[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
From: Nathan Freitas <nathan@xxxxxxxxxxx>
Date: Mon, 11 Jan 2016 23:17:10 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 11 Jan 2016 23:17:28 -0500
In-reply-to: <512753.1f0eb4cd0b223224ab63d1d7fbe92ae71e8266a3@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1451891238.15122.482057402.571AABE5@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <512753.1f0eb4cd0b223224ab63d1d7fbe92ae71e8266a3@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <569264CB.6000703@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sun, Jan 10, 2016, at 09:03 AM, Dash Four wrote:
> I am having all kind of problems with this, but before I go into the
> details, a bit of background.

Thanks for the report, Dash, and sorry you are having issues. It does
seem your setup is pretty complex (Droidwall plus transproxy AND a
VPN?!), but if it worked before it should now.
 
> Currently, I am running (quite happily) the "latest" Orbot, which uses
> tor 2.6(.10?) with no issues to report.

We didn't radically change anything with how the Tor ports are setup
between the Orbot v15.0.x branch and this one, but I will take another
look to see if something subtle was modified.

> 1. Orbot uses ports outside the "common" list of ports, which are,
> obviously, DROPped by the firewall. For example, the 15.1.0 version uses
> random ports on the 
> loopback interface in both directions (say, src port 51117, dest port
> 53123). The previous Orbot version sticks with source or destination
> ports that are 
> pre-defined (i.e. 9040, 9050, 9051 and 5400, as well as ports that are
> advertised in the tor config file).

Orbot still uses 9050, 9051 and 5400. Not sure why you aren't seeing
those as the defaults.

> 2. Even if I allow Orbot to have a free reign (allow all packets going
> out by Orbot), the transproxy/dns doesn't work. Basically, nothing can
> get proxied at 
> all. I don't have any packets that are dropped on the VPN or anywhere
> else.

I really don't understand how Orbot or Droidwalls iptables rules are
co-existing with Android VPN. This is really a new one for me. I will
make sure transproxy is working on Android 5.1 though, so that at least
we can be sure we didn't break anything.

> 3. Orbot simply ignores what I have specified as Socks, Transproxy and
> DNSPorts to be used. Example: in my configuration I specify the interface
> to be used 
> explicitly, i.e. "127.0.0.1:5400" as DNS port (this was the only way I
> could get it to work in the "latest" stable Orbot version). I tried
> variations of that 
> configuration (i.e. specify just the port number), but that didn't work
> either.

That is strange. It shouldn't ignore that. This is configured in the
Orbot individual settings values, or through torrc entries?

> 4. No matter what I configure in my settings, Orbot (both versions)
> always generates torrc file that contains "SocksPort auto", "DNSPort
> auto" and "TransPort 
> auto". Why? I know that it closes the old (auto-generated) ports and
> re-opens different ones (as per my custom torrc) later, but that should
> not be the case and 
> it should honour what I have specified in my configuration. 

Can you just clarify what you mean my your configuration? Is that via
Orbot settings, or a torrc file somewhere?


>This maybe
> related to the previous issue I described above. As a result of this, I
> cannot have, say, 
> "DNSPort" in my custom torrc as tor refuses to run (duplicate DNSPort
> definitions). Ridiculous! I need to have control of all torrc settings
> and not have Orbot 
> "assume" things. Modifying the torrc file in Orbot's data directory can
> alter some torrc settings, but not all and some are always included (like
> the example 
> I've given above) no matter what.

Point taken.

> 5. There is no GeoIP database supplied with any Orbot version, which
> makes all GeoIP-related commands I issued in my custom torrc completely
> useless. I had to 
> copy these files from my desktop tor version in order to make this work
> (Orbot is supposed to "come with tor", but apparently not everything is
> included).

There is GeoIP but it only unpacks it from the APK if you specify rules
in Orbot settings that need it. Again, you are hand modifying the torrc
file which isn't our expected method of use. We are trying to save
space, and made an assumption. If you enter any value in Orbot's exit
nodes field, it will notice that and unpack our bundled GeoIP files.

> I think that pretty much covers it. I managed to grab the tor executable
> supplied with v15.1.0-ALPHA and dump it in place with the old "stable"
> Orbot version 
> and it works OK from what I can see, though both Tor versions suffer from
> bug #9972 I submitted nearly 3 years ago, which is still open.

This is not an Orbot specific issue though, right?
 
> Another axe to grind with tor is its inability to specify binding
> interface for the various ports it uses. It currently requires an IP
> address 
> (<ip_address>:<port>). That format can't be used when I have VPN running
> or have an interface that has a dynamic IP address for example. I'd like
> to be able to 
> specify, say, "DNSListenAddress tun0:7253" for example.

Again, Tor and not Orbot, but yes, that would be useful!

Thanks for the very detailed notes. I will try to reproduce what you are
seeing.

+n

> 
> Nathan Freitas wrote:
> > 
> > ----- Original message -----
> > From: Nathan of Guardian <nathan@xxxxxxxxxxxxxxxxxxxx>
> > To: guardian-dev@xxxxxxxxxxxxxxxxxx
> > Subject: Orbot v15.1.0 Alpha 1
> > Date: Mon, 04 Jan 2016 02:04:44 -0500
> > 
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> > 
> > 
> > Happy 2016... and here's an update for Orbot to test
> > 
> > APK:
> > https://guardianproject.info/releases/Orbot-v15.1.0-ALPHA-1-1-gf441736.apk
> > ASC:
> > https://guardianproject.info/releases/Orbot-v15.1.0-ALPHA-1-1-gf441736.apk.asc
> > 
> > Primary updates are
> > - - Update to Tor 0.2.7.6 and OpenSSL 1.0.1q
> > - - Fixes for DNS leak in VPN mode (using PDNSD daemon for TCP-DNS over
> > Tor thanks to SocksDroid!)
> > - - Overall stability improvements to VPN mode with easy ability to
> > toggle on and off without Orbot restart
> > - - A pretty major update to the graphics/branding with a new icon from
> > DrSlash.com
> > 
> > CHANGELOG
> > f441736 update OpenSSL string to show 1.0.1q
> > 4098e8e update to 15.1.0-ALPHA-1
> > f1fcec3 add support for PDNSD DNS Daemon for VPN DNS resolution Tor's
> > DNS port doesn't work well with the VPN mode, so we will use PD
> > 8d8fe0c updates to improve VPN support
> > 699b60d add linancillary for badvpn tun2socks update for DNS
> > 9b2cc52 update badvpn binaries
> > 6dc8cf6 update makefile for new pluto builds
> > 0261236 change this to "browser button"
> > 3462cbd small updates to icon and strings
> > bb55557 update installer to get PLUTO binaries from assets
> > 7d213e2 delete pluggable transport binaries here; build with Makefile
> > use the external/pluto project
> > 6cf1201 update makefile to support PLUTO builds
> > 871701e add link for new icon
> > 51205b8 update for Orfox
> > 6fb4f0c update binaries
> > 317405d update external versions of Tor 0.2.7.6 and OpenSSL 1.0.1q
> > 0a5dd08 use a browser constant here, with the new constant being Orfox
> > c54ab18 deleted these graphics
> > 534c2fb update style, icons and graphics
> > 
> > 
> > 
> > 
> > - --
> >   Nathan of Guardian
> >   nathan@xxxxxxxxxxxxxxxxxxxx
> > 
> > - --
> >   Nathan of Guardian
> >   nathan@xxxxxxxxxxxxxxxxxxxx
> > -----BEGIN PGP SIGNATURE-----
> > Version: Mailvelope v1.3.2
> > Comment: https://www.mailvelope.com
> > 
> > wsFcBAEBCAAQBQJWihloCRCoARg+abN6qQAAWPcP/jxHlCNFqRu2mQaZ+VcA
> > 1WhZVyEWZZHx7Yn7TRs0FtKhpjBgy+UDGF9J+jZSNr+M9qI+TNEXTV7/qAD9
> > 4fO2AQVSFmO0EqjciaqEng9QhPxQ8tkIktadskTeZYE8ZQsS3A7oixXMVCPo
> > +TvsCdcRRJOw0cWnxOj31vMr2Ubh/odTdSPlRxQzFMVEP2lk3lBWFoH1L99w
> > qtGdCLRZ8k0sGb4E4gtGeA75EOdsPqoiwRocJ9DomOeq5JznHEba1lOqx4G4
> > C2rbVfKzgLzFMDIGMusCAQPuj6Pjw5v0fIy1Che+r+rUklhhMSOUEWnfWZQC
> > ylnNLMkpL8Ipmv8wcR5ycqR29Qp50/HCuzxvQoasSqkLRP/umKnB9PbYVSZQ
> > TWOQWxLrQHeforBUcXzPLUw7QyBBRzbDHgsqRHUIz7JAJM6vZuD8k4XMUags
> > JiO7eViP7eQIJp6W59weKOtasYFrJxR9tBOK0c6mrQp27722J0OK920MAIiC
> > 4/SASCXAy1gSappUoeawp5sTL0Zkx1XOiX8vlwK22jsQIFEZnWUaWHwrWkBL
> > LB2aRUal4kb9MIYYVMfh4W0GKn6UV9Ez0I+MmiFYi+iuCUdHp3bo6JC98GfL
> > eUWOu9oV79zCXbB19scVkWzZ2TPx7pe0ZWPuqcRb2NhSqF7L3pmhXU63V8BE
> > dMO8
> > =mm7R
> > -----END PGP SIGNATURE-----
> > 
> > 
> 
> 
> -- 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
  - From: Dash Four

References:
- [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
  - From: Nathan Freitas
- Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
  - From: Dash Four

Prev by Author: Re: [tor-talk] Torified Mobile Experience
Next by Author: Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
Previous by thread: Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
Next by thread: Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
Index(es):
- Author
- Thread