tor Config specifics

[ubbabeck]

Hi,

I were recommend by n8fr8 to open an issue with some of my questions regarding the usage of this the tor framework.

We are currently try to add the this framework to our app and have som questions as we are struggling with getting outbound connections.

I have had a look at both the example implementation and the onion browser implementation. But are still having some issues with connections.

1. What are the network requirements from apple that need to be enabled in order to enable and run tor on iOS?

When trying to use the HTTPTunnelPort which I set to 0 the app freezes and the tor thread gives an error.
When not using HTTPTunnelPort tor seems to be running fine, but does not establish connection to other nodes.

2. Are there any specifics that have to or cannot be in the config order to use httpProxyPort in like in the Onion browser ?

3. Do we still need to specify "VirtualAddrNetworkIPv4": "10.192.0.0/10", "VirtualAddrNetworkIPv6": "[FC00::]/7", like in the example implementation ?

Every answer short or long is much appreciated.

[tladesignz]

I have had a look at both the example implementation and the onion browser implementation. But are still having some issues with connections.

iCepa itself is outdated. It was always meant as sort-of a testbed. When I finally achieved breakthrough, I restarted under our brand "Orbot".

Newer development and refinement takes place at Orbot Apple's TorManager.

1. What are the network requirements from apple that need to be enabled in order to enable and run tor on iOS?

As long as you integrate Tor in your main app and don't do a Network Extension like iCepa/Orbot, there's no special requirements besides allowing network access.

When trying to use the HTTPTunnelPort which I set to 0 the app freezes and the tor thread gives an error. When not using HTTPTunnelPort tor seems to be running fine, but does not establish connection to other nodes.

Hm. Interesting. Never played with that. Just don't use it. This is not, what's causing you problems.

2. Are there any specifics that have to or cannot be in the config order to use httpProxyPort in like in the Onion browser ?

No idea what you're talking about, really. Onion Browser doesn't use any HTTPProxy, besides when doing Pluggable Transports. But that's controlled by other config options.

Besides, HTTPProxy is deprecated, please use HTTPSProxy instead.

Anyway, what are you using this for?

Are you aware of the process model of iOS? There's one process per app and all processing of your app is suspended after the user sends it to the background. (With very limited exceptions.) Also, all network sockets are closed.

Do you want to run another software between Tor and the Internets? If so, this has to be compiled into the app and started as a thread. (Which can lead to all sorts of havoc, if that software is written with the idea that it's alone in a process, and pollutes its process memory like crazy. Also stopping/restarting can be an issue in that case.)

3. Do we still need to specify "VirtualAddrNetworkIPv4": "10.192.0.0/10", "VirtualAddrNetworkIPv6": "[FC00::]/7", like in the example implementation ?

This is only needed if you need to use AutomapHostsOnResolve.

Every answer short or long is much appreciated.

Hope this helps! For more debugging help, please provide more info of what you're trying to achieve and provide (Tor and other) logs!

[ubbabeck]

Hi,

Thank you for your answer it has been very helpful especially with the orbot code.

What are trying to do is to start a tor thread where only certain traffic are routed through tor both http and non http traffic. So that were the reason for me asking whether on how to expose the http port.

Can use the socks port for this incase ?

I have am currently rewriting parts of the code so I do not have any logs at the moment, but will add them if or when I get stuck.

[ubbabeck]

Another follow-up question ports.

• When using the control port , how can I can retrieve the active ports ?

Is this achieved with the torController ?

[tladesignz]

What are trying to do is to start a tor thread where only certain traffic are routed through tor both http and non http traffic. So that were the reason for me asking whether on how to expose the http port.v

What do you mean by "the http port.v"? No clue, what you're talking about.

If you want a split traffic situation, you need to make sure, to handle that on your side before you put the traffic into Tor. Tor can't do that for you.

Can use the socks port for this incase ?

To direct traffic into Tor, you can use SocksPort or HTTPTunnelPort, depending on what emits the requests and to what proxy usages it can be configured.

E.g. URLSession can work with both: https://github.com/OnionBrowser/OnionBrowser/blob/2.X/Psiphon/JAHPAuthenticatingHTTPProtocol.m#L320-L368

It feels like you're pretty new to Tor and advanced networking. Please make yourself acquainted with both yourself. This is not a place for general programming support, not even general Tor support.

I know, Tor Project currently makes it hard, but you can start with reading through all the available options of the Tor binary, to get an understanding what Tor offers: https://2019.www.torproject.org/docs/tor-manual.html.en

• When using the control port , how can I can retrieve the active ports ?

You could make your life easy and fix all needed things to a specific port. That's not a huge problem on iOS typically, as you're mostly alone, since almost all apps get killed after a view seconds and their used network sockets removed.

You can also do it right and let Tor configure everything automatically.
Actually, Orbot is the prime example for how to do that:

1. Configure autoControlPort.
2. After starting the TorThread, initialize TorController with the URL to the file, where Tor stored the used port.
3. After connecting to the Tor control port successfully, ask for the needed ports. (In this case, Orbot needs the SOCKS5 and the DNS ports.)

[ubbabeck]

Thank you for clarifying my issue. This has been very helpful.