[tor-bugs] #21436 [Obfuscation/FTE]: fteproxy does not work on Debian stretch / document fteproxy usage on Debian stretch

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Feb 11 05:51:12 UTC 2017 

#21436: fteproxy does not work on Debian stretch / document fteproxy usage on
Debian stretch
---------------------------------+--------------------
     Reporter:  adrelanos        |      Owner:  kpdyer
         Type:  defect           |     Status:  new
     Priority:  Medium           |  Milestone:
    Component:  Obfuscation/FTE  |    Version:
     Severity:  Normal           |   Keywords:
Actual Points:                   |  Parent ID:
       Points:                   |   Reviewer:
      Sponsor:                   |
---------------------------------+--------------------
 Using fteproxy on Debian stretch isn't straight easy. So far no luck.

 From {{{/lib/systemd/system/tor at default.service}}}, the AppArmor profile
 gets into the way.

 {{{
 AppArmorProfile=system_tor
 }}}

 Also the other systemd hardening results in.

 > {{{Could not launch managed proxy executable at '/usr/bin/fteproxy'
 ('Permission denied').}}}

 {{{
 NoNewPrivileges=yes
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectHome=yes
 ProtectSystem=full
 ReadOnlyDirectories=/
 ReadWriteDirectories=-/proc
 ReadWriteDirectories=-/var/lib/tor
 ReadWriteDirectories=-/var/log/tor
 ReadWriteDirectories=-/var/run
 CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
 CAP_DAC_OVERRIDE
 }}}

 Even with all of that disabled, Tor does not successfully bootstrap.

 {{{
 Feb 11 06:26:01.000 [notice] Bootstrapped 5%: Connecting to directory
 server
 Feb 11 06:26:01.000 [notice] Bootstrapped 10%: Finishing handshake with
 directory server
 Feb 11 06:26:01.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing
 handshake with directory server. (DONE; DONE; count 6; recommendation
 warn; host redacted at IP:PORT)
 Feb 11 06:26:01.000 [warn] 6 connections have failed:
 }}}

 I guess my torrc config is fine. Copied that part over from TBB to system
 Tor /etc/tor/torrc.

 {{{
 UseBridges 1
 ClientTransportPlugin fte exec /usr/bin/fteproxy --managed
 Bridge fte IP:PORT redacted
 }}}

 Any hints what I am doing wrong? (Not in a censored area. TBB without
 bridges as well as fteproxy works for me. Debian stretch system Tor with
 Debian fteproxy packages does not work for me.)

 I am asking for Whonix integration purposes.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21436>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list