This should be the same URL as in the bridge line. So yes, a publicly reachable domain.
assuming itâs port 443 like apache
Registered server transport âwebtunnelâ at '[2001:
Itâs registering an IPv6 address? in the notices.log
My tor browser logâŚ
2024-09-10 17:39:24.596 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with ...:443 ID= RSA_ID=BA****** (âgeneral SOCKS server failureâ)
2024-09-10 17:39:31.690 [ERR] Managed proxy âTorBrowser\Tor\PluggableTransports\lyrebird.exeâ: Error dialing: tls: failed to verify certificate: x509: certificate has expired or is not yet valid:
2024-09-10 17:39:31.690 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with 92.27.150.46:443 ID= RSA_ID=******* (âgeneral SOCKS server failureâ)
If the connection using Tor Browser doesnât work, as I mentioned earlier:
Also enable CustomLog for the webtunnel virtual host temporarily to check whether connections arrive at it.
And also check Tor Browserâs log. You can find it on the connection settings page about:preferences#connection at the very bottom.
Your bridgeâs details page shows
So it seems, itâs not the case.
It simply means the bridge is being registered via IPv6, I think.
tor browser
2024-09-10 20:14:39.422 [ERR] Managed proxy âTorBrowser\Tor\PluggableTransports\lyrebird.exeâ: Error dialing: tls: failed to verify certificate: x509: certificate has expired or is not yet valid:
2024-09-10 20:14:39.422 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with 92.27.150.46:443 ID= RSA_ID=BA122CD1D40BA9F4732BE9A119C3097600D477E9 (âgeneral SOCKS server failureâ)
error log apache
[Tue Sep 10 21:07:08.514881 2024] [ssl:warn] [pid 13440:tid 352] AH01909: mwumba.com:443:0 server certificate does NOT include an ID which matches the server name
[Tue Sep 10 21:07:08.741916 2024] [ssl:warn] [pid 13440:tid 352] AH01909: mwumba.com:443:0 server certificate does NOT include an ID which matches the server name
[Tue Sep 10 21:07:10.374766 2024] [ssl:warn] [pid 26244:tid 372] AH01909: mwumba.com:443:0 server certificate does NOT include an ID which matches the server name
[Tue Sep 10 21:07:10.616654 2024] [ssl:warn] [pid 26244:tid 372] AH01909: mwumba.com:443:0 server certificate does NOT include an ID which matches the server name
Modsecurity logs nothing
access log, nothing
Sep 11 05:52:34.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 7 circuits open. I've sent 12.10 MB and received 19.67 MB. I've received 26 connections on IPv4 and 0 on IPv6. I've made 2 connections with IPv4 and 0 with IPv6.
Sep 11 05:52:34.000 [notice] While not bootstrapping, fetched this many bytes: 10667823 (server descriptor fetch); 498 (server descriptor upload); 275565 (consensus network-status fetch); 101991 (microdescriptor fetch)
Sep 11 05:52:34.000 [notice] Heartbeat: Since last heartbeat message, I have seen 11 unique clients.
DataDirectory C:\WebTunnel
GeoIPFile C:\WebTunnel\geoip
GeoIPv6File C:\WebTunnel\geoip6
Log notice file C:\WebTunnel\notices.log
BridgeRelay 1
Address ...
ExtORPort auto
ORPort ...:444 IPv4Only
AssumeReachable 1
SocksPort 0
ServerTransportPlugin webtunnel exec C:\WebTunnel\Pluggable_Transports\server.exe
ServerTransportListenAddr webtunnel 127.0.0.1:15000
ServerTransportOptions webtunnel url=https://mwumba.com/
MaxAdvertisedBandwidth 1 MBytes
The logs on the server are as if there is no contact to the server from the browser theyy are all empty
webtunnel ...:443 url=https://mwumba.com/ ver=0.0.1
2024-09-11 08:41:07.342 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:07.342 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:07.342 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:07.342 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:07.388 [ERR] Managed proxy "TorBrowser\Tor\PluggableTransports\lyrebird.exe": Error dialing: tls: failed to verify certificate: x509: certificate has expired or is not yet valid:
2024-09-11 08:41:07.388 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with 92.27.150.46:443 ID=<none> RSA_ID=BA122CD1D40BA9F4732BE9A119C3097600D477E9 ("general SOCKS server failure")
2024-09-11 08:41:08.393 [ERR] Managed proxy "TorBrowser\Tor\PluggableTransports\lyrebird.exe": Error dialing: tls: failed to verify certificate: x509: certificate has expired or is not yet valid:
2024-09-11 08:41:08.393 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with 92.27.150.46:443 ID=<none> RSA_ID=BA122CD1D40BA9F4732BE9A119C3097600D477E9 ("general SOCKS server failure")
2024-09-11 08:41:10.403 [ERR] Managed proxy "TorBrowser\Tor\PluggableTransports\lyrebird.exe": Error dialing: tls: failed to verify certificate: x509: certificate has expired or is not yet valid:
2024-09-11 08:41:10.404 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with 92.27.150.46:443 ID=<none> RSA_ID=BA122CD1D40BA9F4732BE9A119C3097600D477E9 ("general SOCKS server failure")
2024-09-11 08:41:13.413 [ERR] Managed proxy "TorBrowser\Tor\PluggableTransports\lyrebird.exe": Error dialing: tls: failed to verify certificate: x509: certificate has expired or is not yet valid:
2024-09-11 08:41:13.413 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with 92.27.150.46:443 ID=<none> RSA_ID=BA122CD1D40BA9F4732BE9A119C3097600D477E9 ("general SOCKS server failure")
2024-09-11 08:41:15.948 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:15.948 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:15.948 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:15.948 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:15.948 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:15.948 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:15.948 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:15.948 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2024-09-11 08:41:16.428 [ERR] Managed proxy "TorBrowser\Tor\PluggableTransports\lyrebird.exe": Error dialing: tls: failed to verify certificate: x509: certificate has expired or is not yet valid:
2024-09-11 08:41:16.428 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with 92.27.150.46:443 ID=<none> RSA_ID=BA122CD1D40BA9F4732BE9A119C3097600D477E9 ("general SOCKS server failure")
2024-09-11 08:41:17.433 [ERR] Managed proxy "TorBrowser\Tor\PluggableTransports\lyrebird.exe": Error dialing: tls: failed to verify certificate: x509: certificate has expired or is not yet valid:
Are you using a self-signed SSL certificate?
If so, this wonât work.
Also the certificate doesnât contain the domain name that shows up in the error log.
The cert should contain all the domains you have, then you could use one cert for all your domains.
But for our case itâs better to have a separate cert for each domain.
The easiest way to always have a valid certificate on Apache is to use mod_md.
Try it.
2024-09-11 10:14:11.725 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
2024-09-11 10:14:11.735 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
2024-09-11 10:14:11.863 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
2024-09-11 10:14:11.877 [NOTICE] Bootstrapped 14% (handshake): Handshaking with a relay
2024-09-11 10:14:11.882 [NOTICE] Learned fingerprint BA122CD1D40BA9F4732BE9A119C3097600D477E9 for bridge 92.27.150.46:443 (with transport 'webtunnel').
2024-09-11 10:14:11.882 [NOTICE] Bootstrapped 15% (handshake_done): Handshake with a relay done
2024-09-11 10:14:11.882 [NOTICE] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
2024-09-11 10:14:11.884 [NOTICE] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
2024-09-11 10:14:11.915 [NOTICE] new bridge descriptor 'WebTunnelBR' (fresh): $BA122CD1D40BA9F4732BE9A119C3097600D477E9~WebTunnelBR [VQ6AS0qlDrMUNIq8Zx7vwTSowN6bk2mK78NqYkZauKI] at 92.27.150.46
2024-09-11 10:14:11.915 [NOTICE] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
2024-09-11 10:14:12.819 [NOTICE] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
2024-09-11 10:14:12.820 [NOTICE] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
2024-09-11 10:14:12.820 [WARN] Only one bridge (transport: 'webtunnel') is configured. You should have at least two for conflux, for any transport that is not 'snowflake'.
2024-09-11 10:14:13.988 [NOTICE] Bootstrapped 100% (done): Done
No theyre signed by an authority but YAY! I added the CA as well as the crt key, bingo
# Certificates generated via acme.sh
SSLCertificateFile âconf/ssl.crt/server.crtâ
SSLCertificateKeyFile âconf/ssl.key/server.keyâ
SSLCACertificateFile â${SRVROOT}/conf/ssl.crt/gd_bundle-g2-g1.crtâ
I created a dummy pair to see if it was the certificate that was what was installed last night, Iâve reverted it back to the authority issued SSL certificate and it wors
I have another bridge but the domain reveals my name .co.uk and itâs setup exactly as mwumba.com but the browser gives this error like the other
2024-09-11 10:36:26.546 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
2024-09-11 10:36:26.569 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
2024-09-11 10:36:26.570 [ERR] Managed proxy "TorBrowser\Tor\PluggableTransports\lyrebird.exe": Error parsing args:
2024-09-11 10:36:26.571 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with [scrubbed] ("general SOCKS server failure")
2024-09-11 10:36:27.541 [ERR] Managed proxy "TorBrowser\Tor\PluggableTransports\lyrebird.exe": Error parsing args:
2024-09-11 10:36:27.541 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with [scrubbed] ("general SOCKS server failure")
2024-09-11 10:36:29.559 [ERR] Managed proxy "TorBrowser\Tor\PluggableTransports\lyrebird.exe": Error parsing args:
2024-09-11 10:36:29.559 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with [scrubbed] ("general SOCKS server failure")
Is this an issue to use my name domain as a WebTunnel, does it take some time to propagate through the tor network for each webtunnel?
When the other bridge is setup exactly as mwumba.com âŚ
Does it mean, you are using the same cert for the other domain?
If so, it wonât work, because as I mentioned earlier, the cert must contain all the domains itâs applied on. Your current cert applied on mwumba.com doesnât contain any other domain except mwumba.com and www.mwumba.com .
No different domain different secret different ssl certificate also signed by authority otherwise the bridge same torcc but different keys and apache are identical
Itâs coming up as green on the tor metrics but I canât connect to it
webtunnel ...:443 url=https://website.com/
typo, donât forget the the //
dur, thankyou serco greatest help from you, all working now, top marks!
1 Like
Hi, sorry for the late reply. I was on holiday for a short time. No, youâre in the right place.
Iâve got this warning on apache http
[Thu Sep 12 14:25:23.639275 2024] [ssl:warn] [pid 8280:tid 372] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
Is this important, I like if it works dont fix it but shall I fix it!
https-ssl-conf add
SSLSessionCache âshmcb:C:/xampp/apache/logs/ssl_scache(512000)â
It breaks hhtpd so no bother