[ARM] Connecting to another host's control port with ARM: Connection refused.
Hello, Tor community. Quick, possibly noobish question. I'd like to use my desktop and connect ARM (running on the desktop) to the control port of a server running Tor on the same LAN, but it's refusing the connection. I'm running /sudo -u tor arm -i 10.0.0.3:9051/, and it outputs: robert@CPC-Arch:~$ sudo -u tor arm -i 10.0.0.3:9051 [sudo] password for robert: Connection refused. Is the ControlPort enabled? I can connect to the control port from the same host fine, but when I try to do it from another host it fails. There must be something I'm missing. Hope you guys can help me. Thanks. -Robert
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06.09.2013 06:01, Robert Charlton wrote:
Hello, Tor community. Quick, possibly noobish question. I'd like to use my desktop and connect ARM (running on the desktop) to the control port of a server running Tor on the same LAN, but it's refusing the connection. I'm running /sudo -u tor arm -i 10.0.0.3:9051/, and it outputs:
robert@CPC-Arch:~$ sudo -u tor arm -i 10.0.0.3:9051 [sudo] password for robert: Connection refused. Is the ControlPort enabled?
I can connect to the control port from the same host fine, but when I try to do it from another host it fails. There must be something I'm missing. Hope you guys can help me. Thanks.
-Robert
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Well, 10.0.0.3 is a port on your LAN, while being on the same machine you may be able to connect to 127.0.0.1, which only refers to the local machine. Use netstat to find out, whether your control port is listening only on localhost or also on your LAN. You may then adapt the ControlPort option in your torrc to specify the interface you want it to listen on by specifing not only a port, but also an ip address, like ControlPort 10.0.0.3:9051 Note however, that this opens the ControlPort to all users on your network, so make sure your authentication is safe. Martin -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSKWE9AAoJEM1jnLOhksr36FUP/0UhfGu1vpf3AHpOCT9BA+ix 10sQisduMnSMbYXJammdtE3UGu9C4OOq0tTRMg34e+7I1esyarSvVnKF4Vd6+YtA BDRm38sMs+NFdLg2tEKJgsi8J3kp9GrFm3xee+MhhuBG0TZ+Yf2s6eal8XxtBy0m 5wSmZrR0jX9a8AdMkirIvP5+Y9IL+QAcmnV5esOTx6w6oaiDwZpm1p7sjEI9WCrM SSjSKXpM3CiDBfSnSVNbU1oQpzlVOubYOrG0leJEvTYftvRIvSTu0sDZSCkVViwn lZGdl48zF3/qQ01JEURXtCcVEOljOqptkVlESCb3DkxBZwe8iJK3uI2JDvkXtCxI QOmSaeCGLrDRUPA8XiZYC8WijFhUcy4RbQ/l0/4q0w1W7iyz6i9PQMeYT4S8IFbm 2MZaAnap6BWTlDoRtMYpm3n6SQnPUlBL6HtAvfgG4h0Kzj6A7xieRb7pQwodSETz TUA2jEUHEW2tFtu/3zQAiYA42cR6fKTh/YhIJNZulkbUbpqi9i2lVTm5jP8VMQrv 2vO920OYbLy1FsEL5AP/1kVLRYSoFOZtzilRvRFmusBsuOlEM4Gl1NUXuiWrz3GH 8UTFeVwRycA4nIX9/idRVIxkswapOk1V+M5wMemBZuedbWBqMfEm32H1FkS821A4 erbjHsg+yIPh0pmqhrpD =I1mE -----END PGP SIGNATURE-----
Martin, setting ControlListenAddress to 10.0.0.3:9051 did the trick. I've also enabled cookie authentication. Obviously ARM running on something that's not a Tor server to connect to a server's control port has its limits, but I can still get some useful info. Thanks.
On Thu, Sep 05, 2013 at 10:35:22PM -0700, Robert Charlton wrote:
Martin, setting ControlListenAddress to 10.0.0.3:9051 did the trick. I've also enabled cookie authentication. Obviously ARM running on something that's not a Tor server to connect to a server's control port has its limits, but I can still get some useful info. Thanks.
Keep in mind that setting ControlListenAddress to a 10.x address means that anyone who can get a 10.x address (such as over WiFi DHCP) will be able to control your Tor relay. You may say "oh but my network is secure" which is just fine so long as it continues to be true. But the default state of networks is "connected", so as time elapses your network will become less secure. I would strongly recommend not leaving ControlListenAddress listening on a non-localhost IP address. -andy
participants (3)
-
Andy Isaacson -
Martin Weinelt -
Robert Charlton