Sometimes TOR not working though it is enabled

[FrankW]

Hi again!

I've found another issue with TOR client in V1.5.4.

Preconditions:
1. "TOR enabled, toggled by each host".
2. Using client with static IP and TOR enabled for this IP.

Sometimes when connecting with client, the traffic is routed directly
to the internet bypassing TOR (although TOR is enabled!)
OR in rare cases routing doesn't work at all on this client.
(Cannot connect to https://check.torproject.org BUT
some other site!).
This condition can be cured by toggling the TOR config (e.g. disable TOR or enable TOR for all hosts) and switching config back to 'toggled by each host'.

Does anyone have an idea about this?

[rsmith16384]

.

[rsmith16384]

.

[rsmith16384]

.

[Eric]

Actually, I have noticed this happening and have been investigating.

The latest code in the git repo already includes a cron job to test whether tor is running periodically, and if tor is not running and tor is set to enabled restart it if it stops. If you want to use that replace your version of /usr/sbin/update_tor_ipset with the one here: https://github.com/ericpaulbishop/gargo ... _tor_ipset

However, this is a stop-gap solution. Also, I've observed at least one case where tor is running, but seems to be nonfunctional, going into some sort of internal loop. I've ruled out the possibility that these issues are due to the Access Lab patches I've applied to the main version of Tor -- when I remove the patches and recompile I still see these issues from time to time. Also, if I expand memory with a ramdisk to more than tor can possibly use, that doesn't seem to make a difference either, so I don't think it's a memory issue. Likewise when I use a flash drive as disk space, it still occurs, which makes me think it isn't a diskspace issue either.

One thing I do notice is that tor seems most likely to die when I'm moving a lot of data (not necessarily over tor) through the router. It's possible it's hitting connection limits and that's causing problems, but I'm not convinced that's the right answer. I will continue to investigate.

It's somewhat hard to debug this since the error shows up so intermittently.

[rsmith16384]

.

[Eric]

I think I figured out what the problem is. Whenever the firewall was restarted, the proper rules were getting wiped. This means that even if tor was running, it wouldn't function properly.

The best way to address this is to swap out your current version of /etc/init.d/tor.firewall with the one here: https://github.com/ericpaulbishop/gargo ... r.firewall

I think this should fix the problem... unless there's more than one issue that can cause this...

[rsmith16384]

.

[2ks-kyle]

Hello,

Although I have use for Open VPN and hope to see that in future versions of Gargoyle, I have come to rely on Gargoyle's TOR function a lot. I really appreciate this feature in Gargoyle but I can't seem to get it working since updating my WNDR3700 v2 router to Gargoyle 1.54.

Typically I have used the toggle by IP feature and whenever I try that now I get the following Java Script message:

<192.168.1.1>
ERROR: Tor Per-IP matching disabled
Tor configuration prohibited

Sometimes TOR would not toggle in version 1.53 but all I had to do was turn it off in the router configuration, save the change and then re-enable it in the Gargoyle configuration again. I've tried that several times in 1.54 and have also rebooted the router. No luck. I can't get TOR to work when set for all IPs either.

I am not very savvy at this stuff, so any help would be greatly appreciated. Thanks!

[Eric]

Please upgrade to 1.5.5 -- several major issues with Tor were fixed in this release.