Arch Linux

rican-linux

Member

Registered: 2014-11-16

Posts: 66

[SOLVED]DNS and torproject issues

I am looking for some help resoling this issue. Let me explain my setup

• I have a netgate pfsense FW

• I have pfblockerng running.

• I have OpenDNS as the forwarder

OpenDNS is doing content filtering and I notice that it was blocking the torproject. I created an expectation in OpenDNS and I can acccess the project main site. But when I try to install the tor browser via the aur PKG file curl is reporting an SSL error. when I go to the site dist.torproject.org I get an ssl error on the browser. The cert is an OpenDNS cert. This is telling that it is still being filtered. pfsense uses unbound as the DNS server so I turned DNS forward so that it will use the root server instest of the DNS server I defined on the FW. However I am still getting the same error. I tested on my mobile device and I am not getting the error there. So now I am thinking it is my machine. when I resolve for the site I get the correct addresses

$ host dist.torproject.org
dist.torproject.org has address 38.229.72.19
dist.torproject.org has address 116.202.120.166
dist.torproject.org has address 116.202.120.165
dist.torproject.org has IPv6 address 2a01:4f8:fff0:4f:266:37ff:fe2c:5d19
dist.torproject.org has IPv6 address 2620:0:6b0:b:225:dada:19:1
dist.torproject.org has IPv6 address 2a01:4f8:fff0:4f:266:37ff:feae:3bbc

However when I use curl or wget the resolution is to OpenDNS (142.112.61.106)

$ wget https://dist.torproject.org/torbrowser/10.0.13/tor-browser-linux64-10.0.13_en-US.tar.xz
--2021-03-07 17:16:51--  https://dist.torproject.org/torbrowser/10.0.13/tor-browser-linux64-10.0.13_en-US.tar.xz
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving dist.torproject.org (dist.torproject.org)... 146.112.61.106
Connecting to dist.torproject.org (dist.torproject.org)|146.112.61.106|:443... connected.
ERROR: The certificate of ‘dist.torproject.org’ is not trusted.
ERROR: The certificate of ‘dist.torproject.org’ doesn't have a known issuer.

I have edited my resolv.conf to use Google DNS 8.8.8.8 and I am still getting the same results. Has anyone ran into anything similar?

Last edited by rican-linux (2021-03-09 18:34:37)

pacman41

Member

Registered: 2019-12-01

Posts: 24

Re: [SOLVED]DNS and torproject issues

Have you tried tried disabling ipv6?

Edit your sysctl file

sudo nano /etc/sysctl.conf

Add the following lines to sysctl.conf NOTE:On the last line change eno1 to your network connection.

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eno1.disable_ipv6 = 1

Then run

sudo sysctl -p

Last edited by pacman41 (2021-03-08 13:31:47)

rican-linux

Member

Registered: 2014-11-16

Posts: 66

Re: [SOLVED]DNS and torproject issues

I found the issue. I forgot I had a host file entry I was doing for troubleshooting. Everything works now. Shot myself in the foot. Thank for the help.