Open Kreyren opened 4 years ago
So, just to make sure I understand this right. The screenshot posted here was taken while VPN mode was enabled, right?
A few more details that might help here:
@pgerber
So, just to make sure I understand this right. The screenshot posted here was taken while VPN mode was enabled, right?
Correct
Did you use Full Device VPN or did you select certain apps to be routed through Orbot. See Tor-Enabled Apps section at the bottom of the main screen.
Both Full Device VPN and selecting certain apps has the same issue.
EDIT: FWIW The default browser provided by AEX (Via) is shown in Orbot, if i open it there it automatically opens check.torproject.org, Firefox has been opened outside of orbot, but with VPN mode enabled for it
Using Full Device VPN seems to make firefox to be unable to connect (tried 5 times).
Is the IP shown by check.torproject.org the same when VPN is enabled and disabled?
Yes
Using Full Device VPN seems to make firefox to be unable to connect (tried 5 times).
What is the exact error message Firefox shows?
@pgerber This is Full Device VPN Mode
Looks like a DNS failure to me.
Would great to get the system logs. Do you have any experience with ADB / logcat?
Another way to get to the logs is using Androids Bug Report feature. You don't want to post the full report here though. It contains sensitive data. Perhaps you're able to filter out anything not related to this issue. Alternately, you may be able to send it to @n8fr8 privately.
Would great to get the system logs. Do you have any experience with ADB / logcat?
I have experience with everything, but fishing! :p
output from adb logcat --clear main && adb logcat orbot | tee -a logcat
with redacted confidential info and opening orbot, once loaded opened firefox and typed check.torproject.org: https://gist.githubusercontent.com/Kreyren/6dd039c1187cfb9d8c16da5d632af313/raw/f013ecf0734fab3175531dae81afb8c63ebbe365/gistfile1.txt
This seems relevant:
05-02 00:52:14.119 28164 28213 D OrbotVpnService: Stopping existing VPN interface
05-02 00:52:14.131 28164 28214 I OrbotVpnService: PDNSD: 0
05-02 00:52:14.131 28164 28214 D OrbotVpnService: tun2Socks has stopped
05-02 00:52:14.131 28164 28214 D OrbotVpnService: java.lang.IllegalStateException: Already closed
05-02 00:52:14.131 28164 28214 D OrbotVpnService: at android.os.ParcelFileDescriptor.detachFd(ParcelFileDescriptor.java:721)
05-02 00:52:14.131 28164 28214 D OrbotVpnService: at org.torproject.android.service.vpn.Tun2Socks.Start(Tun2Socks.java:92)
05-02 00:52:14.131 28164 28214 D OrbotVpnService: at org.torproject.android.service.vpn.OrbotVpnManager$2.run(OrbotVpnManager.java:355)
05-02 00:52:14.151 28164 28213 D OrbotVpnService: pdsnd conf:global { perm_cache=0; cache_dir=/data/data/org.torproject.android/files; server_port = 8093; server_ip = REDACTED_SOME_INTERNAL_IP; query_method=udp_only; min_ttl=1m; max_ttl=1w; timeout=10; daemon=on; pid_file=/data/data/org.torproject.android/files/pdnsd.pid; } server { label= upstream; ip = 127.0.0.1; port = 49524; u
Interesting:
05-01 21:53:27.006 5054 5255 W DnsManager: updatePrivateDns(101, PrivateDnsConfig{true:/[]})
05-01 21:53:27.006 5054 5255 D ConnectivityService: Setting DNS servers for network 101 to [/1.1.1.1]
Do you remember whether Private DNS was to off or automatic at the time?
Do you remember whether Private DNS was to off or automatic at the time?
It was set as automatic
Because of threads racing for a long time. You can see there are even tun0 and tun1 device setups in the logcat log. https://pastebin.com/4wqMsXfp patch maybe can address this.
p.s. This account maybe be flagged by github automatically soon.
Looks like a DNS failure to me. @pgerber
FWIW i can't force android 10 to use Tor DNS from GUI
@Kreyren that will not work, since Private DNS expects DNS-over-TLS and tor's DNS port is just plain DNS.
Anyhow, 16.2. RC-1 is posted. Please test and add any more feedback you can provide: https://github.com/guardianproject/orbot/releases/tag/16.2.0-RC-1-tor-0.4.2.7
@n8fr8 Doesn't work on VPN mode in firefox using Full Device VPN
https://gist.github.com/Kreyren/30ed534f33be0bb464c2eb0664b36890
Same issue using 127.0.0.1:9050
in firefox's about:config
It does work on my Pixel 3A using the settings as shown in the screenshot.
@n8fr8, I don't think the setting in the screenshot work as expected. Could it be that you had VPN mode enabled?
Correct settings:
Name | Value | Comment |
---|---|---|
network.proxy.socks | localhost | this is the host and not a true/false value as shown in the screenshot |
network.proxy.socks_port | 9050 | |
network.proxy.socks_remote_dns | true | we want Tor to handle DNS, not Android |
network.proxy.type | 1 | use manual configuration (the setting above) rather than system default |
Use this setup for testing only, it does not provide good privacy protection. Use a browser like Tor Browser that has been designed to provide privacy on the Tor network.
@pgerber Provided configuration works on my end
EDIT: just to clarify VPN-Mode still doesn't work
@pgerber strange... yeah, hmm. I do not have Firefox in my app list. Let me double check. How the heck did that work if I had so many settings wrong?
Anyhow, agreed that Tor Browser for Android is the solution here. Orbot VPN is meant for apps that don't have proxy features or alternatives that are tor enabled. Still, I DO use Firefox Focus / Klar with Orbot VPN mode for browsing news and it works well.
How the heck did that work if I had so many settings wrong? @n8fr8
Seems that you had the VPN mode enabled for testing of non-VPN connection ?
Okay, tested again, no VPN, and proper settings. Working as expected.
On Mon, May 4, 2020, at 6:24 PM, Kreyren wrote:
How the heck did that work if I had so many settings wrong? @n8fr8 https://github.com/n8fr8
Seems that you had the VPN mode enabled for testing of non-VPN connection ?
image https://user-images.githubusercontent.com/11302521/81019309-b1dbc580-8e66-11ea-9b20-546c078ffe74.png
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/guardianproject/orbot/issues/328#issuecomment-623740028, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAHRA7Z4ZRTW3T6EU2K3TLRP46DVANCNFSM4MXLJMIQ.
Any info new info on the VPN mode ?
We did just put out a new beta, so that is always worth a shot.
Otherwise, we haven't tested with your specific device and OS configuration. I do have a OnePlus device, and so can try to get it up and running to debug. It has Lineage on it currently.
16.3.1-BETA-1-tor-0.4.2.7 / 4 August 2020: https://github.com/guardianproject/orbot/releases/tag/16.3.1-BETA-1-tor-0.4.2.7 is the latest, it also incorporates a previous release dating back to early May
Seems to have same issue using beta version https://dpaste.com/9GE69VDVA.txt
FWIW i found this app https://github.com/Gedsh/InviZible which has working Tor support to get tor connection in apps that doesn't support proxying e.g. RevolutionIRC.
Maybe the maintainer (Gedsh) might be able to provide inside to how to resolve this issue?
Btw. the issue is still ongoing.. Using the 16.3.2-RC-1-tor-0.4.3.6
seems to be able to get the VPN working, but it's unable to resolve any domains.. (1.1.1.1 worked for me)
I'm running OnePlus 5T With Lineage Android 10 build, and it is working here.
If you have private DNS enabled, then domain resolution may not work, since the DNS lookups are encrypted, and Tor cannot intercept them appropriately to route through Tor's DNS.
@n8fr8 Sorry missed the reply, doesn't work on my end when resolving a domain e.g. loading https://check.torproject.org
fails, but opening 1.1.1.1
works.
Private DNS is turned off.
Version 16.3.3-RC-1-tor-0.4.3.6 (Tor 0.4.3.6-openssl1.1.1g)
closed by mistake
Hey, you are aware that turned on DoT since Android 9 blocks access to hidden survices, both v2 and v3? This is bad. Tor on clear net works.
If you set the Private VPN feature to "Auto" or "Off" even, it is still possible. You might also instead use something like RethinkDNS, which secures your DNS, adds an app firewall option, AND integrates nicely with Orbot. https://rethinkdns.com/
Obviously VPN should force DNS on itself, somehow it does not do it for .onion (no dnsleak, so otherwise all good). Guys??
Which apps are you trying to use over the VPN with onion services? Chrome and Brave Browser do work still with onion address. Firefox browsers do not.
Disclaimer: There seems to be lots of issues about this, but none that would fit into my device using this android distribution so i decided to make a new issue.
Description
I'm unable to use Orbot's VPN Mode on any application on my device.
Log (Private DNS automatic): https://gist.githubusercontent.com/Kreyren/b586cc0dea2b5f781fc5ee1f1194012b/raw/d5aacb3c1614892ace91054126bc1ba603cc16b4/gistfile1.txt
Expecting
Ability to use tor on:
System Info
Build Number:
aosp_oneplus2-userdebug 10 QQ2A.200405.005 7bd3f90efc release-keys
Relevants
Android 10 has
Private DNS
option that i've understand may be problematic. This has been observed with it turnedoff
andAutomatic
Log with Private DNS turned
off
: https://gist.githubusercontent.com/Kreyren/e48a683308f6062cbd7eaf916726a982/raw/536588ca45f37185cd7c200393c18a1ea172f669/gistfile1.txtReferences
Same issue with using
127.0.0.1:9050
SOCKS5 proxy on firefox https://github.com/guardianproject/orbot/issues/302#issuecomment-622322214