Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Orbot ignores Isolate destination addresses #708

Closed
ghost opened this issue Jul 7, 2022 · 7 comments · Fixed by #715
Closed

Orbot ignores Isolate destination addresses #708

ghost opened this issue Jul 7, 2022 · 7 comments · Fixed by #715

Comments

@ghost
Copy link

ghost commented Jul 7, 2022

Software & Hardware

  • Device: Google Pixel 4a
  • Operating System: GrapheneOS (SQ3A.220705.003.A1.2022070600)
  • Orbot version: 16.6.2-RC-1-tor.0.4.7.8 (arm64-v8 release from GitHub)

Steps To Reproduce

  • Enable Isolate destination addresses in Orbot.
  • Turn on VPN Mode (with Always-on VPN and Block connections without VPN) or use 127.0.0.1:9050 as a proxy. The bug is reproductible in both cases.
  • Visit at least two websites that show IP address e.g. browserleaks and ifconfig.
  • Verify that IP address in all cases is the same.

Additional Informations

I checked that this issue is reproductible in Privacy Browser 3.10.1, Bromite 102.0.5005.96 and Vanadium 103.0.5060.71. Another user confirmed that issue is reproductible on DivestOS ROM (Android 11).

@pgerber
Copy link
Contributor

pgerber commented Jul 7, 2022

Reporting this was on my todo list as well. I looked at it a while back and it looked like the isolation was enabled on socks:

SocksPort 9050 IsolateDestAddr …

but it's missing for transparently proxied connections. It should be enabled there too:

TransPort 9040 IsolateDestAddr …

@pgerber
Copy link
Contributor

pgerber commented Jul 7, 2022

or use 127.0.0.1:9050 as a proxy

I thought this worked but oddly enough I can reproduce the issue on SOCKS too.

@ghost
Copy link
Author

ghost commented Jul 8, 2022

or use 127.0.0.1:9050 as a proxy

I thought this worked but oddly enough I can reproduce the issue on SOCKS too.

@pgerber I assume that even though the flags are added to the string somewhere in the code, they are not passed to the Tor client and thus it uses the defaults. I feel like Orbot is ignoring the settings for some reason, see #709 for more details.

@bitmold
Copy link
Collaborator

bitmold commented Jul 13, 2022

@pgerber You're right, adding TransPort 9040 IsolateDestAddr for TransPort will fix this issue. As others have said in #709 the SOCKSPort settings in torrc are ignored because TorService starts tor with the --SOCKSPort command line arg. I'm working on a fix for this now ...

Thanks everyone for reporting here

bitmold added a commit that referenced this issue Jul 13, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
@ghost
Copy link
Author

ghost commented Jul 16, 2022

@bitmold just letting you know that I'm still able to reproduce this issue, both in VPN mode and when using Orbot as a proxy. After updating to newest release I cleared storage to make sure that Orbot starts from fresh state.

@bitmold
Copy link
Collaborator

bitmold commented Jul 16, 2022

Yes this issue wasn't fixed in the latest release. There needs to be a new release of Tor android and a new orbot release that's still in progress to fix this

@ghost
Copy link
Author

ghost commented Jul 16, 2022

Yes this issue wasn't fixed in the latest release. There needs to be a new release of Tor android and a new orbot release that's still in progress to fix this

I thought that "add IsolateDestAddr to TransPort in torrc" (from changelog) was supposed to fix the issue, my bad.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants