Cannot Send or Receve Messages in Tails OS

[D3191]

Describe the bug

Session Desktop cannot send or receive messages on Tails OS. Appears to be unable to connect to network, runs out of swarm nodes to connect to.

To Reproduce
Steps to reproduce the behavior:

Run Session desktop on Tails OS with ./session-messenger-desktop-linux-x86_64-1.0.8.AppImage --no-sandbox

Screenshots or Logs

{"name":"log","hostname":"amnesia","pid":11983,"level":50,"msg":"loki_message:::_openRetrieveConnection - We no longer have any swarm nodes available to try in pool, closing retrieve connection","time":"[Time]","v":0} {"name":"log","hostname":"amnesia","pid":11983,"level":30,"msg":"loki_message:::startLongPolling - There are 2 open retrieve connections left. Stopped? false","time":"[Time]","v":0} {"name":"log","hostname":"amnesia","pid":11983,"level":30,"msg":"loki_message:::startLongPolling - There are 1 open retrieve connections left. Stopped? false","time":"[Time]","v":0} {"name":"log","hostname":"amnesia","pid":11983,"level":30,"msg":"loki_message:::startLongPolling - There are 0 open retrieve connections left. Stopped? false","time":"[Time]","v":0} {"name":"log","hostname":"amnesia","pid":11983,"level":40,"msg":"loki_message:::startLongPolling - All our long poll swarm connections have been removed","time":"[Time]","v":0} {"name":"log","hostname":"amnesia","pid":11983,"level":30,"msg":"loki_snodes:::refreshRandomPoolPromise - Retrying initialising random snode pool, try # 0","time":"[Time]","v":0} {"name":"log","hostname":"amnesia","pid":11983,"level":30,"msg":"loki_snodes:::refreshRandomPoolPromise - Retrying initialising random snode pool, try # 1","time":"[Time]","v":0}

Other information (please complete the following information):

• Device: Linux
• OS: Tails 4.6
• Session Version or Git commit hash: Session Desktop Linux 1.0.8

[neuroscr]

try 1.0.7 and see if that fixes the issue, we had several seed changes in 1.0.8, and one more in the next release

[D3191]

try 1.0.7 and see if that fixes the issue, we had several seed changes in 1.0.8, and one more in the next release

It looks like 1.0.7 has the same issue, still cannot connect. 1.0.7 gives the same error that "All our long poll swarm connections have been removed."

[neuroscr]

That’s normal a message, itll restart the connection pool when it hits it. The big question is can you send and receive messages?

[D3191]

I sent Tails a session request and did not receive anything. On 1.0.7 Loki news and Session Updates appears but no feeds load. I am also getting the error: error Failed to contact seed node

I will try to send a message from the device.

[D3191]

I think this has to do with the Tails Tor proxy, similar to signalapp#1632 and https://bisco.org/notes/installing-and-running-signal-on-tails

I created the scripts but to no avail, could Session be ignoring the proxy settings from the environment variables which is why it can't connect?

[KeeJef]

Confirmed this issue on tailsOS, seems to be an issue when trying to connect to the seed nodes

WARN  2020-05-27T05:18:51.271Z loki_snodes:::getSnodeListFromLokidSeednode - error ECONNREFUSED request to https://storage.seed1.loki.network/json_rpc failed, reason: connect ECONNREFUSED 116.203.53.213:443
 
WARN  2020-05-27T05:18:53.703Z loki_snodes:::getSnodeListFromLokidSeednode - error ECONNREFUSED request to https://storage.seed3.loki.network/json_rpc failed, reason: connect ECONNREFUSED 212.199.114.66:443
 
libtextsecure.js:191 Uncaught (in promise) SeedNodeError {name: "SeedNodeError", message: "Failed to contact seed node", stack: "SeedNodeError: Failed to contact seed node↵    at …ces/app.asar/js/modules/loki_snode_api.js:113:13)"}name: "SeedNodeError"message: "Failed to contact seed node"stack: "SeedNodeError: Failed to contact seed node↵    at new SeedNodeError (file:///tmp/.mount_sessioDA6TRx/resources/app.asar/js/libtextsecure.js:191:13)↵    at getSnodeListFromLokidSeednode (/tmp/.mount_sessioDA6TRx/resources/app.asar/js/modules/loki_snode_api.js:113:13)"__proto__: Object
getSnodeListFromLokidSeednode @ /tmp/.mount_sessioDA6TRx/resources/app.asar/js/modules/loki_snode_api.js:116
async function (async)
getSnodeListFromLokidSeednode @ /tmp/.mount_sessioDA6TRx/resources/app.asar/js/modules/loki_snode_api.js:95
(anonymous) @ /tmp/.mount_sessioDA6TRx/resources/app.asar/js/modules/loki_snode_api.js:109

Confirmed that this is related to using a proxy too, because

curl --proxy socks://localhost:9050/ -X POST https://storage.seed1.loki.network/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_quorum_state", "params": {"height": 200}}' -H 'Content-Type: application/json'

Gives the expected response from the seed node

Someone will need to look at this issue and see why/if we are divergent from Signal signalapp#1632

[ghost]

@KeeJef I think this can be a good start to solve this issue as tails proxy is 127.0.0.1:9050
Put those two lines in tails terminal in order to set environment variables:
export HTTP_PROXY=socks://127.0.0.1:9050 export HTTPS_PROXY=socks://127.0.0.1:9050

Which is like mentioned in this tutorial for signal on tails https://bisco.org/notes/installing-and-running-signal-on-tails/ and it works.

However it doesnt work with session as it totally ignores these variables.

[ghost]

@Bilb @neuroscr @Mikunj

Can you guys look into this for next release?
Tails users cannot use session because of this, so proposing a fix would be really cool.

For everyone else, could anyone find a workaround for the time being?

[neuroscr]

We totally didn't support the proxy infrastructure moving forward because we planned loki network support from the beginning and there are potentially privacy and security implications if you mix TOR with loki network, not to mention a bad user experience.

I think the best solution is to work with the tails people to figure out how we can allow our dapps to work on their platform.

[beantaco]

Warning: I do not recommend what I tried for production use. Step 2 opens Tails to direct (non-Tor) traffic and is likely a serious security risk. I also haven't tested Session's reliability under these conditions.

I made Session Desktop 1.0.9 send and receive messages on Tails 4.3 after doing the following:

1. Install Session and its dependencies:
   • session-messenger-desktop
   • libappindicator1
   • libdbusmenu-gtk4
   • libindicator7
2. Open the firewall (ferm) to allow Session traffic to go out:
   a. Edit /etc/ferm/ferm.conf to add the following lines before the rules that drop all other outgoing packets:

   proto tcp dport (80 443 22021:22025 38056:38059 38156:38159 ...) {
       mod owner uid-owner $amnesia_uid ACCEPT;
   }
   

   b. Run sudo ferm /etc/ferm/ferm.conf.

The port numbers are based on the following:

• Ports 80 and 443 were assumed to be required. (Port 80 may not be required.)
• Ports 22021:22025, 38056:38059 and 38156:38159 were found in the source code.
• Other port numbers were added adhoc through trial and error by monitoring the console as Session is running.

Does anyone know the full list of TCP ports required to make Session work?

I think working with the Tails people to make Session work in Tails is a good approach.

[xhh]

This same issue seems to happen on my Windows 10 PC as I found 6 SeedNodeError: Failed to contact seed node errors when opening the developer console.
I tried manually and confirmed that neither of the three seed nodes in the seedNodeList from config/default.json is accessible from my network.
Assuming session-desktop is able to configure the seed proxy or custom seed node address (to self-hosted seed node which has access to the official seed nodes), then it'll work in area where the default seed nodes are blocked, right?

[tappahannock]

@neuroscr Loki should work well in hybrid with Tor as it is packet-based like I2P. For text messages there will be no performance issues and Tails users should only send text to stay anonymous anyway.

Without ability to run in isolated secure environments like Whonix or Tails it leaves an attack vector of exploitation in future. Tested and works well in Whonix, however Tails users should also be able to use it as it will make this messenger more popular.

[Bilb]

Closing this in favor of #1557