Thanks for the reply, Roger.
I have noticed the issue with Cloudflare before.
That said, I have used the StrictNodes / ExitNodes combination many times
recently and it has worked.
For example:
StrictNodes 1
ExitNodes {ro}
or:
StrictNodes 1
ExitNodes example_one
ExitNodes example_two
So if I wanted to use a specific exitnode, how would my torrc look?
Thanks again.
On Thu, January 30, 2020 9:45 am, Roger Dingledine wrote:
> On Wed, Jan 29, 2020 at 02:45:01PM -0000, mimb...@danwin1210.me wrote:
>
>> I have StrictNodes 1 and ExitNodes hands in my torrc.
>>
>>
>> However, when using TBB, I discovered that I was often using other exit
>> nodes. Clicking "New Circuit for this site" then placed hands back as
>> the exit node.
>>
>> Any ideas why? Just the one exit node in the torrc.
>>
>>
>> This suggests to me that StrictNodes are not 100% strict.
>>
>
> Check out the man page, where it says "StrictNodes does not apply to
> ExcludeExitNodes, ExitNodes, MiddleNodes, or MapAddress."
>
>
> So you shouldn't be setting StrictNodes for this case. Maybe you are
> using a super old guide found somewhere on the internet? :) More info from
> when we made the change back in 2011:
> https://gitweb.torproject.org/tor.git/tree/ReleaseNotes?h=tor-0.4.2.5#n17
> 216
>
>
> That said, ExitNodes should work. My guess is that you're visiting a
> Cloudflare site, which is giving your Tor Browser an alt-svc header,
> which sends the browser to load the site via one of Cloudflare's onion
> addresses. And since onion services don't have the concept of "exiting",
> then your Tor feels no need to end that circuit with your specified
> ExitNode.
>
>
> *That* said, there are some bugs with how Tor Browser visualizes your
> circuit when alt-svc is in use: https://bugs.torproject.org/27590
> and it looks like the browser might be inconsistent about whether it
> actually uses the alt-svc destinations, which could explain your getting
> your exit relay every so often: https://bugs.torproject.org/27502
>
>
> Best plan would be to pick a really simple non-CDN'ed single-address
> domain, like freehaven.net, and try to recreate your issue there.
>
> --Roger
>
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or
> change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
