Unable to make Yggdrasil work with TOR

[jenkinsfu]

Hi,

I've tried many different configurations but making yggdrasil to work with tor is just not possible.

Can someone please share example working configuration? Ideally I want to establish TLS connection from my node to another one over TOR or doing this natively with yggdrasil and tor not possible so I have to look into doing some kind of iptables/nftables magic in order to achieve what I want?

Thank you so much for your time!

[bjtftw]

Tor connection to [Peers] do not work for me also and it is known bug as in #1028

[bjtftw]

Can you check if you are able to connect through tor to "tcp://..." instead of "tls://..." [Peers]?

You may also need to change torrc (Tor config file) like this (and restart tor): SocksPort 9050 PreferSOCKSNoAuth

I have just discovered that only tls peers are the problem and my syslog reports: "Link handler socks://127.0.0.1:9050/IP:PORT error (127.0.0.1:9050): read handshake: EOF" but for tcp:// [Peers] i get connected properly

[jenkinsfu]

Thanks for your effort checking but I like I think most of us need tls over socks, not unencrypted tcp. It is a bit sad when there is a lot of effort put into road map while not fixing this fundamental problem if it really used to work before :(

[jenkinsfu]

In here https://yggdrasil-network.github.io/faq.html it says very clearly that Yggdrasil work with networks like Tor or I2P , was wondering if @neilalexander is going to fix it at some point in near future?

[bjtftw]

I agree, devs should look at that.

[majestrate]

last time i tried tls listener on loopback works via onion but not tcp listener. i dont know why.

[jenkinsfu]

last time i tried tls listener on loopback works via onion but not tcp listener. i dont know why.

Thanks for reply, but can you please explain what you mean or provide a working example? I would be very grateful.

[majestrate]

last time i tried tls listener on loopback works via onion but not tcp listener. i dont know why.

Thanks for reply, but can you please explain what you mean or provide a working example? I would be very grateful.

on the listen side i use tls://127.0.0.2:10000 which is wired up to whatever.onion:443 with tor, then use socks://127.0.0.1:9050/whatever.onion:443 for those connecting to it. please note i have not done such a setup in a while so this may have broken since.

[jenkinsfu]

last time i tried tls listener on loopback works via onion but not tcp listener. i dont know why.

Thanks for reply, but can you please explain what you mean or provide a working example? I would be very grateful.

on the listen side i use tls://127.0.0.2:10000 which is wired up to whatever.onion:443 with tor, then use socks://127.0.0.1:9050/whatever.onion:443 for those connecting to it. please note i have not done such a setup in a while so this may have broken since.

Sorry, but I don't get what you mean. Listen side? You mean you configure yggdrasil to listen on that 10000 port? And what is whatever.onion:443?

[neilalexander]

I'm not clear if there is a problem here or if this is just that only a certain type of remote peer works over SOCKS? (i.e. tcp:// instead of tls:// or so).

[jenkinsfu]

I'm not clear if there is a problem here or if this is just that only a certain type of remote peer works over SOCKS? (i.e. tcp:// instead of tls:// or so).

It does not work ( at least for me ), @neilalexander would you be able provide me and for everyone else from the future who will come and read this a working example how to make yggdrasil work with tor? A config sample would be enough if possible please :)

[bjtftw]

1. update your yggdrasil installation on both machines to newest version (0.5.x)
2. edit yggdrasil.conf so [Peers] section looks like this:

Peers: [ sockstls://127.0.0.1:9050/IP:PORT ]

IP:PORT - IP address and PORT number of machine from Public Peers list

3. start Tor on your both machines
4. restart yggdrasil on them

No iptables requiered!