Orbot/Tor support

[ghost]

So is this possible? I'm using this with netguard instructions: https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ54

All it does is hangs the browser, no traffic is passed to orbot.

Any instructions to get the tcp traffic forwarded to tor? This issue may be related to #18, I'm using that setup. However, I maybe understand that a setup using dnscrypt and tor may conflict. Is this correct?

I have some solutions I've yet to try out so I'd like an opinion or two about them, also some answers for the additional questions listed below, that is if anyone cares to answer.

the solutions: add tcp-upstream:yes and use 127.0.0.1@9050 as forward addr (the socks port) (does unbound even support socks? native or android?) or maybe try the tor dns port 5400 as forward addr, although it seems tor forwards port 53 via udp to the aformentioned port.

A bit of additional info- if you don't already need it- is tor uses the port 9040 to communicate via tcp. Does this port need to be taken into account as well as a redirector for example ports 80 and 443? Do I understand this info from tor documents correctly?

I hope I've been clear enough with all of this. Thanks for any help!

[licaon-kter]

You need to have both Orbot and Unbound with unchecked "apply rules".

[ghost]

No I've done that. Do you mean disregard the instruction set in the netguard faq?

[licaon-kter]

I'm not trying to contradict my self, why would you think I've done that?

So, are they both unchecked "apply rules" or what?

Else things will go in circles and not work: Orbot asks for the nodes IPs from Unbound which asks for a connection from Orbot which...

[ghost]

Again, ive already done that. Heres the spelled out version: yes, i have unchecked apply rules for both unbound and orbot.

It doesn't work.

What netguard version was tested as working with tor at the time you made that addition to the faq? Or I can do that math myself if youre going to say 'use the latest version'.

[licaon-kter]

So step by step:

• Using Unbound (without routing all through Tor) works ok, right?

• Using FAQ#54 (without routing port 53 through Unbound) works ok, right?

[ghost]

Excuse me, you can't answer a question with another question.

So again, what netguard version were you using when you wrote that faq?

Now, after you have answered me I will answer you.

[ghost]

So, back to helping myself to sort out an issue with this android mess.... great.

Truly, what are you guys here for? The laughs?

[licaon-kter]

So much entitlement... wow

[ghost]

The reason I ask what version of netguard was being used when tor was working with it is because (maybe providing a reason for asking that question may help you to answer it) the socks proxy inside netguard version 2.89 seems is broken, or, it doesn't work for me.

Everything works if I'm using the http proxy settings 127.0.0.1:8118.

So, i'll try to ask this question once more, and, for the record, this is the 3rd time I'm asking.

The question is: what's the version of netguard that has a working socks proxy?

[licaon-kter]

Yes, I guess it was written at 2.89.

Now, testing with 2.98 works fine here for me (port 9050, both apps unchecked "apply rules"): DNS resolving via a dnscrypt server and http exit through Tor.

I'll try later to test with the latest NetGuard version too, albeit I don't remember seeing the SOCKS part being modified in the mean tine (but he did touch the DNS section).

[smarek]

@itspull could you please provide your full used unbound.conf? Thank you

[ghost]

could you please provide your full used unbound.conf? Thank you

@smarek ok, i'm about sure you two, including @licaon-kter, are either not using english as your first language, or, even better yet, are not proficient readers.

which, if the the latter is true, would explain alot.

@smarek if you check my op, i've clearly stated that i'm using the setup- and hence the conf- provided by the licaon guy, which is referenced in #18.

download that package and check the unbound.conf provided with it.

i have reservations about his package, as he won't open source it, despite being pressed about it.

and yet, that's what i'm using at the moment.

or, if you prefer, i can upload it.

[licaon-kter]

Easy on the insults, again, stop with the entitlement.
He does not need to read all this chatter, since you meddle in the settings you surely have it at hand.

Again, about the open source thing... I'll repeat, everything I did can be seen/used/whatever, it's in the package.

unbound.conf.default

server:
        verbosity: 1
        interface: 127.0.0.1
        # interface: ::1
        # interface: 0.0.0.0
        port: 5300
        do-daemonize: no
        # access-control: 0.0.0.0/0 refuse
        # access-control: 0.0.0.0/0 allow_snoop
        # access-control: ::0/0 refuse
        # access-control: ::0/0 allow_snoop
        # do-not-query-address: 127.0.0.1/8
        # do-not-query-address: ::1
        do-not-query-localhost: no
        # prefetch: yes
        # prefetch-key: yes
        directory: ""
        chroot: ""
        username: ""
        logfile: "mainlog"
        pidfile: "unbound.pid"
        auto-trust-anchor-file: "root.key"
        harden-dnssec-stripped: yes
        qname-minimisation: yes

forward-zone:
        name: "."
        forward-addr: 127.0.0.1@5301
        forward-addr: 127.0.0.1@5302

remote-control:
        control-enable: yes
        # control-interface: 0.0.0.0
        control-interface: 127.0.0.1
        # control-interface: ::1
        control-port: 8953
        server-key-file: "unbound_server.key"
        server-cert-file: "unbound_server.pem"
        control-key-file: "unbound_control.key"
        control-cert-file: "unbound_control.pem"

[licaon-kter]

Back with feedback: working fine in NetGuard 2.104 too, as expected (DNS queries via clearnet, aka the plain internet, and further traffic via Tor through SOCKS 9050)

[ghost]

well you two, again you provide no detailed help, as I've fixed this myself.

orbot/Tor support is reliant on a browser which can redirect the tor socks port, and maybe only if you're using tor behind netguard. otherwise, it doesn't work.

or, prove me wrong.

this could be a special case, as in this instruction set works for myself only, but first, and as I say, prove me wrong without going on to mention this was info left out of the 'how to use tor behind netguard' faq @licaon-kter, this challenge is specifically pointed out to you.

so, heres the instruction set: spoiler! this doesn't work with chrome, at least not for me. so, I use pale moon 25.9.6 mobile and install the add-on proxymob.xpi here https://guardianproject.info/releases/proxymob-latest.xpi

following the pale moon browser instructions, i set netguard- I'm using version 2.89- with the instructions found at https://github.com/M66B/NetGuard/blob/master/FAQ.md#FAQ54

to finish the setup, ive checked https://check.torproject.org to receive positive results.

[licaon-kter]

well you two, again you provide no detailed help,

What part of: "it works for me with the provided instructions" was unclear exactly?

Also, did you review the dnscrypt-proxy support branch yet? I've published it a week ago, and you were so vocal about me keeping it "closed source"

orbot/Tor support is reliant on a browser which can redirect the tor socks port

If you want to directly connect, yes, but you are not posting here about a browser that connects directly to Orbot, right? Right?

and maybe only if you're using tor behind netguard. otherwise, it doesn't work.

That's the whole point, any app (not only a browser) will connect to the NetGuard VPN which will REroute everything through Orbot.

Of course any other way it won't work (at least without root I guess).

or, prove me wrong.

again, entitlement... really?

I use pale moon 25.9.6 mobile and install the add-on proxymob.xpi here

You are using that extension to DIRECTLY connect to Orbot? Ok, I'm glad it works... not sure what has to do with NetGuard, FAQ54, Unbound or anything else since YOU ARE BYPASSING THEM ALL!

Also, any reason to use an old, unsupported, with no development (in the future) app? (I mean Palemoon on Android)

Anyway, the test:

• got the Palemoon 25.9.6 APK
• latest Orbot 15.4.2-RC1 APK
• NetGuard 2.104 allow Palemoon and start SOCKS redirection
• Palemoon (NOT CHANGE ANYTHING; NOT INSTALL ANY PROXY EXTENSION) open https://browserleaks.com/ip
• see TOR connection
• see DNS using a dnscrypt server

What next?

BTW, all these are tested on Android 5.1.1 & 6.0.1 on Sony and Samsung devices.

[ghost]

Heh, poor lil licaon defending himself.

I'm enjoying all of this actually. Bravo!

so, for your own entertainment, the flaws in your arguments, theres two of them: first, your premature response:

What part of "it works for me with the provided instructions" was unclear exactly?

should have read: 'What part of: "it works for me-insert-'SDK 16 and above'-excerpt-with the provided instructions" was unclear exactly?'

all of this ought to work for 4.0 as a baseline, as netguard purportedly works with 4.0 as its own baseline.

BTW, all these are tested on Android 5.1.1 & 6.0.1 on Sony and Samsung devices.

this comment brings me to the second flaw in your argument.

and, so, to understand just now-mark the date- orbot/tor behind netguard (with inclusion of your android unbound DNS redirection to dnscrypt-proxy apk) is not properly tested using a SDK 16-19 base line.

Perfect! I'm testing all of this using a device on KitKat 4.4.2.

sorry to mention that last minute.

but, I didn't.

What next?

test all of this on kk, maybe? I don't know, you're the 'expert', remember?

also all the 'entitlement' accusations can be disregarded, by you and anyone else that may check all of this.

you clearly dont understand its definition or how to apply it properly.

[ghost]

@licaon-kter and regarding the support-branch, there's nothing there to be proud about.

it took you well long enough to publicize it.

[licaon-kter]

regarding the support branch... proud

That's what I've said all along, but nooo, you kept yelling closed source 🤦

Not my fault it does not work on that oldie, you did mention Android 4 before, not something I can fix for you, maybe Lineage/Cyanogenmod had some build for you!?

What expert? I loled in RL!

[licaon-kter]

I do have an Android 4.0.4 device that I tried testing (these) on, but for now it can (strangely) barely open any site without NetGuard/Orbot/Unbound. This will take time as it's an old and slow device unfortunately. :(

[ghost]

@licaon-kter yes, if you will continue to test using 4.0, I'd welcome the help trying to figure out why orbot is failing to connect for me behind netguard/unbound/dnscrypt.

Without that setup, orbot works without root in the steps I mention above, albeit it's completely unrelated toward all of this.

[nostromov]

Ah, JESUS CHRIST, Android 4.x really? This -whole- thing had been about an archaic OS (& also the device, too - I imagine?) WOW. xF