Tor Socks4a handshake error?
Jon McLachlan
mcla0181 at umn.edu
Thu Oct 16 23:30:54 UTC 2008
Many thanks for the very prompt and very helpful feedback! :)
~Jon
Roger Dingledine wrote:
> On Thu, Oct 16, 2008 at 06:03:13PM -0500, Jon McLachlan wrote:
>
>> I'm developing on top of Tor through it's API. I am running Tor as an
>> OP, and I am continuously being rejected by the socks port during the
>> handshake, returning the SOCKS4a error code 91 (or 0x5b = [generic]
>> request rejected or failed). The reject occurs after an attempt to
>> connect through a single hop tunnel in planetlab, in which the remote
>> node is a an exit OR servicing the requested address/port. I am
>> referencing the address in the request with an unresolved domain name
>> (not an IP). Further, the circuit was extended using the API
>> successfully (circuit status = built or extended, does not seem to matter).
>>
>> Now comes the strange part: When I make the OP and OR (by giving it an
>> ORPort), it works. Any thoughts?
>>
>
> Check the Tor logs for why your stream was refused. In this case it
> sounds like the Tor relay you build the stream through doesn't want to
> allow clients to build one-hop circuits: see also
> https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#VariablePathLength
>
> The simplest way to fix it is to upgrade your relay to 0.2.1.6-alpha
> and set
> AllowSingleHopCircuits 1
> AllowSingleHopExits 1
> in its torrc.
>
> More complex ways involve hacking your relay's code to permit it. Or
> using two hops like you're supposed to. :)
>
>
>> PS - using the tor binary, 0.2.0.15-alpha
>>
>
> Ok. You may be interested to know that there are known security and
> performance flaws with that version -- especially when trying to connect
> to the public Tor network.
>
> --Roger
>
>
>
More information about the tor-talk
mailing list