[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor Socks4a handshake error?



Many thanks for the very prompt and very helpful feedback! :)
~Jon

Roger Dingledine wrote:
On Thu, Oct 16, 2008 at 06:03:13PM -0500, Jon McLachlan wrote:
I'm developing on top of Tor through it's API. I am running Tor as an OP, and I am continuously being rejected by the socks port during the handshake, returning the SOCKS4a error code 91 (or 0x5b = [generic] request rejected or failed). The reject occurs after an attempt to connect through a single hop tunnel in planetlab, in which the remote node is a an exit OR servicing the requested address/port. I am referencing the address in the request with an unresolved domain name (not an IP). Further, the circuit was extended using the API successfully (circuit status = built or extended, does not seem to matter).

Now comes the strange part: When I make the OP and OR (by giving it an ORPort), it works. Any thoughts?

Check the Tor logs for why your stream was refused. In this case it
sounds like the Tor relay you build the stream through doesn't want to
allow clients to build one-hop circuits: see also
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#VariablePathLength

The simplest way to fix it is to upgrade your relay to 0.2.1.6-alpha
and set
AllowSingleHopCircuits 1
AllowSingleHopExits 1
in its torrc.

More complex ways involve hacking your relay's code to permit it. Or
using two hops like you're supposed to. :)

PS - using the tor binary, 0.2.0.15-alpha

Ok. You may be interested to know that there are known security and
performance flaws with that version -- especially when trying to connect
to the public Tor network.

--Roger