When I run a meek connection via:
$ TOR_PT_MANAGED_TRANSPORT_VER=1 TOR_PT_CLIENT_TRANSPORTS=meek TOR_PT_EXIT_ON_STDIN_CLOSE=1 ~/meek-client -url=$REFLECTOR -front=$FRONT -utls HelloRandomizedALPN
VERSION 1
CMETHOD meek socks5 127.0.0.1:36199
2025/08/06 13:37:50 listening on 127.0.0.1:36199
CMETHODS DONE
I can connect without problem:
$ curl -v --socks5-hostname 127.0.0.1:36199 https://bridges.torproject.org/moat/circumvention/settings
* Trying 127.0.0.1:36199...
* SOCKS5 connect to bridges.torproject.org:443 (remotely resolved)
* SOCKS5 request granted.
* Connected to 127.0.0.1 () port 36199
* using HTTP/1.x
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: CN=bridges.torproject.org
* start date: Jul 23 00:49:19 2025 GMT
* expire date: Oct 21 00:49:18 2025 GMT
* subjectAltName: host "bridges.torproject.org" matched cert's "bridges.torproject.org"
* issuer: C=US; O=Let's Encrypt; CN=R10
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to 127.0.0.1 (127.0.0.1) port 36199
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://bridges.torproject.org/moat/circumvention/settings
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: bridges.torproject.org]
* [HTTP/2] [1] [:path: /moat/circumvention/settings]
* [HTTP/2] [1] [user-agent: curl/8.14.1]
* [HTTP/2] [1] [accept: */*]
> GET /moat/circumvention/settings HTTP/2
> Host: bridges.torproject.org
> User-Agent: curl/8.14.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Request completely sent off
< HTTP/2 200
< content-security-policy: default-src 'none'; base-uri 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self';
< content-type: application/json
< date: Wed, 06 Aug 2025 13:38:00 GMT
< onion-location: http://yq5jjvr7drkjrelzhut7kgclfuro65jjlivyzfmxiq2kyv5lickrl4qd.onion/moat/circumvention/settings
< referrer-policy: no-referrer
< server: Apache
< strict-transport-security: max-age=15768000; preload
< via: 1.1 bridges.torproject.org
< x-content-type-options: nosniff
< x-frame-options: sameorigin
< x-xss-protection: 1
< content-length: 31
<
{"settings":[],"country":"ae"}
* Connection #0 to host 127.0.0.1 left intact
But when I do the same via lyrebird:
$ TOR_PT_MANAGED_TRANSPORT_VER=1 TOR_PT_CLIENT_TRANSPORTS=meek_lite TOR_PT_EXIT_ON_STDIN_CLOSE=1 TOR_PT_STATE_LOCATION=~/a ~/lyrebird-client meek_lite -url=$REFLECTOR -front=$FRONT -utls HelloRandomizedALPN -iat-mode 0
VERSION 1
STATUS TYPE=version IMPLEMENTATION="lyrebird" VERSION="0.6.1"
CMETHOD meek_lite socks5 127.0.0.1:35877
CMETHODS DONE
I get error:
$ curl -v --socks5-hostname 127.0.0.1:35877 https://bridges.torproject.org/moat/circumvention/settings
* Trying 127.0.0.1:35877...
* SOCKS5 connect to bridges.torproject.org:443 (remotely resolved)
* cannot complete SOCKS5 connection to bridges.torproject.org. (1)
* closing connection #0
curl: (97) cannot complete SOCKS5 connection to bridges.torproject.org. (1)