Tor Socks4a handshake error?

Jon McLachlan mcla0181 at umn.edu
Thu Oct 16 23:30:54 UTC 2008


Many thanks for the very prompt and very helpful feedback! :)
~Jon

Roger Dingledine wrote:
> On Thu, Oct 16, 2008 at 06:03:13PM -0500, Jon McLachlan wrote:
>   
>>  I'm developing on top of Tor through it's API.  I am running Tor as an 
>> OP, and I am continuously being rejected by the socks port during the 
>> handshake, returning the SOCKS4a error code 91 (or 0x5b = [generic] 
>> request rejected or failed).  The reject occurs after an attempt to 
>> connect through a single hop tunnel in planetlab, in which the remote 
>> node is a an exit OR servicing the requested address/port.  I am 
>> referencing the address in the request with an unresolved domain name 
>> (not an IP).  Further, the circuit was extended using the API 
>> successfully (circuit status = built or extended, does not seem to matter).
>>
>> Now comes the strange part:  When I make the OP and OR (by giving it an 
>> ORPort), it works.  Any thoughts?
>>     
>
> Check the Tor logs for why your stream was refused. In this case it
> sounds like the Tor relay you build the stream through doesn't want to
> allow clients to build one-hop circuits: see also
> https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#VariablePathLength
>
> The simplest way to fix it is to upgrade your relay to 0.2.1.6-alpha
> and set
> AllowSingleHopCircuits 1
> AllowSingleHopExits 1
> in its torrc.
>
> More complex ways involve hacking your relay's code to permit it. Or
> using two hops like you're supposed to. :)
>
>   
>> PS - using the tor binary, 0.2.0.15-alpha
>>     
>
> Ok. You may be interested to know that there are known security and
> performance flaws with that version -- especially when trying to connect
> to the public Tor network.
>
> --Roger
>
>
>   



More information about the tor-talk mailing list