Webtunnel: dysfunctional Error: timed out waiting for bridge descriptor


Tor version

I would like to running my own webtunnel like I do with my obfs4 too in ipv4 & ipv6.
This setup running by building server directly from git, the tor daemon restart works, binary was forked by tor, no error (apparmor ok & co).
I got message:

Registered server transport 'webtunnel' at '[2001:db8:...]...

I don’t understand why this IPv6 is wrong and reserved for documentation:

inet6num:     2001:db8:0:0:0:0:0:0/32
organisation: IPv6 Address Prefix Reserved for Documentation
status:       RESERVED

remarks:      https://www.rfc-editor.org/rfc/rfc3849.html

So, this is not my question?

I’ve setuped all things, my reverse proxy (haproxy) allow websocket. I’ve tried a cURL and got empty response. If I try another webtunnel (= not mine) I got error:

< HTTP/2 502
< content-type: text/plain; charset=utf-8
< content-length: 11
< date: Mon, 01 Apr 2024 16:40:10 GMT
* Connection #0 to host not mine left intact
Bad Gateway

and maybe normal because only wss is allowed.
my own curl is very diferent with an empty response:

* REFUSED_STREAM, retrying a fresh connect
* Connection died, tried 5 times before giving up
* Closing connection
curl: (56) Connection died, tried 5 times before giving up

Maybe it’s haproxy, but if I try to reach without proxy I got same answer

My torrc config additionally to obfs4:

ServerTransportPlugin webtunnel exec /usr/local/bin/tor-webtunnel
ServerTransportListenAddr webtunnel
ServerTransportOptions webtunnel url=https://mydomain/randompath
SocksPort 0

If you have any idea/insight to help me I appreciate that

The IPv6 address in the bridgeline is a placeholder. We need an IP address in the bridgeline and we create one by hashing the url into a documentation IPv6. You can ignore it. The actual connections from the clients will come to whatever you have configured in the url, and they will be IPv4 or IPv6 depending on what your webserver is configured for (and if the client network supports it).

Have you tried connecting to your bridge with an actual webtunnel client?

I’m expecting curl to fail as webtunnel is a websockets connection. The difference on both errors might be because of different webserver software or configuration.


Thank you, this is very helpful to understand more what happening.
I’ve tried with another webserver (caddy) and that seems working immediately.
That mean the issue is on haproxy setup, I need to work on this side.

When I’ve found the solution, I’ll post how to do that with haproxy