Cisco firewall filtering Tor?

Jay Goodman Tamboli jay at tamboli.cx
Sat Jun 16 18:16:12 UTC 2007


On Jun 16, 2007, at 01:54:01, Roger Dingledine wrote:

> On Fri, Jun 15, 2007 at 07:07:21PM -0400, Jay Goodman Tamboli wrote:
>> I've uploaded results from a 5-minute run of Tor 0.2.0.2-alpha (I've
>> also tested with the current stable).
>>
>> debug.log: http://tertiumquid.org/tor-logs/debug.log.gz
>
> Something is definitely interfering with your ability to complete a
> TLS handshake.
>
> Whether that's your local firewall demanding that it MitM your SSL
> connections, or your local firewall recognizing Tor's TLS signature  
> and
> killing that connection, or something else, I couldn't say.
>
> See also Nick's post from November about this topic:
> http://archives.seul.org/or/talk/Nov-2006/msg00088.html

I don't think it's MithM, since I'm not seeing any warnings from my  
web browser when connecting to HTTPS sites. It is quite possible  
they're actively blocking it. I notice that thread refers to Cisco  
routers, and I know that the firewall is a Cisco box. I'll look into  
this (and your other links) more to see if there's anything I can do  
to help.

> Btw, you seem to have set a config option of "ReachableAddresses *: 
> 443",
> which means you can't contact (m)any directory servers. You may find
> this to be bad after a couple of days. :) You might prefer *:80,*:443.

Most of the day I'm connected to an unrestricted network and run Tor  
without any ReachableAddresses options, so the server list should be,  
at worst, a few hours old. When I'm not testing, too, I add :80.

/jgt
-- 
http://tamboli.cx/
PGP Key ID: 0x7F2AC862B511029F





More information about the tor-talk mailing list