Not everything is running through Tor.

[SysCallz]

I updated recently and not everything is running thought Tor.

[dma]

Can you elaborate?

[SysCallz]

The terminal dose not run thought Tor.

[dma]

Can you be more specific? What exactly were you trying to do?

[SysCallz]

when using ssh and other shell commands it dose not go thought tor for example if I type
curl -s http://whatismyip.akamai.com/ I get my public ip.

[xSmurf]

And this is a standard install? Can you pastebin the ferm rules from /etc/ferm/ferm.conf and /etc/ferm/ferm.d/*? Is metaproxy running? You can verify this with systemctl status subgraph_metaproxy.service

[SysCallz]

It is a standard install. https://pastebin.com/4Q9xBiY2 >> ferm.conf https://pastebin.com/cEqQvi7p >> 20-fw-daemon.conf https://pastebin.com/9LgYFL18 >> 30-oz-bridges.conf The meta proxy is is running.

[xSmurf]

Can you also pastebin the out of `sudo iptables -nvL && sudo iptables -nvL -t nat && sudo iptables -nvL -t mangle' ?

[SysCallz]

https://pastebin.com/JnEre0gz

[dma]

Are you behind NAT, with a 1918 address (192.168.x.x, etc)? Could you share some information about the LAN you are on? Internal network information is really all we need. Also, you didn't add any privileges to your user account, did you? There is a gid that gets an exception for clearnet that gets setup (oz-openvpn) with the latest update.

[SysCallz]

local network is on 192.168.1.X range static ip assigned router is 192.168.1.2. Star network. I did not change any setting apart from host-name.

[dma]

None of us can reproduce this, but we are taking it seriously and investigating as we just pushed a new ferm update with clearnet support (for clearnet sandboxes). You say this didn't happen before, and only happened after a very recent update?

[dma]

Can you share with us the output of:

ip -o -f inet addr show | fgrep -v oz- | awk '/scope global/ {print $4}' | grep -E '^(192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)' || echo ''

[dma]

Can you also give us the output of these two commands:

id
getent group oz-openvpn

[SysCallz]

Yes it happened after I updated yesterday night. https://pastebin.com/GmM0N527

[dma]

I've reproduced this issue. There's a bug in our LAN exception that can result in this behavior in edge-case network configs but is probably exploitable by a malicious DHCP server. To reproduce it, I had to contrive a network configuration, including adding two routes manually.

Can you run the command ip route show and provide the output here?

Also, we've fixed what we think is the bug and put a new ferm-config package in the repo. Update and let us know if it's fixed for you.

[SysCallz]

The issue has been fixed. Thanks.

default via 192.168.1.2 dev enp8s0 proto static metric 100 192.168.1.2 dev enp8s0 proto static scope link metric 100