The meek bridge was said to be the least likely to be blocked. However, I currently cannot connect to meek-azure after several attempts. The log is here:
2024-12-06 16:58:26.911 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
2024-12-06 16:58:26.931 [NOTICE] Opening Socks listener on 127.0.0.1:9150
2024-12-06 16:58:26.932 [NOTICE] Opened Socks listener connection (ready) on 127.0.0.1:9150
2024-12-06 16:58:27.901 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
2024-12-06 16:58:27.902 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
2024-12-06 16:58:27.905 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
2024-12-06 17:03:27.224 [WARN] Problem bootstrapping. Stuck at 10% (conn_done): Connected to a relay. (DONE; DONE; count 1; recommendation warn; host BE776A53492E1E044A26F17306E1BC46A55A1625 at 192.0.2.18:80)
2024-12-06 17:03:27.225 [WARN] 1 connections have failed:
2024-12-06 17:03:27.225 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
2024-12-06 17:03:27.237 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
2024-12-06 17:03:27.237 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
2024-12-06 17:03:27.243 [WARN] Managed proxy "N/A" process terminated with status code 0
Seems like Tor got connected to the bridge and then failed to connect to the Tor network after 5 minutes and the connection stopped.
About a month before, I also experimented with the meek bridge and succeeded at least in the connection stage. So what’s happening?
I have tested it on my mobile phone and it worked OK. So it may not be a general failure of the bridge. I will test it on PC for several more times to determine the reason.
The results came. A certain WiFi has probably blocked meek protocol. If I open my VPN to Global mode and enabled Tun mode, I can connect with meek. This means that there do exist ways to block the protocol but almost no networks in China has done that yet.
Actually not. I have a few obfs4 bridges that can still work. And the meek bridge can work in most situations except my scenario.
I mean, the obfs4 protocol itself has been found to be detectable by calculating the entropy of the first 2048 bits of data but just like many common “wall-passing” techniques in China, it’s not easy to do so and due to the limited number of Chinese users using Tor, obfs4 bridges are still mainly blocked by ip blacklisting.
On some forums I’ve also read that the Webtunnel protocol is also recognizable with DPI. However, they remain a good and fast pluggable transport.
ajax.aspnetcdn.com may be resolved to different IPs in different regions, I guess many users in China will receive 117.18.232.200 , in some rare cases (e.g. in China) servers closer to you may be slower.
Could you add this line to /etc/hosts and try again?
152.199.4.33 ajax.aspnetcdn.com
On Windows, add it to C:\Windows\System32\drivers\etc\hosts
I got 152.199.4.33 by using DNS resolvers in Los Angeles, USA. https://doh.la.ahadns.net/dns-query?name=ajax.aspnetcdn.com
Seems like protocols that support QUIC UDP HTTP/3 work to get past censorship but not sure if that’s enough to get past deep packet inspection that fascists like russia or china GFW deploy?
There is a proxy protocol called Hysteria2 that is based.on UDP and QUIC. It is really fast nut ISPs can recognize UDP flow.and apply QoS restrictions or cut the flow completely.