Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #21436

Closed
Open
Opened Feb 11, 2017 by adrelanos@adrelanos

fteproxy does not work on Debian stretch / document fteproxy usage on Debian stretch

Using fteproxy on Debian stretch isn't straight easy. So far no luck.

From /lib/systemd/system/tor@default.service, the AppArmor profile gets into the way.

AppArmorProfile=system_tor

Also the other systemd hardening results in.

Could not launch managed proxy executable at '/usr/bin/fteproxy' ('Permission denied').

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
ReadWriteDirectories=-/var/run
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE

Even with all of that disabled, Tor does not successfully bootstrap.

Feb 11 06:26:01.000 [notice] Bootstrapped 5%: Connecting to directory server
Feb 11 06:26:01.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Feb 11 06:26:01.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 6; recommendation warn; host redacted at IP:PORT)
Feb 11 06:26:01.000 [warn] 6 connections have failed:

I guess my torrc config is fine. Copied that part over from TBB to system Tor /etc/tor/torrc.

UseBridges 1
ClientTransportPlugin fte exec /usr/bin/fteproxy --managed
Bridge fte IP:PORT redacted

Any hints what I am doing wrong? (Not in a censored area. TBB without bridges as well as fteproxy works for me. Debian stretch system Tor with Debian fteproxy packages does not work for me.)

I am asking for Whonix integration purposes.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#21436