[tor-bugs] #19487 [Obfuscation/meek]: Meek and ReachableAddresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 23 00:22:08 UTC 2016
#19487: Meek and ReachableAddresses
----------------------------------+-----------------
Reporter: cypherpunks | Owner: dcf
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/meek | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
----------------------------------+-----------------
This came to my attention through an old StackExchange ticket that the
Community accound had bumped: http://tor.stackexchange.com/q/9500
The user appears to have setup some combination of
`ReachableAddresses`,`FirewallPorts`, and `FascistFirewall`. While the
ports they can reach might be set correctly, when using `meek` `tor` sees
the destination address as a fake destination. You end up with a log that
looks like this:
{{{
NOTICE: Bridge at '0.0.2.0:1' isn't reachable by our firewall policy.
Skipping.
}}}
This happens because they haven't defined `0.0.2.0:1` as being a reachable
address, while in reality it's using (most likely) port 443 on some CDN,
which might actually be defined reachable.
Maybe not a common issue but an interesting edge case that may be
clarified, avoided, or documented somewhere.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19487>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list