Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T02:06:22Zhttps://gitlab.torproject.org/legacy/trac/-/issues/3595Connections with IPv4-mapped IPv6 addresses bypass transproxy2020-06-13T02:06:22ZTracConnections with IPv4-mapped IPv6 addresses bypass transproxyA user (DEplan on #guardianproject) reported that Gibberbot was using his real IP despite Orbot's transproxy being turned on; further research led to the conclusion that recent releases of Android seem to use IPv4-mapped IPv6 adresses fo...A user (DEplan on #guardianproject) reported that Gibberbot was using his real IP despite Orbot's transproxy being turned on; further research led to the conclusion that recent releases of Android seem to use IPv4-mapped IPv6 adresses for a large portion of connections. For examples, please see http://pastebin.com/Z4KDDq40. These connections completely bypass transproxy.
I am not yet sure about the circumstances under which Android employs these addresses.
The problems in finding a solution are that Android usually does not include ip6tables (though Orbot could simply package that) and kernels do usually not include IPv6 netfilter modules. The latter is a major issue, since Orbot can't package modules for every single kernel a user might be running.
As a side note, IPv6 does not support NAT (which is what transproxying is based on).
I'll try to figure out what triggers this behaviour of Android and find possible solutions (using sysctl to disable IPv6 does not solve it).
**Trac**:
**Username**: __sporkbombNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/8500Warn the user about possible transparent proxying failure2020-06-13T02:06:22ZTracWarn the user about possible transparent proxying failureThe transparent proxying feature is very likely to fail for a number of reasons, the most common is lack of a firmware supporting the needed iptables magic, or bugs like #3595.
Currently orbot doesn't warn the user when this occurs, lea...The transparent proxying feature is very likely to fail for a number of reasons, the most common is lack of a firmware supporting the needed iptables magic, or bugs like #3595.
Currently orbot doesn't warn the user when this occurs, leading to a false sense of security.
* It only mentions "(Requires root)" in the settings menu: true, but not enough: a special firmware is required too. It should be mentioned (possibly with a link to https://www.torproject.org/docs/android.html.en )
* At orbot startup, a system notification message is issued, saying that transparent proxying has been correctly enabled, even when this is not the case!
Orbot should check more toroughly if transparent proxying is really working, and issue a BIG WARNING in the user interface if this is not the case (or if this can not be detected).
Also the web page at https://www.torproject.org/docs/android.html.en could be improved, though it mentions the requirement for a suitable firmware, the warning could be made more evident (now you have to read the fine print to find out about this limitation).
We could also suggest the user to always check if a particular app is behaving as expected, for example checking the current network connections using a netstat-like tool like Os monitor
(see: http://f-droid.org/repository/browse/?fdfilter=os%20monitor&fdid=com.eolwral.osmonitor )
**Trac**:
**Username**: criNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/8079WARNING: error starting transparent proxying!2020-06-13T01:55:43ZTracWARNING: error starting transparent proxying!Hi,
I'm getting "WARNING: error starting transparent proxying!". Looks similar to https://trac.torproject.org/projects/tor/ticket/3891 but thing is:
- it was working just after Orbot installation (no warn message + I verified this for ...Hi,
I'm getting "WARNING: error starting transparent proxying!". Looks similar to https://trac.torproject.org/projects/tor/ticket/3891 but thing is:
- it was working just after Orbot installation (no warn message + I verified this for some apps and tethering on https://check.torproject.org/).
- I have CyanogenMod-7.2.0-vision installed (root access is granted for Orbot).
I was trying to use Orbot-bundled iptables but with no change.
I'll try to attach debug log ASAP. If you'll need additional information please let me know.
regards
milo
**Trac**:
**Username**: miloNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/7254Orbot WARNs DNSPort and TransPort public address specified2020-06-13T01:40:54ZcypherpunksOrbot WARNs DNSPort and TransPort public address specified"WARN You specified and public address for DNSPort (and TransPort). Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason."
I don't have a good reason an..."WARN You specified and public address for DNSPort (and TransPort). Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason."
I don't have a good reason and want to fix this. There are 4 WARN messages, 1 DNSPort, another TransPort, another DNSPort and another Transport. They repeat as the Orbot log updates itself.
Orbot version 0.2.3.23-rc-1.0.11-RC6 on Samsung EXhibit II running CyanogenMod version 9-20120826_UNOFFICIAL-aancora-tmo
Hopefully I'm posting correctly in the correct place.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/7210Orbot hides the errors of the iptables rules2020-06-13T01:40:12ZTracOrbot hides the errors of the iptables rulesThe transparent proxy of orbot doesn't run in my phone. It shows a error in the notification area.
Yesterday, I decided review the debug log with adb and I found a (in my opinion) important problem in orbot.
You're running the rules of...The transparent proxy of orbot doesn't run in my phone. It shows a error in the notification area.
Yesterday, I decided review the debug log with adb and I found a (in my opinion) important problem in orbot.
You're running the rules of iptables with "/whatever/iptables rules | | exit". I know that my problem is due to some iptables rules but I can't see the error because you hide the error using "| | exit".
You can run each rule individually and check the exit code each time. I think my suggestion is better than the use of "| | exit" because with this orbot doesn't hide the errors.
Sorry if I don't send a patch but my know about java code is near to 0 :)
**Trac**:
**Username**: juanfra684Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/6988[orbot] Orbot relies on "which" to find the "su" binary.2020-06-13T01:35:15ZTrac[orbot] Orbot relies on "which" to find the "su" binary.On a stock system without busybox, requesting root access fails because "which"(a part of busybox) is not available.
D/Orbot (12049): executing shell cmds: which su; runAsRoot=false;waitFor=true
D/Orbot (12049): Could not acquire ro...On a stock system without busybox, requesting root access fails because "which"(a part of busybox) is not available.
D/Orbot (12049): executing shell cmds: which su; runAsRoot=false;waitFor=true
D/Orbot (12049): Could not acquire root permissions
############
% adb shell
shell@android:/ $ which which
/system/bin/sh: which: not found
127|shell@android:/ $su
shell@android:/ # echo -e '#!/system/bin/sh\necho /system/xbin/su' > /system/xbin/which
shell@android:/ # chmod 755 /system/xbin/which
shell@android:/ # which
/system/xbin/su
############
After that. It works.
**Trac**:
**Username**: MSalNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/6459error starting transparent proxy2020-06-13T01:23:34ZTracerror starting transparent proxyHi,
I have a Google Nexus S, Android 2.3.7, with Cyanogenmod-7.2.0-crespo
I have installed Orbot 0.2.3.10 from www.torproject.org.
Superuser access is granted to Orbot.
Starting Orbot I get:
- Setting up full transparent proxy
- Warning:...Hi,
I have a Google Nexus S, Android 2.3.7, with Cyanogenmod-7.2.0-crespo
I have installed Orbot 0.2.3.10 from www.torproject.org.
Superuser access is granted to Orbot.
Starting Orbot I get:
- Setting up full transparent proxy
- Warning: error starting transparent proxy
- Proxying!
- Bootstrapped 100% Done
Tor network is running
Check indicates: Sorry. You are not using Tor.
The transparent proxy do not work for me. (Always DISABLED)
What is wrong?
P.S. I was using Orbot on the same device with Cyanogenmod-7.1, and it was working properly with transparent proxying. After installing the Cyanogenmod-7.2.0-crespo rom the problem appeared.
Thanks a lot.
**Trac**:
**Username**: odadgariNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/6137Icon not in toolbar after killing2020-06-13T01:16:35ZTracIcon not in toolbar after killingOrbot icon is not in toolbar even though connected to the Tor network and Always-On Notifications is selected in the settings. I killed the Orbot application in the Android GUI and started it again by clicking on its icon but did not cli...Orbot icon is not in toolbar even though connected to the Tor network and Always-On Notifications is selected in the settings. I killed the Orbot application in the Android GUI and started it again by clicking on its icon but did not click the start button. The version is 0.2.3.15-ALPHA-1.0.8-RC3.
**Trac**:
**Username**: mattiNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5886Orbot needs wifi only option for Relay.2020-06-13T01:11:13ZNathan FreitasOrbot needs wifi only option for Relay.Orbot for Android has a Relay setting. And I would love to use it to help. However, you might want to enable as a default ACTIVE if on WiFi. That way everybody who downloads it can help when on WiFi and not while on a limited mobile p...Orbot for Android has a Relay setting. And I would love to use it to help. However, you might want to enable as a default ACTIVE if on WiFi. That way everybody who downloads it can help when on WiFi and not while on a limited mobile phone plan.
Or for those who have limited data plans, they can set the Relay to be on when WiFi is detected.
And if On when WiFi is detected, the phones can also serve as your Exit points. Furthering the cause.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5469Orbot: can't specify node restrictions2020-06-13T01:02:26ZTracOrbot: can't specify node restrictionsI'm using Orbot (v0.2.3.10-alpha-1.0.7-FINAL, on Android ICS v4.0.1) and I can't seem to get the exit node I request.
In the Exit and Entrance Node fields I have "{us}" entered, yet sometimes I get IP's outside the US. Yesterday I got a ...I'm using Orbot (v0.2.3.10-alpha-1.0.7-FINAL, on Android ICS v4.0.1) and I can't seem to get the exit node I request.
In the Exit and Entrance Node fields I have "{us}" entered, yet sometimes I get IP's outside the US. Yesterday I got a UK ip.
Also, at random (usually after 30 minutes or so) I seem to lose connection to the Tor network without Orbot notifying me. I'm using Pandora from Canada.
**Trac**:
**Username**: dvdwsnNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5393orbot relay bug - orbot is not setting the relay values into torrc properly c...2020-06-13T01:00:46ZTracorbot relay bug - orbot is not setting the relay values into torrc properly causing orbot to not work when set as relayThis is about the bug discussed with 'n8fr8' on #guardianproject at freenode.
So, the relay functionality you said was broken and needs to be fixed for 'orbot' on smartphones.
I checked with the orbot version '0.2.3.10-alpha-orbot-1.0.7-...This is about the bug discussed with 'n8fr8' on #guardianproject at freenode.
So, the relay functionality you said was broken and needs to be fixed for 'orbot' on smartphones.
I checked with the orbot version '0.2.3.10-alpha-orbot-1.0.7-FINAL' and you have checked with the 'dev branch of the code' as you said (i suppose that means you have checked with latest version of code by compiling and running the latest updated version from git; i will do it too and let you know again). But none seemed to work. In fact, you said you were getting a more significant crash, when you enabled relaying on smartphone for dev branch of code.
You also thought if the problem is: whether the Relay conflict is with transproxying/root or with Tor client connection in general. But, i'm not sure if it later seemed not to be the problem.
Then, you told me to change the torrc file on my android phone, as you said that orbot is not setting the relay values properly which might be the reason for orbot not working as a relay on smartphone.
So, I will do that and let you know about it. I will also keep checking 'https://guardianproject.info/builds/Orbot/' to see if any new dev/debug release is posted.
Thankyou so very much for all your help, Mr.Nathan.
**Trac**:
**Username**: ruki_Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5305Orbot ( 0.2.3.10-alpha-1.0.7-FINAL) connection error2020-06-13T00:59:12ZTracOrbot ( 0.2.3.10-alpha-1.0.7-FINAL) connection errorOrbot was working fine . now it refuses to connect and displays a working status and the following errors .
D/Orbot ( 3435): Attempt: Error connecting to control port: /data/data/org.torproject.android/cache/control_auth_cookie (Per...Orbot was working fine . now it refuses to connect and displays a working status and the following errors .
D/Orbot ( 3435): Attempt: Error connecting to control port: /data/data/org.torproject.android/cache/control_auth_cookie (Permission denied)
D/Orbot ( 3435): java.io.FileNotFoundException: /data/data/org.torproject.android/cache/control_auth_cookie (Permission denied)
I am using a samsung i9100 on a stock rom and Orbot version 0.2.3.10-alpha-1.0.7-FINAL
**Trac**:
**Username**: TBA001Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/4678Orbot fails to start on Asus Transformer with Prime 2.1.1 FW2020-06-13T00:45:41ZTracOrbot fails to start on Asus Transformer with Prime 2.1.1 FWFor some reason Orbot fails to start on Asus Transformer with Prime v2.1.1 firmware.
----
**Trac**:
**Username**: alllexxFor some reason Orbot fails to start on Asus Transformer with Prime v2.1.1 firmware.
----
**Trac**:
**Username**: alllexxNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/4423Orbot flushes all foreign iptables rules2020-06-13T00:40:06ZTracOrbot flushes all foreign iptables rulesRegardless of whether transparency proxy is enabled or not, all foreign iptables rules get flushed when connecting or disconnecting to/from Tor.
Iptables chains stay untouched.
This is a big problem when using iptables based firewalls ...Regardless of whether transparency proxy is enabled or not, all foreign iptables rules get flushed when connecting or disconnecting to/from Tor.
Iptables chains stay untouched.
This is a big problem when using iptables based firewalls like "DroidWall" or "LBE Privacy Guard".
Example 1:
A internet access blocked application (a game, google location service, etc.) gets unblocked as soon as Orbot connects/disconnects to Tor.
Example 2:
A application should just be able to communicate through Tor. iptables related firewall blocks it. But Orbot's transparency proxy should allow it.
This still occures on the latest RC build:
"Orbot-1.0.6-Tor-0.2.3.7-alpha-RC3"
**Trac**:
**Username**: aribnsNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/4385Wizard comes up when you try to exit orbot2020-06-13T00:39:30ZSathyanarayanan GunasekaranWizard comes up when you try to exit orbotThe wizard doesn't kill itself due to android's weird handling of activities, so we manually have to kill it once the user clicks on "Options -> Exit".The wizard doesn't kill itself due to android's weird handling of activities, so we manually have to kill it once the user clicks on "Options -> Exit".Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/3775Permission error on Orbot2020-06-13T00:27:16ZTracPermission error on OrbotThere's some kind of problem with permissions in Orbot. I'm not sure if this happens only to me, but when I try to start Tor, it cannot access cache/control_auth_cookie. I can chmod it every time, but it is a bit annoying.
**Trac**:
...There's some kind of problem with permissions in Orbot. I'm not sure if this happens only to me, but when I try to start Tor, it cannot access cache/control_auth_cookie. I can chmod it every time, but it is a bit annoying.
**Trac**:
**Username**: etnmichNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/3572Disable Orbot transparent redirect for rfc1918 & localhost2020-06-13T00:23:02ZTracDisable Orbot transparent redirect for rfc1918 & localhostThe iptables rules setup on orbot to redirect all traffic through tor cause problems for when I'm on my wireless on my RFC1918 network or trying to access stuff bound onto localhost (vnc, ...).
Could the transparent redirect scripts be ...The iptables rules setup on orbot to redirect all traffic through tor cause problems for when I'm on my wireless on my RFC1918 network or trying to access stuff bound onto localhost (vnc, ...).
Could the transparent redirect scripts be updated to ignore RFC1918 & 127.0.0.X addresses?
**Trac**:
**Username**: dmz@zzservers.comNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/3082Orbot problems on rooted x10 with jit installed.2020-06-13T00:14:36ZNathan FreitasOrbot problems on rooted x10 with jit installed.JIT is the just in time compiler developed by someone on XDA for the X10. Apparently SE pulled it from the 2.1 build due to a risk of processor overheating. When you put it back you get a performance increase of 50% based on benchmarks...JIT is the just in time compiler developed by someone on XDA for the X10. Apparently SE pulled it from the 2.1 build due to a risk of processor overheating. When you put it back you get a performance increase of 50% based on benchmarks, with the slight cost that when the processor is maxed out it sometimes casues a reboot, although i dont think that was the issue here. Not had a problem with overheating yet, but got safeguards in place.
Went into settings (note given previous problems I had disabled start on boot, might be worth making this default initially?) and enabled logs, attatched to this email.
Note display was helpful on one attempt but blank apart from waiting animation on 2 others. No easy way to stop process apart from task killer.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/3081Orbot start up problem/looping dialog2020-06-13T00:14:36ZNathan FreitasOrbot start up problem/looping dialog#1. Almost always it takes two (sometimes three) starts for Orbot to connect properly. One symptom is in #2 below. Another is that all looks good (connection sequence looks correct, drop down alert looks correct) but testing via check....#1. Almost always it takes two (sometimes three) starts for Orbot to connect properly. One symptom is in #2 below. Another is that all looks good (connection sequence looks correct, drop down alert looks correct) but testing via check.torproject.org shows no connection. Exiting and restarting usually yields a working connection.
#2. Frequently on the first try, the app shows the spinning white circular pattern in the black rectangle in front of the Orbot logo, "Orbot is starting" message under the logo, and then stays in that mode indefinitely.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/2981Progress bar in an infinite loop while loading2020-06-13T00:12:50ZSathyanarayanan GunasekaranProgress bar in an infinite loop while loadingOrbot Version - 1.0.5
Device - HTC Legend
1. Start Orbot
2. While the progress bar loads, press Back/home
3. Return to Orbot
The progress bar is in an infinite loop, with no text.
The only way to exit, is to force quit or reboot.Orbot Version - 1.0.5
Device - HTC Legend
1. Start Orbot
2. While the progress bar loads, press Back/home
3. Return to Orbot
The progress bar is in an infinite loop, with no text.
The only way to exit, is to force quit or reboot.Nathan FreitasNathan Freitas