RESOLVED: WebTunnel - general SOCKS server failure on test client connect


Have configured a WebTunnel instance on OpenBSD 7.5 as per guide - Tor Project | WebTunnel Bridge (tor version

On trying to connect to the webtunnel as a test tor browser (both desktop [v13.0.13] and android [v13.0.12]) gets an error:

[WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with x.x.x.x:443 ID=<none> RSA_ID=aaaaaaaaa ("general SOCKS server failure")

The webtunnel instance starts without error:

Tor[19669]: Registered server transport 'webtunnel' at '[2001:db8:6573:96ba:5fc4:7757:f425:d7dd]:443'

and is listening on port 15000:

tcp          0      0        *.*                    LISTEN

Contents of torrc:

RunAsDaemon 1
BridgeRelay 1
AssumeReachable 1
ServerTransportPlugin webtunnel exec /usr/local/bin/webtunnel
ServerTransportListenAddr webtunnel
ServerTransportOptions webtunnel url=
ExtORPort auto
ContactInfo  xxxxxx
Nickname xxxxx 
SocksPort 0
Log notice syslog

nginx error log (enabled for test) shows:

[error] 71247#0: *125 upstream prematurely closed connection while reading response header from upstream, client: x.x.x.x, server: a.a.a, request: "GET /xxxxx HTTP/2.0", upstream: "", host: ""

I’d appreciate any feedback or ideas


1 Like

Just noticed that reports as dysfunctional

  • webtunnel: dysfunctional
    Error: timed out waiting for bridge descriptor
    Last tested: 2024-04-10 23:14:50.275597505 +0000 UTC (3m54.439758802s ago)
1 Like

Hi, are you compiling WebTunnel from the source, right?

Could you check your system logs if OpenBSD is stopping the webtunnel binary execution or something related to user and permission?

1 Like

Yes compiled from source (no errors).

/var/log/daemon shows webtunnel being started without error

328-Apr 11 04:30:52 www5 Tor[57740]: connection_handle_listener_read: New metrics connection opened from
329:Apr 11 04:30:52 www5 Tor[57740]: handle_proxy_line: Got a line from managed proxy '/usr/local/bin/webtunnel': (VERSION 1)
330:Apr 11 04:30:52 www5 Tor[57740]: Managed proxy "/usr/local/bin/webtunnel" changed state: Launched -> Accepting methods
331:Apr 11 04:30:52 www5 Tor[57740]: handle_proxy_line: Got a line from managed proxy '/usr/local/bin/webtunnel': (SMETHOD webtunnel [2001:db8:6573:96ba:5fc4:7757:f425:d7dd]:443 ARGS:url=,ver=0.0.1)
332:Apr 11 04:30:52 www5 Tor[57740]: parse_method_line_helper: Server transport webtunnel at [2001:db8:6573:96ba:5fc4:7757:f425:d7dd]:443.
333:Apr 11 04:30:52 www5 Tor[57740]: handle_proxy_line: Got a line from managed proxy '/usr/local/bin/webtunnel': (SMETHODS DONE)
334:Apr 11 04:30:52 www5 Tor[57740]: handle_methods_done: Server managed proxy '/usr/local/bin/webtunnel' configuration completed!
335:Apr 11 04:30:52 www5 Tor[57740]: Managed proxy "/usr/local/bin/webtunnel" changed state: Accepting methods -> Configured
336-Apr 11 04:30:52 www5 Tor[57740]: save_transport_to_state: Transport seems to have spawned on its usual address:port.
337:Apr 11 04:30:52 www5 Tor[57740]: Registered server transport 'webtunnel' at '[2001:db8:6573:96ba:5fc4:7757:f425:d7dd]:443'
338:Apr 11 04:30:52 www5 Tor[57740]: Managed proxy "/usr/local/bin/webtunnel" changed state: Configured -> Completed
339-Apr 11 04:30:52 www5 Tor[57740]: metrics_connection_reached_eof: Metrics connection reached EOF. Closing.

and there is a process listening on

 netstat -an | grep 15000
tcp          0      0        *.*                    LISTEN

webtunnel running

$ ps -xlAU _tor
  566 57740     1   0   2   0 114328 188320 kqread  S      ??    0:11.40 /usr/local/bin/tor
  566   339 57740   3  10   0 44428  3584 thrslee I      ??    0:00.00 /usr/local/bin/webtunnel
1 Like

RESOLVED: Config error in nginx.

Using Lets Encrypt as CA and to issue. Specified ssl_certificate in Nginx as ca.cer needed to set ssl_certificate to fullchain.cer

Noticed following error in Nginx error log

[info] 30142#0: *154 SSL_do_handshake() failed (SSL: error:1403F412:SSL routines:ACCEPT_SR_FINISHED:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: x.x.x.x, server:

Used curl to connect. Curl wasn’ t able to verify the server certificate unless I specified the --ca-cert as fullchain.cer (rather than ca.cer).


This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.