On Thu, Oct 16, 2008 at 06:03:13PM -0500, Jon McLachlan wrote:
I'm developing on top of Tor through it's API. I am running Tor as an
OP, and I am continuously being rejected by the socks port during the
handshake, returning the SOCKS4a error code 91 (or 0x5b = [generic]
request rejected or failed). The reject occurs after an attempt to
connect through a single hop tunnel in planetlab, in which the remote
node is a an exit OR servicing the requested address/port. I am
referencing the address in the request with an unresolved domain name
(not an IP). Further, the circuit was extended using the API
successfully (circuit status = built or extended, does not seem to matter).
Now comes the strange part: When I make the OP and OR (by giving it an
ORPort), it works. Any thoughts?
Check the Tor logs for why your stream was refused. In this case it
sounds like the Tor relay you build the stream through doesn't want to
allow clients to build one-hop circuits: see also
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#VariablePathLength
The simplest way to fix it is to upgrade your relay to 0.2.1.6-alpha
and set
AllowSingleHopCircuits 1
AllowSingleHopExits 1
in its torrc.
More complex ways involve hacking your relay's code to permit it. Or
using two hops like you're supposed to. :)
PS - using the tor binary, 0.2.0.15-alpha
Ok. You may be interested to know that there are known security and
performance flaws with that version -- especially when trying to connect
to the public Tor network.
--Roger