Recently, we had reports of Cyberoam firewalls blocking meek by TLS signature: https://lists.torproject.org/pipermail/tor-talk/2016-May/040923.html I got a similar report, this time for a FortiGuard firewall.
The story is basically the same as last time: the firewall looks for TLS that has the signature of a specific version of Firefox and is also destined to one of the default front domains. This time it is the signature of Firefox 45 they're looking for. They also were not blocking the domain www.google.com, so meek-google would work if it hadn't been shut down recently. Here are workarounds to try if you find yourself in this situation. See also: What to do if meek gets blocked. https://lists.torproject.org/pipermail/tor-talk/2015-January/036410.html First try changing the front domain. This is easy to do; you don't have to edit any files. https://trac.torproject.org/projects/tor/wiki/doc/meek#Howtochangethefrontdomain). These alternative bridge lines worked in this case: Bridge meek 0.0.2.0:2 url=https://d2zfqthxsdq309.cloudfront.net/ front=d2ko15wevu3ps3.cloudfront.net Bridge meek 0.0.2.0:3 url=https://az786092.vo.msecnd.net/ front=ajax.microsoft.com The second workaround is to disable the Firefox TLS camouflage and use naked Golang TLS. To do that, edit the file Browser/TorBrowser/Data/Tor/torrc-defaults and change the line ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer TorBrowser\Tor\PluggableTransports\meek-client-torbrowser -- TorBrowser\Tor\PluggableTransports\meek-client to ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer TorBrowser\Tor\PluggableTransports\meek-client I.e., remove the meek-client-torbrowser wrapper program. The format of the line will differ slightly depending on your operating system, but it should be pretty easy to figure out. The third workaround is to set up your own App Engine app. This isn't very hard to do. Instructions are here: https://lists.torproject.org/pipermail/tor-talk/2016-June/041699.html -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
