Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#35827 - [tor] 0.2.3.25-3 Refusing local socks connections

Attached to Project: Community Packages
Opened by Euler Alves (euleralves) - Monday, 17 June 2013, 03:54 GMT
Last edited by Lukas Fleischer (lfleischer) - Tuesday, 25 June 2013, 18:32 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Architecture i686
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description: After 2013-06-04 12:39 UTC build, tor is refusing all local connections
==============================================================================
Package version(s): 0.2.3.25-3
==============================================================================
Steps to reproduce:
sudo systemctl start tor
links -socks-proxy 127.0.0.1:9050 www.google.com
firefox and FoxyProxy with SocksProxy 4a or 5 to 9050 local port
===============================================================================
$cat /etc/tor/torrc
SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
SocksPolicy accept 192.168.0.0/16
SocksPolicy accept 127.0.0.1/32
Log notice file /var/log/tor/notices.log
Log debug file /var/log/tor/debug.log
Log notice syslog
RunAsDaemon 1
DataDirectory /var/lib/tor
ControlPort 9051
HashedControlPassword 16:XXXXXXXXXXXXXXXXXXXXXXX #Privacy concern
HiddenServiceDir XXXXXXXXXXXX #Privacy concern
HiddenServicePort 80 127.0.0.1:XXXXXXXXXXXX #Privacy concern
ORPort 9048
Nickname XXXXXXXXXXXX #Privacy concern
RelayBandwidthRate 80 KB
RelayBandwidthBurst 125 KB
ContactInfo XXXXXXXXXXXX #Privacy concern
DirPort 9049 # what port to advertise for directory connections
DirPortFrontPage /etc/tor/web/index.htm
ExitPolicy accept *:20-23 # FTP, SSH, telnet
ExitPolicy accept *:43 # WHOIS
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:79-81 # finger, HTTP
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:110 # POP3
ExitPolicy accept *:143 # IMAP
ExitPolicy accept *:194 # IRC
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:389 # LDAP
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:464 # kpasswd
ExitPolicy accept *:531 # IRC/AIM
ExitPolicy accept *:543-544 # Kerberos
ExitPolicy accept *:554 # RTSP
ExitPolicy accept *:563 # NNTP over SSL
ExitPolicy accept *:636 # LDAP over SSL
ExitPolicy accept *:706 # SILC
ExitPolicy accept *:749 # kerberos
#ExitPolicy accept *:873 # rsync
#ExitPolicy accept *:902-904 # VMware
ExitPolicy accept *:981 # Remote HTTPS management for firewall
ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL
ExitPolicy accept *:1194 # OpenVPN
ExitPolicy accept *:1220 # QT Server Admin
ExitPolicy accept *:1293 # PKT-KRB-IPSec
ExitPolicy accept *:1500 # VLSI License Manager
ExitPolicy accept *:1533 # Sametime
ExitPolicy accept *:1677 # GroupWise
ExitPolicy accept *:1723 # PPTP
ExitPolicy accept *:1755 # RTSP
ExitPolicy accept *:1863 # MSNP
ExitPolicy accept *:2082 # Infowave Mobility Server
ExitPolicy accept *:2083 # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128 # SQUID
ExitPolicy accept *:3389 # MS WBT
#ExitPolicy accept *:3690 # SVN
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:4643 # Virtuozzo
ExitPolicy accept *:5050 # MMCC
ExitPolicy accept *:5190 # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228 # Android Market
ExitPolicy accept *:5900 # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679 # IRC SSL
ExitPolicy accept *:6697 # IRC SSL
ExitPolicy accept *:8000 # iRDMI
ExitPolicy accept *:8008 # HTTP alternate
ExitPolicy accept *:8074 # Gadu-Gadu
ExitPolicy accept *:8080 # HTTP Proxies
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8332-8333 # BitCoin
ExitPolicy accept *:8443 # PCsync HTTPS
ExitPolicy accept *:8444 # BitMessage
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE
#ExitPolicy accept *:9418 # git
ExitPolicy accept *:9999 # distinct
ExitPolicy accept *:10000 # Network Data Management Protocol
ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol)
#ExitPolicy accept *:19294 # Google Voice TCP
ExitPolicy accept *:19638 # Ensim control panel
ExitPolicy accept *:50002 # Electrum Bitcoin
ExitPolicy reject *:* # middleman only -- no exits allowed
ExitPolicyRejectPrivate 1
====================================================================================
$cat /etc/tsocks.conf
local = 127.0.0.0/255.128.0.0
local = 127.128.0.0/255.192.0.0
local = 169.254.0.0/255.255.0.0
local = 172.16.0.0/255.240.0.0
local = 192.168.0.0/255.255.0.0
server = 127.0.0.1
server_port = 9050
====================================================================================
$sudo systemctl start tor
$sudo systemctl status tor

tor.service - Anonymizing Overlay Network
Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled)
Active: inactive (dead) since Mon 2013-06-17 00:46:04 BRT; 1s ago
Process: 2096 ExecStart=/usr/bin/tor -f /etc/tor/torrc (code=exited, status=0/SUCCESS)

Jun 17 00:46:04 archbang systemd[1]: Started Anonymizing Overlay Network.
Jun 17 00:46:04 archbang tor[2096]: Jun 17 00:46:04.133 [notice] Tor v0.2.3.25 (git-17c24b3118224d65) running on Linux.
Jun 17 00:46:04 archbang tor[2096]: Jun 17 00:46:04.133 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 17 00:46:04 archbang tor[2096]: Jun 17 00:46:04.133 [notice] Read configuration file "/etc/tor/torrc".
Jun 17 00:46:04 archbang tor[2096]: Jun 17 00:46:04.150 [notice] Initialized libevent version 2.0.21-stable using method epoll (with changelist). Good.
Jun 17 00:46:04 archbang tor[2096]: Jun 17 00:46:04.150 [notice] Opening Socks listener on 127.0.0.1:9050
Jun 17 00:46:04 archbang tor[2096]: Jun 17 00:46:04.150 [notice] Opening Control listener on 127.0.0.1:9051
Jun 17 00:46:04 archbang tor[2096]: Jun 17 00:46:04.150 [notice] Opening OR listener on 0.0.0.0:9048
Jun 17 00:46:04 archbang tor[2096]: Jun 17 00:46:04.150 [notice] Opening Directory listener on 0.0.0.0:9049
=====================================================================================
$sudo systemctl start tor
$cat /var/log/tor/debug.log
Jun 17 00:48:33.000 [notice] Tor 0.2.3.25 (git-17c24b3118224d65) opening new log file.
Jun 17 00:48:33.000 [debug] tor_disable_debugger_attach(): Attemping to disable debugger attachment to Tor for unprivileged users.
Jun 17 00:48:33.000 [debug] tor_disable_debugger_attach(): Debugger attachment disabled for unprivileged users.
Jun 17 00:48:33.000 [info] tor_lockfile_lock(): Locking "/var/lib/tor/lock"
Jun 17 00:48:33.000 [debug] parse_dir_server_line(): Trusted 100 dirserver at 128.31.0.39:9131 (9695)
(...)
Jun 17 00:48:33.000 [debug] parse_dir_server_line(): Trusted 100 dirserver at 154.35.32.5:80 (CF6D)
Jun 17 00:48:33.000 [debug] rend_add_service(): Configuring service with directory "XXXXXXXXXPRIVACY_CENSORXXXXXXXXXX
Jun 17 00:48:33.000 [debug] rend_add_service(): Service maps port 80 to 127.0.0.1:XXXXXXXXXPRIVACY_CENSORXXXXXXXXXX
Jun 17 00:48:33.000 [debug] rend_add_service(): Configuring service with directory "XXXXXXXXXPRIVACY_CENSORXXXXXXXXXX
Jun 17 00:48:33.000 [debug] rend_add_service(): Service maps port 80 to 127.0.0.1:XXXXXXXXXPRIVACY_CENSORXXXXXXXXXX
Jun 17 00:48:33.000 [info] entry_guards_parse_state(): Read 8/10 path bias for node DevnullhostFR
Jun 17 00:48:33.000 [info] entry_guards_parse_state(): Read 124/140 path bias for node menTor
(...)
Jun 17 00:48:33.000 [info] entry_guards_parse_state(): Read 32/35 path bias for node kramse
Jun 17 00:48:33.000 [info] or_state_load(): Loaded state from "/var/lib/tor/state"
Jun 17 00:48:33.000 [info] entry_guards_parse_state(): Read 8/10 path bias for node DevnullhostFR
(...)
Jun 17 00:48:33.000 [info] entry_guards_parse_state(): Read 32/35 path bias for node kramse
Jun 17 00:48:33.000 [info] remove_obsolete_entry_guards(): Entry guard 'DevnullhostFR' (B4AFD9E7D6C10E85F83FAD0E9552B22BC7E16DEB) was selected several months ago. (Version="0.2.3.25".) Replacing it.
Jun 17 00:48:33.000 [info] log_entry_guards(): menTor [14A15DCEE38301047D7EC593E659F059CE22FEDF] (no descriptor, made-contact),PPrivCom035 [8C94C4EC11AD48F5C9F3083DEDBC453DE926775B] (no descriptor, made-contact),DisasterTor2LA [DF3C431F794BF8D96432C89A43E520095B61980C] (bad, made-contact),TheDude [04EFAC4A548644FAA9B6549640330D571D3E9F8B] (no descriptor, made-contact),cmutornode [B0171148A7081858EE639B9451AF4D6CE0F68361] (no descriptor, made-contact),x42ex4 [7BD0CCC3D7060216B56E4FA936C49D4C6AEE71B3] (bad, made-contact),GermanCraft [B46807CA96DC907C91BFA48FD743EF84C6FECBA3] (bad, made-contact),sofia [43691853EA556C21A77E006886A5DC579855F527] (no descriptor, made-contact),ph3x [00C2C2A16AEDB51D5E5FB7D6168FC66B343D822F] (no descriptor, made-contact),kimya [4578A83CED0B36EC4606592486BBAD8191225591] (no descriptor, made-contact),kramse [3C5DF71E0358B5354FC398474CEDBC2788DEE62F] (no descriptor, made-contact),WilliamCZ6 [18AA5290123F773187BE9316401C8A5FD5452428] (no descriptor, made-contact)
Jun 17 00:48:33.000 [info] remove_obsolete_entry_guards(): Entry guard 'menTor' (14A15DCEE38301047D7EC593E659F059CE22FEDF) was selected several months ago. (Version="0.2.3.25".) Replacing it.
Jun 17 00:48:33.000 [info] log_entry_guards(): PPrivCom035 [8C94C4EC11AD48F5C9F3083DEDBC453DE926775B] (no descriptor, made-contact),DisasterTor2LA [DF3C431F794BF8D96432C89A43E520095B61980C] (bad, made-contact),TheDude [04EFAC4A548644FAA9B6549640330D571D3E9F8B] (no descriptor, made-contact),cmutornode [B0171148A7081858EE639B9451AF4D6CE0F68361] (no descriptor, made-contact),x42ex4 [7BD0CCC3D7060216B56E4FA936C49D4C6AEE71B3] (bad, made-contact),GermanCraft [B46807CA96DC907C91BFA48FD743EF84C6FECBA3] (bad, made-contact),sofia [43691853EA556C21A77E006886A5DC579855F527] (no descriptor, made-contact),ph3x [00C2C2A16AEDB51D5E5FB7D6168FC66B343D822F] (no descriptor, made-contact),kimya [4578A83CED0B36EC4606592486BBAD8191225591] (no descriptor, made-contact),kramse [3C5DF71E0358B5354FC398474CEDBC2788DEE62F] (no descriptor, made-contact),WilliamCZ6 [18AA5290123F773187BE9316401C8A5FD5452428] (no descriptor, made-contact)
Jun 17 00:48:33.000 [debug] circuit_build_times_disabled(): CircuitBuildTime learning is not disabled. Consensus=0, Config=0, AuthDir=0, StateFile=0
Jun 17 00:48:33.000 [debug] circuit_build_times_disabled(): CircuitBuildTime learning is not disabled. Consensus=0, Config=0, AuthDir=0, StateFile=0
Jun 17 00:48:33.000 [info] circuit_build_times_parse_state(): Adding 22 timeouts.
Jun 17 00:48:33.000 [debug] circuit_build_times_add_time(): Adding circuit build time 7125
(...)
Jun 17 00:48:33.000 [debug] circuit_build_times_add_time(): Adding circuit build time 1775
Jun 17 00:48:33.000 [info] circuit_build_times_parse_state(): Loaded 1000/1000 values from 181 lines in circuit time histogram
Jun 17 00:48:33.000 [debug] circuit_build_times_disabled(): CircuitBuildTime learning is not disabled. Consensus=0, Config=0, AuthDir=0, StateFile=0
Jun 17 00:48:33.000 [info] circuit_build_times_get_xm(): Xm mode #0: 1525 29
Jun 17 00:48:33.000 [info] circuit_build_times_get_xm(): Xm mode #1: 2175 22
Jun 17 00:48:33.000 [info] circuit_build_times_get_xm(): Xm mode #2: 1875 20
Jun 17 00:48:33.000 [info] circuit_build_times_set_timeout(): Based on 1000 circuit times, it looks like we don't need to wait so long for circuits to finish. We will now assume a circuit is too slow to use after waiting 4 seconds.
Jun 17 00:48:33.000 [info] circuit_build_times_set_timeout(): Circuit timeout data: 4477.240892ms, 60000.000000ms, Xm: 1825, a: 1.793391, r: 0.219000
Jun 17 00:48:33.000 [info] read_file_to_str(): Could not open "/var/lib/tor/router-stability": No such file or directory
=====================================================================================
$sudo systemctl start tor
$cat /var/log/tor/notices.log
Jun 16 23:56:20.000 [notice] Tor 0.2.3.25 (git-17c24b3118224d65) opening new log file.
Jun 17 00:04:36.000 [notice] Tor 0.2.3.25 (git-17c24b3118224d65) opening log file.
This task depends upon

Closed by  Lukas Fleischer (lfleischer)
Tuesday, 25 June 2013, 18:32 GMT
Reason for closing:  Not a bug
Comment by Lukas Fleischer (lfleischer) - Monday, 17 June 2013, 21:56 GMT
Works fine with the default config here:

$ curl -s --socks4 127.0.0.1:9050 https://check.torproject.org/ | grep '^Congratulations'
Congratulations. Your browser is configured to use Tor.<br>
$ curl -s --socks5 127.0.0.1:9050 https://check.torproject.org/ | grep '^Congratulations'
Congratulations. Your browser is configured to use Tor.<br>
$ pacman -Q tor
tor 0.2.3.25-3
Comment by Sid Karunaratne (sakaru) - Monday, 24 June 2013, 13:40 GMT
The reason why systemctl status tor says it's dead is because you have 'RunAsDaemon 1' in your config file. This was previously required, but not any more. However, that isn't the cause of the underlying problem, which I don't know the cause of. I can confirm that the default configuration works.
Comment by Euler Alves (euleralves) - Monday, 24 June 2013, 14:33 GMT
You got it! Maybe you need to change the torrc and torrc-dist comments about RunAsDaemon for better explain.

Loading...