[Whonix-devel] #21436 [Obfuscation/FTE]: fteproxy does not work on Debian stretch / document fteproxy usage on Debian stretch
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 11 06:51:12 CET 2017
#21436: fteproxy does not work on Debian stretch / document fteproxy usage on
Debian stretch
---------------------------------+--------------------
Reporter: adrelanos | Owner: kpdyer
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/FTE | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
---------------------------------+--------------------
Using fteproxy on Debian stretch isn't straight easy. So far no luck.
From {{{/lib/systemd/system/tor at default.service}}}, the AppArmor profile
gets into the way.
{{{
AppArmorProfile=system_tor
}}}
Also the other systemd hardening results in.
> {{{Could not launch managed proxy executable at '/usr/bin/fteproxy'
('Permission denied').}}}
{{{
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
ReadWriteDirectories=-/var/run
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
CAP_DAC_OVERRIDE
}}}
Even with all of that disabled, Tor does not successfully bootstrap.
{{{
Feb 11 06:26:01.000 [notice] Bootstrapped 5%: Connecting to directory
server
Feb 11 06:26:01.000 [notice] Bootstrapped 10%: Finishing handshake with
directory server
Feb 11 06:26:01.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing
handshake with directory server. (DONE; DONE; count 6; recommendation
warn; host redacted at IP:PORT)
Feb 11 06:26:01.000 [warn] 6 connections have failed:
}}}
I guess my torrc config is fine. Copied that part over from TBB to system
Tor /etc/tor/torrc.
{{{
UseBridges 1
ClientTransportPlugin fte exec /usr/bin/fteproxy --managed
Bridge fte IP:PORT redacted
}}}
Any hints what I am doing wrong? (Not in a censored area. TBB without
bridges as well as fteproxy works for me. Debian stretch system Tor with
Debian fteproxy packages does not work for me.)
I am asking for Whonix integration purposes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21436>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the Whonix-devel
mailing list