Problem while connecting to RPC via Tor

[rajarshimaitra]

After the merge of apoelstra/rust-jsonrpc#70, which adds SOCKS5 proxy support to the http transport, I am trying to expose this feature through bitcoincore-rpc. While trying to test out the RPC connection I am getting a general SOCKS server failure error message.

I have added the proxy version of client creation in the integration_test crate main function

rust-bitcoincore-rpc/integration_test/src/main.rs

Line 128 in 400a3c0

let cl = Client::new(&rpc_url, auth).unwrap();

Like this

    #[cfg(not(feature = "proxy"))]
    let cl = Client::new(&rpc_url, auth).unwrap();

    #[cfg(feature = "proxy")]
    let cl = Client::new_with_proxy(&rpc_url, auth, "127.0.0.1:9050", None).unwrap();

Tor in my local machine seems to be working

$ systemctl status tor
● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
     Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
     Active: active (exited) since Sat 2022-09-17 09:51:47 IST; 4h 15min ago
   Main PID: 1018 (code=exited, status=0/SUCCESS)
      Tasks: 0 (limit: 18414)
     Memory: 0B
        CPU: 0
     CGroup: /system.slice/tor.service

Sep 17 09:51:47 electra systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)...
Sep 17 09:51:47 electra systemd[1]: Finished Anonymizing overlay network for TCP (multi-instance-master).

Bitcoin core is listening for RPC at 18443

$ sudo netstat -nptl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:18443           0.0.0.0:*               LISTEN      166695/bitcoind     
tcp        0      0 0.0.0.0:18444           0.0.0.0:*               LISTEN      166695/bitcoind     
tcp        0      0 127.0.0.1:28332         0.0.0.0:*               LISTEN      166695/bitcoind     
tcp        0      0 127.0.0.1:18445         0.0.0.0:*               LISTEN      166695/bitcoind     
tcp        0      0 127.0.0.1:28333         0.0.0.0:*               LISTEN      166695/bitcoind 

And the running the main function as below and getting the error

$ RPC_URL=127.0.0.1:18443 RPC_COOKIE=/home/raj/.bitcoin/regtest/.cookie cargo run --features proxy 
    Finished dev [unoptimized + debuginfo] target(s) in 0.02s
     Running `/home/raj/github-repo/rust-bitcoincore-rpc/target/debug/integration_test`
[DEBUG][bitcoincore_rpc]: JSON-RPC request: getnetworkinfo []
[DEBUG][bitcoincore_rpc]: JSON-RPC failed parsing reply of getnetworkinfo: JsonRpc(Transport(SocketError(Custom { kind: Other, error: "general SOCKS server failure" })))
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: JsonRpc(Transport(SocketError(Custom { kind: Other, error: "general SOCKS server failure" })))', integration_test/src/main.rs:227:35
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

I tried googling on the error and most threads are suggesting that this happens because of ISP blocking.. I tried to check my if my tor connection is working and that seems to be working fine

$ curl -x socks5h://localhost:9050 -s https://check.torproject.org/api/ip
{"IsTor":true,"IP":"185.220.101.180"}

Am I missing something for connecting to RPC via Tor? Any suggestion on this would be very much helpful..

[RCasatta]

Hi @rajarshimaitra ,
I think you are missing a step, to serve bitcoin rpc via tor you need to create an hidden service on your machine that maps port 18443 to another port X, then your test should use proxy 127.0.0.1:9050 and connect to port X

[rajarshimaitra]

Thansk @RCasatta .. I tried many things but unfortunately can't seem to get it working.. Below are the details of all the things I have set.

/etc/tor/torrc

The tor config is set as below

## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
CookieAuthentication 1
CookieAuthFileGroupReadable 1

############### This section is just for location-hidden services ###

## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.

HiddenServiceDir /var/lib/tor/bitcoind
HiddenServicePort 18443 127.0.0.1:18443

bitcoin.conf

[regtest]
rpcbind=0.0.0.0
rpcallowip=0.0.0.0/0
rpcallowip=192.168.1.0/24

blockfilterindex=1
peerblockfilters=1

zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28333

#Node Optimizations
#dbcache=200
maxorphantx=10
maxmempool=50
maxconnections=40
maxuploadtarget=1000

# Tor config
proxy=127.0.0.1:9050
listen=1
bind=127.0.0.1
listenonion=1

After running bitcoind it seems to be successfully connecting to tor and creating an onion address.

regtest/debug.log

2022-09-28T12:13:06Z Bitcoin Core version v23.0.0 (release build)
2022-09-28T12:13:06Z InitParameterInteraction: parameter interaction: -proxy set -> setting -upnp=0
2022-09-28T12:13:06Z InitParameterInteraction: parameter interaction: -proxy set -> setting -natpmp=0
2022-09-28T12:13:06Z InitParameterInteraction: parameter interaction: -proxy set -> setting -discover=0
2022-09-28T12:13:06Z Validating signatures for all blocks.
2022-09-28T12:13:06Z Setting nMinimumChainWork=0000000000000000000000000000000000000000000000000000000000000000
2022-09-28T12:13:06Z Using the 'x86_shani(1way,2way)' SHA256 implementation
2022-09-28T12:13:06Z Using RdSeed as additional entropy source
2022-09-28T12:13:06Z Using RdRand as an additional entropy source
2022-09-28T12:13:06Z Default data directory /home/raj/.bitcoin
2022-09-28T12:13:06Z Using data directory /home/raj/.bitcoin/regtest
2022-09-28T12:13:06Z Config file: /home/raj/.bitcoin/bitcoin.conf
2022-09-28T12:13:06Z Config file arg: fallbackfee="0.0001"
2022-09-28T12:13:06Z Config file arg: regtest="1"
2022-09-28T12:13:06Z Config file arg: server="1"
2022-09-28T12:13:06Z Config file arg: [regtest] bind="127.0.0.1"
2022-09-28T12:13:06Z Config file arg: [regtest] blockfilterindex="1"
2022-09-28T12:13:06Z Config file arg: [regtest] listen="1"
2022-09-28T12:13:06Z Config file arg: [regtest] listenonion="1"
2022-09-28T12:13:06Z Config file arg: [regtest] maxconnections="40"
2022-09-28T12:13:06Z Config file arg: [regtest] maxmempool="50"
2022-09-28T12:13:06Z Config file arg: [regtest] maxorphantx="10"
2022-09-28T12:13:06Z Config file arg: [regtest] maxuploadtarget="1000"
2022-09-28T12:13:06Z Config file arg: [regtest] peerblockfilters="1"
2022-09-28T12:13:06Z Config file arg: [regtest] proxy="127.0.0.1:9050"
2022-09-28T12:13:06Z Config file arg: [regtest] rpcallowip="0.0.0.0/0"
2022-09-28T12:13:06Z Config file arg: [regtest] rpcallowip="192.168.1.0/24"
2022-09-28T12:13:06Z Config file arg: [regtest] rpcbind=****
2022-09-28T12:13:06Z Config file arg: [regtest] zmqpubrawblock="tcp://127.0.0.1:28332"
2022-09-28T12:13:06Z Config file arg: [regtest] zmqpubrawtx="tcp://127.0.0.1:28333"
2022-09-28T12:13:06Z Using at most 40 automatic connections (1024 file descriptors available)
2022-09-28T12:13:06Z Using 16 MiB out of 32/2 requested for signature cache, able to store 524288 elements

...
2022-09-28T12:13:06Z net thread start
2022-09-28T12:13:06Z msghand thread start
2022-09-28T12:13:06Z tor: Got service ID bhxk4rufqg3f3ct7xgpzruadvdq3wylbfyfypeenzg7v5ztcdas4ncyd, advertising service bhxk4rufqg3f3ct7xgpzruadvdq3wylbfyfypeenzg7v5ztcdas4ncyd.onion:18444
2022-09-28T12:13:06Z AddLocal(bhxk4rufqg3f3ct7xgpzruadvdq3wylbfyfypeenzg7v5ztcdas4ncyd.onion:18444,4)
2022-09-28T12:14:07Z Adding fixed seeds as 60 seconds have passed and addrman is empty

Both Bitcoind and tor are running at their designated ports.

tcp        0      0 127.0.0.1:9050          0.0.0.0:*               LISTEN      438603/tor          
tcp        0      0 127.0.0.1:9051          0.0.0.0:*               LISTEN      438603/tor          
tcp        0      0 0.0.0.0:18443           0.0.0.0:*               LISTEN      439068/bitcoind     
tcp        0      0 127.0.0.1:18444         0.0.0.0:*               LISTEN      439068/bitcoind     
tcp        0      0 127.0.0.1:28332         0.0.0.0:*               LISTEN      439068/bitcoind     
tcp        0      0 127.0.0.1:18445         0.0.0.0:*               LISTEN      439068/bitcoind     
tcp        0      0 127.0.0.1:28333         0.0.0.0:*               LISTEN      439068/bitcoind  

And when I am running the integration test with new proxy config, still getting the following error

$ RPC_URL=127.0.0.1:18443 RPC_COOKIE=~/.bitcoin/regtest/.cookie cargo run --features proxy
   Compiling jsonrpc v0.13.0 (https://github.com/apoelstra/rust-jsonrpc?rev=7c94adf8aad7d55afad8f890ab1fbc79ecb7abc7#7c94adf8)
warning: use of deprecated unit variant `GetPeerInfoResultNetwork::Unroutable`
    --> json/src/lib.rs:1334:5
     |
1334 |     Unroutable,
     |     ^^^^^^^^^^
     |
     = note: `#[warn(deprecated)]` on by default

warning: `bitcoincore-rpc-json` (lib) generated 1 warning
   Compiling bitcoincore-rpc v0.16.0 (/home/raj/github-repo/rust-bitcoincore-rpc/client)
   Compiling integration_test v0.1.0 (/home/raj/github-repo/rust-bitcoincore-rpc/integration_test)
    Finished dev [unoptimized + debuginfo] target(s) in 5.22s
     Running `target/debug/integration_test`
[DEBUG][bitcoincore_rpc]: JSON-RPC request: getnetworkinfo []
[DEBUG][bitcoincore_rpc]: JSON-RPC failed parsing reply of getnetworkinfo: JsonRpc(Transport(SocketError(Custom { kind: Other, error: "general SOCKS server failure" })))
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: JsonRpc(Transport(SocketError(Custom { kind: Other, error: "general SOCKS server failure" })))', integration_test/src/main.rs:220:35
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

[rajarshimaitra]

For better understanding of the code changes I am trying with I have opened the draft PR #249

[RCasatta]

didn't look at details but this

HiddenServicePort 18443 127.0.0.1:18443

looks wrong because ports should not be the same, ( doesn't tor complain when you restart it?)

[rajarshimaitra]

looks wrong because ports should not be the same, ( doesn't tor complain when you restart it?)

Nope it din't say anything on that.. I tried with different port too like HiddenServicePort 20090 127.0.0.1:18443 and tried running with RPC_URl=127.0.0.1:20090 and got the same result.. So changed the ports to same and tried and thats what ended up reporting here..

I restarted tor after changing the port.. But theres nothing seems to be listening at port 20090..

[rajarshimaitra]

Closing this in favor of #249 (comment).

Any review comments over #249 will be very much appreciated.. 🙏