Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tor null auth and listen fixes #2490

Merged

Conversation

Projects
None yet
6 participants
@aakselrod
Copy link
Collaborator

commented Jan 17, 2019

This PR should fix #2388 and #2176 in the following ways:

  • allowing NULL authentication when attempting to create a hidden service automatically
  • when automatic hidden service configuration is disabled, defaulting to listening on localhost and allowing manual override for manual or alternative hidden service configuration

This allows lnd to work better in environments where the Tor daemon lives on a different machine, such as Whonix or OnionPi, and where certain Tor control protocol requests and responses are filtered.

Fixes #2388
Fixes #2176

@aakselrod aakselrod requested a review from wpaulino Jan 17, 2019

@qubenix

This comment has been minimized.

Copy link

commented Jan 17, 2019

Awesome of you to work on this! I'm just testing this out on Whonix.

For me the null auth fix worked, but I'm still running into an issue listening on something other than localhost.

user@host:~$ lnd
lnd must *only* be listening on localhost when running with Tor inbound support enabled

I think it may have to do with these lines:

lnd/config.go

Lines 950 to 962 in 570b60e

// Ensure that we are only listening on localhost if Tor inbound support
// is enabled.
if cfg.Tor.V2 || cfg.Tor.V3 {
for _, addr := range cfg.Listeners {
if lncfg.IsLoopback(addr.String()) {
continue
}
return nil, errors.New("lnd must *only* be listening " +
"on localhost when running with Tor inbound " +
"support enabled")
}
}

@Roasbeef Roasbeef added this to the 0.6 milestone Jan 18, 2019

@aakselrod

This comment has been minimized.

Copy link
Collaborator Author

commented Jan 18, 2019

@qubenix, I think you might be correct. You can work around it by manually configuring the hidden service for now, and I'll fix the other issue momentarily.

aakselrod added some commits Jan 17, 2019

tor: add support for NULL authentication to controller
This change allows the Tor controller to request hidden service
configuration over unauthenticated Tor control ports, such as used
in Whonix.
config: default to listening for p2p on localhost when tor enabled
When Tor is enabled, this change allows manual hidden service
configuration by defaulting to listening for p2p connections on
the loopback address. It also allows overriding this manually
for situations where the Tor daemon is running on another machine,
such as when using Whonix or OnionPi-like systems.

@aakselrod aakselrod force-pushed the aakselrod:tor-null-auth-and-listen-fixes branch from 570b60e to 66a1502 Jan 19, 2019

@aakselrod

This comment has been minimized.

Copy link
Collaborator Author

commented Jan 19, 2019

I've made the fix and rebased. I tested this on my Whonix system with a brand new lnd installation and was able to successfully auto-create a v3 service (with a new onion-grater merge file for the lnd request) while listening on eth0.

@qubenix

This comment has been minimized.

Copy link

commented Jan 19, 2019

Tested ACK: 288870f 66a1502

@NicolasDorier

This comment has been minimized.

Copy link

commented Mar 12, 2019

Concept ACK, I needed this.

if len(cfg.RawListeners) == 0 {
addr := fmt.Sprintf(":%d", defaultPeerPort)
if cfg.Tor.Active {
addr = fmt.Sprintf("localhost:%d", defaultPeerPort)

This comment has been minimized.

Copy link
@NicolasDorier

NicolasDorier Mar 14, 2019

I don't think it makes sense.

I want to use Tor with LND as an alternative way for people to connect to me, not as an exclusive way.

This comment has been minimized.

Copy link
@wpaulino

wpaulino Mar 15, 2019

Collaborator

This will only happen if you don't explicitly set the listen flag. It can be overridden.

@tzarebczan

This comment has been minimized.

Copy link

commented Mar 15, 2019

I'm running into this same problem...anyone have a windows build to test this out?

@wpaulino
Copy link
Collaborator

left a comment

LGTM 🎲

@Roasbeef
Copy link
Member

left a comment

LGTM 💣

@Roasbeef Roasbeef merged commit b4a1024 into lightningnetwork:master Mar 15, 2019

1 of 2 checks passed

coverage/coveralls Coverage decreased (-0.006%) to 56.304%
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@tzarebczan

This comment has been minimized.

Copy link

commented Mar 15, 2019

Awesome @Roasbeef, can't wait to try this out!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.