransportPlugin entries. Make sure to manually type the text "bridge" at the beginning of each line.

In the obfs3 and obfs4 examples below:

• Do not copy and paste this list of bridge entries to the torrc file. They will not work.
• Make sure to have already retrieved obfs3 bridges or better yet obfs4 bridges from The Tor Project.
• Use either the obfs3 or obfs4 protocol, not both.
• Capitalization in the torrc file matters. For example, bridges will not connect if you type "Bridge" instead of "bridge".

Obfs3 example text to add to /etc/tor/torrc.

[select code]

bridge obfs3 109.195.132.77:22321 4352e58420e68f5e40bf7c74faddccd9d1349413
bridge obfs3 55.32.27.22:38123  4352e58420e68f5e40bf7c74faddccd9d1349413
bridge obfs3 192.24.131.513:62389 4352e58420e68f5e40bf7c74faddccd9d1349413

bridge obfs3 109.195.132.77:22321 4352e58420e68f5e40bf7c74faddccd9d1349413 bridge obfs3 55.32.27.22:38123 4352e58420e68f5e40bf7c74faddccd9d1349413 bridge obfs3 192.24.131.513:62389 4352e58420e68f5e40bf7c74faddccd9d1349413

Obfs4 example text to add to /etc/tor/torrc.

[select code]

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0
bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0 bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

When /etc/tor/torrc editing is finished, save and exit.

<Ctrl-X> --> press Y --> <Enter>

The sample text for a complete obfs4 torrc file is below. Check your file is similar, except for the specific bridge entries.

# This file is part of Whonix
# Copyright (C) 2012 - 2013 adrelanos
p# See the file COPYING for copying conditions.

# Use this file for your user customizations.
# Please see /etc/tor/torrc.examples for help, options, comments etc.

# Anything here will override Whonix's own Tor config customizations in /usr/share/tor/tor-service-defaults-torrc

# Enable Tor through whonixsetup or manually uncomment "DisableNetwork 0" by
# removing the # in front of it.
DisableNetwork 0
UseBridges 1
ClientTransportPlugin obfs2,obfs3,obfs4 exec /usr/bin/obfs4proxy

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0
bridge obfs4 34.218.26.20:43263 DD21A551767816A0C9495 cert=7qzS6KASquPvJU82Fm7qoJw iat-mode=0
bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

Step 3: Enable Tor[edit]

Follow this procedure if it has not been previously completed.

Enable Tor using the whonix-setup-wizard.

Start whonixsetup.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Whonix Setup

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Whonix Setup Wizard

If you are using a terminal-only Whonix-Gateway, complete the following steps.

[select code]

sudo whonixsetup

sudo whonixsetup

Choose the Enable Tor option. Press next.

Step 4: Have /etc/tor/torrc Changes Take Effect[edit]

Reload Tor.

After editing /etc/tor/torrc, Tor must be reloaded for changes to take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /etc/tor/torrc and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Reload Tor

If you are using a terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Reload Tor.

[select code]

sudo service tor@default reload

sudo service tor@default reload

Check Tor's daemon status.

[select code]

sudo service tor@default status

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

[select code]

sudo -u debian-tor tor --verify-config

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Use Bridges in Whonix 14[edit]

This section will explain how to use obfuscated bridges in Whonix 14. Click the expand button to see further instructions.

In addition to the three types of bridges (obfs2, obfs3 and obfs4) that are available in Whonix 13, from Whonix 14, meek_lite bridges are possible in Whonix-Gateway (sys-whonix).

From Whonix 14, there are two different ways to configure bridges: either use the GUI application Anon Connection Wizard, or edit the /usr/local/etc/torrc.d/50_user.conf file in Whonix-Gateway (sys-whonix). Click the expand button for instructions on both methods.

Option 1: Use Anon Connection Wizard[edit]

Step 1: Start Anon Connection Wizard[edit]

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Anon Connection Wizard

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Anon Connection Wizard

If you are using a terminal Whonix-Gateway, type.

[select code]

kdesudo anon-connection-wizard

kdesudo anon-connection-wizard

Step 2: Use the Bridge Configuration Page[edit]

Option 1: Anon Connection Wizard has some built-in bridges. To use them, complete the following steps.

Select "Configure" in the beginning page -> Select "I need Tor bridges to bypass the Tor censorship" -> Select "Connect with provided bridges" -> Select a transport type that is suitable.

Tip: If it is unknown which transport type is the most suitable or likely to work, then simply try them all until one is functional. It is recommended to first start with obfs4, and then only try meek if it does not work.

Option 2: If none of the default bridges work, the user can try to obtain a set of bridges manually. See Finding a Bridge and Choosing the Right Protocol. After obtaining a set of Tor bridges, complete the following step.

Select "Configure" in the beginning page -> Select "I need Tor bridges to bypass the Tor censorship" -> Select "Enter custom bridges" -> Copy and paste the set of bridges to that input box(one bridge per line)

Option 2: Edit /usr/local/etc/torrc.d/50_user.conf[edit]

Step 1: Access /usr/local/etc/torrc.d/50_user.conf to Add Bridges[edit]

From Whonix 14 onwards, all user unique Tor configurations should be stored in /usr/local/etc/torrc.d/50_user.conf and not anywhere else. Note that Whonix will not modify /usr/local/etc/torrc.d/50_user.conf once it is created, therefore the user is responsible for adding or removing specific configurations in this file.

Open /usr/local/etc/torrc.d/50_user.conf.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> /usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Whonix-Gateway, complete the following steps.

[select code]

sudo nano /usr/local/etc/torrc.d/50_user.conf

sudo nano /usr/local/etc/torrc.d/50_user.conf

Step 2: Edit /usr/local/etc/torrc.d/50_user.conf[edit]

Use obfs2, obfs3 and obfs4 Bridges[edit]

Open /usr/local/etc/torrc.d/50_user.conf in an editor, then copy and paste the following text to enable the use of obfs2, obfs3 and obfs4 bridges.

Now add the bridge IP addresses that were discovered in the section Finding a Bridge and Choosing the Right Protocol to the file.

[select code]

UseBridges 1
ClientTransportPlugin obfs2, obfs3, obfs4 exec /usr/bin/obfs4proxy

UseBridges 1 ClientTransportPlugin obfs2, obfs3, obfs4 exec /usr/bin/obfs4proxy

^[11]

Copy and paste those IP addresses to the very bottom of /usr/local/etc/torrc.d/50_user.conf, after the ClientTransportPlugin entries. Make sure to manually type the text "bridge" at the beginning of each line.

In the obfs3 and obfs4 examples below:

• Do not copy and paste this list of bridge entries to the torrc file. They will not work.
• Make sure to have already retrieved obfs3 bridges or better yet obfs4 bridges from The Tor Project.
• Use either the obfs3 or obfs4 protocol, not both.
• Capitalization in the torrc file matters. For example, bridges will not connect if you type "Bridge" instead of "bridge".

Obfs3 example text to add to /usr/local/etc/torrc.d/50_user.conf.

[select code]

bridge obfs3 109.195.132.77:22321 4352e58420e68f5e40bf7c74faddccd9d1349413
bridge obfs3 55.32.27.22:38123  4352e58420e68f5e40bf7c74faddccd9d1349413
bridge obfs3 192.24.131.513:62389 4352e58420e68f5e40bf7c74faddccd9d1349413

bridge obfs3 109.195.132.77:22321 4352e58420e68f5e40bf7c74faddccd9d1349413 bridge obfs3 55.32.27.22:38123 4352e58420e68f5e40bf7c74faddccd9d1349413 bridge obfs3 192.24.131.513:62389 4352e58420e68f5e40bf7c74faddccd9d1349413

Obfs4 example text to add to /usr/local/etc/torrc.d/50_user.conf.

[select code]

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0

bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0 bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

The sample text for a complete obfs4 torrc file is below. Check your file is similar, except for the specific bridge entries.

# This file is part of Whonix
# Copyright (C) 2012 - 2013 adrelanos
# See the file COPYING for copying conditions.

# Use this file for your user customizations.
# Please see /usr/local/etc/torrc.d/50_user.conf.examples for help, options, comments etc.

# Anything here will override Whonix's own Tor config customizations in /usr/share/tor/tor-service-defaults-torrc

# Enable Tor through whonixsetup or manually uncomment "DisableNetwork 0" by
# removing the # in front of it.
DisableNetwork 0
UseBridges 1
ClientTransportPlugin obfs2, obfs3, obfs4 exec /usr/bin/obfs4proxy

bridge obfs4 192.235.207.85:42086 0EEB10BF4B4FAF56D46E cert=oue8sYYw5wi4n3mf2WDOg iat-mode=0
bridge obfs4 34.218.26.20:43263 DD21A551767816A0C9495 cert=7qzS6KASquPvJU82Fm7qoJw iat-mode=0
bridge obfs4 161.217.177.95:10703 B3B8009D01BB7E5FDFAEC cert=4RaIqGiOytEXm6Hw iat-mode=0

^[12]

When /usr/local/etc/torrc.d/50_user.conf editing is finished, save and exit.

<Ctrl-X> --> press Y --> <Enter>

Use meek_lite Bridges[edit]

Beginning with Whonix 14, meek_lite bridges are available. To use them, simply add one more line to the /usr/local/etc/torrc.d/50_user.conf file. Notice that the bridge type is called meek_lite, not meek which is used in Tor Browser Bundle. ^[13]

Open /usr/local/etc/torrc.d/50_user.conf in an editor, then copy and paste the following text to enable meek_lite bridges.

[select code]

ClientTransportPlugin meek_lite exec /usr/bin/obfs4proxy

ClientTransportPlugin meek_lite exec /usr/bin/obfs4proxy

An example of meek_lite text that must be added to the /usr/local/etc/torrc.d/50_user.conf file is below. The bridge in this example is functional, so a search for other meek_lite bridges is unnecessary.

[select code]

bridge meek_lite 0.0.2.0:2 B9E7141C594AF25699E0079C1F0146F409495296 url=https://d2cly7j4zqgua7.cloudfront.net/ front=a0.awsstatic.com

bridge meek_lite 0.0.2.0:2 B9E7141C594AF25699E0079C1F0146F409495296 url=https://d2cly7j4zqgua7.cloudfront.net/ front=a0.awsstatic.com

When /usr/local/etc/torrc.d/50_user.conf editing is finished, save and exit.

<Ctrl-X> --> press Y --> <Enter>

Step 3: Enable Tor[edit]

Follow this procedure if it has not been previously completed.

Enable Tor using the whonix-setup-wizard.

Start whonixsetup.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Whonix Setup

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Whonix Setup Wizard

If you are using a terminal-only Whonix-Gateway, complete the following steps.

[select code]

sudo whonixsetup

sudo whonixsetup

Choose the Enable Tor option. Press next.

Step 4: Have /usr/local/etc/torrc.d/50_user.conf Changes Take Effect[edit]

Reload Tor.

After editing /etc/tor/torrc, Tor must be reloaded for changes to take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /etc/tor/torrc and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Reload Tor

If you are using a terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Reload Tor.

[select code]

sudo service tor@default reload

sudo service tor@default reload

Check Tor's daemon status.

[select code]

sudo service tor@default status

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

[select code]

sudo -u debian-tor tor --verify-config

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Troubleshooting[edit]

Check Tor Network Connection is Using a Tor Bridge[edit]

Concerned bridge users can complete a simple check.

1. Open Arm as follows.

arm

2. Use the right arrow button to navigate to page 2 of 5 in Arm.

3. If a bridge is in use, the circuit information will be similar to this.

192.168.0.1 UNKNOWN 1 / Guard

4. If a bridge is not in use, the circuit information will be similar to this.

IP Nickname 1 / Guard

The IP is the real IP (not 192.168.0.1) of the Guard, and the Nickname is the name of that Guard relay.

5. Exit Arm by pressing the following.

q
q

Connection Issues[edit]

After configuration, connection problems can relate to firewall settings that block outgoing connections to the ports provided by the bridge. To check the port the bridge is using, see the following example.

bridge 109.195.132.77:22321

In this example, the IP address is 109.195.132.77, while the the port is 22321.

Try using a (private) (obfuscated) bridge that uses port 80 or 443, as these ports are mostly used for web browsing and therefore usually unblocked.

Trying Packet Size and Timing Obfuscation for obfs4[edit]

If a provided obfs4 bridge does not work, the user can try enabling packet size and timing obfuscation by changing the iat-mode value in each last line to either 1 or 2. ^[14]

Better Connectivity Without Real Censorship Circumvention[edit]

If a user is only concerned with connectivity (getting Whonix connected) and there is no need to Hide Tor and Whonix from your ISP and/or local ISPs do not usually hinder connections to the public Tor network, then something simpler than Bridges can be tried.

The following will limit Tor to establish only connections to the public Tor network relays that listen on ports 80 and 443.

For Whonix 14 and later releases, all unique Tor configurations should be stored in /usr/local/etc/torrc.d/50_user.conf. Users should not edit /etc/tor/torrc directly.

Open /etc/tor/torrc.

sudo nano /etc/tor/torrc

Add. ^[15]

FascistFirewall 1

Save.

Reload Tor.

sudo service tor@default reload

sudo service tor@default status

Active: active (running) since ...

sudo -u debian-tor tor --verify-config

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Done.

Missing ClientTransportPlugin Line[edit]

When one is using.

bridge obfs4 ...:... ... cert=... iat-mode=0

But forgot to add the corresponding line.

ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy

Then only a warning will be shown in the logs.

[warn] We were supposed to connect to bridge '...:...' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.

Missing ClientTransportPlugin Executable[edit]

[warn] Could not launch managed proxy executable at '/usr/bin/obfs4proxy' ('No such file or directory').

Deprecated Tor Pluggable Transports[edit]

Scramblesuit[edit]

scramblesuit: Not recommended (see footnote). Use the provided obfs4 instructions instead. ^[16]

Flashproxy[edit]

flashproxy: Not recommended (see footnote). Use the provided obfs4 instructions instead. ^[17]

See Also[edit]

• Lantern: An alternative censorship circumvention tool documented for Qubes-Whonix only.
• Unfinished: Censorship Circumvention Tools other than bridges.
• Unfinished: Using Tor / Pluggable Transports from the Tor Browser Bundle.

Footnotes[edit]

License[edit]

Whonix Bridges wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix Bridges wiki page Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.

https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)