guardianproject / orbot-apple

Orbot VPN app for iOS
MIT License
210 stars 36 forks source link

issue with tunnel #95

Open valir777 opened 1 month ago

valir777 commented 1 month ago

mac os 15.0.1 orbot version v1.7.2 doesn't recognize webtunnel also the latest version from github doesn't work,i had to download it from the store the built-in bridges don't work either

[warn] {CONFIG} Can't use bridge at [scrubbed]: there is no configured transport called "webtunnel"

valir777 commented 1 month ago

also sometimes when the connection reaches 100% it resets

[warn] {APP} Invalid hostname [scrubbed]; rejecting

[warn] {APP} The ".exit" notation is disabled in Tor due to security risks

[warn] {APP} Rejecting ill-formed reverse lookup of [scrubbed]

valir777 commented 1 month ago

this app is super unstable,impossible to use

tladesignz commented 1 month ago

mac os 15.0.1 orbot version v1.7.2

Thanks! That is important.

doesn't recognize webtunnel

[warn] {CONFIG} Can't use bridge at [scrubbed]: there is no configured transport called "webtunnel"

Thanks a ton for catching this! There was a bug, where the custom bridges couldn't be read when configuring Tor on start so it fell back to the built-in Obfs4 bridges list. A new version 1.7.3 is on its way!

also the latest version from github doesn't work,i had to download it from the store

Yeah. sigh. Unfortunately, Apple wants self-published apps handle Network Extensions (the piece where Tor is running in) completely different from app store apps. Since this project was always focused on iOS, and the macOS version is mainly there because it was easy to do and because it helps in debugging. There's no budget for going all the way to create a self-published version. Hence the packages on Github are more or less for documentation purposes, and for the very advanced users. I added a note about it in the release notes.

the built-in bridges don't work either

If you're in a censored area, that's to be expected. Every censor worth their money know these and block them. After all, they're very public.

They're mostly meant for public libraries and such environments, where the admins heard about The Dark Web™️ and want to block it in their routers, but don't go to such lengths as state-sponsored censors.

also sometimes when the connection reaches 100% it resets

Weird. I never experienced that. Going to be hard to debug this. Maybe a side-effect of your environment and the broken webtunnel support? Let me know, when this persists, and as much of the circumstances as possible to reproduce.

[warn] {APP} Invalid hostname [scrubbed]; rejecting

[warn] {APP} Rejecting ill-formed reverse lookup of [scrubbed]

That's kinda normal. On a typical macOS system, there's lots of services and apps running in the background, and some of them do weird things which Tor cannot or doesn't want to handle.

[warn] {APP} The ".exit" notation is disabled in Tor due to security risks

Yeah, that is some legacy thing, I think. You can, theoretically address exit nodes directly with these .exit domains, but I never saw a reason why you would want to. Also, the Tor devs seem to think the same, hence it's disabled.

this app is super unstable,impossible to use

Well, thanks for the flowers, I guess? Happy to help, anyway.

BTW: You can always use the plain Tor via the command line to achieve the same:

http://brew.sh

brew install tor

https://2019.www.torproject.org/docs/tor-manual.html.en

It'll get a little complicated with pluggable transports, I have to admit, though...

valir777 commented 1 month ago

when will you upgrade it on app store?if I download it here it won't open will it?

valir777 commented 1 month ago

sorry buddy im not a dev just an regular user

valir777 commented 1 month ago

Weird. I never experienced that. Going to be hard to debug this. Maybe a side-effect of your environment and the broken webtunnel support? Let me know, when this persists, and as much of the circumstances as possible to reproduce.

that's the log after reset :

[warn] {APP} Invalid hostname [scrubbed]; rejecting

[warn] {APP} The ".exit" notation is disabled in Tor due to security risks

[warn] {APP} Rejecting ill-formed reverse lookup of [scrubbed]

valir777 commented 1 month ago

yeah v1.7.3 from github doesn't work,waiting for an app store update

tladesignz commented 1 month ago

Relax, man. App Store typically takes about a day or 2, thanks to Apple employees personally inspecting releases.

that's the log after reset :

[warn] {APP} Invalid hostname [scrubbed]; rejecting

[warn] {APP} The ".exit" notation is disabled in Tor due to security risks

[warn] {APP} Rejecting ill-formed reverse lookup of [scrubbed]

As said, looks normal.

valir777 commented 1 month ago

Relax, man

if i relax any more i might just turn into a puddle)

valir777 commented 1 month ago

so the reason it didn't connect is that it reset the bridges and used its built-in bridges?i also tried obfs4 bridges but they didn't connect either,no handshake

tladesignz commented 1 month ago

Same problem. The custom bridges where stored in a file which wasn't readable by the code which constructs the Tor configuration. Fallback to built-in Obfs4 bridges. Obviously don't work in your location.

valir777 commented 1 month ago

Same problem. The custom bridges where stored in a file which wasn't readable by the code which constructs the Tor configuration. Fallback to built-in Obfs4 bridges. Obviously don't work in your location.

its nice that you fixed this bug,it will help a lot of people who have censorship in their country,thanks

tladesignz commented 1 month ago

That was my goal. Thank you for your support, especially with uncovering this bug!

valir777 commented 1 month ago

That was my goal. Thank you for your support, especially with uncovering this bug!

yeah sure,i'll let you know if i find more) 😅

valir777 commented 1 month ago

😊 you did it,now it works with webtunnel,but the logs say: 1)Proxy Client: unable to connect OR connection (handshaking (proxy)) 2)in bridges it says [ERROR]: webtunnel([scrubbed]:443) - outgoing connection failed: unrecognized reply but overall it keeps work and creating new chains

tladesignz commented 2 weeks ago

1)Proxy Client: unable to connect OR connection (handshaking (proxy)) 2)in bridges it says [ERROR]: webtunnel([scrubbed]:443) - outgoing connection failed: unrecognized

🤷 Sorry, I'm not a specialist on Webtunnel (or any Pluggable Transports aka. "Bridges" implementations).

Depending on your censorship situation, I guess you will always have connectivity issues here and there.

reply but overall it keeps work and creating new chains

So it works now in general? With chains you mean "circuits"?

valir777 commented 2 weeks ago

you mean "circuits"?

correct