Cisco firewall filtering Tor?

Roger Dingledine arma at mit.edu
Sat Jun 16 05:54:01 UTC 2007


On Fri, Jun 15, 2007 at 07:07:21PM -0400, Jay Goodman Tamboli wrote:
> I've uploaded results from a 5-minute run of Tor 0.2.0.2-alpha (I've
> also tested with the current stable).
> 
> debug.log: http://tertiumquid.org/tor-logs/debug.log.gz

Something is definitely interfering with your ability to complete a
TLS handshake.

Whether that's your local firewall demanding that it MitM your SSL
connections, or your local firewall recognizing Tor's TLS signature and
killing that connection, or something else, I couldn't say.

See also Nick's post from November about this topic:
http://archives.seul.org/or/talk/Nov-2006/msg00088.html

If in fact they're running one of the rulesets from Nick's post, and
it's working, then the best plan for you is either to sit tight and
wait until we've deployed the next iteration of our protocol (it could
be many months at this rate), ...or you could help. :) See
https://tor.eff.org/svn/trunk/doc/design-paper/blocking.html#sec:network-fingerprint
and
https://tor.eff.org/svn/trunk/doc/spec/proposals/106-less-tls-constraint.txt
for details.

Btw, you seem to have set a config option of "ReachableAddresses *:443",
which means you can't contact (m)any directory servers. You may find
this to be bad after a couple of days. :) You might prefer *:80,*:443.

--Roger



More information about the tor-talk mailing list