[tor-dev] Experimenting with private tor setup

teor teor2345 at gmail.com
Wed Apr 22 13:24:06 UTC 2015 

> Date: Wed, 22 Apr 2015 01:05:44 -0400
> From: CJ Ess <zxcvbn4038 at gmail.com>
> 
> On Tue, Apr 21, 2015 at 9:01 AM, teor <teor2345 at gmail.com> wrote:
> 
> > > Date: Tue, 21 Apr 2015 02:13:48 -0400
> > > From: CJ Ess <zxcvbn4038 at gmail.com>
> > >
> > > I've been experimenting with a private tor setup - I've managed to setup a
> > > couple directory authorities, six routers/exit nodes (which seemed to be
> > > the minimum to bootstrap everything), and a client.
…
> > > So I'm wondering what would happen if I set TestingTorNetwork to 0, so I
> > > picked one onion router instance and made that change.
> > >
> > > Because its all running on one box I had to keep some of the special
> > > settings:
> > > DirAllowPrivateAddresses 1
> > > EnforceDistinctSubnets 0
> > > AuthDirMaxServersPerAddr 0
> > > AuthDirMaxServersPerAuthAddr 0
> > > ExtendAllowPrivateAddresses 1
> > >
> > > And that almost works, I got this far:
> > >
> > > Apr 21 00:50:09.000 [notice] Bootstrapped 100%: Done
> > > Apr 21 00:50:09.000 [notice] Now checking whether ORPort
> > > xxx.18.110.101:5106 is reachable… (this may take up to 20 minutes -- look
> > > for log messages indicating success)
> > > Apr 21 01:10:09.000 [warn] Your server (xxx.18.110.101:5106) has not
> > > managed to confirm that its ORPort is reachable. Please check your
> > > firewalls, ports, address, /etc/hosts file, etc.
> > > Apr 21 01:30:09.000 [warn] Your server (xxx.18.110.101:5106) has not
> > > managed to confirm that its ORPort is reachable. Please check your
> > > firewalls, ports, address, /etc/hosts file, etc.
> > >
> > > It looks like the "is reachable" is determined by opening a circuit.
…
> > > I don't see any warnings or errors, it looks like the circuits are being
> > > opened successfully. Any ideas why this doesn't translate to getting past
> > > the ORPort being reachable test?
> >
> > If you're using a version of tor before 0.2.6.1, then it's possible that
> > bug #13924 may be the culprit:
> > https://trac.torproject.org/projects/tor/ticket/13924
> > "Reachability testing and channel is_local assume private addresses are
> > local" (and therefore discount the local/private addresses for the purposes
> > of reachability testing).
…
> I found the problem here:
> https://github.com/torproject/tor/blob/cc10f13408e25eaf04f849d0f761680f383fa61d/src/or/circuitbuild.c#L1401
> 
> The check for channel_is_local returns true because my dev box has an
> 172.16/12 address:
> 
> https://github.com/torproject/tor/blob/725d6157df150ec9151450dc2422d9838c20187e/src/common/address.c#L389
> 
> And thats what is keeping everything from working.

The 172.16/12 block is a private address block.
https://en.wikipedia.org/wiki/Private_network

tor assumes that connections from private addresses are local. It doesn't update its reachability self-testing flag unless it gets a connection from a non-local address.

This restriction is relaxed when TestingTorNetwork is set, as many test networks use private address blocks.

> I commented out that
> address block and now orport, dirport, and bandwidth tests are running.

Commenting out a private address range is a dangerous change that has at least the following security implications:
* "ExitPolicyRejectPrivate 1" won't stop clients exiting to the block you've commented out (warning, you have this set to the default, 1)
* "ExtendAllowPrivateAddresses 0" won't stop clients extending to the block you've commented out (but you have this set to 1)
* "DirAllowPrivateAddresses 0" won't exclude directory nodes with IPs in the block you've commented out (but you have this set to 1)

As long as you trust your entire network, including any clients that can connect to any open ports, this should not be a problem. But please don't use versions of tor with this change on the public Tor network, you'd be opening yourself up to attack.

It appears that my original fix to bug #13924 didn't anticipate anyone using "ExtendAllowPrivateAddresses 1" without "TestingTorNetwork 1". I'll submit a patch which swaps TestingTorNetwork for ExtendAllowPrivateAddresses. This will preserve the existing fix, because "TestingTorNetwork 1" implies "ExtendAllowPrivateAddresses 1".

The relevant line is here:

https://github.com/torproject/tor/blob/cc10f13408e25eaf04f849d0f761680f383fa61d/src/or/circuitbuild.c#L1401

In the interim, if you'd like a safer option, you could make the same code change to that line, or disable reachability testing entirely using "AssumeReachable 1".

teor

teor2345 at gmail dot com
pgp 0xABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150422/ea02cfb9/attachment.sig>

More information about the tor-dev mailing list