Problems with Snowflake since 2023-09-20: "broker failure Unexpected error, no answer."

Some users are having problems connecting with Snowflake since yesterday, 2023-09-20. The anti-censorship and applications teams know the cause of the problem and are working on fixing it. In the meantime, if you are an affected Snowflake user, you may be able to work around the problem using a custom bridge line.

The symptom of the problem is that Tor doesn’t make progress in bootstrapping. If you look at the Tor log, you will see messages like this:

[notice] Managed proxy "./client": offer created
[notice] Managed proxy "./client": broker failure Unexpected error, no answer.

The cause of the problem is that the domain name used for the rendezvous phase of making a Snowflake connection has started to resolve to a different CDN than usual. If the domain name resolves to the old CDN for you, Snowflake still works. If it resolves to the new CDN, Snowflake doesn’t work.

Manual workarounds

You can try working around the problem yourself by entering manual bridge lines. The difference in this bridge lines, relative to the default ones, is that the front= option is different.

snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn`
snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn

If you use Orbot, you may be able to fix the problem by selecting the Built-in snowflake (AMP) option.

On Tor Browser, you can also activate AMP cache rendezvous, but only by entering manual bridge lines:

snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net/ ampcache=https://cdn.ampproject.org/ front=www.google.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn

We are interested in hearing from you if any of these workarounds helped.

More information

• [anti-censorship-team] cdn.sstatic.net sometimes resolves to Cloudflare, since 2023-09-20 14:00
• #tor-meeting log
• Use foursquare as domain front for snowflake (#42120) · Issues · The Tor Project / Applications / Tor Browser · GitLab
• Snowflake domain front blocked in some ISPs in Iran; suggested workarounds · Issue #197 · net4people/bbs · GitHub (not the same problem, but the same workarounds apply)

I have confirmation from a user, this is working for them (Note: This option is only available in Orbot 16.6.3-RC-1-tor.0.4.7.10)

I fixed a problem with the AMP cache bridge lines. I had accidentally copied the same line (192.0.2.3:80) twice.

thank you for me.
Then I will tell you some of my thoughts. There may be errors, but they may be useful to you.

There’s a fix deployed in Tor Browser 13.0a5 (released 2023-09-24).

I can see the (standalone) snowflake code had some significant changes, apparently to solve this issue, to compile it it needs go version 1.21.1 otherwise there’s an error about toolchain. I had seen a drop in connections since a few days on my snowflake proxies also probably related to this issue, in effect it seems the thing broke down except for a happy few or those that managed to implement a workaround.

I managed to compile 2.6.1 with go1.19.13 (on darwin) just yesterday, which I realise is only useful to those who are still on go1.19.13 and don’t want to update right now 0_o

No, this issue does not require any changes in the proxy. It’s a fix on the client side only. Any changes in the proxy code are unrelated.

The new requirement of go1.21 was because of updates in dependencies. See:

• Remove Golang 1.20 from CI Testing (!184) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
• standalone snowflake README still says go 1.15+ needed (#40290) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab

Thanks, indeed the latest standalone proxy code does nothing to bring the typical load back.

The problem seems to have put a big dent in the traffic I’m getting . My hourly connections are one third of what they used to be and it doesn’t seem to be country specific. This is snapshot of what I used to get during busy hours before this problem:

      1 Algeria
      1 Argentina
      1 Bangladesh
      3 Belarus
      1 Brazil
     16 China
      1 Dominican Republic
      1 Estonia
      3 Finland
      4 France
      1 Georgia
      3 Germany
      1 Ghana
      1 Hong Kong
      2 India
    928 Iran
      1 Iraq
      1 Israel
      2 Italy
      1 Kenya
      1 Lebanon
      1 Montenegro
      2 Myanmar
      1 Peru
     24 Russia
      1 Saudi Arabia
      2 Senegal
      1 Slovakia
      1 Spain
      1 Sweden
      1 Turkey
      5 Ukraine
      1 United Kingdom
     11 United States

And this is what I’m getting now:

      1 Ecuador
      1 Finland
      3 Germany
    319 Iran
      1 Russia
      1 Spain
      2 United States

There’s now a fix in the stable release Tor Browser 12.5.5 as well.

If you know how to install an APK file from GitHub, the newest release of Orbot for Android (2023-09-28) also has a workaround:

The developers have said, though, that there might be a problem with the updated front domain in Iran. If that is true for you, please let us know.

How do you get the countries stadistic?
Thanks