Tallow connects to tor network, but no website loads after pressing the big "Tor"-captioned button

[rabbihyatt]

First of all, Merry Christmas (though it is tad late for that), and Happy New Year, and thanks for the job you've done!

I'm sure it will be awesome when it gets to work; meanwhile, though -- and I'm sure it has got something to do with my newbieness -- I have to get it to work first.

To summarize, I run tallow and it bootstraps 100% and asks me to hit "Tor" to begin "torify"ing things, but after I hit "Tor", nothing connects -- all requests time out. Chrome shows me an ERR_TIMED_OUT.

That makes for the summary; now for the longer tale:

I have to manually add bridges to tallow's torrc file, and to that end I have used the pluggable transports that ship with TorBrowserBundle 7.0.11 (under <Tor Browser Root>\Browser\TorBrowser\Tor\PluggableTransports in Win 7.)

Also, ESET's firewall along with ESET's protection are both turned off, and I have booted Win 7 with "Driver Signature Verification" turned off too.

Something that has really piqued my curiosity is that I use the exact same torrc for TBB, and I have been using it fairly well (actually, I'm connected to github using TBB now), which makes me believe the changes I have made to the original torrc might not be the issue.

tallow's directory layout as I obtained it from reqrypt (and changed the bundled torrc) is located at https://github.com/rabbihyatt/tallow-bug/blob/master/tallow-baseline.zip

tallow's directory layout after I ran it and got across the issues I listed above is located at https://github.com/rabbihyatt/tallow-bug/blob/master/tallow-afterwards.zip (debug messages are in debug.log, tor's notices messages are in notice.log; whatever the command prompt told me when tallow was running is in tallow-messages)

Thanks a lot reading this far.

I hope I have given enough contexts for you to look into this issue.

Best wishes

[basil00]

Tallow does not currently support Tor bridges + pluggable transports, so that is likely the problem. The reason is because Tallow attempts to intercept all "non-Tor" traffic, and it considers bridge/pluggable-transport traffic to be "non-Tor", and will attempt to block or divert it via the "real" Tor network -- which just break things.

I have some plans to fix this. It involves making the traffic that Tallow intercepts to be configurable, allowing for certain traffic types to be ignored by Tallow.

[rabbihyatt]

I have some plans to fix this. It involves making the traffic that Tallow intercepts to be configurable, allowing for certain traffic types to be ignored by Tallow.

That's just about the best Christmas present I might have ever received! Tor is the only way we can connect to the internet through, and I have actually filed this issue on behalf of a whole neighbourhood. Thank you for everything; please feel free to close this issue whenever you find fit.

[basil00]

OK I updated Tallow so that it only diverts traffic as specified by the new traffic.divert file. Thus, if you want, you can modify traffic.divert to ignore certain traffic types, such as traffic to/from a specific IP address and/or port (see the documentation in the file itself). This should allow you to configure Tallow to use Tor bridges/pluggable-transports. Although this is a low-level solution, at least it should now be possible to do, rather than not supported at all.

Note that if you want to use this you'll need to either compile Tallow yourself, or wait until the next release. I am hoping to release a new version once the new WinDivert is ready, which hopefully should be within a month or so.

[basil00]

Regarding the timeouts -- it appears that the Tor network has changed somewhat since the Tallow tool was first created. Previously, most nodes listen on port 9001, whereas now a substantial number of nodes listen on port 443, presumably because the main Tor ports are blocked in many places. But this leads also leads to Tallow blocking its own Tor traffic.

A quick fix is to update the torrc file with the following options:

FascistFirewall 1
FirewallPorts 9001,9030

After adding these options and restarting Tallow, the tool works much better. Although, this does mean that Tallow is limiting the number of Tor nodes it will connect to, which isn't ideal.

Longer term, I need to add a better way of ignoring Tor traffic other than by port number.

[basil00]

New release is available: https://github.com/basil00/TorWall/releases