Self-hosting as Tor hidden service, cannot connect (no stream features to offer)
671 views
Skip to first unread message
savoyroad
Sep 10, 2018, 2:27:12 AM9/10/18
to prosod...@googlegroups.com
Hello,
I've setup an XMPP server on my home server for personal use with friends/=
family hosted through a Tor hidden service, but I'm having trouble connect=
ing to the server and receiving a "No stream features to offer" error. Usi=
ng Armbian (Debian Stretch) with a backported Prosody (v0.10.2).
I've disabled anything related to SSL at the moment (not planning on conne=
cting to other servers right now), and have correctly set-up a hidden serv=
ice in my torrc for ports 5222 and 5269. Prosody.log shows the server star=
ts up on both ports and no issues are shown.
I've tried connecting with two clients, profaniy and pidgin (profanity thr=
ough proxychains and pidgin through its proxy setting), and both show the =
same error. I try and connect to f...@bar.onion, and a second after connect=
ion, shows login failed. The following shows up in prosody.log:
info Client connected
warn No stream features to offer
info Client disconnected: connection closed
And this in both clients (profanity log shown):
prof: INF: Connecting as $USER@$DOMAIN.onion/profanity
xmpp: DBG: SRV lookup failed, connecting via domain.
xmpp: DBG: sock_connect() to $DOMAIN.onion:5222 returned 15
xmpp: DBG: Attempting to connect to $DOMAIN.onion
xmpp: DBG: connection successful
conn: DBG: SENT: <?xml version="1.0"?><stream:stream to="$DOMAIN.onion" xml:lang="en" version="1.0" xmlns="jabber:client"
xmlns:stream="http://etherx.jabber.org/streams">
stderr: ERR: [proxychains] Strict chain ... 127.0.0.1:9050 ... =$DOMAIN.onion:5222 ... OK
xmpp: DBG: RECV: <stream:stream lang="en" from="$DOMAIN.onion" id="$ID" version="1.0">
xmpp: DBG: RECV: <error xmlns="http://etherx.jabber.org/streams"><undefined-condition xmlns="urn:ietf:params:xml:ns:xmpp-streams"/>
<text xmlns="urn:ietf:params:xml:ns:xmpp-streams">No stream features to proceed with</text></error>
xmpp: DBG: RECV: </stream:stream>
xmpp: DBG: Closing socket.
prof: DBG: Connection handler: XMPP_CONN_DISCONNECT
prof: DBG: Connection handler: Login failed
prof: DBG: Connection handler: No reconnect timer
prof: INF: Login failed
Any ideas as to what it could be?
prosody.cfg.lua: https://privatebin.net/?12c5d40080f24cfe#wgkKxjiFMjLBk7g+mapMa1KqkSCDBMCzC/EevszIdfk=
conf.d/$DOMAIN.cfg.lua: https://privatebin.net/?a43de794ba9eaf6e#yjP/jZasDsDxOzmRY5xyG+lfV3T4EM0W80AYdFow8bg=
I've setup an XMPP server on my home server for personal use with friends/=
family hosted through a Tor hidden service, but I'm having trouble connect=
ing to the server and receiving a "No stream features to offer" error. Usi=
ng Armbian (Debian Stretch) with a backported Prosody (v0.10.2).
I've disabled anything related to SSL at the moment (not planning on conne=
cting to other servers right now), and have correctly set-up a hidden serv=
ice in my torrc for ports 5222 and 5269. Prosody.log shows the server star=
ts up on both ports and no issues are shown.
I've tried connecting with two clients, profaniy and pidgin (profanity thr=
ough proxychains and pidgin through its proxy setting), and both show the =
same error. I try and connect to f...@bar.onion, and a second after connect=
ion, shows login failed. The following shows up in prosody.log:
info Client connected
warn No stream features to offer
info Client disconnected: connection closed
And this in both clients (profanity log shown):
prof: INF: Connecting as $USER@$DOMAIN.onion/profanity
xmpp: DBG: SRV lookup failed, connecting via domain.
xmpp: DBG: sock_connect() to $DOMAIN.onion:5222 returned 15
xmpp: DBG: Attempting to connect to $DOMAIN.onion
xmpp: DBG: connection successful
conn: DBG: SENT: <?xml version="1.0"?><stream:stream to="$DOMAIN.onion" xml:lang="en" version="1.0" xmlns="jabber:client"
xmlns:stream="http://etherx.jabber.org/streams">
stderr: ERR: [proxychains] Strict chain ... 127.0.0.1:9050 ... =$DOMAIN.onion:5222 ... OK
xmpp: DBG: RECV: <stream:stream lang="en" from="$DOMAIN.onion" id="$ID" version="1.0">
xmpp: DBG: RECV: <error xmlns="http://etherx.jabber.org/streams"><undefined-condition xmlns="urn:ietf:params:xml:ns:xmpp-streams"/>
<text xmlns="urn:ietf:params:xml:ns:xmpp-streams">No stream features to proceed with</text></error>
xmpp: DBG: RECV: </stream:stream>
xmpp: DBG: Closing socket.
prof: DBG: Connection handler: XMPP_CONN_DISCONNECT
prof: DBG: Connection handler: Login failed
prof: DBG: Connection handler: No reconnect timer
prof: INF: Login failed
Any ideas as to what it could be?
prosody.cfg.lua: https://privatebin.net/?12c5d40080f24cfe#wgkKxjiFMjLBk7g+mapMa1KqkSCDBMCzC/EevszIdfk=
conf.d/$DOMAIN.cfg.lua: https://privatebin.net/?a43de794ba9eaf6e#yjP/jZasDsDxOzmRY5xyG+lfV3T4EM0W80AYdFow8bg=
savoyroad
Sep 11, 2018, 12:29:41 PM9/11/18
to prosod...@googlegroups.com
As an update:
I did manage to connect using the profanity client once I set c2c and c2s encryption to False. I think profanity is a bit more lax with allowing you to connect to badly secured servers, as any other client wouldn't connect with error messages mentioning no mechs found for SHA-1. I guess since XMPP wasn't created specifically for use in Tor, the encryption provided by onion services doesn't mean a thing.
So I looked into self-signing an SSL certificate through prosody's generate command and went through that process (as Let's Encrypt will not work for onion domains), and I was able to connect with every client (other than profanity) by accepting the self-signed CA as valid. As for profanity, it's a different issue on their end as the standard version in the Debian repos isn't built against a library needed to allow/reject CAs.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> You received this message because you are subscribed to the Google Groups "Prosody IM Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prosody-user...@googlegroups.com.
> To post to this group, send an email to prosod...@googlegroups.com.
> Visit this group at https://groups.google.com/group/prosody-users.
> For more options, visit https://groups.google.com/d/optout.
I did manage to connect using the profanity client once I set c2c and c2s encryption to False. I think profanity is a bit more lax with allowing you to connect to badly secured servers, as any other client wouldn't connect with error messages mentioning no mechs found for SHA-1. I guess since XMPP wasn't created specifically for use in Tor, the encryption provided by onion services doesn't mean a thing.
So I looked into self-signing an SSL certificate through prosody's generate command and went through that process (as Let's Encrypt will not work for onion domains), and I was able to connect with every client (other than profanity) by accepting the self-signed CA as valid. As for profanity, it's a different issue on their end as the standard version in the Debian repos isn't built against a library needed to allow/reject CAs.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>
> You received this message because you are subscribed to the Google Groups "Prosody IM Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prosody-user...@googlegroups.com.
> To post to this group, send an email to prosod...@googlegroups.com.
> Visit this group at https://groups.google.com/group/prosody-users.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages