[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Blocked by Websense

On 11/26/06, Roger Dingledine <arma@xxxxxxx> wrote:
Oh boy. Looks like they have started that particular arms race.
Do you know what version of Websense they were using?

A friend working in a relevant government department says they're
using Websense Enterprise v5.5.

Get a cached-routers file and the cached-status/* files from somewhere. Bring them from home on a USB stick if you like. I'm not sure how recent they need to be -- if you're using 0.1.1.x it needs to be from within 24 hours. I believe is more forgiving, but not by much. Let me know if you get it working and what it takes.

I'm using It appear that no matter how recent
cached-routers and cached-status/* are, Tor insists on requesting
directory info afresh on startup, and won't start building circuits
until the directory requests are completed successfully.

Set "__AllDirActionsPrivate 1" in your torrc. (This config option is intended for controllers that bootstrap your initial circuits themselves, but it should work fine as a manual workaround for now.)

This one works like a charm; thank you. The only caveat is that you
cannot set this into torrc, but should only do a "SETCONF
__AllDirActionsPrivate=1" through the control port after Tor has had a
chance to build its circuits. Otherwise Tor goes into an infinite loop
complaining that no circuit is established yet. So the initial burst
of cleartext directory requests can't be avoided, but at least the
subsequent updates are tunneled through Tor.

On 11/27/06, Juliusz Chroboczek <jch@xxxxxxxxxxxxxx> wrote:

As Roger implied, working around your network's restrictions is counter-productive in the long term. The library's admins will see tor users as a bunch of trouble-makers who try to hide from them.

I would like to suggest that you should go speak with the admins, and
explain what tor is about, that using tor is perfectly legitimate,
nothing personal against them, and doesn't create any new security
issues for their network.

Even if they refuse to un-block tor, they'll most likely be taking
a more friendly view of your further attempts to avoid their restrictions.

Thank you for the sage advice. It's a pretty daunting task though, as
the general attitude of administrators (in the generic sense, not just
network admins) towards privacy advocacy in this part of the world is
of the "what are you trying to hide?" kind. But I'll certainly avoid
using Tor from the library for the time being. (A free wi-fi spot is
just 15 minutes' walk away, anyway.)

Thanks and regards to all,