[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: privoxy problem on OpenBSD



SLRNer wrote:
>Although I can use TOR directly, I am having difficulty incorporating
>privoxy.  I am using OpenBSD 3.6, Firefox 0.8, TOR 0.0.9.2, and
>privoxy 3.0.2.1.  TOR is compiled locally, and privoxy and Firefox are
>the pre-compiled binary packages shipped with the OpenBSD
>distribution.
>
>If I enable privoxy as well as TOR, the first one or 2 selected links
>will download, and thereafter it will hang forever.  The fact that
>it works for a few links suggests to me that the configuration is
>correct.
>
>Does anyone else running on OpenBSD have this problem?
>
>Can anyone suggest any approaches to working on this problem?
>
>Thanks

I'm following up on my own post with another question, arising from
my subsequent attempts to work around the privoxy problem.

First, a comment to help the second person using OpenBSD with TOR
(apparently, I am the first).  I pkg_delete'd privoxy (which had come
from packages, and not ports), and re-installed from ports.  This was
a long shot, but I wanted to be thorough.  It made no difference. 

Next, the site:

	http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO

suggests that:

	Tor 0.0.8 (or later) has a workaround for this problem; until we can
	hack tsocks (or a work-alike) to support DNS, instead of using a
	hostname directly, first use tor-resolve to resolve the hostname into
	an IP (via Tor) and then use that IP address with your tsocks-ified
	application. 

So I used tor-resolve on a website to get the IP address. This took
quite a while, so it probably was using TOR.  Then I cut-and-pasted
the IP address into Firefox and hit return.  The TOR error log came
back with the usual message that my DNS was being leaked. 

	Jan 26 15:08:19.763 [warn] fetch_from_buf_socks(): Your application
	(using socks4 on port 80) is giving Tor only an IP address.
	Applications that do DNS resolves themselves may leak information.
	Consider using Socks4A (e.g. via privoxy or socat) instead. 

My questions are:

1. Is the DNS still leaked if a numerical IP addess is given to the browser?

2. If not, and the error message is spurious, then is there any way to get
tor-resolve and tor to talk directly, without a cut-and-paste between windows?

Thanks