What's new

Connection through TOR fails?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

jappish84

Regular Contributor
I just started using the TOR vpn feature in the awesome Asus wrt merlin firmware and when it works, it works good.


At the moment only one of my machines is routed through TOR and this works good for hours, or maybe close to a day or two but then the machine seems to fail connecting to the Internet, no connections are getting out or in.


The one fix I found working is to deactivate TOR and re-enable it.

I'm running 378.55 on rt-ac56u

Is this a known issue?
 
Ok, so I've done a little more testing and what I wrote earlier about connections not getting through can't be right since I can ping 8.8.8.8.


curl http://ipecho.net/plain;echo replies with: can't resolve host.

Ping www.google.com results in unknown host error.

As mentioned before, restarting TOR service fixes all of this.





Skickat från min LG-D802 via Tapatalk
 
Jappish 84,
I have just started using the TOR VPN feature on a RT-AC68 with HGGomes 378.55_3 FW. I observed a significant slow down in loading pages when doing web searches. I think this is normal.

If I try to do downloads of media, or do teleconferences through Skype, I do not get any connection using the TOR VPN. When I try to connect to certain e-mail accounts (Microsoft Outlook), Outlook refuses to connect. Gmail accounts do not seem to have that problem. All the Microsoft programs do not seem to like TOR VPN.

When I do the ping test to google that jappish84 suggested, I get normal ping response times and no dropped packets.

I do not have experience with OpenVPN but I have tried PPTP/L2PT VPN. I have not seen the same non-connection problems with PPTP that I saw with the TOR VPN. I think the difference may be the proxy server location used by PPTP vs the TOR VPN.
Ok, so I've done a little more testing and what I wrote earlier about connections not getting through can't be right since I can ping 8.8.8.8.


curl http://ipecho.net/plain;echo replies with: can't resolve host.

Ping www.google.com results in unknown host error.

As mentioned before, restarting TOR service fixes all of this.





Skickat från min LG-D802 via Tapatalk

I did not find that restarting the TOR VPN made any difference in terms of connections.

This is just more information. Hopefully, someone like RMerlin, or John9527 can help to make this VPN work better.
 
Tor support is experimental, and unlikely to get any further work done on it. The only reason it's there is because the code was already present in Asuswrt, and it didn't take too much work to finalize and make it work.

People more expert in Tor have already mentionned that having Tor implemented at a router's level isn't a good idea, because of the false sense of anonymity it might provide - browsers or torrent clients will still leak personal identification through the Tor network. Ideally, Tor support has to be embedded directly in the application itself.
 
That's too bad :(

I think I kinda figured that the connection wouldn't really be anonymous and still somehow ignored it. If that isn't false sense of security, I don't know what is ;)


Thanks for the reply though, keep up the good work

Skickat från min LG-D802 via Tapatalk
 
Tor support is experimental, and unlikely to get any further work done on it. The only reason it's there is because the code was already present in Asuswrt, and it didn't take too much work to finalize and make it work.

People more expert in Tor have already mentionned that having Tor implemented at a router's level isn't a good idea, because of the false sense of anonymity it might provide - browsers or torrent clients will still leak personal identification through the Tor network. Ideally, Tor support has to be embedded directly in the application itself.
It was an interesting feature that I had never seen before since I use John's fork which doesn't have this implemented.

I appreciate you putting it in just to try out. PPTP & L2PT also have security issues from my research. Even OpenVPN isn't secure if the proxy servers are being monitored by someone. The Chinese Government thoroughly monitors all traffic going through the proxy servers in their country so none of them are secure. I have no doubt that the USA NSA has monitoring in all the proxy servers worldwide that are accessible by most people who do not spend the time to seek out chancy proxy servers on the dark net. I'm "just checking" things out and if I can implement something easily that does a casual mask or helps prevent casual interception of internet traffic from non-governmental organizations and regular hacker criminals, it is still "Better than Nothing".

If it can be made to work a little better, I think it is a worthwhile feature to install. You still incorporate PPTP and L2PT VPN's in the firmware. This just gives people another option. RMerlin, thanks for the work on this.
 
If it can be made to work a little better, I think it is a worthwhile feature to install. You still incorporate PPTP and L2PT VPN's in the firmware. This just gives people another option. RMerlin, thanks for the work on this.

Both of these are entirely Asus's work, and is also present in the stock firmware.
 
Tor support is experimental, and unlikely to get any further work done on it. The only reason it's there is because the code was already present in Asuswrt, and it didn't take too much work to finalize and make it work.

People more expert in Tor have already mentionned that having Tor implemented at a router's level isn't a good idea, because of the false sense of anonymity it might provide - browsers or torrent clients will still leak personal identification through the Tor network. Ideally, Tor support has to be embedded directly in the application itself.

I started doing a little research on TOR in the router since you mentioned it. There isn't a lot out there, thankfully. It seems that you provided a feature that people were asking about for years. Congratulations!

If I can summarize what I believe the arguments for and against TOR in the router (and in general) are, I'd appreciate your feedback on this.

TOR Pros:
1. It is free.
2. The more people who use TOR, and, more importantly host a TOR server, there are, the more anonymous each individual using the service is.
3. It is very good at allowing people to mask their IP location within certain limits. It is not perfect.
4. It isn't that slow for speed with normal web browsing and communications.
5. I did some testing with speedtest.net which indicated that I was not seeing a upload or download rate hit from using the TOR implementation. This may not be really true according to articles on the TOR website which indicate that you can't use that bench-marking tool to determine real world performance.
TOR Cons:
1. The bandwidth through the TOR network is limited by the TOR server hosts bandwidth. That can be inconsistent. There are only approximately 4000 volunteer TOR host servers which can be saturated.
2. There are a lot of people who want to do Torrent downloading through the TOR network which reduces bandwidth for people who are deemed to be more "worthy" of using the bandwidth like rebels, political activists, NGO's, journalists, etc.. (This is a satirical commentary - I do not view journalists, NGO's, or political activists as being any more "worthy" than other people)
3. People are hesitant about being a TOR host because some countries have prosecuted the TOR host for illegal acts committed by a TOR user. This is restricting the size and growth of the TOR Host network and hence the bandwith growth available.
TOR is and always will be TCP only. UDP and ICMP traffic get dropped.
4. As ASAT stated, TOR uses TCP which hinders or prevents certain traffic types from going through the TOR network.
5. Because TOR uses TCP, users who want to transfer bittorrent files unmask their real IP address and that can cause other security issues if they send other traffic with the torrent files because those other files have an unmasked IP address. The user may not know this. If you are not transferring torrent files, chances are that you are not unmasking your real IP.
6. Because the TOR Host servers are finite and known, Governments, and ISP's can track traffic going and coming from the TOR Host Server network and derive user identities from traffic patterns. They can even penetrate the Tor Host Servers to intercept the traffic and monitor everything that is not encrypted.

My response to this is to question how other proxy server providers are any different than the TOR network in terms of the security flaws? The most popular proxy server provider (according to Tom's Hardware Guide users) is PIA which only has 40 proxy servers. Hide My butt touts 1000's of proxy servers, but not 4000 of them. Why is it any harder for the Chinese, USA, USSR, or any other government with the resources to monitor and penetrate those proxy server networks? I contend it is even easier because the number of proxy server in those "for profit" companies is fewer. Maybe their security is better - maybe. I doubt it. They have to do business and make money. Hence they are subject to government pressures to comply. The Chinese government has complete access to every proxy server network in their country (according to a New York Times article). In the USA, the NSA, and other Government agencies, has direct access to all traffic through all ISP's (according to a documentary that I saw on the subject). They have direct monitoring of all the cable trunks into and leaving the USA which gives them direct access to all international traffic. They probably have direct monitoring of USA based proxy server companies and have agreements with most other countries to monitor those proxy servers outside the USA. (I don't know this for a fact but some of the documents disclosed by Snowden would indicate that). No one in the USA is anonymous from the government regarding, phone, cellular, internet, VOIP, or even plain old letter communications.

I agree that, if you do not encrypt your traffic, TOR is vulnerable to interception by organizations with the resources or talented individuals with the desire to do so. I believe it is the same with TOR, PPTP, L2PT, or Open VPN. If I remember correctly, the lack of powerful encryption was the argument about the vulnerability of PPTP and L2PT. I am not an expert in this field so I will gladly accept clarification on this from someone who has more knowledge about it than I.

My conclusion from my research was that the TOR network was no more vulnerable to interception than any other of these proxy server services. What makes a VPN, a PN is the encryption level that is used for both sides of the traffic flow. OpenVPN supposedly incorporates a high level encryption key in the process of starting it up (I have tried a few times and can never get OpenVPN to work for me). If you are just trying to mask your traffic patterns of internet searches for whatever reason (I personally do not want anyone to monitor my habits with the intent of selling that information to anyone who wants to market things to me), you are not going to be sending and receiving the information with encryption. Again, I am a neophyte about this and if there is a way to implement it fairly easily, please let me know.

My research did explain why I can't do teleconferencing through Skype for business. The information stream is already encrypted and in a VPN so the TOR network rejects it. Similarly, MS Outlook does not like any type of proxy server and rejects all attempts to connect to a user account through a proxy server. Craigslist.org also rejects any attempts to access an account through a proxy server (probably in attempt to prevent illegal acts and items from being transacted on their site). Interestingly, none of the banks (4 major USA banks) I tried, had any problems with accessing accounts and making transactions through a proxy server.

In conclusion, I still like the Tor implementation on the router. No it isn't perfect but it is "Better than Nothing". As with most things, an informed use of the TOR service with knowledge what it can and cannot do allows the user to make an informed decision. I understand that some people will not be happy with having to go into the router FW to turn the TOR feature on and off. It isn't very convenient in that respect. I solve that problem by having two separate routers on separate networks. One has the TOR feature enabled, the other does not. If I encounter a situation where I cannot use the TOR implementation, I switch network connections. That is easy to do when using client devices connected by WiFi. This solution probably doesn't work for most people.

Anyway RMerlin, thanks for putting this feature in. It was fun to play with and gave me more incentive to research proxy servers and VPN's.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top