Orbot ignores Isolate destination addresses

[ghost]

Software & Hardware

• Device: Google Pixel 4a
• Operating System: GrapheneOS (SQ3A.220705.003.A1.2022070600)
• Orbot version: 16.6.2-RC-1-tor.0.4.7.8 (arm64-v8 release from GitHub)

Steps To Reproduce

• Enable Isolate destination addresses in Orbot.
• Turn on VPN Mode (with Always-on VPN and Block connections without VPN) or use 127.0.0.1:9050 as a proxy. The bug is reproductible in both cases.
• Visit at least two websites that show IP address e.g. browserleaks and ifconfig.
• Verify that IP address in all cases is the same.

Additional Informations

I checked that this issue is reproductible in Privacy Browser 3.10.1, Bromite 102.0.5005.96 and Vanadium 103.0.5060.71. Another user confirmed that issue is reproductible on DivestOS ROM (Android 11).

[pgerber]

Reporting this was on my todo list as well. I looked at it a while back and it looked like the isolation was enabled on socks:

SocksPort 9050 IsolateDestAddr …

but it's missing for transparently proxied connections. It should be enabled there too:

TransPort 9040 IsolateDestAddr …

[pgerber]

or use 127.0.0.1:9050 as a proxy

I thought this worked but oddly enough I can reproduce the issue on SOCKS too.

[ghost]

or use 127.0.0.1:9050 as a proxy

I thought this worked but oddly enough I can reproduce the issue on SOCKS too.

@pgerber I assume that even though the flags are added to the string somewhere in the code, they are not passed to the Tor client and thus it uses the defaults. I feel like Orbot is ignoring the settings for some reason, see #709 for more details.

[bitmold]

@pgerber You're right, adding TransPort 9040 IsolateDestAddr for TransPort will fix this issue. As others have said in #709 the SOCKSPort settings in torrc are ignored because TorService starts tor with the --SOCKSPort command line arg. I'm working on a fix for this now ...

Thanks everyone for reporting here

[ghost]

@bitmold just letting you know that I'm still able to reproduce this issue, both in VPN mode and when using Orbot as a proxy. After updating to newest release I cleared storage to make sure that Orbot starts from fresh state.

[bitmold]

Yes this issue wasn't fixed in the latest release. There needs to be a new release of Tor android and a new orbot release that's still in progress to fix this

[ghost]

Yes this issue wasn't fixed in the latest release. There needs to be a new release of Tor android and a new orbot release that's still in progress to fix this

I thought that "add IsolateDestAddr to TransPort in torrc" (from changelog) was supposed to fix the issue, my bad.