Delivery-Date: Tue, 12 Jan 2016 23:12:21 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3783C1E0A21;
	Tue, 12 Jan 2016 23:12:19 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1777420586;
	Wed, 13 Jan 2016 04:12:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 761B6205A3
 for <tor-talk@lists.torproject.org>; Wed, 13 Jan 2016 04:12:09 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id W3UOp--PqxYr for <tor-talk@lists.torproject.org>;
 Wed, 13 Jan 2016 04:12:09 +0000 (UTC)
Received: from gil.mayfirst.org (gil.mayfirst.org [216.66.23.48])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 5B71020586
 for <tor-talk@lists.torproject.org>; Wed, 13 Jan 2016 04:12:09 +0000 (UTC)
Received: from gil.mayfirst.org (unknown [127.0.0.1])
 by gil.mayfirst.org (Postfix) with ESMTP id CCD575E77
 for <tor-talk@lists.torproject.org>; Tue, 12 Jan 2016 23:12:04 -0500 (EST)
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender:
 nathanfreitas@gil.mayfirst.org) with ESMTPSA id ACDD85E75
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailauth.nyi.internal (Postfix) with ESMTP id 5449E2040F
 for <tor-talk@lists.torproject.org>; Tue, 12 Jan 2016 23:12:05 -0500 (EST)
Received: from web5 ([10.202.2.215])
 by compute4.internal (MEProxy); Tue, 12 Jan 2016 23:12:05 -0500
Received: by web5.nyi.internal (Postfix, from userid 99)
 id 190E8B01FE4; Tue, 12 Jan 2016 23:12:05 -0500 (EST)
Message-Id: <1452658325.2788868.490573618.348628B3@webmail.messagingengine.com>
X-Sasl-Enc: eWpRBWZoIdp0b/jeFIW0456SGXXdAu9zLXJoN8T1mIOQ 1452658325
From: Nathan Freitas <nathan@freitas.net>
To: tor-talk@lists.torproject.org
MIME-Version: 1.0
X-Mailer: MessagingEngine.com Webmail Interface - ajax-6cda141f
In-Reply-To: <512753.ce9e91435c029518bbeab2661490b5bcc30e931e@popretr.messagingengine.com>
References: <1451891238.15122.482057402.571AABE5@webmail.messagingengine.com>
 <512753.1f0eb4cd0b223224ab63d1d7fbe92ae71e8266a3@popretr.messagingengine.com>
 <569264CB.6000703@bitmessage.ch>
 <1452572230.2459418.489459402.6BF5E247@webmail.messagingengine.com>
 <512753.ce9e91435c029518bbeab2661490b5bcc30e931e@popretr.messagingengine.com>
 <56957334.6070605@bitmessage.ch>
Date: Tue, 12 Jan 2016 23:12:05 -0500
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Tue, Jan 12, 2016, at 04:42 PM, Dash Four wrote:
> Nathan Freitas wrote:
> > I really don't understand how Orbot or Droidwalls iptables rules are
> > co-existing with Android VPN. This is really a new one for me. I will
> > make sure transproxy is working on Android 5.1 though, so that at least
> > we can be sure we didn't break anything.
> I have completely re-defined the "transproxy" feature using iptables
> rules in the nat table. Transproxy in orbot is completely de-activated (I
> don't use it at 
> all). Didn't trust the Orbot transproxy feature as:
> 
> 1. It was returning icmp codes instead of dropping the packets silently
> (standard practice in firewalling);
> 2. Allows full net access to selected applications (I need to have the
> ability to specify which application should be allowed to transproxy
> which 
> protocols/ports, not just proxying everything with no control over
> anything).

That's great, and yeah, we should probably improve our transproxy
feature, though with things like Orwall and Droidwall, as well as our
VPN feature, it has become less of a focus recently.

I've made changes in Orbot now so that if you don't have the transproxy
feature enabled, it won't write any related settings. This means you can
override it with your own now more easily.

> >> 3. Orbot simply ignores what I have specified as Socks, Transproxy and
> >> DNSPorts to be used. Example: in my configuration I specify the interface
> >> to be used 
> >> explicitly, i.e. "127.0.0.1:5400" as DNS port (this was the only way I
> >> could get it to work in the "latest" stable Orbot version). I tried
> >> variations of that 
> >> configuration (i.e. specify just the port number), but that didn't work
> >> either.
> > 
> > That is strange. It shouldn't ignore that. This is configured in the
> > Orbot individual settings values, or through torrc entries?
> Through the GUI settings. Can't use "DNSPort" because of "DNSPort auto"
> definitions and the fact that tor chokes on it (see below).

DNSPort is also now not specified unless you have Orbot's transproxy
enabled. This means you can override it.

> 
> > 
> >> 4. No matter what I configure in my settings, Orbot (both versions)
> >> always generates torrc file that contains "SocksPort auto", "DNSPort
> >> auto" and "TransPort 
> >> auto". Why? I know that it closes the old (auto-generated) ports and
> >> re-opens different ones (as per my custom torrc) later, but that should
> >> not be the case and 
> >> it should honour what I have specified in my configuration. 

There may have been some bugs in the last build that were causing this.
Again, it now won't set DNSPort or TransPort if you don't have
transproxy enabled, and you can manual set them in the "Torrc Custom
Config" field, or even modify the default torrc file on disk. I have
also made some changes related to using the Orbot settings properly, if
you do have transproxy enabled in the app, but that shouldn't matter for
you now.


> >> 5. There is no GeoIP database supplied with any Orbot version, which
> >> makes all GeoIP-related commands I issued in my custom torrc completely
> >> useless. I had to 
> >> copy these files from my desktop tor version in order to make this work
> >> (Orbot is supposed to "come with tor", but apparently not everything is
> >> included).
> > 
> > There is GeoIP but it only unpacks it from the APK if you specify rules
> > in Orbot settings that need it.
> It should, in my view, always unpack these files. What happens if I don't
> use any options at the point of installation, but include these in my
> custom torrc 
> file at some late point. What then?

Okay, this is now changed, as well. Since we now show an easy exit
country selector option, it is more likely these files are needed
anyhow.

> > Thanks for the very detailed notes. I will try to reproduce what you are
> > seeing.
> No worries - let me know if you need any information from me.
> 
> I have been running the old (stable) Orbot for nearly a week now without
> any issues. Pleasantly surprised how it adjusts to changing IP addresses
> when my VPN 
> connects/disconnects (by the way, I do not use the VPN which comes with
> the stock android - I use the VPN apk which comes from the guardian
> project and the 
> FDroid repo!).

Agreed that Tor's ability to deal with network changes is quite
admirable, and one of the many reasons why it makes sense on mobile
networks and devices.

Stay tuned for our next beta update.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

