Anonsurf Beta Testing

New Anonsurf version is here! We need you to test it out and help us spotting bugs :smiley:
Previous tests and reports done by @dmknght are here: Testing for AnonSurf 2.13.8

For every informations, contact Nong Hoang “DmKnght” Tu at dmknght@parrotsec.org

Use the following template to test and report:

Parrot - AnonSurf quality test [0.10]

Report

  • [Your name and email]
  • Date: [02/07/2020 (DD/MM/YY)]
  • Version: [anonsurf_3.0.2+parrot2 (job 2009)]

1. Installation

Goal

  1. Install with no problem
  2. Give solutions if install failed
  3. Check dependencies, version name
  4. systemd doesn’t enable AnonSurf at boot during installation

Known issues

Problem Solution
Torrc is missing at /etc/tor/torrc sudo touch /etc/tor/torrc then upgrade / install

a) [User] [Installer] Use deb file

Excpected Install without error
Notice Any error

b) [Dev] [Builder] Use devscripts to make new deb file

  • Install devscripts, nim and other requirements for Debian packaging
  • Clone https://nest.parrotsec.org/packages/debian/libnim-gintro-dev
  • Clone AnonSurf https://nest.parrotsec.org/packages/tools/anonsurf/
  • Use debuild -us -uc -b to make debian package from source. Testers need to install libnim-gintro-dev before making anonsurf
  • Install from deb file sudo dpkg -i <anonsurf.deb>
Excpected Install without error
Notice - Error or warn while building
- Missing dependencies
- Debian standard

c) Result (example)

| Installation | Problem |

I used deb file from… version 2.13.x Installation failed, missing torrc
I ran debuild -us -uc -b - Install failed missing package X
- Warn litian binary not in package

2. User experiences

Goal: How users use software for the first time

  1. Description in package (apt show): Do we have enough description in it?
  2. Help page: enough information? Can new user understand and use it? Grammar
  3. Man page: Enough information? Can user understand it? grammar
  4. [Dev] Can user or dev understand the basic concept of AnonSurf (how it works)
  5. [Dev] Can dev understand the code structure design, and be a new contributor

Result

  1. [ ] Description in apt show anonsurf is good. Anything wrong write here

  2. [ ] Help page from AnonSurf command is good

    • [ ] Show clear version, contact information
    • [ ] User can understand the program, copyright, …
    • [ ] Do not take so much space
    • [ ] All commands are easy to understand
    • [ ] No feature is missing features
    • [ ] No old features need to remove
    • [ ] No grammar error
    • Anything wrong write here
  3. [ ] Manpage of AnonSurf (man anonsurf) is good

    • [ ] Name and usage is easy to read and understand
    • [ ] Description explain well
    • [ ] No feauture is missing
    • [ ] No old feature need to remove
    • [ ] Grammar error
    • Write anything wrong here

4. Usage

1. Core features

a) Commands

  • start will connect the machine to Tor network. Must not run when anonsurf is running.
  • stop will stop Tor connection. Must run when anonsurf is running.
  • restart stop and start anonsurf again. Must run when anonsurf is running.

b) Workflow

  • Start: execute AnonSurf start command

  • AnonSurf script call make-torrc binary which

    • Ask if user wants to kill some apps and clear cache
    • Generates new hash and password
      • Save hash to torrc, save torrc to /etc/tor/torrc. It uses /etc/anonsurf/torrc.base for core configurations and generate some configurations base on current connection
      • Save password in cleartext to /etc/anonsurf/nyxrc so we can use it for ControlPort
    • Start tor service. Tor now use new configuration in /etc/tor/torrc we’ve generated
    • Start AnonSurf daemon
  • AnonSurf daemon script is anonsurfd which actually is a bash script that

    • Clear IPTables rules (TODO we use other way to do it easily later)
    • Create backup of resolv.conf and use localhost only (call /usr/bin/dnstool)
    • Disable IPv6 on system
    • Create IPTables rules to forward all trafic to Tor
    • Only allow traffic by Tor user go to internet

c) Verify, troubleshooting

  • Tor can connect to network (anonsurf myip show IP and “You are connected to tor”)
  • anonsurf status call nyx and show network bandwitch
  • Use browser normally (need to confirm other protocols)
  • /etc/resolv.conf must be nameserver 127.0.0.1
  • Iptables must have ruleset (need verify and confirm here by anybody knows IPTables)
    "
    -A OUTPUT -d 192.168.0.0/16 -j ACCEPT
    -A OUTPUT -d 172.16.0.0/12 -j ACCEPT
    -A OUTPUT -d 10.0.0.0/8 -j ACCEPT
    -A OUTPUT -d 127.0.0.0/9 -j ACCEPT
    -A OUTPUT -d 127.128.0.0/10 -j ACCEPT
    -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A OUTPUT -m owner --uid-owner 109 -j ACCEPT
    -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
    "
  • Trouble shooting:
    - journalctl -b -u <service name> to show error log. For example journalctl -b -u tor@default.service
    - netstat -antp to show open ports. Tor must open 9050, 9051, 9040
    - Verify DNS, IPTables rules

2. Extras features

a) Commands
  • status: Use nyx command with pre-written password to “watch” the bandwitch AnonSurf must be running
  • changeid: Auto change current nodes AnonSurf must be running
  • myip: Display current IP Adress and Tor status. Doesn’t require AnonSurf is running
  • status-boot: Display if AnonSurf daemon is enabled at boot Doesn’t require AnonSurf is running
  • enable-boot / disable-boot: Enable / disable AnonSurf at boot Doesn’t require AnonSurf is running
  • dnstool: Go to be standalone tool. Must use stand-alone test case with similar format Doesn’t require AnonSurf is running

5. Test AnonSurf

a) Before start

- [ ] Run `dnstool status` show current DNS settings (not localhost or Under AnonSurf connection)
- [ ] Run `anonsurf myip` show current IP Address and "Not connect to Tor"
- [ ] Run `anonsurf changeid` shows Anonsurf is not running.
- [ ] Run `anonsurf status` shows `AnonSurf is not running!`
**...Write anything wrong here...**
- **dnstool shows wrong status...**

b) Start

  1. Run sudo anonsurf start

    • [ ] Can anonsurf start? All services (tor, anonsurfd is actived)
    • [ ] All configurations is good after start
      • [ ] run dnstool status, show Under AnonSurf
      • [ ] resolv.conf is having only nameserver 127.0.0.1
      • [ ] /etc/tor/torrc is having valid config (tor --verify-config -f /etc/tor/torrc)
      • [ ] Tor control ports are opens
      • [ ] IPTables is having custom rules (See list of custom rules above)
    • [ ] anonsurf myip shows IP Address and You are connected to Tor
    • [ ] sudo anonsurf start shows anonsurf is running
      …Write anything wrong here…
    • I see warning when start…
  2. Run anonsurf changeid

    • [ ] Terminal shows responses of Control port (250)
    • [ ] anonsurf myip shows new IP Address and You are connected to Tor
      …Write anything wrong here…
    • Can’t not change ID…
  3. Run sudo anonsurf restart

    • [ ] All service (tor ,anonsurfd) is restared
    • [ ] anonsurf myip show new IP and still under Tor network
    • [ ] /etc/tor/torrc has new hash
      …Write anything wrong here…
    • Can’t not restart service…*

c) Stop

  1. Stop AnonSurf by user

    • [ ] All configurations is good after stop
      • [ ] dnstool status doesn’t show localhost or under anonsurf
      • [ ] /etc/resolv.conf has the same configuration before start anonsurf
      • [ ] All services are stopped (tor, anonsurfd)
      • [ ] Tor control ports are closed
      • [ ] iptables no longer has the rules (See list of custom rules above)
    • [ ] anonsurf myip show current IP Address and “Not connect to Tor”
    • [ ] anonsurf status shows AnonSurf is not running!
    • [ ] anonsurf changeid shows AnonSurf is not running.
    • [ ] sudo anonsurf stop shows AnonSurf is not running
    • [ ] sudo anonsurf restart shows AnonSurf is not running
      …Write anything wrong here…
    • Stop doesn’t restore this setting…*
  2. Stop by rebooting (Disabled start at boot)
    This is stand-alone test after start anonsurf. Run the reboot

    • [ ] All configurations is good after reboot
      • [ ] dnstool status doesn’t show localhost or under anonsurf
      • [ ] /etc/resolv.conf has the same configuration before start anonsurf
      • [ ] All services are stopped (tor, anonsurfd)
      • [ ] Tor control ports are closed
      • [ ] iptables no longer has the rules (See list of custom rules above)
    • [ ] anonsurf myip show current IP Address and “Not connect to Tor”
    • [ ] anonsurf status shows AnonSurf is not running!
    • [ ] anonsurf changeid shows Anonsurf is not running.
      …Write anything wrong here…
    • Reboot doesn’t restore this setting…*

d) Boot commands

- [ ] After installation and no custom enable / disable boot. `anonsurf status-boot` show `AnonSurf is disabled`
**...Write anything wrong here...**
- **It is showing wrong status...***
  1. Enable boot

    • [ ] Run sudo anonsurf enable-boot, terminal shows create symlink
    • [ ] anonsurf status-boot show AnonSurf is enabled!
    • [ ] Run sudo anonsurf enable-boot again, terminal shows Anonsurf is already enabled
    • [ ] Reboot system, AnonSurf starts at boot
      • [ ] Can anonsurf start? All services (tor, anonsurfd is actived)
      • [ ] All configurations is good after start
        • [ ] run dnstool status, show Under AnonSurf
        • [ ] resolv.conf is having only nameserver 127.0.0.1
        • [ ] /etc/tor/torrc is having valid config (tor --verify-config -f /etc/tor/torrc)
        • [ ] Tor control ports are opens
        • [ ] IPTables is having custom rules (See list of custom rules above)
      • [ ] anonsurf myip shows IP Address and You are connected to Tor
        Test change id anonsurf changeid
      • [ ] Terminal shows responses of Control port (250)
      • [ ] anonsurf myip shows new IP Address and You are connected to Tor
        Test restart sudo anonsurf restart
      • [ ] All service (tor ,anonsurfd) is restared
      • [ ] anonsurf myip show new IP and still under Tor network
      • [ ] /etc/tor/torrc has new hash
        …Write anything wrong here…
    • Start at boot doesn’t work…*
  2. Disable boot
    Run sudo anonsurf disable-boot

    • [ ] If AnonSurf wasn’t enabled, it shows AnonSurf wasn't disabled. Nothing to disable!
    • [ ] If AnonSurf was enabled, it shows Remove symlink
      …Write anything wrong here…
    • It can’t disable AnonSurf at boot…

Reboot system after sudo anonsurf disable-boot. Enable-boot was enabled before
- [ ] All configurations is good after reboot
- [ ] dnstool status doesn’t show localhost or under anonsurf
- [ ] /etc/resolv.conf has the same configuration before start anonsurf
- [ ] All services are stopped (tor, anonsurfd)
- [ ] Tor control ports are closed
- [ ] iptables no longer has the rules (See list of custom rules above)
- [ ] anonsurf myip show current IP Address and “Not connect to Tor”
- [ ] anonsurf status shows AnonSurf is not running!
- [ ] anonsurf changeid shows Anonsurf is not running.

**...Write anything wrong here...**
- *** This setting doesn't work***

6. All problems that dev have to fix

1 Like

@dmknght do we want to call it anonsurf 3.0? such changes deserve a major version bump :slight_smile:

1 Like

Yeah it is good to me. After I optimize the code (gui) and fix something.

good for me too

4 Likes

Wonderful updates

在軟艱庫更新還是在哪里下載呢?

please, only english language here.

First of all, I need to thank the developers for their updates. It is your efforts that give us greater security.
But after I adjusted it according to the above method, I found that my other network could not be connected. What I could connect was the webpage or connection that I reopened when I turned on anonsurf (that was when the startup was not complete). If you open other web pages after the startup is complete, you will not be able to connect. I’m confused.

I know my level is not high and I need advice from everyone present! I would not be very grateful!

This translator annoys me. The meaning of my last sentence has been subverted. Pooh!

reinstall tor and try again

followed the steps and works great! was wondering though if you devs could add when anonsurf loads up to also disable ufw and reenable it when finished? anonsurf wont work unless i disable it and sucks having to do it manually.

No we can’t do anything if users fuck their system up.

how does it affect the system if done automatically or not?

mine is not displaying like this :joy: :joy: :joy: :