[Quick Start Guide] Snowflake Proxy in Qubes-Whonix Tor Control Panel

qubesforum-torcontrolpanelfix1920×1080 464 KB

Nov, 9 2024: this guide was edited to use the ‘qvm-copy’ command since the old ‘qvm-copy-to-vm’ command has finally been depreciated.

Here is the summarized and easily readable version of my Qubes-Whonix-17 Tor Control Panel snowflake proxy fix/installation guide. The full version of my guide can be found at the bottom of the page. The next Whonix release likely will not need this procedure.

Qubes-Whonix Tor Control Panel with working Snowflake Proxy
Quick Start Guide

1) whonix-workstation-17 template terminal:
Copy updated snowflake-client to gateway template from workstation template:

qvm-copy /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/snowflake-client

A pop up window will appear with the selection to put the files in a qube. Select 'whonix-gateway-17 template.

2) whonix-gateway-17 template terminal:
Copy updated snowflake client to /usr/bin, make executable, use nano to edit bridges file:

sudo cp ~/QubesIncoming/whonix-workstation-17/snowflake-client /usr/bin/snowflake-client
sudo chmod og+rx /usr/bin/snowflake-client
sudo nano /usr/share/anon-conection-wizard/bridges_default`

Replace Snowflake Bridges with:

"Bridge snowflake 192.0.2.3:80 
2B280B23E1107BB62ABFC40DDCC8824814F80A72 
fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 
url=https://1098762253.rsc.cdn77.org/ 
fronts=docs.plesk.com,www.phpmyadmin.net 
ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478
 utls-imitate=hellorandomizedalpn", "Bridge snowflake 192.0.2.4:80 
8838024498816A039FCBBAB14E6F40A0843051FA 
fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA 
url=https://1098762253.rsc.cdn77.org/ 
fronts=docs.plesk.com,www.phpmyadmin.net 
ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478
 utls-imitate=hellorandomizedalpn"

Save & exit

5) Shutdown whonix-gateway-17 template
6) Restart sys-whonix
7) Start Tor Control Panel

Click “Stop Tor”
Click “Configure”
Select “Bridges type” → “snowflake”
Click “Restart Tor”

Enjoy Snowflake on Qubes-Whonix working the way it’s supposed to be!

Here is my original guide:

Thanks to @glockmane for summarizing AND formatting the guide!

@adrelanos Stock snowflake-client version on whonix-gateway-17 is 2.5.1 (from 2023-01-18) whereas TB provided one is 2.9.2 (from 2024-03-18).

I believe you depend on the Debian 12 bookworm provided binary rather than shipping your own. It is necessary to contact Debian Privacy Tools Maintainers (or maybe Ruben Pollan). They lag a long way even on Trixie and Sid which also ship snowflake-client 2.5.1

Bingo! Awesome. Thanks for addressing the root cause of the client issue. no wonder @adrelanos didn’t catch it. I learn something every day here, thanks. :).

accidental reply, don’t know how to delete this reply.

This step is not necessary. As the sys-whonix will generate its own /etc/resolv.conf via /usr/libexec/anon-gw-anonymizer-config/edit-etc-resolv.conf script

Thanks, I didn’t know that, i did see ‘anon-dns’ in the whonix snowflake docs and github that looks like it’s going to be the same thing for the next whonix version posted like an hour after i made this guide(anon-gw-anonymizer-config/usr/bin/anon-dns at master · Whonix/anon-gw-anonymizer-config · GitHub), so it looks that that command was used before anon-gw-anonymizer was developed then. Qubes does so much stuff for you that I’d think need manual configuration. I love it! I’ll edit the guide, thank you.

This guide was updated today to use the ‘qvm-copy’ command instead of the depreciated ‘qvm-copy-to-vm’ command.