For some context to this guide, shown below is my previous guide on fixing snowflake in Qubes-Whonix from earlier through Tor User Config and the UseBridges 1 function. For today's guide, we will fix the builtin Tor Control Panel's broken snowflake option, and free up the Tor User Config in the process. I prefer this method over my last method shown in the post below. If you know what's coming and would like to skip to the installation, scroll down to the part in caps and bold that says TLDR; SKIP TO THIS POINT FOR THE INSTALLATION OF SNOWFLAKE PROXY INTO QUBES-WHONIX TOR CONTROL PANEL, OR SKIP TO THE END WHERE A USER HAS SUMMARIZED THE GUIDE INTO EASY TO FOLLOW COMMANDS
https://forum.qubes-os.org/t/qubes-whonix-17-tor-snowflake-proxy-setup-guide-that-works/28844
In my last guide in the link above, I showed how to get snowflake proxy working in Qubes-Whonix(sys-whonix), by replacing the default (outdated?)bridges found in the whonix(qubes-whonix) snowflake documentation and by bypassing qubes-whonix's Tor Control Panel using Tor User Config, on top of configuring DNS settings specific to qubes-whonix. This guide will show you how to get the snowflake proxy in sys-whonix's Tor Control Panel working using the same principle, and independent of the Tor User Config, if you find that to be useful. (It feels nice to click snowflake and have it not stop at 10%, you know, having it work the way it is supposed to work), and it frees up your Tor User Config. I apologize if this is trivial/detrimental to security/or otherwise a waste of anyone's time
This procedure was first tested in the sys-whonix VM as root, do it in the whonix-gateway-17 template for persistence.
This guide assumes that the user has already configured sys-whonix's DNS using sudoedit /etc/resolv.conf.whonix(in the whonix-gateway-17 template) and setting the output of qubesdb-read /qubes-netvm-primary-dns as nameserver near the bottom of the file by uncommenting it and changing the ip. It also assumes the user has copied and installed snowflake-client by copying it from the whonix-workstation-17 template to the whonix-gateway-17 template in /usr/bin , and making the file executable. The commands to do all of this are below.
TLDR; SKIP TO THIS POINT FOR THE INSTALLATION OF SNOWFLAKE PROXY INTO QUBES-WHONIX TOR CONTROL PANEL, A SATISFIED USER SUMMARIZED ALL OF THE COMMANDS AND i PLACED IT AT THE BOTTOM OF THIS POST
In whonix-gateway-17 template terminal: sudoedit /etc/resolv.conf.whonix
a window will pop up to edit
uncomment "nameserver 10.0.2.3" and replace the ip with output of qubesdb-read /qubes-netvm-primary-dns from a running sys-whonix terminal(mine was 10.139.1.1 as it says in the qubes docs)
save the file, close the window and navigate to the whonix-workstation-17 template terminal to copy the snowflake-client to the whonix-gateway-17 template
In whonix-workstation-17 template terminal: qvm-copy-to-vm whonix-gateway-17 /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/snowflake-client
In whonix-gateway-17 template terminal: sudo cp ~QubesIncoming/whonix-workstation-17/snowflake-client /usr/bin/snowflake-client
The next command(s), there are two that seem to do the same thing, and i'm not sure which one works because I don't quite know the difference between them, but one of them works for sure, and doing them both works fine(if someone could tell me which one to remove from this guide that'd be great), they are:
sudo chmod og+rx /usr/bin/snowflake client
and/or
sudo install ~/Qubesincoming/whonix-workstation-17/snowflake-client --owner debian-tor --target-directory /usr/bin
You now have the correct snowflake-client in your template ready for use.
Choose from the following Options to continue; A for testing, or B for persistent template install, to proceed.
Option A: In dom0:(for testing) qvm-run --user root sys-whonix xterm In sys-whonix xterm:(for testing) skip Option B and execute commands below for testing
Option B: In whonix-gateway-17 template terminal:(For Template Install) execute commands below for template install
cd /usr/share/anon-conection-wizard/
sudo nano bridges_default
Replace the outdated snowflake bridges in the file to these newer ones from the tor project found at this link, I suggest the CDN77 bridges(option 2): https://forum.torproject.org/t/fix-problems-with-snowflake-since-2024-03-01-broker-failure-unexpected-error-no-answer/11755
CTRL+O then CTRL+ENTER (to save file) CTRL+X (to exit file)
Shut down whonix-gateway-17 template
Start/Restart sys-whonix
Find and launch your Tor Control Panel under Main Qubes Menu > Services > sys-whonix > Tor Control Panel
Click Stop Tor
Click Configure
Select snowflake as your bridge type
Click Restart Tor
It should look like this.
Snowflake should connect fine. This has also been tested in the whonix-gateway-17 template for persistence and it works great! :).
EDIT: A user in my comments section was glad to find my guide and made a summarized version of it that is easy to follow! That's what this is all about. I hope it helps others!
1) whonix-gateway-17 terminal:
sudo nano /etc/resolv.conf.whonix
Replace "nameserver 10.0.2.3" with "nameserver 10.139.1.1(or the output of ip qubesdb-read /qubes-netvm-primary-dns run in a sys-whonix terminal, which should be 10.139.1.1, but if it is different, then use that output ip)"
Save & exit
2) whonix-workstation-17 terminal:
qvm-copy-to-vm whonix-gateway-17 /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/snowflake-client
3) whonix-gateway-17 terminal:
`sudo cp ~QubesIncoming/whonix-workstation-17/snowflake-client /usr/bin/snowflake-client
sudo chmod og+rx /usr/bin/snowflake client
sudo install ~/Qubesincoming/whonix-workstation-17/snowflake-client --owner debian-tor --target-directory /usr/bin
sudo nano /usr/share/anon-conection-wizard/bridges_default`
Replace snowflake Bridges with:
"Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=docs.plesk.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn",
"Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=docs.plesk.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn"
Save & exit
Shutdown whonix-gateway-17
5) Restart sys-whonix
6) Start Tor Control Panel Click Stop Tor Click Configure Select Bridges type: snowflake Click Restart Tor