[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Cisco firewall filtering Tor?



On Jun 16, 2007, at 01:54:01, Roger Dingledine wrote:

On Fri, Jun 15, 2007 at 07:07:21PM -0400, Jay Goodman Tamboli wrote:
I've uploaded results from a 5-minute run of Tor 0.2.0.2-alpha (I've
also tested with the current stable).

debug.log: http://tertiumquid.org/tor-logs/debug.log.gz

Something is definitely interfering with your ability to complete a
TLS handshake.

Whether that's your local firewall demanding that it MitM your SSL
connections, or your local firewall recognizing Tor's TLS signature and
killing that connection, or something else, I couldn't say.

See also Nick's post from November about this topic:
http://archives.seul.org/or/talk/Nov-2006/msg00088.html

I don't think it's MithM, since I'm not seeing any warnings from my web browser when connecting to HTTPS sites. It is quite possible they're actively blocking it. I notice that thread refers to Cisco routers, and I know that the firewall is a Cisco box. I'll look into this (and your other links) more to see if there's anything I can do to help.

Btw, you seem to have set a config option of "ReachableAddresses *: 443",
which means you can't contact (m)any directory servers. You may find
this to be bad after a couple of days. :) You might prefer *:80,*:443.

Most of the day I'm connected to an unrestricted network and run Tor without any ReachableAddresses options, so the server list should be, at worst, a few hours old. When I'm not testing, too, I add :80.

/jgt
--
http://tamboli.cx/
PGP Key ID: 0x7F2AC862B511029F