Re: Using AirVPN over TOR

[rokyn 0]

hello,

i tried several times to connect airvpn over tor but it never worked.

i am using a mac with tunnelbrick. Firstly i followed the instructions, downloaded an openvpn config file from the "access w/o our client" page, choose lyra as a server, socks proxy, 127.0.0.1 and port 9050.

i tried this config with tunnelbrick (after starting tor browser, vidalia+firefox) but connection was always refused. I then noticed that tor browser always assign a random port to the socks proxy connection (e.g., 49166,49607,...), so i modified the openvpn config file (air.ovpn) with the same port numer tor-firefox was using instead of 9050 (i have to do this manually everytime as the port always changes, not a big problem if it actually worked).

In this way i managed to connect to airvpn over tor by tunnelbrick. Problem is, with this configuration it looks like i can get outbound traffic but there is no sign of inbound traffic (browser was sending requests to dns servers etc but didn't receive any answer), so that i can't connect to any site. Furthermore, connection is unstable and in a few minutes tunnelbrick stops and i have to connect again.

Can someone help?

thanks

[Staff 9972]

@rokyn

Hello!

Can you please send us the Tunnelblick connection logs?

Kind regards

[rokyn 0]

hello,

i tried again: opened tor browser, checked what port it used for socks proxy, wrote it in air.opvn (49160), connected to airvpn with tunnelblick. As before, connection succeeded but could not receive anything. After 2 mins, it disconnected.

here's the full log:

2012-04-15 16:36:51 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.2.3 (build 2891.2932) Unsigned

2012-04-15 16:37:01 *Tunnelblick: Attempting connection with airTorLyra/air; Set nameserver = 1; monitoring connection

2012-04-15 16:37:01 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start airTorLyra/air.ovpn 1337 1 0 0 0 49 -atDASNGWrdasngw

2012-04-15 16:37:01 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/xxxx/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1337 --config /Users/xxxx/Library/Application Support/Tunnelblick/Configurations/airTorLyra/air.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sxxxx-SLibrary-SApplication Support-STunnelblick-SConfigurations-SairTorLyra-Sair.ovpn.1_0_0_0_49.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart

2012-04-15 16:37:02 *Tunnelblick: openvpnstart message: Loading tun.kext

2012-04-15 16:37:02 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [sSL] [LZO2] [PKCS11] [eurephia] built on Jan 8 2012

2012-04-15 16:37:02 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337

2012-04-15 16:37:02 Need hold release from management interface, waiting...

2012-04-15 16:37:02 MANAGEMENT: Client connected from 127.0.0.1:1337

2012-04-15 16:37:02 MANAGEMENT: CMD 'pid'

2012-04-15 16:37:02 MANAGEMENT: CMD 'state on'

2012-04-15 16:37:02 MANAGEMENT: CMD 'state'

2012-04-15 16:37:02 MANAGEMENT: CMD 'hold release'

2012-04-15 16:37:02 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2012-04-15 16:37:02 *Tunnelblick: Established communication with OpenVPN

2012-04-15 16:37:02 WARNING: file 'user.key' is group or others accessible

2012-04-15 16:37:02 LZO compression initialized

2012-04-15 16:37:02 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]

2012-04-15 16:37:02 Socket Buffers: R=[262140->65536] S=[131070->65536]

2012-04-15 16:37:02 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]

2012-04-15 16:37:02 Local Options hash (VER=V4): '958c5492'

2012-04-15 16:37:02 Expected Remote Options hash (VER=V4): '79ef4284'

2012-04-15 16:37:02 Attempting to establish TCP connection with 127.0.0.1:49160 [nonblock]

2012-04-15 16:37:02 MANAGEMENT: >STATE:1334500622,TCP_CONNECT,,,

2012-04-15 16:37:03 TCP connection established with 127.0.0.1:49160

2012-04-15 16:37:04 TCPv4_CLIENT link local: [undef]

2012-04-15 16:37:04 TCPv4_CLIENT link remote: 127.0.0.1:49160

2012-04-15 16:37:04 MANAGEMENT: >STATE:1334500624,WAIT,,,

2012-04-15 16:37:04 MANAGEMENT: >STATE:1334500624,AUTH,,,

2012-04-15 16:37:04 TLS: Initial packet from 127.0.0.1:49160, sid=5fbc6243 7115a50f

2012-04-15 16:37:09 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

2012-04-15 16:37:09 VERIFY OK: nsCertType=SERVER

2012-04-15 16:37:09 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

2012-04-15 16:37:21 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2012-04-15 16:37:21 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2012-04-15 16:37:21 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2012-04-15 16:37:21 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2012-04-15 16:37:21 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

2012-04-15 16:37:21 [server] Peer Connection Initiated with 127.0.0.1:49160

2012-04-15 16:37:22 MANAGEMENT: >STATE:1334500642,GET_CONFIG,,,

2012-04-15 16:37:23 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2012-04-15 16:37:24 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.5.0.1,comp-lzo no,route 10.5.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.5.2.110 10.5.2.109'

2012-04-15 16:37:24 OPTIONS IMPORT: timers and/or timeouts modified

2012-04-15 16:37:24 OPTIONS IMPORT: LZO parms modified

2012-04-15 16:37:24 OPTIONS IMPORT: --ifconfig/up options modified

2012-04-15 16:37:24 OPTIONS IMPORT: route options modified

2012-04-15 16:37:24 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2012-04-15 16:37:24 ROUTE default_gateway=192.168.1.1

2012-04-15 16:37:24 TUN/TAP device /dev/tun0 opened

2012-04-15 16:37:24 MANAGEMENT: >STATE:1334500644,ASSIGN_IP,,10.5.2.110,

2012-04-15 16:37:24 /sbin/ifconfig tun0 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2012-04-15 16:37:24 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2012-04-15 16:37:24 /sbin/ifconfig tun0 10.5.2.110 10.5.2.109 mtu 1500 netmask 255.255.255.255 up

2012-04-15 16:37:24 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw tun0 1500 1560 10.5.2.110 10.5.2.109 init

No such key

2012-04-15 16:37:26 *Tunnelblick client.up.tunnelblick.sh: Retrieved name server(s) [ 10.5.0.1 ] and WINS server(s) [ ] and using default domain name [ openvpn ]

2012-04-15 16:37:26 *Tunnelblick client.up.tunnelblick.sh: Up to two 'No such key' warnings are normal and may be ignored

2012-04-15 16:37:26 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and WINS configurations for later use

2012-04-15 16:37:27 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor system configuration with process-network-changes

2012-04-15 16:37:27 /sbin/route add -net 127.0.0.1 192.168.1.1 255.255.255.255

add net 127.0.0.1: gateway 192.168.1.1

2012-04-15 16:37:27 /sbin/route add -net 0.0.0.0 10.5.2.109 128.0.0.0

add net 0.0.0.0: gateway 10.5.2.109

2012-04-15 16:37:27 /sbin/route add -net 128.0.0.0 10.5.2.109 128.0.0.0

add net 128.0.0.0: gateway 10.5.2.109

2012-04-15 16:37:27 MANAGEMENT: >STATE:1334500647,ADD_ROUTES,,,

2012-04-15 16:37:27 /sbin/route add -net 10.5.0.1 10.5.2.109 255.255.255.255

2012-04-15 16:37:27 *Tunnelblick: Flushed the DNS cache

add net 10.5.0.1: gateway 10.5.2.109

2012-04-15 16:37:27 Initialization Sequence Completed

2012-04-15 16:37:27 MANAGEMENT: >STATE:1334500647,CONNECTED,SUCCESS,10.5.2.110,127.0.0.1

2012-04-15 16:39:27 [server] Inactivity timeout (--ping-restart), restarting

2012-04-15 16:39:27 TCP/UDP: Closing socket

2012-04-15 16:39:27 /sbin/route delete -net 10.5.0.1 10.5.2.109 255.255.255.255

delete net 10.5.0.1: gateway 10.5.2.109

2012-04-15 16:39:27 /sbin/route delete -net 127.0.0.1 192.168.1.1 255.255.255.255

delete net 127.0.0.1: gateway 192.168.1.1

2012-04-15 16:39:27 /sbin/route delete -net 0.0.0.0 10.5.2.109 128.0.0.0

delete net 0.0.0.0: gateway 10.5.2.109

2012-04-15 16:39:27 /sbin/route delete -net 128.0.0.0 10.5.2.109 128.0.0.0

delete net 128.0.0.0: gateway 10.5.2.109

2012-04-15 16:39:27 Closing TUN/TAP interface

2012-04-15 16:39:27 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw tun0 1500 1560 10.5.2.110 10.5.2.109 init

2012-04-15 16:39:27 *Tunnelblick client.down.tunnelblick.sh: Cancelled monitoring of system configuration changes

2012-04-15 16:39:27 *Tunnelblick client.down.tunnelblick.sh: Restored the DNS and WINS configurations

2012-04-15 16:39:27 SIGUSR1[soft,ping-restart] received, process restarting

2012-04-15 16:39:27 MANAGEMENT: >STATE:1334500767,RECONNECTING,ping-restart,,

2012-04-15 16:39:27 MANAGEMENT: CMD 'hold release'

2012-04-15 16:39:27 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2012-04-15 16:39:27 WARNING: file 'user.key' is group or others accessible

2012-04-15 16:39:27 LZO compression initialized

2012-04-15 16:39:27 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]

2012-04-15 16:39:27 Socket Buffers: R=[262140->65536] S=[131070->65536]

2012-04-15 16:39:27 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]

2012-04-15 16:39:27 Local Options hash (VER=V4): '958c5492'

2012-04-15 16:39:27 Expected Remote Options hash (VER=V4): '79ef4284'

2012-04-15 16:39:27 Attempting to establish TCP connection with 127.0.0.1:49160 [nonblock]

2012-04-15 16:39:27 MANAGEMENT: >STATE:1334500767,TCP_CONNECT,,,

2012-04-15 16:39:28 TCP connection established with 127.0.0.1:49160

2012-04-15 16:39:33 recv_socks_reply: TCP port read timeout expired: Operation now in progress (errno=36)

2012-04-15 16:39:33 TCP/UDP: Closing socket

2012-04-15 16:39:33 SIGTERM[soft,init_instance] received, process exiting

2012-04-15 16:39:33 MANAGEMENT: >STATE:1334500773,EXITING,init_instance,,

2012-04-15 16:39:33 *Tunnelblick: Flushed the DNS cache

btw, i don't understand much about it, but what happens at port 1337? The number seems suspect, is this normal in airvpn or tunnelblick? Also, if by reading the logs you find anything that can be improved regarding the security of my configuration, please tell me.

PS

i tried to connect to airvpn over tor with windows following standard procedure and it worked with no problems (tor browser on my windows system always connects to port 9050).

Thanks again

[Staff 9972]

@rokyn

Hello!

Port 1337 is used by Tunnelblick, it's ok.

From the logs, there's a hint that could point to a known Tunneblick issue:

If "Monitor connection" is checked, Tunnelblick monitors the network interface that connects to the VPN and will restart the connection if changes to DNS or WINS are detected. With some network configurations this causes repeated disconnects/reconnects every few seconds. To avoid this, uncheck "Monitor connection" for the problematic configuration on the "VPN Details…" window. Please post your complete log (showing the problem with "Monitor connection" checked) to the Tunnelblick Discussion Group so we can fix this problem. (Be sure to cross out any sensitive information such as server IP addresses before you post your log.)

See also http://code.google.com/p/tunnelblick/wiki/cKnown

Try to disable connection monitoring. If this does not solve the problem, first of all try to connect with Viscosity, in order to determine whether the problem lies in Tunnelblick or not:

http://www.thesparklabs.com/viscosity/

It's closed source. They offer 1 free month evaluation period.

We're looking forward to hearing from you.

Kind regards

[rokyn 0]

hello,

i tried tunnelblick with connection monitoring disabled, same response as before. I also tried with viscosity and it gave me the same result, it connected, but then i could not reach any site as the connection doesn't seem able to receive any traffic, only send. I have little snitch installed, i tried with network filter off but nothing changed (little snitch never gave me any problem connecting directly to airvpn w/o tor anyway, but i did not know what else to try). By the way, after connecting by tunnelblick to airvpn via tor, little snitch monitor shows only connections named "Vidalia via tor"and "mDNSResponder" and only the red column lights up, never the green one (that's why i wrote there is no inbound traffic).

Maybe the problem lies in my mac but i don't know what the problem could be. If i use tor browser by itself it works with no problems, the same goes for airvpn of course. But as i wrote, if i try to connect to airvpn over tor it establish the connection, but then it doesn't receive any traffic.

Any idea? Is there anyone using a macbook pro that is able to connect to airvpn over tor?

thanks

[slackerofthemind 0]

I have exactly the same issue running OS X 10.6.8.

(1) If I start TOR, then connect AirVPN, the Firefox Aurora browser times out.

(2) If I start AirVPN, then start TOR, the Aurora browser displays the following error:

"The proxy server is refusing connections

Firefox is configured to use a proxy server that is refusing connections."

AirVPN + TOR don't work together either way.