Hello, Tor community. Quick, possibly noobish question. I'd like to use my desktop and connect ARM (running on the desktop) to the control port of a server running Tor on the same LAN, but it's refusing the connection. I'm running /sudo -u tor arm -i 10.0.0.3:9051/, and it outputs:
robert@CPC-Arch:~$ sudo -u tor arm -i 10.0.0.3:9051 [sudo] password for robert: Connection refused. Is the ControlPort enabled?
I can connect to the control port from the same host fine, but when I try to do it from another host it fails. There must be something I'm missing. Hope you guys can help me. Thanks.
-Robert
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06.09.2013 06:01, Robert Charlton wrote:
Hello, Tor community. Quick, possibly noobish question. I'd like to use my desktop and connect ARM (running on the desktop) to the control port of a server running Tor on the same LAN, but it's refusing the connection. I'm running /sudo -u tor arm -i 10.0.0.3:9051/, and it outputs:
robert@CPC-Arch:~$ sudo -u tor arm -i 10.0.0.3:9051 [sudo] password for robert: Connection refused. Is the ControlPort enabled?
I can connect to the control port from the same host fine, but when I try to do it from another host it fails. There must be something I'm missing. Hope you guys can help me. Thanks.
-Robert
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Well, 10.0.0.3 is a port on your LAN, while being on the same machine you may be able to connect to 127.0.0.1, which only refers to the local machine. Use netstat to find out, whether your control port is listening only on localhost or also on your LAN.
You may then adapt the ControlPort option in your torrc to specify the interface you want it to listen on by specifing not only a port, but also an ip address, like
ControlPort 10.0.0.3:9051
Note however, that this opens the ControlPort to all users on your network, so make sure your authentication is safe.
Martin
Martin, setting ControlListenAddress to 10.0.0.3:9051 did the trick. I've also enabled cookie authentication. Obviously ARM running on something that's not a Tor server to connect to a server's control port has its limits, but I can still get some useful info. Thanks.
On Thu, Sep 05, 2013 at 10:35:22PM -0700, Robert Charlton wrote:
Martin, setting ControlListenAddress to 10.0.0.3:9051 did the trick. I've also enabled cookie authentication. Obviously ARM running on something that's not a Tor server to connect to a server's control port has its limits, but I can still get some useful info. Thanks.
Keep in mind that setting ControlListenAddress to a 10.x address means that anyone who can get a 10.x address (such as over WiFi DHCP) will be able to control your Tor relay.
You may say "oh but my network is secure" which is just fine so long as it continues to be true. But the default state of networks is "connected", so as time elapses your network will become less secure.
I would strongly recommend not leaving ControlListenAddress listening on a non-localhost IP address.
-andy
tor-relays@lists.torproject.org
-
Andy Isaacson -
Martin Weinelt -
Robert Charlton