Opened 4 years ago

Closed 4 years ago

#18219 closed defect (fixed)

Many "non-tor-apps" fail connections while transparent proxying enabled in Orbot

Reported by: vanitasvitae Owned by: n8fr8
Priority: Medium Milestone:
Component: Applications/Orbot Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi
Many android apps that are not designed to work with tor frequently fail connections while transparent proxying is enabled. For example firefox and chromium often say "cannot create secure connection" or "site could not be loaded". Most times, the bug disappears after 2-3 times refreshing the page, but ofter the sites are not loaded correctly then.

Other apps cannot connect to the internet at all. (Eg. NasaPic)

Im on rooted (Superuser) CopperheadOS (hardened Android based on AOSP 6.0.1 marshmallow) on a Nexus 5.
I installed Orbot from your FDroid-repo and granted it root for transparent proxy (proxy all applications).

Do you need more information? Im not sure, whether its an Issue caused by CopperheadOS or by Orbot. I remember using Orbot on CM12 without these issues.

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by n8fr8

Can you try using the Orbot VPN feature without the root/transproxy on and see if it behaves any differently?

Instead of using Firefox or Chromium, you should try Orfox instead.

comment:2 in reply to:  1 Changed 4 years ago by vanitasvitae

Replying to n8fr8:

Can you try using the Orbot VPN feature without the root/transproxy on and see if it behaves any differently?

I used the vpn feature for two days now and it works way better than transparent proxying.
What is the recommended way? What are the differences between VPN mode and transparent proxying?

Instead of using Firefox or Chromium, you should try Orfox instead.

I already used Orfox before and it works like a charm. I use Firefox only for sites that do not work in Orfox because of scripts.

comment:3 Changed 4 years ago by n8fr8

The root / transparent proxy feature is a bit of a hack, and can work differently depending upon your device, kernel and firmware/OS version. If you want to see the recommended setup for this use, please read mikeperry's blog post here: https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy

There is also an app called Orwall which attempts to automate some of the setup from Mike's post for transproxying.

Otherwise, using apps like Orfox which are tuned for Tor, or ChatSecure, DuckDuckGo, etc which can be configured to use it easily, is the best option, followed by the Orbot VPN feature.

The main downside of the VPN is that we are relying on Google more for how the tunneling works, etc. We aren't directly controlling the iptables network rules. This means, while fine for proxying, getting around filters, reducing traffic surveillance overall, it is not fully in our control. We interact with it via an Android API, and not lower level rules. Still for people without root, it is the best option for a "send my whole device through Tor". Also the VPN doesn't currently support accessing .onion sites and services, but again if you are want to do that, you should use a Tor-aware app.

comment:4 Changed 4 years ago by cypherpunks

Looks like this can be closed?

comment:5 Changed 4 years ago by n8fr8

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.