ntor handshake auth failures with RPs
My vanguards addon was detecting dropped cells on my v3 service side due to ntor failures to client chosen RPs. This happened while testing vanguards 0.3.0 with tor 0.4.0.2-alpha and a v3 onion service that was only for my testing.
This corresponded to control port lines like:
DEBUG[Thu Mar 07 09:51:28 2019]: 650 CIRC 12674 FAILED $DD5DA21CC5036533AE2010DE2C7E72BE2CDF9C5E~Unnamed,$28C52CDBB78DA46124DA62EC1D6796689E719210~ayb,$516C2CCBB1502B7E46E4265D82474257324DF8E2~Unnamed,$E37724D8AD87B149EAD2F3DFD3E1681624AC9EE0~sheldon BUILD_FLAGS=IS_INTERNAL,NEED_CAPACITY,NEED_UPTIME PURPOSE=HS_SERVICE_REND HS_STATE=HSSR_CONNECTING REND_QUERY=jxzsbx2wov6yrzwysw7mbmxal2ab6vwje745djczv4kyxe36a2rhmnid TIME_CREATED=2019-03-07T09:47:54.889121 REASON=TORPROTOCOL
Which matched loglines:
Mar 07 09:51:28.000 [info] onion_skin_ntor_client_handshake(): Invalid result from curve25519 handshake: 4 Mar 07 09:51:28.000 [info] circuit_mark_for_close_(): Circuit 3610696346 (id: 12674) marked for close at src/core/or/relay.c:1731 (orig reason: 1, new reason: 0) Mar 07 09:51:28.000 [info] circuit_build_failed(): Couldn't connect to the client's chosen rend point "" (last hop failed). Mar 07 09:51:28.000 [info] can_relaunch_service_rendezvous_point(): Attempt to build a rendezvous circuit to [scrubbed] has failed with 1 attempts and expiry time 1551952317. Giving up building.
I caused this by using Tor version 0.3.5.7 (git-9beb085c10562a25) to connect to my HS like so:
while [ true ]; do torsocks wget http://$MYV3_ONION_NAME.onion/404 -O /dev/null killall -HUP tor; done
That v3 404 url is in fact non-existent -- it does just send back a HTTP 404.
I think this might be caused by just normal onion key rotation of the RP... In which case there might now be anything we can do?
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information