Hey Jay! Thus spake Jay Goodman Tamboli (jay@xxxxxxxxxx): > I'm stuck behind a FascistFirewall part of the day, and I've been > trying to get Tor to work as a client. I've added a line to my torrc: > > ReachableAddresses *:443 > > Oddly, I can see that Skype is using TCP connections on port 443. I > can't tell if they're working, but Skype is keeping them up (and Skype > as a whole seems to be working). > > Tor, on the other hand, is not working. netstat shows established > connections on port 443, but Tor doesn't seem to be accepting them as > usable. I have debug logging on, but I'm not sure what to look for, > since it seems to be trying to create circuits in parallel. Is there a > message printed when a OR connection fails, giving a reason? If you are running Tor 0.1.2.x or later, you can add "ControlPort 9051" to your .torrc, and telnet localhost 9051. You can then do AUTHENTICATE SETEVENTS EXTENDED CIRC ORCONN to get some info that is sometimes not reported in logs, in a well-formed format. You can also try jacking up your log to debug level. It then should dump a bunch of info about TLS connections there, but that is harder to sift through. Might also be a good idea to kill tor, fire up wireshark (www.wireshark.org), start a network capture, start tor, and let it try to make some circuits for a bit. Then save the capture, and post it and the control port info and possibly logs somewhere so we can look at the results. > Is it possible the firewall is looking at the :443 connections and > somehow telling that it's Tor rather than HTTPS? I believe at some point, tor changed its TLS certificate format to be less-torlike.. But maybe this is only in SVN and not widely deployed at the tor nodes. Roger or Nick will need to answer this question most likely. If they are doing content-based filtering like this, it is likely they are also blocking directory connections too.. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgppbe0zS2yyd.pgp
Description: PGP signature