3dzms
April 10, 2024, 10:55pm
1
Hi
Have configured a WebTunnel instance on OpenBSD 7.5 as per guide - Tor Project | WebTunnel Bridge (tor version 0.4.8.10)
On trying to connect to the webtunnel as a test tor browser (both desktop [v13.0.13] and android [v13.0.12]) gets an error:
[WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with x.x.x.x:443 ID=<none> RSA_ID=aaaaaaaaa ("general SOCKS server failure")
The webtunnel instance starts without error:
Tor[19669]: Registered server transport 'webtunnel' at '[2001:db8:6573:96ba:5fc4:7757:f425:d7dd]:443'
and is listening on port 15000:
tcp 0 0 127.0.0.1.15000 *.* LISTEN
Contents of torrc:
RunAsDaemon 1
BridgeRelay 1
ORPort 127.0.0.1:auto
AssumeReachable 1
ServerTransportPlugin webtunnel exec /usr/local/bin/webtunnel
ServerTransportListenAddr webtunnel 127.0.0.1:15000
ServerTransportOptions webtunnel url=https://example.com/xxxxxx
ExtORPort auto
ContactInfo xxxxxx
Nickname xxxxx
SocksPort 0
Log notice syslog
nginx error log (enabled for test) shows:
[error] 71247#0: *125 upstream prematurely closed connection while reading response header from upstream, client: x.x.x.x, server: a.a.a, request: "GET /xxxxx HTTP/2.0", upstream: "http://127.0.0.1:15000/xxxxx", host: "example.com"
I’d appreciate any feedback or ideas
TIA
3dzms
April 10, 2024, 11:32pm
2
Just noticed that bridges.torproject.org reports as dysfunctional
webtunnel: dysfunctional
Error: timed out waiting for bridge descriptor
Last tested: 2024-04-10 23:14:50.275597505 +0000 UTC (3m54.439758802s ago)
gus
April 11, 2024, 1:57am
3
Hi, are you compiling WebTunnel from the source, right?
Could you check your system logs if OpenBSD is stopping the webtunnel binary execution or something related to user and permission?
3dzms
April 11, 2024, 2:37am
4
Yes compiled from source (no errors).
/var/log/daemon shows webtunnel being started without error
328-Apr 11 04:30:52 www5 Tor[57740]: connection_handle_listener_read: New metrics connection opened from 127.0.0.1.
329:Apr 11 04:30:52 www5 Tor[57740]: handle_proxy_line: Got a line from managed proxy '/usr/local/bin/webtunnel': (VERSION 1)
330:Apr 11 04:30:52 www5 Tor[57740]: Managed proxy "/usr/local/bin/webtunnel" changed state: Launched -> Accepting methods
331:Apr 11 04:30:52 www5 Tor[57740]: handle_proxy_line: Got a line from managed proxy '/usr/local/bin/webtunnel': (SMETHOD webtunnel [2001:db8:6573:96ba:5fc4:7757:f425:d7dd]:443 ARGS:url=https://example.com/xxxxxxxxxx,ver=0.0.1)
332:Apr 11 04:30:52 www5 Tor[57740]: parse_method_line_helper: Server transport webtunnel at [2001:db8:6573:96ba:5fc4:7757:f425:d7dd]:443.
333:Apr 11 04:30:52 www5 Tor[57740]: handle_proxy_line: Got a line from managed proxy '/usr/local/bin/webtunnel': (SMETHODS DONE)
334:Apr 11 04:30:52 www5 Tor[57740]: handle_methods_done: Server managed proxy '/usr/local/bin/webtunnel' configuration completed!
335:Apr 11 04:30:52 www5 Tor[57740]: Managed proxy "/usr/local/bin/webtunnel" changed state: Accepting methods -> Configured
336-Apr 11 04:30:52 www5 Tor[57740]: save_transport_to_state: Transport seems to have spawned on its usual address:port.
337:Apr 11 04:30:52 www5 Tor[57740]: Registered server transport 'webtunnel' at '[2001:db8:6573:96ba:5fc4:7757:f425:d7dd]:443'
338:Apr 11 04:30:52 www5 Tor[57740]: Managed proxy "/usr/local/bin/webtunnel" changed state: Configured -> Completed
339-Apr 11 04:30:52 www5 Tor[57740]: metrics_connection_reached_eof: Metrics connection reached EOF. Closing.
and there is a process listening on 127.0.0.1:15000
netstat -an | grep 15000
tcp 0 0 127.0.0.1.15000 *.* LISTEN
webtunnel running
$ ps -xlAU _tor
UID PID PPID CPU PRI NI VSZ RSS WCHAN STAT TT TIME COMMAND
566 57740 1 0 2 0 114328 188320 kqread S ?? 0:11.40 /usr/local/bin/tor
566 339 57740 3 10 0 44428 3584 thrslee I ?? 0:00.00 /usr/local/bin/webtunnel
3dzms
April 11, 2024, 9:11am
5
RESOLVED: Config error in nginx.
Using Lets Encrypt as CA and acme.sh to issue. Specified ssl_certificate in Nginx as ca.cer needed to set ssl_certificate to fullchain.cer
Noticed following error in Nginx error log
[info] 30142#0: *154 SSL_do_handshake() failed (SSL: error:1403F412:SSL routines:ACCEPT_SR_FINISHED:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: x.x.x.x, server: 0.0.0.0:443
Used curl to connect. Curl wasn’ t able to verify the server certificate unless I specified the --ca-cert as fullchain.cer (rather than ca.cer).
2 Likes
system
Closed
April 12, 2024, 9:11am
6
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.