Opened 2 years ago

Closed 2 years ago

#21834 closed defect (invalid)

ExcludeExitNodes settings ignored

Reported by: JoeDiFostar Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor Browser 6.5.1/Win 7.0x64

I have the following in my torrc and the browser happily selects US nodes

DataDirectory E:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Data\Tor
GeoIPFile E:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Data\Tor\geoip
GeoIPv6File E:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6
HiddenServiceStatistics 0
ExcludeExitNodes {US},{CA}
GeoIPExcludeUnknown auto

Child Tickets

Attachments (1)

Clipboard01.jpg (13.9 KB) - added by JoeDiFostar 2 years ago.
screen capture showing exit node in canada

Download all attachments as: .zip

Change History (13)

comment:1 Changed 2 years ago by cypherpunks

Last edited 2 years ago by cypherpunks (previous) (diff)

comment:2 Changed 2 years ago by cypherpunks

Resolution: worksforme
Status: newclosed

comment:3 Changed 2 years ago by JoeDiFostar

Resolution: worksforme
Status: closedreopened

Changed my torrc

ExcludeExitNodes {US},{CA}
GeoIPExcludeUnknown auto
StrictNodes 1

started tor browser, changed the connect path a few times and United States is still selected as exit node!

I don't care if those countries are selected as entry or middle node, I don't want them as exit.

I wasn't clear about this in my first message. My apologies for that. Being a developer myself, I know the importance of being precise in error reports. I wrongly assumed that seeing the excludeexitnodes directive in my config would have been self-explanatory as my intentions were

Last edited 2 years ago by JoeDiFostar (previous) (diff)

comment:4 Changed 2 years ago by mcs

Component: - Select a componentApplications/Tor Browser
Status: reopenedneeds_information

I am setting the component to Tor Browser for now, although if this is really happening it is probably a core tor issue.

I cannot reproduce this problem using TB 6.5.1 on OSX (I don't have access to a Windows system at the moment).

  • I assume you are editing the correct torrc file?
  • Does ExcludeNodes work correctly?
  • Can you enable tor logging (send it to a file) and see if anything interesting is logged during startup? Adding the following to your torrc should work: Log notice file E:\torlog.txt

Changed 2 years ago by JoeDiFostar

Attachment: Clipboard01.jpg added

screen capture showing exit node in canada

comment:5 Changed 2 years ago by JoeDiFostar

I assume you are editing the correct torrc file?

Well it does produce a log file per your instructions so it should be.

Does ExcludeNodes work correctly?

I don't use it.

Can you enable tor logging (send it to a file) and see if anything interesting is logged during > startup? Adding the following to your torrc should work: Log notice file E:\torlog.txt

Here we go:

Mar 30 11:03:15.000 [notice] Tor 0.2.9.10 (git-1f6c8eda0073f464) opening new log file.
Mar 30 11:03:15.072 [notice] Tor 0.2.9.10 (git-1f6c8eda0073f464) running on Windows 7 with Libevent 2.0.22-stable, OpenSSL 1.0.2k and Zlib 1.2.8.
Mar 30 11:03:15.087 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Mar 30 11:03:15.103 [notice] Read configuration file "E:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults".
Mar 30 11:03:15.103 [notice] Read configuration file "E:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Data\Tor\torrc".
Mar 30 11:03:15.150 [notice] Opening Socks listener on 127.0.0.1:9150
Mar 30 11:03:15.150 [notice] Opening Control listener on 127.0.0.1:9151
Mar 30 11:03:15.000 [notice] Parsing GEOIP IPv4 file E:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Data\Tor\geoip.
Mar 30 11:03:15.000 [notice] Parsing GEOIP IPv6 file E:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6.
Mar 30 11:03:16.000 [notice] Bootstrapped 0%: Starting
Mar 30 11:03:18.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Mar 30 11:03:18.000 [notice] New control connection opened from 127.0.0.1.
Mar 30 11:03:28.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Mar 30 11:03:28.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Mar 30 11:03:29.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Mar 30 11:03:29.000 [notice] Bootstrapped 100%: Done
Mar 30 11:03:29.000 [notice] Tor 0.2.9.10 (git-1f6c8eda0073f464) opening log file.
Mar 30 11:03:30.000 [notice] New control connection opened from 127.0.0.1.
Mar 30 11:03:38.000 [notice] New control connection opened from 127.0.0.1.
Mar 30 11:03:39.000 [notice] New control connection opened from 127.0.0.1.
Mar 30 11:12:40.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $9D6AE1BD4FDF39721CE908966E79E16F9BFCCF2F~Necto at 93.115.95.201. Retrying on a new circuit.
Mar 30 11:12:56.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $E43A346CB81DDF364B6FF68235AFADBA0E8692B8~HSLtor at 192.36.27.7. Retrying on a new circuit.
Mar 30 11:13:12.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $88487BDD980BF6E72092EE690E8C51C0AA4A538C~DigiGesTor2e1 at 176.10.104.243. Retrying on a new circuit.
Mar 30 11:13:36.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $A44AE029015BA6FE0E9B90075C55617E0CD1E22B~kramse2 at 185.129.62.63. Retrying on a new circuit.
Mar 30 11:13:52.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $A041B285B228241C3185483EEF42F0BC96D40BFB~sowinetz at 91.223.82.156. Retrying on a new circuit.
Mar 30 11:14:49.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $97FCFABC0F8EB5FB9EAC3BC35F6C2DAE9E243ADC~calliprhugenasty09 at 46.166.148.176. Retrying on a new circuit.
Mar 30 11:15:06.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $5F482A48F88D2F9922CC2CCF98B9F326019862D0~Necto3 at 93.115.95.204. Retrying on a new circuit.
Mar 30 11:15:22.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $5D5817EA15062AC623F9F60F388C649BEFE946EA~niftytexasmouse at 151.80.238.152. Retrying on a new circuit.
Mar 30 11:15:38.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $0818DAE0E2DDF795AEDEAC60B15E71901084F281~edwardsnowden1 at 109.163.234.8. Retrying on a new circuit.
Mar 30 11:15:55.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $C656B41AEFB40A141967EBF49D6E69603C9B4A11~marcuse2 at 178.20.55.18. Retrying on a new circuit.
Mar 30 11:23:04.000 [notice] Owning controller connection has closed -- exiting now.
Mar 30 11:23:04.000 [notice] Catching signal TERM, exiting cleanly.

P.S. I had several reboots before running tor browser because I was installing the Comodo Firewall and also I ran CCleaner before.

Last edited 2 years ago by JoeDiFostar (previous) (diff)

comment:6 Changed 2 years ago by JoeDiFostar

Version: Tor: unspecifiedTor: 0.2.9.10

comment:7 Changed 2 years ago by gk

Version: Tor: 0.2.9.10

This might be the same as #13051. I wonder if that is Windows specific. JoeDiFostar: Do you have the option to test your setup on a non-Windows machine and report back if there are similar issues?

comment:8 Changed 2 years ago by gk

Owner: set to tbb-team
Status: needs_informationassigned

comment:9 in reply to:  7 Changed 2 years ago by JoeDiFostar

Replying to gk:

This might be the same as #13051. I wonder if that is Windows specific. JoeDiFostar: Do you have the option to test your setup on a non-Windows machine and report back if there are similar issues?

Absolutely, will test on Debian Jessie and report.

UPDATE

Finished testing on linux and it's perfectly reproductible. Therefore it's not windows specific.

How to trigger: Click on 'New Tor Circuit for this site' and eventually it will select a forbidden one as exit.

Another point, on my win.7 machine, tor(browser)? changed

ExcludeExitNodes {US},{CA}
GeoIPExcludeUnknown auto

into

ExcludeExitNodes {US},{CA},{??}

Don't know whether it's important/intended or not. Just reporting it.

Last edited 2 years ago by JoeDiFostar (previous) (diff)

comment:10 Changed 2 years ago by mcs

Cc: mcs added
Status: assignedneeds_information

The screen capture that you attached to this ticket does not show a CA exit node. I am not an expert on all things related to hidden/onion services, but in that case the Canadian node is an interior node that is being used as part of the path to the onion service. See https://www.torproject.org/docs/faq.html.en#ChooseEntryExit, specifically the following paragraph:

Note also that not every circuit is used to deliver traffic outside of the Tor network. It is normal to see non-exit circuits (such as those used to connect to hidden services, those that do directory fetches, those used for relay reachability self-tests, and so on) that end at a non-exit node. To keep a node from being used entirely, see ExcludeNodes and StrictNodes in the manual.

Are you actually seeing US and CA nodes used as exits to the Internet? If not, then this bug is invalid.

comment:11 in reply to:  10 Changed 2 years ago by JoeDiFostar

Replying to mcs:

The screen capture that you attached to this ticket does not show a CA exit node.

Are you actually seeing US and CA nodes used as exits to the Internet? If not, then this bug is invalid.

Oh, that is very interesting. I wasn't aware of that particularity. Thanks for the clarification. Therefore, this bug is invalid.

comment:12 Changed 2 years ago by gk

Resolution: invalid
Status: needs_informationclosed
Note: See TracTickets for help on using tickets.