Issues running on Tails

[unsystemizer]

I encountered these three:

1. It seems Tails has restrictive Tor SOCKS proxy rules so that apps that don't work properly don't use it.
   When ZeroNet is started Tor SOCKS proxy refuses connection. I couldn't find what is making Tor Socks proxy refuse connections (I looked at https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/etc/ferm/ferm.conf and https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/etc/tor/torrc). I did not try to run ZeroNet as root.
2. uPnP punching also doesn't work (as amnesia user with and without sudo).
3. When ZeroNet is started without Tor and Tor proxy, it also cannot connect (running as amnesia, with or without sudo).

Basically no matter how you run it (except possibly as root), it cannot establish connections and work.

[HelloZeroNet]

zeronet.py --proxy 127.0.0.1:9050 --tor disable worked last time i tried. Upnp punching will fail on tor, this is normal.

[unsystemizer]

Well it doesn't work here. I got the log files over - this is current Tails and ZeroNet and points 1) and 2) can be seen. I double checked the Tor Socks port (tried --tor-proxy as well).

Tor Disabled

amnesia@amnesia:~/.ssh/zeronet/ZeroNet-master$ python zeronet.py --proxy 127.0.0.1:9050 --tor disable
- Starting ZeroNet...
[16:45:06] - OpenSSL loaded, version: 01000114F
[16:45:06] - Patching sockets to socks proxy: 127.0.0.1:9050
[16:45:06] - Version: 0.4.1 r1536, Python 2.7.9 (default, Aug 13 2016, 16:41:35) 
[GCC 4.9.2], Gevent: 1.0.1
[16:45:06] - Creating FileServer....
[16:45:06] - Creating UiServer....
[16:45:06] Site:1Name2..hM9F Content.json not exist: data/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F/content.json
[16:45:06] - Removing old SSL certs...
[16:45:06] - Starting servers....
[16:45:06] Ui.UiServer --------------------------------------
[16:45:06] Ui.UiServer Web interface: http://127.0.0.1:43110/
[16:45:06] Ui.UiServer --------------------------------------
[16:45:06] Site:1Name2..hM9F Content.json not exist: data/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F/content.json
[16:45:07] FileServer Checking port 15441 using portchecker.co...
[16:45:11] FileServer [BAD :(] Port closed: Port 15441 is closed.
[16:45:11] FileServer Trying to open port using UpnpPunch...
[16:45:11] Site:1Name2..hM9F Content.json not exist: data/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F/content.json
[16:45:13] FileServer UpnpPunch run error: error: [Errno 1] Operation not permitted in FileServer.py line 73 > UpnpPunch.py line 319 > UpnpPunch.py line 298 > UpnpPunch.py line 273 > UpnpPunch.py line 254 > UpnpPunch.py line 50 > socket.py line 474

Tor Enabled

amnesia@amnesia:~/.ssh/zeronet/ZeroNet-master$ python zeronet.py --proxy 127.0.0.1:9050 --tor enable
- Starting ZeroNet...
[16:43:03] - OpenSSL loaded, version: 01000114F
[16:43:03] - Patching sockets to socks proxy: 127.0.0.1:9050
[16:43:03] - Version: 0.4.1 r1536, Python 2.7.9 (default, Aug 13 2016, 16:41:35) 
[GCC 4.9.2], Gevent: 1.0.1
[16:43:03] - Creating FileServer....
[16:43:04] TorManager Tor controller connect error: error: [Errno 111] Connection refused in TorManager.py line 154 > socket.py line 342
[16:43:04] - Creating UiServer....
[16:43:04] Site:1Name2..hM9F Content.json not exist: data/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F/content.json
[16:43:04] - Removing old SSL certs...
[16:43:04] - Starting servers....
[16:43:04] Ui.UiServer --------------------------------------
[16:43:04] Ui.UiServer Web interface: http://127.0.0.1:43110/
[16:43:04] Ui.UiServer --------------------------------------
[16:43:04] Site:1Name2..hM9F Content.json not exist: data/1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F/content.json
[16:43:05] FileServer Checking port 15441 using portchecker.co...
[16:43:05] Site:1Name2..hM9F Announce to 0 trackers in 1.012s, failed
[16:43:06] FileServer [BAD :(] Port closed: Error: ProxyConnectionError: Error connecting to SOCKS5 proxy 127.0.0.1:49050: [Errno 111] Connection refused in FileServer.py line 98 > urllib2.py line 154 > urllib2.py line 431 > urllib2.py line 449 > urllib2.py line 409 > urllib2.py line 1227 > urllib2.py line 1194 > httplib.py line 1039 > httplib.py line 1073 > httplib.py line 1035 > httplib.py line 879 > httplib.py line 841 > httplib.py line 822 > SocksProxy.py line 12 > socks.py line 674
[16:43:06] FileServer Trying to open port using UpnpPunch...
[16:43:07] FileServer UpnpPunch run error: error: [Errno 1] Operation not permitted in FileServer.py line 73 > UpnpPunch.py line 319 > UpnpPunch.py line 298 > UpnpPunch.py line 273 > UpnpPunch.py line 254 > UpnpPunch.py line 50 > socket.py line 474

[HelloZeroNet]

It looking good, you need the webui should be accessible on http://127.0.0.1:43110/ (it's possible that you need to add 127.0.0.1 to firefox's "ignore proxy for" settings)

[unsystemizer]

I waited for 5+ mins, also added 127.0.0.1 to "ignore proxy for hosts" and tried other things. I think there's something in the Tor Socks or firewall rules that prevents serving from 127.0.0.1 With netstat I can see the service is listening, but I can't access it with either Tor or Unsafe Browser or telnet to localhost's port 43110 (connection refused).

[HelloZeroNet]

you can try to add --ui_ip "*" and access is using other ip you have

[unsystemizer]

Yes, I looked into that but haven't tried yet because rules mentioned above seem to favor the loopback interface while access to other interfaces is even more restricted. It didn't seem worth trying but I may give it a try.

[unsystemizer]

The good news: this works --tor disable --proxy ... --ui_ip ... The bad news: that works only in Unsafe Browser (which, as the name says, kind of defeats the purpose of running Tails). A minor thing is port 15441 would have to be opened because uPnP can't work, so even with this approach you can't serve files.

I think some of the settings mentioned in the first comment need to be tweaked to let ZN "natively" access Tor SOCKS5 proxy. If the exact reason could be identified I could follow up with Tails to see if they can modify their rules so that ZN can work on Tails out of box and with Tor enabled. By the way when running on loopback I changed #SocksPolicy accept 192.168.0.0/16 to SocksPolicy accept 127.0.0.1/16 and restarted Tor, but that didn't help. It's likely multiple changes are required (Tor config & iptables rules that are derived from ferm.conf linked at the top).