Skip to content

/ lnd

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tor null auth and listen fixes #2490

Merged
merged 2 commits into from Mar 15, 2019
Merged

Tor null auth and listen fixes #2490

merged 2 commits into from Mar 15, 2019

Conversation

@aakselrod
Copy link
Contributor

@aakselrod aakselrod commented Jan 17, 2019
edited by Roasbeef

This PR should fix #2388 and #2176 in the following ways:

  • allowing NULL authentication when attempting to create a hidden service automatically
  • when automatic hidden service configuration is disabled, defaulting to listening on localhost and allowing manual override for manual or alternative hidden service configuration

This allows lnd to work better in environments where the Tor daemon lives on a different machine, such as Whonix or OnionPi, and where certain Tor control protocol requests and responses are filtered.

Fixes #2388
Fixes #2176
@aakselrod aakselrod requested a review from wpaulino Jan 17, 2019
@qubenix
Copy link

@qubenix qubenix commented Jan 17, 2019

Awesome of you to work on this! I'm just testing this out on Whonix.

For me the null auth fix worked, but I'm still running into an issue listening on something other than localhost.

user@host:~$ lnd
lnd must *only* be listening on localhost when running with Tor inbound support enabled

I think it may have to do with these lines:

lnd/config.go

Lines 950 to 962 in 570b60e

// Ensure that we are only listening on localhost if Tor inbound support
// is enabled.
if cfg.Tor.V2 || cfg.Tor.V3 {
for _, addr := range cfg.Listeners {
if lncfg.IsLoopback(addr.String()) {
continue
}
return nil, errors.New("lnd must *only* be listening " +
"on localhost when running with Tor inbound " +
"support enabled")
}
}

@Roasbeef Roasbeef added this to the 0.6 milestone Jan 18, 2019
@aakselrod
Copy link
Contributor Author

@aakselrod aakselrod commented Jan 18, 2019

@qubenix, I think you might be correct. You can work around it by manually configuring the hidden service for now, and I'll fix the other issue momentarily.
aakselrod added 2 commits Jan 17, 2019
@aakselrod
tor: add support for NULL authentication to controller
288870f 
This change allows the Tor controller to request hidden service
configuration over unauthenticated Tor control ports, such as used
in Whonix.
@aakselrod
config: default to listening for p2p on localhost when tor enabled
66a1502 
When Tor is enabled, this change allows manual hidden service
configuration by defaulting to listening for p2p connections on
the loopback address. It also allows overriding this manually
for situations where the Tor daemon is running on another machine,
such as when using Whonix or OnionPi-like systems.
@aakselrod aakselrod force-pushed the aakselrod:tor-null-auth-and-listen-fixes branch from 570b60e to 66a1502 Jan 19, 2019
@aakselrod
Copy link
Contributor Author

@aakselrod aakselrod commented Jan 19, 2019

I've made the fix and rebased. I tested this on my Whonix system with a brand new lnd installation and was able to successfully auto-create a v3 service (with a new onion-grater merge file for the lnd request) while listening on eth0.
@qubenix
Copy link

@qubenix qubenix commented Jan 19, 2019

Tested ACK: 288870f 66a1502
@wpaulino
wpaulino reviewed Jan 23, 2019
View changes
tor/controller.go Show resolved Hide resolved
@wpaulino wpaulino mentioned this pull request Feb 2, 2019
Closed
@wereHamster wereHamster mentioned this pull request Feb 3, 2019
Closed
@Roasbeef Roasbeef mentioned this pull request Mar 12, 2019
Closed
@NicolasDorier
Copy link
Contributor

@NicolasDorier NicolasDorier commented Mar 12, 2019

Concept ACK, I needed this.
@NicolasDorier
NicolasDorier reviewed Mar 14, 2019
View changes
config.go
if len(cfg.RawListeners) == 0 {
addr := fmt.Sprintf(":%d", defaultPeerPort)
if cfg.Tor.Active {
addr = fmt.Sprintf("localhost:%d", defaultPeerPort)

This comment has been minimized.

Sign in to view
@NicolasDorier

NicolasDorier Mar 14, 2019
edited
Contributor

I don't think it makes sense.

I want to use Tor with LND as an alternative way for people to connect to me, not as an exclusive way.

This comment has been minimized.

Sign in to view
@wpaulino

wpaulino Mar 15, 2019
Collaborator

This will only happen if you don't explicitly set the listen flag. It can be overridden.
@tzarebczan
Copy link

@tzarebczan tzarebczan commented Mar 15, 2019

I'm running into this same problem...anyone have a windows build to test this out?
@wpaulino
wpaulino approved these changes Mar 15, 2019
View changes
Copy link
Collaborator

@wpaulino wpaulino left a comment

LGTM 🎲
@Roasbeef
Roasbeef approved these changes Mar 15, 2019
View changes
Copy link
Member

@Roasbeef Roasbeef left a comment

LGTM 💣
@Roasbeef Roasbeef merged commit b4a1024 into lightningnetwork:master Mar 15, 2019
1 of 2 checks passed
1 of 2 checks passed
coverage/coveralls Coverage decreased (-0.006%) to 56.304%
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@tzarebczan
Copy link

@tzarebczan tzarebczan commented Mar 15, 2019

Awesome @Roasbeef, can't wait to try this out!
@qubenix qubenix mentioned this pull request Jul 25, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NicolasDorier NicolasDorier

@Roasbeef Roasbeef

@wpaulino wpaulino

Assignees
No one assigned
Labels
P3 bug fix enhancement security tor
Projects
None yet
Milestone
0.6
Linked issues

Successfully merging this pull request may close these issues.

Support unauthenticated Tor control port
Can't connect to onion nodes when using remote Tor
6 participants
@aakselrod @qubenix @NicolasDorier @tzarebczan @Roasbeef @wpaulino