安卓版: 无界一点通4.2a测试版(2018年2月4日)

无界一点通4.2a测试版, 做了以下改进,请帮忙测试并反馈:

1.允许用户在启动时切换VPN/代理模式(正在连通或连接失败时,按返回键);
2.加强代理模式安全性;
3.修复蓝牙发送应用的问题。

http://wujieliulan.com/download/um4.2a.apk

sha256: 4918b2889fc97a96e0e386bd2112f6ec075f4912dc1d8d5a9c54e7e6f121b32a
md5: 1ef1b1bff93e66533f19283c09291e34

原文:http://forums.internetfreedom.org/index.php?topic=22608.0

Advertisements

Tor 0.3.3.1-alpha is released: back to unstable development!

Hi!  There’s a new alpha release available for download.  If you build Tor from source, you can download the source code for 0.3.3.1-alpha from the usual place on the website.  Packages should be available over the coming weeks, with a new alpha Tor Browser release some time in February.

Remember, this is an alpha release: you should only run this if you’d like to find and report more bugs than usual.

Tor 0.3.3.1-alpha is the first release in the 0.3.3.x series. It adds several new features to Tor, including several improvements to bootstrapping, and support for an experimental “vanguards” feature to resist guard discovery attacks. This series also includes better support for applications that need to embed Tor or manage v3 onion services.

Changes In Version 0.3.3.1-Alpha – 2018-01-25

  • Major features (embedding):
    • There is now a documented stable API for programs that need to embed Tor. See tor_api.h for full documentation and known bugs. Closes ticket 23684.
    • Tor now has support for restarting in the same process. Controllers that run Tor using the “tor_api.h” interface can now restart Tor after Tor has exited. This support is incomplete, however: we fixed crash bugs that prevented it from working at all, but many bugs probably remain, including a possibility of security issues. Implements ticket 24581.
  • Major features (IPv6, directory documents):
    • Add consensus method 27, which adds IPv6 ORPorts to the microdesc consensus. This information makes it easier for IPv6 clients to bootstrap and choose reachable entry guards. Implements 23826.
    • Add consensus method 28, which removes IPv6 ORPorts from microdescriptors. Now that the consensus contains IPv6 ORPorts, they are redundant in microdescs. This change will be used by Tor clients on 0.2.8.x and later. (That is to say, with all Tor clients having IPv6 bootstrap and guard support.) Implements 23828.
    • Expand the documentation for AuthDirHasIPv6Connectivity when it is set by different numbers of authorities. Fixes 23870 on 0.2.4.1-alpha.
  • Major features (onion service v3, control port):
    • The control port now supports commands and events for v3 onion services. It is now possible to create ephemeral v3 services using ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT, CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and DEL_ONION) have been extended to support v3 onion services. Closes ticket 20699; implements proposal 284.
  • Major features (onion services):
    • Provide torrc options to pin the second and third hops of onion service circuits to a list of nodes. The option HSLayer2Guards pins the second hop, and the option HSLayer3Guards pins the third hop. These options are for use in conjunction with experiments with “vanguards” for preventing guard enumeration attacks. Closes ticket 13837.
  • Major features (rust, portability, experimental):
    • Tor now ships with an optional implementation of one of its smaller modules (protover.c) in the Rust programming language. To try it out, install a Rust build environment, and configure Tor with “–enable-rust –enable-cargo-online-mode”. This should not cause any user-visible changes, but should help us gain more experience with Rust, and plan future Rust integration work. Implementation by Chelsea Komlo. Closes ticket 22840.
  • Major features (storage, configuration):
    • Users can store cached directory documents somewhere other than the DataDirectory by using the CacheDirectory option. Similarly, the storage location for relay’s keys can be overridden with the KeyDirectory option. Closes ticket 22703.
  • Major features (v3 onion services, ipv6):
    • When v3 onion service clients send introduce cells, they now include the IPv6 address of the rendezvous point, if it has one. Current v3 onion services running 0.3.2 ignore IPv6 addresses, but in future Tor versions, IPv6-only v3 single onion services will be able to use IPv6 addresses to connect directly to the rendezvous point. Closes ticket 23577. Patch by Neel Chauhan.
  • Major bugfixes (onion services, retry behavior):
    • Fix an “off by 2” error in counting rendezvous failures on the onion service side. While we thought we would stop the rendezvous attempt after one failed circuit, we were actually making three circuit attempts before giving up. Now switch to a default of 2, and allow the consensus parameter “hs_service_max_rdv_failures” to override. Fixes bug 24895; bugfix on 0.0.6.
    • New-style (v3) onion services now obey the “max rendezvous circuit attempts” logic. Previously they would make as many rendezvous circuit attempts as they could fit in the MAX_REND_TIMEOUT second window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
  • Major bugfixes (relays):
    • Fix a set of false positives where relays would consider connections to other relays as being client-only connections (and thus e.g. deserving different link padding schemes) if those relays fell out of the consensus briefly. Now we look only at the initial handshake and whether the connection authenticated as a relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
  • Minor feature (IPv6):
    • Make IPv6-only clients wait for microdescs for relays, even if we were previously using descriptors (or were using them as a bridge) and have a cached descriptor for them. Implements 23827.
    • When a consensus has IPv6 ORPorts, make IPv6-only clients use them, rather than waiting to download microdescriptors. Implements 23827.
  • Minor features (cleanup):
    • Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile when it stops. Closes ticket 23271.
  • Minor features (defensive programming):
    • Most of the functions in Tor that free objects have been replaced with macros that free the objects and set the corresponding pointers to NULL. This change should help prevent a large class of dangling pointer bugs. Closes ticket 24337.
    • Where possible, the tor_free() macro now only evaluates its input once. Part of ticket 24337.
    • Check that microdesc ed25519 ids are non-zero in node_get_ed25519_id() before returning them. Implements 24001, patch by “aruna1234”.
  • Minor features (directory authority):
    • Make the “Exit” flag assignment only depend on whether the exit policy allows connections to ports 80 and 443. Previously relays would get the Exit flag if they allowed connections to one of these ports and also port 6667. Resolves ticket 23637.
  • Minor features (embedding):
    • Tor can now start with a preauthenticated control connection created by the process that launched it. This feature is meant for use by programs that want to launch and manage a Tor process without allowing other programs to manage it as well. For more information, see the __OwningControllerFD option documented in control-spec.txt. Closes ticket 23900.
    • On most errors that would cause Tor to exit, it now tries to return from the tor_main() function, rather than calling the system exit() function. Most users won’t notice a difference here, but it should make a significant for programs that run Tor inside a separate thread: they should now be able to survive Tor’s exit conditions rather than having Tor shut down the entire process. Closes ticket 23848.
    • Applications that want to embed Tor can now tell Tor not to register any of its own POSIX signal handlers, using the __DisableSignalHandlers option. Closes ticket 24588.
  • Minor features (fallback directory list):
    • Avoid selecting fallbacks that change their IP addresses too often. Select more fallbacks by ignoring the Guard flag, and allowing lower cutoffs for the Running and V2Dir flags. Also allow a lower bandwidth, and a higher number of fallbacks per operator (5% of the list). Implements ticket 24785.
    • Update the fallback whitelist and blacklist based on opt-ins and relay changes. Closes tickets 22321, 24678, 22527, 24135, and 24695.
  • Minor features (fallback directory mirror configuration):
    • Add a nickname to each fallback in a C comment. This makes it easier for operators to find their relays, and allows stem to use nicknames to identify fallbacks. Implements ticket 24600.
    • Add a type and version header to the fallback directory mirror file. Also add a delimiter to the end of each fallback entry. This helps external parsers like stem and Relay Search. Implements ticket 24725.
    • Add an extrainfo cache flag for each fallback in a C comment. This allows stem to use fallbacks to fetch extra-info documents, rather than using authorities. Implements ticket 22759.
    • Add the generateFallbackDirLine.py script for automatically generating fallback directory mirror lines from relay fingerprints. No more typos! Add the lookupFallbackDirContact.py script for automatically looking up operator contact info from relay fingerprints. Implements ticket 24706, patch by teor and atagar.
    • Reject any fallback directory mirror that serves an expired consensus. Implements ticket 20942, patch by “minik”.
    • Remove commas and equals signs from external string inputs to the fallback list. This avoids format confusion attacks. Implements ticket 24726.
    • Remove the “weight=10” line from fallback directory mirror entries. Ticket 24681 will maintain the current fallback weights by changing Tor’s default fallback weight to 10. Implements ticket 24679.
    • Stop logging excessive information about fallback netblocks. Implements ticket 24791.
  • Minor features (forward-compatibility):
    • If a relay supports some link authentication protocol that we do not recognize, then include that relay’s ed25519 key when telling other relays to extend to it. Previously, we treated future versions as if they were too old to support ed25519 link authentication. Closes ticket 20895.
  • Minor features (heartbeat):
    • Add onion service information to our heartbeat logs, displaying stats about the activity of configured onion services. Closes ticket 24896.
  • Minor features (instrumentation, development):
    • Add the MainloopStats option to allow developers to get instrumentation information from the main event loop via the heartbeat messages. We hope to use this to improve Tor’s behavior when it’s trying to sleep. Closes ticket 24605.
  • Minor features (log messages):
    • Improve a warning message that happens when we fail to re-parse an old router because of an expired certificate. Closes ticket 20020.
    • Make the log more quantitative when we hit MaxMemInQueues threshold exposing some values. Closes ticket 24501.
  • Minor features (logging, android):
    • Added support for the Android logging subsystem. Closes ticket 24362.
  • Minor features (performance):
    • Support predictive circuit building for onion service circuits with multiple layers of guards. Closes ticket 23101.
    • Use stdatomic.h where available, rather than mutexes, to implement atomic_counter_t. Closes ticket 23953.
  • Minor features (performance, 32-bit):
    • Improve performance on 32-bit systems by avoiding 64-bit division when calculating the timestamp in milliseconds for channel padding computations. Implements ticket 24613.
    • Improve performance on 32-bit systems by avoiding 64-bit division when timestamping cells and buffer chunks for OOM calculations. Implements ticket 24374.
  • Minor features (performance, OSX, iOS):
    • Use the mach_approximate_time() function (when available) to implement coarse monotonic time. Having a coarse time function should avoid a large number of system calls, and improve performance slightly, especially under load. Closes ticket 24427.
  • Minor features (performance, windows):
    • Improve performance on Windows Vista and Windows 7 by adjusting TCP send window size according to the recommendation from SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch from Vort.
  • Minor features (relay):
    • Implement an option, ReducedExitPolicy, to allow an Tor exit relay operator to use a more reasonable (“reduced”) exit policy, rather than the default one. If you want to run an exit node without thinking too hard about which ports to allow, this one is for you. Closes ticket 13605. Patch from Neel Chauhan.
  • Minor features (testing, debugging, embedding):
    • For development purposes, Tor now has a mode in which it runs for a few seconds, then stops, and starts again without exiting the process. This mode is meant to help us debug various issues with ticket 23847. To use this feature, compile with –enable-restart-debugging, and set the TOR_DEBUG_RESTART environment variable. This is expected to crash a lot, and is really meant for developers only. It will likely be removed in a future release. Implements ticket 24583.
  • Minor bugfix (network IPv6 test):
    • Tor’s test scripts now check if “ping -6 ::1” works when the user runs “make test-network-all”. Fixes bug 24677; bugfix on 0.2.9.3-alpha. Patch by “ffmancera”.
  • Minor bugfixes (build, rust):
    • Fix output of autoconf checks to display success messages for Rust dependencies and a suitable rustc compiler version. Fixes bug 24612; bugfix on 0.3.1.3-alpha.
    • When building with Rust on OSX, link against libresolv, to work around the issue at https://github.com/rust-lang/rust/issues/46797. Fixes bug 24652; bugfix on 0.3.1.1-alpha.
    • Don’t pass the –quiet option to cargo: it seems to suppress some errors, which is not what we want to do when building. Fixes bug 24518; bugfix on 0.3.1.7.
    • Build correctly when building from outside Tor’s source tree with the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix on 0.3.1.7.
  • Minor bugfixes (directory authorities, IPv6):
    • When creating a routerstatus (vote) from a routerinfo (descriptor), set the IPv6 address to the unspecified IPv6 address, and explicitly initialize the port to zero. Fixes bug 24488; bugfix on 0.2.4.1-alpha.
  • Minor bugfixes (fallback directory mirrors):
    • Make updateFallbackDirs.py search harder for python. (Some OSs don’t put it in /usr/bin.) Fixes bug 24708; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (hibernation, bandwidth accounting, shutdown):
    • When hibernating, close connections normally and allow them to flush. Fixes bug 23571; bugfix on 0.2.4.7-alpha. Also fixes bug 7267.
    • Do not attempt to launch self-reachability tests when entering hibernation. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
    • Resolve several bugs related to descriptor fetching on bridge clients with bandwidth accounting enabled. (This combination is not recommended!) Fixes a case of bug 12062; bugfix on 0.2.0.3-alpha.
    • When hibernating, do not attempt to launch DNS checks. Fixes a case of bug 12062; bugfix on 0.1.2.2-alpha.
    • When hibernating, do not try to upload or download descriptors. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
  • Minor bugfixes (IPv6, bridges):
    • Tor now always sets IPv6 preferences for bridges. Fixes bug 24573; bugfix on 0.2.8.2-alpha.
    • Tor now sets IPv6 address in the routerstatus as well as in the router descriptors when updating addresses for a bridge. Closes ticket 24572; bugfix on 0.2.4.5-alpha. Patch by “ffmancera”.
  • Minor bugfixes (linux seccomp2 sandbox):
    • When running with the sandbox enabled, reload configuration files correctly even when %include was used. Previously we would crash. Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.
  • Minor bugfixes (memory leaks):
    • Avoid possible at-exit memory leaks related to use of Libevent’s event_base_once() function. (This function tends to leak memory if the event_base is closed before the event fires.) Fixes bug 24584; bugfix on 0.2.8.1-alpha.
    • Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix on 0.2.1.1-alpha.
  • Minor bugfixes (OSX):
    • Don’t exit the Tor process if setrlimit() fails to change the file limit (which can happen sometimes on some versions of OSX). Fixes bug 21074; bugfix on 0.0.9pre5.
  • Minor bugfixes (performance, fragile-hardening):
    • Improve the performance of our consensus-diff application code when Tor is built with the –enable-fragile-hardening option set. Fixes bug 24826; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (performance, timeouts):
    • Consider circuits for timeout as soon as they complete a hop. This is more accurate than applying the timeout in circuit_expire_building() because that function is only called once per second, which is now too slow for typical timeouts on the current network. Fixes bug 23114; bugfix on 0.2.2.2-alpha.
    • Use onion service circuits (and other circuits longer than 3 hops) to calculate a circuit build timeout. Previously, Tor only calculated its build timeout based on circuits that planned to be exactly 3 hops long. With this change, we include measurements from all circuits at the point where they complete their third hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.
  • Minor bugfixes (testing):
    • Give out Exit flags in bootstrapping networks. Fixes bug 24137; bugfix on 0.2.3.1-alpha.
    • Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug 25005; bugfix on 0.3.2.7-rc.
  • Code simplification and refactoring:
    • Remove /usr/athena from search path in configure.ac. Closes ticket 24363.
    • Remove duplicate code in node_has_curve25519_onion_key() and node_get_curve25519_onion_key(), and add a check for a zero microdesc curve25519 onion key. Closes ticket 23966, patch by “aruna1234” and teor.
    • Rewrite channel_rsa_id_group_set_badness to reduce temporary memory allocations with large numbers of OR connections (e.g. relays). Closes ticket 24119.
    • Separate the function that deletes ephemeral files when Tor stops gracefully.
    • Small changes to Tor’s buf_t API to make it suitable for use as a general-purpose safe string constructor. Closes ticket 22342.
    • Switch -Wnormalized=id to -Wnormalized=nfkc in configure.ac to avoid source code identifier confusion. Closes ticket 24467.
    • The tor_git_revision[] constant no longer needs to be redeclared by everything that links against the rest of Tor. Done as part of ticket 23845, to simplify our external API.
    • We make extend_info_from_node() use node_get_curve25519_onion_key() introduced in ticket 23577 to access the curve25519 public keys rather than accessing it directly. Closes ticket 23760. Patch by Neel Chauhan.
    • Add a function to log channels’ scheduler state changes to aid debugging efforts. Closes ticket 24531.
  • Documentation:
    • Add documentation on how to build tor with Rust dependencies without having to be online. Closes ticket 22907; bugfix on 0.3.0.3-alpha.
    • Clarify the behavior of RelayBandwidth{Rate,Burst} with client traffic. Closes ticket 24318.
    • Document that OutboundBindAddress doesn’t apply to DNS requests. Closes ticket 22145. Patch from Aruna Maurya.
    • Document that operators who run more than one relay or bridge are expected to set MyFamily and ContactInfo correctly. Closes ticket 24526.
  • Code simplification and refactoring (channels):
    • Remove the incoming and outgoing channel queues. These were never used, but still took up a step in our fast path.
    • The majority of the channel unit tests have been rewritten and the code coverage has now been raised to 83.6% for channel.c. Closes ticket 23709.
    • Remove other dead code from the channel subsystem: All together, this cleanup has removed more than 1500 lines of code overall and adding very little except for unit test.
  • Code simplification and refactoring (circuit rendezvous):
    • Split the client-size rendezvous circuit lookup into two functions: one that returns only established circuits and another that returns all kinds of circuits. Closes ticket 23459.
  • Code simplification and refactoring (controller):
    • Make most of the variables in networkstatus_getinfo_by_purpose() const. Implements ticket 24489.

 

原文:https://blog.torproject.org/tor-0331-alpha-released-back-unstable-development

搬瓦工官方一键搭建Shadowsocks图文教程并开启Google BB加速, 让手机电脑全翻墙(赠送优惠码)

搬瓦工VPS官方网站是英文的,很多朋友看到后一脸懵逼不知道该怎么做。为此站长就专门写了本篇新手用户购买图文教程,帮助大家更加容易的购买搬瓦工VPS。

注意:购买之前,我们需要提前准备好支付宝,后面需要使用支付宝进行付款。

这个教程小编前前后后共修改了十几次,只要各位朋友按照教程一步一步来,那么就绝对没问题的。

第一步、选择需要的VPS方案

首先在这里:  搬瓦工最新特价套餐列表 中挑选自己需要的内存、流量和硬盘方案,然后点击底下直达方案通道链接 前往购买!

在下面的6个VPS方案中,选择自己需要的内存、流量和硬盘方案,且需要点击底下直达方案通道才可以购买,因为这样新注册/登录账户的时候无需输入验证码信息(否则验证码会被墙)。 另外如果出现 out of stock 这样的提示,那就是这个方案卖空了,如果碰到某个方案已经卖空的情况, 请先暂时选择其他方案, 后面还可以再变更方案的. 

推荐年49.99方案(KVM架构6机房)

  • 内存:1024MB
  • 硬盘:20GB SSD
  • 流量:1000GB/月
  • 价格:$4.99/月(年$49.99)

直达方案通道(KVM架构6机房)

年付19.99方案(洛杉矶)

  • 内存:512MB
  • 硬盘:10GB SSD
  • 流量:1000GB/月
  • 价格:$19.99/年

直达方案通道(洛杉矶)

年付39.99方案(洛杉矶)

  • 内存:1024MB
  • 硬盘:20GB SSD
  • 流量:2000GB/月
  • 价格:$39.99/年

直达方案通道(洛杉矶)

年19.99方案(佛利蒙)

  • 内存:512MB
  • 硬盘:10GB SSD
  • 流量:1000GB/月
  • 价格:$19.99/年

直达方案通道(佛利蒙)

年49.99方案(佛利蒙)

  • 内存:1024MB
  • 硬盘:20GB SSD
  • 流量:2000GB/月
  • 价格:$49.99/年

直达方案通道(佛利蒙)

年付19.99方案(8机房)

  • 内存:512MB
  • 硬盘:10GB SSD
  • 流量:500GB/月
  • 价格:$19.99/年

直达方案通道(8机房优选)

年49.99方案(8机房)

  • 内存:1024MB
  • 硬盘:20GB SSD
  • 流量:1000GB/月
  • 价格:$4.99/月(年$49)

直达方案通道(8机房优选)

月9.99方案(8机房)

  • 内存:2048MB
  • 硬盘:40GB SSD
  • 流量:2000GB/月
  • 价格:$9.99/月(年$99)

直达方案通道(8机房优选)

年18.99方案(凤凰城)

  • 内存:1024MB
  • 硬盘:20GB SSD
  • 流量:2000GB/月
  • 价格:$18.99/年

直达方案通道(凤凰城)

提醒: 即便我们购买低配置方案之后,以后也可以升级到其他方案的, 反之也可以降级到更低方案。

第二步、选择付款周期和机房位置

点击直达链接后,我们会跳转到下图所示的界面。根据图中指示,我们首先选择付款周期,月付、季付、半年付及年付均可,推荐年付更划算,然后选择机房位置为 US – Los Angeles DC QNET ,最后点击 Add to Cart 按钮继续。

关于上面的机房位置。有 US – Los Angeles DC QNET 选项的请选择这个,没有的默认即可。

第三步、核对价格和填写优惠码

点击 Add to Cart 按钮后,我们会跳转到下图所示界面。根据图中指示,我们首先输入下面的最新优惠码,然后点击 Validate Code 按钮验证优惠码,最后点击 Checkout 按钮继续。

搬瓦工最新可用优惠码:当前我们可以使用优惠码  BWH1ZBPVK   节省6%的费用

第四步、登录或者注册搬瓦工账户

点击 Checkout 按钮后,我们会跳转到下图所示界面。根据图中数字指示按顺序填写,我们首先填写个人信息,(已经有账户的直接点击 Click here to login 按钮登录, )  填写完毕后点击 Update 更新,然后选择Alipay付款方式,然后在 I have read and agree the Terms of Service 前面打钩,最后点击 Complete Order 按钮继续。

注意:国家请务必选择China,不要乱选择,这样可以避免以后被暂停服务。

第五步、使用支付宝付款

点击 Complete Order 按钮后,我们会跳转到下图所示界面。根据图中指示,我们点击 Pay now 按钮继续。

点击 Pay now 按钮后,我们会跳转到下图所示界面。根据下图指示,我们使用手机支付宝扫码付款或者电脑登录支付宝进行付款。

付款完成后稍等三分钟左右,我们登录搬瓦工(登录地址)点击下图
右上角【Client Area】按钮,如下图:

跳转到登录界面,输入电子邮箱地址和密码(刚才注册时输入的密码),点击【Login】按钮,如下图:

,然后我们按照下图指示,就可以看到我们购买的产品,同时我们也可以登录控制面板使用。

点击 KiwiVM Control Panel 按钮后我们会跳转到下图所示界面,  首先注意这里第三行写着IP address: XX.XX.XX.XX ,这个XX.XX.XX.XX就是你的VPS的IP地址,最好拿笔记录下来,等会儿教程最后进行翻墙连接要用到。然后根据图中指示,我们点击 stop 按钮停止服务器。

点击 stop 按钮停止服务器后,根据下图图中指示,我们首先点击左侧的 Install new OS ,然后再选择 centos-6-x86_64-bbr ,接着打钩同意 I agree that all existing data on my VPS will be lost,最后点击 Reload 按钮重装系统为CentOS6 64位。

第三步、安装5had0ws0cks

点击 Reload 按钮后我们耐心等待三分钟等候系统重装完毕。根据下图图中指示,我们首先点击 5had0ws0cksR Server,然后点击 Install 5had0ws0cksR Server 按钮继续。

点击 Install 5had0ws0cksR Server 按钮后系统会自动安装5had0ws0cksR。根据下图图中指示,我们点击 Go back 按钮继续。

点击 Go back 按钮后我们会跳转到下图所示界面。根据图中指示,我们需要将加密方式、连接端口、连接密码保存到记事本或者其他方便找到的地方,如果还没有手机/电脑客户端的也可以点击下面的链接下载 。

通常情况下现在并不能连接成功。根据下图图中指示,我们首先停止服务,然后再启动服务,此时就可以连接成功了。



也可以去这里下载客户端  Shadowsocks (SS)电脑客户端 -Windows、Mac OS X  :

Windows、Mac OS X  :

https://sourceforge.net/projects/shadowsocksgui/files/dist/

(小提醒:打开后, Windows xp和 7用户下载Shadowsocks-win-x.x.x.zip,Windows 8用户下载Shadowsocks-win-dotnet4.0-x.x.x.zip )

更多其他客户端(苹果/安卓手机/linux )请到这里下载 

https://shadowsocks.org/en/download/clients.html
没有越狱的苹果手机要番墙请先按照上面教程自己搭建好节点, 然后在电脑上下载一个PP助手,用数据线将手机连接到电脑上,然后就可以将PP助手装在手机上啦。手机上的PP助手装好以后就直接打开,搜索并下载安装Shadowrocket ,,安装完毕后 然后填上上面教程中自己搭建的节点等信息后就可以翻墙了。具体的步骤可参照这个教程:http://archive.is/P4pFF

下面以windows系统为例,大家可以举一反三。
首先下载客户端解压缩,鼠标双击运行shadowsocks.exe

1 双击打开后如下填写SS服务器的信息,
服务器 IP:就是上面开头记录你的VPS 的IP地址 ;
服务器端口:即为上面记录的SS连接的端口 ;
密码:即为上面记录的SS连接的密码 ;
加密:aes-256-cfb ;
代理端口:1080 ;
备注:随便写

点击确定

​在电脑右下角任务栏找到ss图标,右键点击,点击启用系统代理,可以了,试试上google吧

到这里 恭喜你大功告成了, 

为了防止账户到期忘记续费被删除数据带来损失,我们可以提前给搬瓦工账户充值,这样到期需要续费的时候会自动从账户余额扣款。
充值方法是只需要点击Biling菜单(如下图所示),点击Add funds即可,接下来在Amount to Add 那一栏可以任意输入充值金额,10美元–500美元之间,接下来Payment Method (充值方式) 一栏选择使用Alipay (支付宝 ,如下图) 或者paypal或信用卡充值均可,最后点击最底下的Add Funds按钮进行充值操即可。

希望想搭建的朋友可以通过我的教程搭建起来, 请大家 帮忙转发相关穿墙技术让更多人看到外面的世界,星星之火可以燎原。

有碰到问题的网友可以在底下留言,我会尽全力帮助大家,让墙内的网友都能呼吸到自由的互联网空气

 

原文:http://program-thinker.blogspot.com/2014/12/bandwagonhost-SS-Shadowsocks.html

目前找到的三个SSR改版,更新PAC等可以使用

1.接盘的SSRR 来自Akkariiin
https://github.com/shadowsocksrr/shadowsocksr-csharp/releases
修改内容:
1.添加 auth_chain_c auth_chain_d 支持
2.修复PAC更新

2.SSR魔改版 来自Azure99
https://github.com/Azure99/ShadowSocksRCsM/releases
修改内容:
1.增加测试当前网络状态是否正常(通过代理)
2.部分人性化设置
3.修复PAC更新

3.SSR修复版 来自Readour
https://github.com/Readour/ShadowsocksR-Csharp/releases
修改内容:
1.调小右侧logo
2.修复PAC更新

原文:https://plus.google.com/u/0/116188780692588660963?cfem=1

Tor Browser 8.0a1 is released

Tor Browser 8.0a1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 8.0a1 is the first alpha release in the 8.0 series. Apart from the usual Firefox security updates we have included the new stable Tor, 0.3.2.9, and updated Torbutton and Tor Launcher to the same version shipped in Tor Browser 7.5.

We added a new MAR signing key following our plan to yearly rotate one of our update signing keys and included a patch contributed by ffmancera (thanks!) dealing with possible fingerprinting by checking video decoding performance: before Tor Browser 8.0a1 users were getting videos in a different format depending on the performance of the decoding.

On the build side it is noteworthy that starting with this alpha release all bundles are built on some Debian version. If you notice some issues on Windows (those bundles were previously built on Ubuntu Precise), let us know.

The full changelog since Tor Browser 7.5a10 is:

  • All Platforms
    • Update Firefox to 52.6.0esr
    • Update Tor to 0.3.2.9
    • Update Torbutton to 1.9.8.5
      • Bug 21245: Add da translation to Torbutton and keep track of it
      • Bug 24702: Remove Mozilla text from banner
      • Translations update
    • Update Tor Launcher to 0.2.14.3
      • Translations update
    • Update HTTPS Everywhere to 2018.1.11
    • Bug 24756: Add noisebridge01 obfs4 bridge configuration
    • Bug 23916: Add new MAR signing key
    • Bug 22548: Firefox downgrades VP9 videos to VP8 for some users
  • Windows
    • Bug 24197: Fix win64 sandbox compile issues
  • Build System
    • Windows
      • Bug 18691: switch Windows builds from precise to jessie
    • Linux
      • Bug 23892: Include Firefox and Tor debug files in final build directory
      • Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds

原文:https://blog.torproject.org/tor-browser-80a1-released

Tor Browser 7.5 is released

Tor Browser 7.5 is released

by boklm | January 23, 2018

The Tor Browser Team is proud to announce the first stable release in the 7.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Apart from the usual Firefox security updates it contains some notable improvements compared to the 7.0 series. Here are the highlights:

  1. We redesigned parts of the Tor Browser user interface. One of the major improvements for our users is our new Tor Launcher experience. This work is based on the findings published at ‘A Usability Evaluation of Tor Launcher’, a paper done by Linda Lee et al. At our work we iterated on the redesign proposed by the research, improving it even further. Here are the main changes we would like to highlight:

    Welcome Screen

    Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a ‘brand refresh’ bringing our logo to the launcher.

    Censorship circumvention configuration

    This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.

    Proxy help information

    The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.

    As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users’ experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.

  2. We ship the first release in Tor’s 0.3.2 series, 0.3.2.9. This release includes support for the Next Generation of Onion Services.
  3. On the security side we enabled content sandboxing on Windows and fixed remaining issues on Linux that prevented printing to file from working properly. Additionally, we improved the compiler hardening on macOS and fixed holes in the W^X mitigation on Windows.
  4. We finally moved away from Gitian/tor-browser-bundle as the base of our reproducible builds environment. Over the past weeks and months rbm/tor-browser-build got developed making it much easier to reproduce Tor Browser builds and to add reproducible builds for new platforms and architectures. This will allow us to ship 64bit bundles for Windows (currently in the alpha series available) and bundles for Android at the same day as the release for the current platforms/architectures is getting out.

The full changelog since Tor Browser 7.0.11 is:

  • All Platforms
    • Update Firefox to 52.6.0esr
    • Update Tor to 0.3.2.9
    • Update OpenSSL to 1.0.2n
    • Update Torbutton to 1.9.8.5
      • Bug 21847: Update copy for security slider
      • Bug 21245: Add da translation to Torbutton and keep track of it
      • Bug 24702: Remove Mozilla text from banner
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update Tor Launcher to 0.2.14.3
      • Bug 23262: Implement integrated progress bar
      • Bug 23261: implement configuration portion of new Tor Launcher UI
      • Bug 24623: Revise “country that censors Tor” text
      • Bug 24624: tbb-logo.svg may cause network access
      • Bug 23240: Retrieve current bootstrap progress before showing progress bar
      • Bug 24428: Bootstrap error message sometimes lost
      • Bug 22232: Add README on use of bootstrap status messages
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update HTTPS Everywhere to 2018.1.11
    • Update NoScript to 5.1.8.3
    • Bug 23104: CSS line-height reveals the platform Tor Browser is running on
    • Bug 24398: Plugin-container process exhausts memory
    • Bug 22501: Requests via javascript: violate FPI
    • Bug 24756: Add noisebridge01 obfs4 bridge configuration
  • Windows
    • Bug 16010: Enable content sandboxing on Windows
    • Bug 23230: Fix build error on Windows 64
  • OS X
    • Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
    • Bug 23025: Add some hardening flags to macOS build
  • Linux
    • Bug 23970: Make “Print to File” work with sandboxing enabled
    • Bug 23016: “Print to File” is broken on some non-english Linux systems
    • Bug 10089: Set middlemouse.contentLoadURL to false by default
    • Bug 18101: Suppress upload file dialog proxy bypass (linux part)
  • Android
  • Build System
    • All Platforms
      • Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
    • Windows
    • Linux
      • Bug 20929: Bump GCC version to 5.4.0
      • Bug 23892: Include Firefox and Tor debug files in final build directory
      • Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds

原文:https://blog.torproject.org/tor-browser-75-released

vpngate-build-9656

VPN Gate Client 下载 (Windows, 免费软件)

安装带有 SoftEther VPN Client 的 VPN Gate Client 插件。它可用简单的配置连接到 VPN Gate 的一个公共 VPN 中继服务器,VPN 通信的吞吐量比使用 L2TP、OpenVPN 或 SSTP 要高。OpenVPN or SSTP.二进制文件有赛门铁克的副署签名。

你很幸运,你可以下载 VPN 客户端程序。有些国家,例如像中东,阻止下载的网址。
该 VPN 客户端程序是免费的。您可以分发。请上传你的国家的网站上,以帮助你周围的人。
使用国内的上传网站。我们爱互联网用户在你的国家。我们想帮助他们。

  • 如何安装和使用
  • 可发布的文件
    本软件是免费的。您可以复制或分发已下载的文件。你可以把它上传到其他网站。如果你们政府的防火墙处于未知原因的故障, http://www.vpngate.net 网站不能从你的国家轻松访问,在你们国家的网站上发布 VPN Gate 程序文件,以帮助你身边的其他用户。
  • 注意
    如果可能的话,使用最新版本。有一天,如果贵国政府的防火墙导致未知错误,且 VPN Gate Client 软件有问题,更新 VPN Gate 到最新版本。如果在未来贵国政府的防火墙由于故障 http://www.vpngate.net 网站变得无法访问,建议记住 镜像站点 URL 列表。VPN Gate Client 插件包含 VPN Gate 服务。默认禁用。你可以手动激活它。
  • About Anti-Virus software
    This program uses the network functions of the operating system because this is VPN software.
    Some anti-virus software or firewalls warn that such behavior might be dangerous.
    If your anti-virus disturbs the VPN function, add the VPN program file or the installer to the exception list.
SoftEther VPN Server 下载 (免费软件)

SoftEther VPN 是在日本筑波大学开发的免费软件。高性能 VPN 兼容多种终端设备。支持 Windows、Mac、智能手机、平板电脑 (iPhone、iPad、安卓、Windows RT) 和思科或其他 VPN 路由器。SoftEther VPN 还支持 OpenVPN 和 MS-SSTP VPN 客户端。有关详细信息,请访问 http://www.softether.org/

关于如何提供为您的计算机作为一个 VPN Gate 的 VPN 服务器的描述你可以安装 SoftEther VPN Server ,并激活 VPN Gate 服务使您的电脑主机主持一个 VPN 服务,作为 VPN Gate 学术实验的成员。

使用 Mac, iPhone / iPad 或安卓 ?
  • 你可以使用带操作系统插件 L2TP/IPsec VPN Client 的 L2TP/IPsec 来连接 VPN Gate。
    更多详细信息
  • 你可以使用 OpenVPN Client (由 OpenVPN 科技有限公司) 来连接 VPN Gate。
    更多详细信息

原文:http://www.vpngate.net/cn/download.aspx

十大代理方式在常见操作系统中的支持情况

√代表系统支持,×代表系统不支持

  Windows Mac OS X iOS Android Linux Router
Shadowsocks
ShadowsocksR
V2Ray
HTTPs/2 proxy
SSH Tunnel
Brook
GFW.Press
GoFlyway ×
PipeSocks ×
LightSword ×

以上系统iOS9+,Android4+,Router以OpenWRT系统为例。

iOS可以使用免费的Potatso Lite或者收费的Shadowrocket连接ss和ssr;win可以使用V2RayN,mac可以使用V2RayX,安卓可以使用V2RayNG,ios可以使用KitsunebiShadowrocketPepi连接V2Ray;HTTP/2 proxy和HTTPS代理在桌面系统上可以直接使用Google Chrome+Proxy SwitchyOmega设置HTTPS代理协议使用,iOS上可以使用免费的Potatso Lite,安卓上可以使用Drony设置https代理,在goproxy项目停止后使用Caddy搭建http2 proxy成为了一个不错的选择;ssh代理在安卓上可以使用PosternKi4a – SSH Tunnel,在ios有个SSH Tunnel;大杀器官方ios客户端需要越狱,在不越狱的情况下ShadowrocketNetShuttle支持GFW.Press;iOS上Shadowrocket和level.4可以连接LightSword。

这里主要列举了,目前在翻墙代理中应用较多的10种代理方式,除了这十大代理方式还存在很多代理方式可以用来翻墙,比如gostGSnovaGoGoTunneluProxyhttpproxyGo HTTP tunnelChisel等。

原文:https://www.igfw.net/archives/13537

十大VPN类型在常见操作系统中的支持情况

√代表系统自带支持,〇代表系统安装程序后支持,×代表系统尚不支持

  Windows Mac OS X iOS Android Linux Router
PPTP 〇① 〇②
L2TP/IPsec
SSTP 〇③ × 〇④
IKEv2 〇⑤
IPSec 〇⑥
OpenVPN
SoftEther × 〇⑦
WireGuard ×⑧ × 〇⑨
AnyConnect
Tinc 〇⑩

Windows以Windows7和10为例,Mac OS X和iOS均指最新系统,Router以OpenWRT系统为例。

注:①新版Mac OS X移除了对PPTP的支持,可以使用收费应用Shimo解决;②新版iOS移除了对PPTP的支持,网络上有越狱后恢复PPTP支持的方法;③Mac OS X可以使用Easy SSTPsstp-client连接SSTP;④安卓可以使用收费应用SSTP VPN Client连接SSTP;⑤安卓可以安装strongSwan VPN Client连接IKEv2;⑥Windows可以安装Shrew Soft VPN、Cisco VPN client连接Cisco IPSec VPN;⑦需要root后编译;⑧WireGuard对windows系统的支持尚在计划开发中,⑨WireGuard对安卓的支持尚在试验开发阶段,需要rom支持,未来会提供对安卓的全面支持;⑩需要越狱后安装Tinc

这里主要列举了,目前在翻墙代理中应用较多的10种类型的VPN连接方式,除了这十大VPN类型还存在很多VPN类型,比如ZeroTierSigmaVPNIPOP VPNHamachiQuickTunGoVPNsshuttlekytan、StealthVPN(加强版OpenVPN)等。

原文:https://www.igfw.net/archives/13535

Tor 0.3.2.9 is released: We have a new stable series!

After months of hard work, there’s a new stable Tor release series available!  If you build Tor from source, you can now download the source code for Tor 0.3.2.9 from the usual place on the website. Packages should become available over the coming days, including (we hope) a Tor Browser release before the end of the month.

Tor 0.3.2.9 is the first stable release in the 0.3.2 series.

The 0.3.2 series includes our long-anticipated new onion service design, with numerous security features. (For more information, see our blog post at https://blog.torproject.org/fall-harvest.) We also have a new circuit scheduler algorithm for improved performance on relays everywhere (see https://blog.torproject.org/kist-and-tell), along with many smaller features and bugfixes.

Per our stable release policy, we plan to support each stable release series for at least the next nine months, or for three months after the first stable release of the next series: whichever is longer. If you need a release with long-term support, we recommend that you stay with the 0.2.9 series.

Below is a list of the changes since 0.3.1.7. For a list of all changes since 0.3.2.8-rc, see the ChangeLog file.

Changes In Version 0.3.2.9 – 2018-01-09

  • Directory authority changes:
    • Add “Bastet” as a ninth directory authority to the default list. Closes ticket 23910.
    • The directory authority “Longclaw” has changed its IP address. Closes ticket 23592.
    • Remove longclaw’s IPv6 address, as it will soon change. Authority IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves 3/8 directory authorities with IPv6 addresses, but there are also 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
    • Add an IPv6 address for the “bastet” directory authority. Closes ticket 24394.
  • Major features (next-generation onion services):
    • Tor now supports the next-generation onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services (“v3”) features many improvements over the legacy system, including:

      a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)

      b) Improved directory protocol, leaking much less information to directory servers.

      c) Improved directory protocol, with smaller surface for targeted attacks.

      d) Better onion address security against impersonation.

      e) More extensible introduction/rendezvous protocol.

      f) A cleaner and more modular codebase.

      You can identify a next-generation onion address by its length: they are 56 characters long, as in “4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion”.

      In the future, we will release more options and features for v3 onion services, but we first need a testing period, so that the current codebase matures and becomes more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see proposal 224.

      Legacy (“v2”) onion services will still work for the foreseeable future, and will remain the default until this new codebase gets tested and hardened. Service operators who want to experiment with the new system can use the ‘HiddenServiceVersion 3’ torrc directive along with the regular onion service configuration options. For more information, see our blog post at “https://blog.torproject.org/fall-harvest“. Enjoy!

  • Major feature (scheduler, channel):
    • Tor now uses new schedulers to decide which circuits should deliver cells first, in order to improve congestion at relays. The first type is called “KIST” (“Kernel Informed Socket Transport”), and is only available on Linux-like systems: it uses feedback from the kernel to prevent the kernel’s TCP buffers from growing too full. The second new scheduler type is called “KISTLite”: it behaves the same as KIST, but runs on systems without kernel support for inspecting TCP implementation details. The old scheduler is still available, under the name “Vanilla”. To change the default scheduler preference order, use the new “Schedulers” option. (The default preference order is “KIST,KISTLite,Vanilla”.)

      Matt Traudt implemented KIST, based on research by Rob Jansen, John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For more information, see the design paper at http://www.robgjansen.com/publications/kist-sec2014.pdf and the followup implementation paper at https://arxiv.org/abs/1709.01044. Closes ticket 12541. For more information, see our blog post at “https://blog.torproject.org/kist-and-tell“.

  • Major bugfixes (security, general):
    • Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (Tor instances run without a terminal, which is the case for most Tor packages, are not impacted.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
  • Major bugfixes (security, directory authority):
    • Fix a denial of service issue where an attacker could crash a directory authority using a malformed router descriptor. Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 and CVE-2017-8820.
  • Major bugfixes (security, onion service v2):
    • Fix a use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
    • When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, correctly detect replays in the RSA- encrypted part of the cell. We were previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor’s legacy hybrid encryption. This fix helps prevent a traffic confirmation attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 and CVE-2017-8819.
  • Major bugfixes (security, relay):
    • When running as a relay, make sure that we never build a path through ourselves, even in the case where we have somehow lost the version of our descriptor appearing in the consensus. Fixes part of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
    • When running as a relay, make sure that we never choose ourselves as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  • Major bugfixes (bootstrapping):
    • Fetch descriptors aggressively whenever we lack enough to build circuits, regardless of how many descriptors we are missing. Previously, we would delay launching the fetch when we had fewer than 15 missing descriptors, even if some of those descriptors were blocking circuits from building. Fixes bug 23985; bugfix on 0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha, when we began treating missing descriptors from our primary guards as a reason to delay circuits.
    • Don’t try fetching microdescriptors from relays that have failed to deliver them in the past. Fixes bug 23817; bugfix on 0.3.0.1-alpha.
  • Major bugfixes (circuit prediction):
    • Fix circuit prediction logic so that a client doesn’t treat a port as being “handled” by a circuit if that circuit already has isolation settings on it. This change should make Tor clients more responsive by improving their chances of having a pre-created circuit ready for use when a request arrives. Fixes bug 18859; bugfix on 0.2.3.3-alpha.
  • Major bugfixes (exit relays, DNS):
    • Fix an issue causing DNS to fail on high-bandwidth exit nodes, making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for identifying and finding a workaround to this bug and to Moritz, Arthur Edelstein, and Roger for helping to track it down and analyze it.
  • Major bugfixes (relay, crash, assertion failure):
    • Fix a timing-based assertion failure that could occur when the circuit out-of-memory handler freed a connection’s output buffer. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
  • Major bugfixes (usability, control port):
    • Report trusted clock skew indications as bootstrap errors, so controllers can more easily alert users when their clocks are wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.
  • Minor features (bridge):
    • Bridge relays can now set the BridgeDistribution config option to add a “bridge-distribution-request” line to their bridge descriptor, which tells BridgeDB how they’d like their bridge address to be given out. (Note that as of Oct 2017, BridgeDB does not yet implement this feature.) As a side benefit, this feature provides a way to distinguish bridge descriptors from non-bridge descriptors. Implements tickets 18329.
    • When handling the USERADDR command on an ExtOrPort, warn when the transports provides a USERADDR with no port. In a future version, USERADDR commands of this format may be rejected. Detects problems related to ticket 23080.
  • Minor features (bug detection):
    • Log a warning message with a stack trace for any attempt to call get_options() during option validation. This pattern has caused subtle bugs in the past. Closes ticket 22281.
  • Minor features (build, compilation):
    • The “check-changes” feature is now part of the “make check” tests; we’ll use it to try to prevent misformed changes files from accumulating. Closes ticket 23564.
    • Tor builds should now fail if there are any mismatches between the C type representing a configuration variable and the C type the data-driven parser uses to store a value there. Previously, we needed to check these by hand, which sometimes led to mistakes. Closes ticket 23643.
  • Minor features (client):
    • You can now use Tor as a tunneled HTTP proxy: use the new HTTPTunnelPort option to open a port that accepts HTTP CONNECT requests. Closes ticket 22407.
    • Add an extra check to make sure that we always use the newer guard selection code for picking our guards. Closes ticket 22779.
    • When downloading (micro)descriptors, don’t split the list into multiple requests unless we want at least 32 descriptors. Previously, we split at 4, not 32, which led to significant overhead in HTTP request size and degradation in compression performance. Closes ticket 23220.
    • Improve log messages when missing descriptors for primary guards. Resolves ticket 23670.
  • Minor features (command line):
    • Add a new commandline option, –key-expiration, which prints when the current signing key is going to expire. Implements ticket 17639; patch by Isis Lovecruft.
  • Minor features (control port):
    • If an application tries to use the control port as an HTTP proxy, respond with a meaningful “This is the Tor control port” message, and log the event. Closes ticket 1667. Patch from Ravi Chandra Padmala.
    • Provide better error message for GETINFO desc/(id|name) when not fetching router descriptors. Closes ticket 5847. Patch by Kevin Butler.
    • Add GETINFO “{desc,md}/download-enabled”, to inform the controller whether Tor will try to download router descriptors and microdescriptors respectively. Closes ticket 22684.
    • Added new GETINFO targets “ip-to-country/{ipv4,ipv6}-available”, so controllers can tell whether the geoip databases are loaded. Closes ticket 23237.
    • Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth events. Closes ticket 19254. Patch by “DonnchaC”.
  • Minor features (development support):
    • Developers can now generate a call-graph for Tor using the “calltool” python program, which post-processes object dumps. It should work okay on many Linux and OSX platforms, and might work elsewhere too. To run it, install calltool from https://gitweb.torproject.org/user/nickm/calltool.git and run “make callgraph”. Closes ticket 19307.
  • Minor features (directory authority):
    • Make the “Exit” flag assignment only depend on whether the exit policy allows connections to ports 80 and 443. Previously relays would get the Exit flag if they allowed connections to one of these ports and also port 6667. Resolves ticket 23637.
  • Minor features (ed25519):
    • Add validation function to checks for torsion components in ed25519 public keys, used by prop224 client-side code. Closes ticket 22006. Math help by Ian Goldberg.
  • Minor features (exit relay, DNS):
    • Improve the clarity and safety of the log message from evdns when receiving an apparently spoofed DNS reply. Closes ticket 3056.
  • Minor features (fallback directory mirrors):
    • The fallback directory list has been re-generated based on the current status of the network. Tor uses fallback directories to bootstrap when it doesn’t yet have up-to-date directory information. Closes ticket 24801.
    • Make the default DirAuthorityFallbackRate 0.1, so that clients prefer to bootstrap from fallback directory mirrors. This is a follow-up to 24679, which removed weights from the default fallbacks. Implements ticket 24681.
  • Minor features (geoip):
    • Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2 Country database.
  • Minor features (integration, hardening):
    • Add a new NoExec option to prevent Tor from running other programs. When this option is set to 1, Tor will never try to run another program, regardless of the settings of PortForwardingHelper, ClientTransportPlugin, or ServerTransportPlugin. Once NoExec is set, it cannot be disabled without restarting Tor. Closes ticket 22976.
  • Minor features (linux seccomp2 sandbox):
    • Update the sandbox rules so that they should now work correctly with Glibc 2.26. Closes ticket 24315.
  • Minor features (logging):
    • Provide better warnings when the getrandom() syscall fails. Closes ticket 24500.
    • Downgrade a pair of log messages that could occur when an exit’s resolver gave us an unusual (but not forbidden) response. Closes ticket 24097.
    • Improve the message we log when re-enabling circuit build timeouts after having received a consensus. Closes ticket 20963.
    • Log more circuit information whenever we are about to try to package a relay cell on a circuit with a nonexistent n_chan. Attempt to diagnose ticket 8185.
    • Improve info-level log identification of particular circuits, to help with debugging. Closes ticket 23645.
    • Improve the warning message for specifying a relay by nickname. The previous message implied that nickname registration was still part of the Tor network design, which it isn’t. Closes ticket 20488.
    • If the sandbox filter fails to load, suggest to the user that their kernel might not support seccomp2. Closes ticket 23090.
  • Minor features (onion service, circuit, logging):
    • Improve logging of many callsite in the circuit subsystem to print the circuit identifier(s).
    • Log when we cleanup an intro point from a service so we know when and for what reason it happened. Closes ticket 23604.
  • Minor features (portability):
    • Tor now compiles correctly on arm64 with libseccomp-dev installed. (It doesn’t yet work with the sandbox enabled.) Closes ticket 24424.
    • Check at configure time whether uint8_t is the same type as unsigned char. Lots of existing code already makes this assumption, and there could be strict aliasing issues if the assumption is violated. Closes ticket 22410.
  • Minor features (relay):
    • When choosing which circuits can be expired as unused, consider circuits from clients even if those clients used regular CREATE cells to make them; and do not consider circuits from relays even if they were made with CREATE_FAST. Part of ticket 22805.
    • Reject attempts to use relative file paths when RunAsDaemon is set. Previously, Tor would accept these, but the directory- changing step of RunAsDaemon would give strange and/or confusing results. Closes ticket 22731.
  • Minor features (relay statistics):
    • Change relay bandwidth reporting stats interval from 4 hours to 24 hours in order to reduce the efficiency of guard discovery attacks. Fixes ticket 23856.
  • Minor features (reverted deprecations):
    • The ClientDNSRejectInternalAddresses flag can once again be set in non-testing Tor networks, so long as they do not use the default directory authorities. This change also removes the deprecation of this flag from 0.2.9.2-alpha. Closes ticket 21031.
  • Minor features (robustness):
    • Change several fatal assertions when flushing buffers into non- fatal assertions, to prevent any recurrence of 23690.
  • Minor features (startup, safety):
    • When configured to write a PID file, Tor now exits if it is unable to do so. Previously, it would warn and continue. Closes ticket 20119.
  • Minor features (static analysis):
    • The BUG() macro has been changed slightly so that Coverity no longer complains about dead code if the bug is impossible. Closes ticket 23054.
  • Minor features (testing):
    • Our fuzzing tests now test the encrypted portions of v3 onion service descriptors. Implements more of 21509.
    • Add a unit test to make sure that our own generated platform string will be accepted by directory authorities. Closes ticket 22109.
    • The default chutney network tests now include tests for the v3 onion service design. Make sure you have the latest version of chutney if you want to run these. Closes ticket 22437.
    • Add a unit test to verify that we can parse a hardcoded v2 onion service descriptor. Closes ticket 15554.
  • Minor bugfixes (address selection):
    • When the fascist_firewall_choose_address_ functions don’t find a reachable address, set the returned address to the null address and port. This is a precautionary measure, because some callers do not check the return value. Fixes bug 24736; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (bootstrapping):
    • When warning about state file clock skew, report the correct direction for the detected skew. Fixes bug 23606; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (bridge clients, bootstrap):
    • Retry directory downloads when we get our first bridge descriptor during bootstrap or while reconnecting to the network. Keep retrying every time we get a bridge descriptor, until we have a reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
    • Stop delaying bridge descriptor fetches when we have cached bridge descriptors. Instead, only delay bridge descriptor fetches when we have at least one reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
    • Stop delaying directory fetches when we have cached bridge descriptors. Instead, only delay bridge descriptor fetches when all our bridges are definitely unreachable. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
  • Minor bugfixes (bridge):
    • Overwrite the bridge address earlier in the process of retrieving its descriptor, to make sure we reach it on the configured address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
  • Minor bugfixes (build, compilation):
    • Fix a compilation warning when building with zstd support on 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found and fixed by Andreas Stieger.
    • When searching for OpenSSL, don’t accept any OpenSSL library that lacks TLSv1_1_method(): Tor doesn’t build with those versions. Additionally, look in /usr/local/opt/openssl, if it’s present. These changes together repair the default build on OSX systems with Homebrew installed. Fixes bug 23602; bugfix on 0.2.7.2-alpha.
    • Fix a signed/unsigned comparison warning introduced by our fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
    • Fix a memory leak warning in one of the libevent-related configuration tests that could occur when manually specifying -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha. Found and patched by Alex Xu.
    • Fix unused-variable warnings in donna’s Curve25519 SSE2 code. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (certificate handling):
    • Fix a time handling bug in Tor certificates set to expire after the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by Coverity as CID 1415728.
  • Minor bugfixes (client):
    • By default, do not enable storage of client-side DNS values. These values were unused by default previously, but they should not have been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.
  • Minor bugfixes (client, usability):
    • Refrain from needlessly rejecting SOCKS5-with-hostnames and SOCKS4a requests that contain IP address strings, even when SafeSocks in enabled, as this prevents user from connecting to known IP addresses without relying on DNS for resolving. SafeSocks still rejects SOCKS connections that connect to IP addresses when those addresses are _not_ encoded as hostnames. Fixes bug 22461; bugfix on Tor 0.2.6.2-alpha.
  • Minor bugfixes (code correctness):
    • Call htons() in extend_cell_format() for encoding a 16-bit value. Previously we used ntohs(), which happens to behave the same on all the platforms we support, but which isn’t really correct. Fixes bug 23106; bugfix on 0.2.4.8-alpha.
    • For defense-in-depth, make the controller’s write_escaped_data() function robust to extremely long inputs. Fixes bug 19281; bugfix on 0.1.1.1-alpha. Reported by Guido Vranken.
    • Fix several places in our codebase where a C compiler would be likely to eliminate a check, based on assuming that undefined behavior had not happened elsewhere in the code. These cases are usually a sign of redundant checking or dubious arithmetic. Found by Georg Koppen using the “STACK” tool from Wang, Zeldovich, Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various Tor versions.
  • Minor bugfixes (compression):
    • Handle a pathological case when decompressing Zstandard data when the output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (consensus expiry):
    • Check for adequate directory information correctly. Previously, Tor would reconsider whether it had sufficient directory information every 2 minutes. Fixes bug 23091; bugfix on 0.2.0.19-alpha.
  • Minor bugfixes (control port, linux seccomp2 sandbox):
    • Avoid a crash when attempting to use the seccomp2 sandbox together with the OwningControllerProcess feature. Fixes bug 24198; bugfix on 0.2.5.1-alpha.
  • Minor bugfixes (control port, onion services):
    • Report “FAILED” instead of “UPLOAD_FAILED” “FAILED” for the HS_DESC event when a service is not able to upload a descriptor. Fixes bug 24230; bugfix on 0.2.7.1-alpha.
  • Minor bugfixes (directory cache):
    • Recover better from empty or corrupt files in the consensus cache directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
    • When a consensus diff calculation is only partially successful, only record the successful parts as having succeeded. Partial success can happen if (for example) one compression method fails but the others succeed. Previously we misrecorded all the calculations as having succeeded, which would later cause a nonfatal assertion failure. Fixes bug 24086; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (directory client):
    • On failure to download directory information, delay retry attempts by a random amount based on the “decorrelated jitter” algorithm. Our previous delay algorithm tended to produce extra-long delays too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (directory protocol):
    • Directory servers now include a “Date:” http header for response codes other than 200. Clients starting with a skewed clock and a recent consensus were getting “304 Not modified” responses from directory authorities, so without the Date header, the client would never hear about a wrong clock. Fixes bug 23499; bugfix on 0.0.8rc1.
    • Make clients wait for 6 seconds before trying to download a consensus from an authority. Fixes bug 17750; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (documentation):
    • Document better how to read gcov, and what our gcov postprocessing scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
    • Fix manpage to not refer to the obsolete (and misspelled) UseEntryGuardsAsDirectoryGuards parameter in the description of NumDirectoryGuards. Fixes bug 23611; bugfix on 0.2.4.8-alpha.
  • Minor bugfixes (DoS-resistance):
    • If future code asks if there are any running bridges, without checking if bridges are enabled, log a BUG warning rather than crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (entry guards):
    • Tor now updates its guard state when it reads a consensus regardless of whether it’s missing descriptors. That makes tor use its primary guards to fetch descriptors in some edge cases where it would previously have used fallback directories. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (format strictness):
    • Restrict several data formats to decimal. Previously, the BuildTimeHistogram entries in the state file, the “bw=” entries in the bandwidth authority file, and the process IDs passed to the __OwningControllerProcess option could all be specified in hex or octal as well as in decimal. This was not an intentional feature. Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha, and 0.2.2.28-beta.
  • Minor bugfixes (heartbeat):
    • If we fail to write a heartbeat message, schedule a retry for the minimum heartbeat interval number of seconds in the future. Fixes bug 19476; bugfix on 0.2.3.1-alpha.
  • Minor bugfixes (logging):
    • Suppress a log notice when relay descriptors arrive. We already have a bootstrap progress for this so no need to log notice everytime tor receives relay descriptors. Microdescriptors behave the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha.
    • Remove duplicate log messages regarding opening non-local SocksPorts upon parsing config and opening listeners at startup. Fixes bug 4019; bugfix on 0.2.3.3-alpha.
    • Use a more comprehensible log message when telling the user they’ve excluded every running exit node. Fixes bug 7890; bugfix on 0.2.2.25-alpha.
    • When logging the number of descriptors we intend to download per directory request, do not log a number higher than then the number of descriptors we’re fetching in total. Fixes bug 19648; bugfix on 0.1.1.8-alpha.
    • When warning about a directory owned by the wrong user, log the actual name of the user owning the directory. Previously, we’d log the name of the process owner twice. Fixes bug 23487; bugfix on 0.2.9.1-alpha.
    • Fix some messages on unexpected errors from the seccomp2 library. Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from “cypherpunks”.
    • The tor specification says hop counts are 1-based, so fix two log messages that mistakenly logged 0-based hop counts. Fixes bug 18982; bugfix on 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor. Credit to Xiaofan Li for reporting this issue.
  • Minor bugfixes (logging, relay shutdown, annoyance):
    • When a circuit is marked for close, do not attempt to package any cells for channels on that circuit. Previously, we would detect this condition lower in the call stack, when we noticed that the circuit had no attached channel, and log an annoying message. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  • Minor bugfixes (memory safety, defensive programming):
    • Clear the target address when node_get_prim_orport() returns early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (memory usage):
    • When queuing DESTROY cells on a channel, only queue the circuit-id and reason fields: not the entire 514-byte cell. This fix should help mitigate any bugs or attacks that fill up these queues, and free more RAM for other uses. Fixes bug 24666; bugfix on 0.2.5.1-alpha.
  • Minor bugfixes (network layer):
    • When closing a connection via close_connection_immediately(), we mark it as “not blocked on bandwidth”, to prevent later calls from trying to unblock it, and give it permission to read. This fixes a backtrace warning that can happen on relays under various circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
  • Minor bugfixes (onion services):
    • The introduction circuit was being timed out too quickly while waiting for the rendezvous circuit to complete. Keep the intro circuit around longer instead of timing out and reopening new ones constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha.
    • Rename the consensus parameter “hsdir-interval” to “hsdir_interval” so it matches dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha.
    • When handling multiple SOCKS request for the same .onion address, only fetch the service descriptor once.
    • Avoid a possible double close of a circuit by the intro point on error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610; bugfix on 0.3.0.1-alpha.
    • When reloading configured onion services, copy all information from the old service object. Previously, some data was omitted, causing delays in descriptor upload, and other bugs. Fixes bug 23790; bugfix on 0.2.1.9-alpha.
  • Minor bugfixes (path selection):
    • When selecting relays by bandwidth, avoid a rounding error that could sometimes cause load to be imbalanced incorrectly. Previously, we would always round upwards; now, we round towards the nearest integer. This had the biggest effect when a relay’s weight adjustments should have given it weight 0, but it got weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
    • When calculating the fraction of nodes that have descriptors, and all nodes in the network have zero bandwidths, count the number of nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
    • Actually log the total bandwidth in compute_weighted_bandwidths(). Fixes bug 24170; bugfix on 0.2.4.3-alpha.
  • Minor bugfixes (portability):
    • Stop using the PATH_MAX variable, which is not defined on GNU Hurd. Fixes bug 23098; bugfix on 0.3.1.1-alpha.
    • Fix a bug in the bit-counting parts of our timing-wheel code on MSVC. (Note that MSVC is still not a supported build platform, due to cyptographic timing channel risks.) Fixes bug 24633; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (relay):
    • When uploading our descriptor for the first time after startup, report the reason for uploading as “Tor just started” rather than leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
    • Avoid unnecessary calls to directory_fetches_from_authorities() on relays, to prevent spurious address resolutions and descriptor rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; bugfix on in 0.2.8.1-alpha.
    • Avoid a crash when transitioning from client mode to bridge mode. Previously, we would launch the worker threads whenever our “public server” mode changed, but not when our “server” mode changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  • Minor bugfixes (testing):
    • Fix a spurious fuzzing-only use of an uninitialized value. Found by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
    • Test that IPv6-only clients can use microdescriptors when running “make test-network-all”. Requires chutney master 61c28b9 or later. Closes ticket 24109.
    • Prevent scripts/test/coverage from attempting to move gcov output to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
    • Capture and detect several “Result does not fit” warnings in unit tests on platforms with 32-bit time_t. Fixes bug 21800; bugfix on 0.2.9.3-alpha.
    • Fix additional channelpadding unit test failures by using mocked time instead of actual time for all tests. Fixes bug 23608; bugfix on 0.3.1.1-alpha.
    • Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(), to correctly handle cases where a caller gives it an RSA key of under 160 bits. (This is not actually a bug in Tor itself, but rather in our fuzzing code.) Fixes bug 24247; bugfix on 0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177.
    • Fix a broken unit test for the OutboundAddress option: the parsing function was never returning an error on failure. Fixes bug 23366; bugfix on 0.3.0.3-alpha.
    • Fix a signed-integer overflow in the unit tests for dir/download_status_random_backoff, which was untriggered until we fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (usability, control port):
    • Stop making an unnecessary routerlist check in NETINFO clock skew detection; this was preventing clients from reporting NETINFO clock skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.
  • Code simplification and refactoring:
    • Remove various ways of testing circuits and connections for “clientness”; instead, favor channel_is_client(). Part of ticket 22805.
    • Extract the code for handling newly-open channels into a separate function from the general code to handle channel state transitions. This change simplifies our callgraph, reducing the size of the largest strongly connected component by roughly a factor of two. Closes ticket 22608.
    • Remove dead code for largely unused statistics on the number of times we’ve attempted various public key operations. Fixes bug 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
    • Remove several now-obsolete functions for asking about old variants directory authority status. Closes ticket 22311; patch from “huyvq”.
    • Remove some of the code that once supported “Named” and “Unnamed” routers. Authorities no longer vote for these flags. Closes ticket 22215.
    • Rename the obsolete malleable hybrid_encrypt functions used in TAP and old hidden services, to indicate that they aren’t suitable for new protocols or formats. Closes ticket 23026.
    • Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket 22521. Patch from Neel Chauhan.
    • Split the enormous circuit_send_next_onion_skin() function into multiple subfunctions. Closes ticket 22804.
    • Split the portions of the buffer.c module that handle particular protocols into separate modules. Part of ticket 23149.
    • Use our test macros more consistently, to produce more useful error messages when our unit tests fail. Add coccinelle patches to allow us to re-check for test macro uses. Closes ticket 22497.
  • Deprecated features:
    • The ReachableDirAddresses and ClientPreferIPv6DirPort options are now deprecated; they do not apply to relays, and they have had no effect on clients since 0.2.8.x. Closes ticket 19704.
    • Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They only applies to direct unencrypted HTTP connections to your directory server, which your Tor probably isn’t using. Closes ticket 20575.
  • Documentation:
    • Add notes in man page regarding OS support for the various scheduler types. Attempt to use less jargon in the scheduler section. Closes ticket 24254.
    • Clarify that the Address option is entirely about setting an advertised IPv4 address. Closes ticket 18891.
    • Clarify the manpage’s use of the term “address” to clarify what kind of address is intended. Closes ticket 21405.
    • Document that onion service subdomains are allowed, and ignored. Closes ticket 18736.
    • Clarify in the manual that “Sandbox 1” is only supported on Linux kernels. Closes ticket 22677.
    • Document all values of PublishServerDescriptor in the manpage. Closes ticket 15645.
    • Improve the documentation for the directory port part of the DirAuthority line. Closes ticket 20152.
    • Restore documentation for the authorities’ “approved-routers” file. Closes ticket 21148.
  • Removed features:
    • The AllowDotExit option has been removed as unsafe. It has been deprecated since 0.2.9.2-alpha. Closes ticket 23426.
    • The ClientDNSRejectInternalAddresses flag can no longer be set on non-testing networks. It has been deprecated since 0.2.9.2-alpha. Closes ticket 21031.
    • The controller API no longer includes an AUTHDIR_NEWDESCS event: nobody was using it any longer. Closes ticket 22377.

原文:https://blog.torproject.org/tor-0329-released-we-have-new-stable-series

Tor Browser 7.5a10 is released

Tor Browser 7.5a10 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates Tor to 0.3.2.7-rc and OpenSSL to 1.0.2n. The security slider has been updated, following the experience provided for mobile users. On Linux, the “Print to File” feature should be working again.

The full changelog since Tor Browser 7.5a9 is:

  • All Platforms
    • Update Tor to 0.3.2.7-rc
    • Update OpenSSL to 1.0.2n
    • Update Torbutton to 1.9.8.4
      • Bug 21847: Update copy for security slider
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update Tor Launcher to 0.2.14.2
      • Bug 24623: Revise “country that censors Tor” text
      • Bug 24428: Bootstrap error message sometimes lost
      • Bug 24624: tbb-logo.svg may cause network access
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update NoScript to 5.1.8.3
    • Bug 23104: CSS line-height reveals the platform Tor Browser is running on
    • Bug 24398: Plugin-container process exhausts memory
  • OS X
    • Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
  • Linux
    • Bug 23970: Make “Print to File” work with sandboxing enabled
    • Bug 23016: “Print to File” is broken on some non-english Linux systems
  • Android

原文:https://blog.torproject.org/tor-browser-75a10-released

Tor Browser 7.5a8 is released

Tor Browser 7.5a8 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to version 52.5.0esr and Tor to version version 0.3.2.4-alpha. The HTTPS Everywhere and NoScript extensions we ship have also been updated.

This release also includes a new Tor Launcher with an improved progress bar and configuration UI.

On Windows, users with a 64bit CPU can now download a 64bit version of Tor Browser. Users of the 32bit version won’t automatically be updated to the 64bit version yet, so a manual installation needs to be done. Due to bug 24197 the sandbox is not yet enabled in the 64bit version. We plan to fix that in the next release.

The full changelog since Tor Browser 7.5a7 (7.5a6 for Windows) is:

  • All Platforms
    • Update Firefox to 52.5.0esr
    • Update Tor to 0.3.2.4-alpha
    • Update Torbutton to 1.9.8.3
      • Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
      • Bug 23949: Fix donation banner display
      • Update locales with translated banner
      • Translations update
    • Update Tor Launcher to 0.2.14.1
      • Bug 23262: Implement integrated progress bar
      • Bug 23261: implement configuration portion of new Tor Launcher UI
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.30
    • Update NoScript to 5.1.5
      • Bug 23968: NoScript icon jumps to the right after update
    • Update sandboxed-tor-browser to 0.0.15
  • Windows
    • Bug 20636+10026: Create 64bit Tor Browser for Windows
    • Bug 24052: Block file:// redirects early

原文:https://blog.torproject.org/tor-browser-75a8-released

New stable Tor releases, with security fixes: 0.3.1.9, 0.3.0.13, 0.2.9.14, 0.2.8.17, 0.2.5.16

There are new stable releases today, fixing the following security issues.  For more information about the issues, follow the links from from https://trac.torproject.org/projects/tor/wiki/TROVE

TROVE-2017-009: Replay-cache ineffective for v2 onion services
TROVE-2017-010: Remote DoS attack against directory authorities
TROVE-2017-011: An attacker can make Tor ask for a password
TROVE-2017-012: Relays can pick themselves in a circuit path
TROVE-2017-013: Use-after-free in onion service v2

You can download the source for 0.3.1.9 from the usual place on the website. For the older release series, see https://dist.torproject.org/. Binary packages should be available soon. All users should update to one of these releases, or to 0.3.2.6-alpha, also released today.

Below is the changelog for 0.3.1.9.  For the other releases, see the tor-announceme email.

Tor 0.3.1.9 backports important security and stability fixes from the 0.3.2 development series. All Tor users should upgrade to this release, or to another of the releases coming out today.

Changes In Version 0.3.1.9 – 2017-12-01:

  • Major bugfixes (security, backport from 0.3.2.6-alpha):
    • Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (Tor instances run without a terminal, which is the case for most Tor packages, are not impacted.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
    • Fix a denial of service issue where an attacker could crash a directory authority using a malformed router descriptor. Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 and CVE-2017-8820.
    • When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, correctly detect replays in the RSA- encrypted part of the cell. We were previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor’s legacy hybrid encryption. This fix helps prevent a traffic confirmation attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 and CVE-2017-8819.
  • Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
    • Fix a use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
  • Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
    • When running as a relay, make sure that we never build a path through ourselves, even in the case where we have somehow lost the version of our descriptor appearing in the consensus. Fixes part of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
    • When running as a relay, make sure that we never choose ourselves as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  • Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
    • Fix an issue causing DNS to fail on high-bandwidth exit nodes, making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for identifying and finding a workaround to this bug and to Moritz, Arthur Edelstein, and Roger for helping to track it down and analyze it.
  • Minor features (bridge):
    • Bridges now include notice in their descriptors that they are bridges, and notice of their distribution status, based on their publication settings. Implements ticket 18329. For more fine- grained control of how a bridge is distributed, upgrade to 0.3.2.x or later.
  • Minor features (directory authority, backport from 0.3.2.6-alpha):
    • Add an IPv6 address for the “bastet” directory authority. Closes ticket 24394.
  • Minor features (geoip):
    • Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 Country database.
  • Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
    • Avoid unnecessary calls to directory_fetches_from_authorities() on relays, to prevent spurious address resolutions and descriptor rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; bugfix on in 0.2.8.1-alpha.
  • Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
    • Fix unused variable warnings in donna’s Curve25519 SSE2 code. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
    • When a circuit is marked for close, do not attempt to package any cells for channels on that circuit. Previously, we would detect this condition lower in the call stack, when we noticed that the circuit had no attached channel, and log an annoying message. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  • Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
    • Rename the consensus parameter “hsdir-interval” to “hsdir_interval” so it matches dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
    • Avoid a crash when transitioning from client mode to bridge mode. Previously, we would launch the worker threads whenever our “public server” mode changed, but not when our “server” mode changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.

原文:https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516

Tor 0.3.2.6-alpha is released, with security updates

This version of Tor is the latest in the 0.3.2 alpha series. It includes fixes for several important security issues. All Tor users should upgrade to this release, or to one of the other releases coming out today. (The next announcement will be about the stable releases.)

You can download the source from the usual place on the website. Binary packages should be available soon.

These releases fix the following security bugs. For more information
on each one, see the links from
https://trac.torproject.org/projects/tor/wiki/TROVE

TROVE-2017-009: Replay-cache ineffective for v2 onion services
TROVE-2017-010: Remote DoS attack against directory authorities
TROVE-2017-011: An attacker can make Tor ask for a password
TROVE-2017-012: Relays can pick themselves in a circuit path
TROVE-2017-013: Use-after-free in onion service v2

Changes In Version 0.3.2.6-Alpha – 2017-12-01

  • Major bugfixes (security):
    • Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (Tor instances run without a terminal, which is the case for most Tor packages, are not impacted.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
    • Fix a denial of service issue where an attacker could crash a directory authority using a malformed router descriptor. Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 and CVE-2017-8820.
    • When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, correctly detect replays in the RSA- encrypted part of the cell. We were previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor’s legacy hybrid encryption. This fix helps prevent a traffic confirmation attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 and CVE-2017-8819.
  • Major bugfixes (security, onion service v2):
    • Fix a use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
  • Major bugfixes (security, relay):
    • When running as a relay, make sure that we never build a path through ourselves, even in the case where we have somehow lost the version of our descriptor appearing in the consensus. Fixes part of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
    • When running as a relay, make sure that we never choose ourselves as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  • Minor feature (relay statistics):
    • Change relay bandwidth reporting stats interval from 4 hours to 24 hours in order to reduce the efficiency of guard discovery attacks. Fixes ticket 23856.
  • Minor features (directory authority):
    • Add an IPv6 address for the “bastet” directory authority. Closes ticket 24394.
  • Minor bugfixes (client):
    • By default, do not enable storage of client-side DNS values. These values were unused by default previously, but they should not have been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.

原文:https://blog.torproject.org/tor-0326-alpha-released-security-updates

安卓版: 无界一点通4.1正式版(2017年11月23日)

无界一点通4.1b升级为正式版。

http://wujieliulan.com/download/um4.1.apk

sha256: 1987b974667d482fc519313771b49bac5e850393d3f365dfc1d6a7c688c5920c
md5: 9195fc772e76eb31a0e08f1f4c3a5c75

谢谢。

**********
无界一点通4.1做了以下改进:

1. 加速电视/广播启动速度;
2. 修复新唐人某些网页白屏问题;
3. 增加明慧广播;
4. 解决新平台下载许可问题;
5.增强安全性和连通能力。

**********
无界一点通”是安卓版的翻墙软件, 让您看到没有被过滤的真实讯息。适用于安卓手机/安卓机顶盒等安卓平台。

安装”无界一点通”测试版:

1。需要首先对手机进行设置: 按“菜单”键 –> settings(设置)–> Applications(应用程序), 钩选”Unknown sources”(未知源)。
注: 有的版本是: 按“菜单”键 –> settings(设置)–> security (安全) 里面, 钩选”Unknown sources”(未知源)。

2。将下载的um.apk文件拷贝到手机SD卡(或内置SD卡)上。如果下载的为压缩文件, 无须解压, 直接将文件扩展名 .zip 更改为 .apk 。
在安卓手机上点击um.apk文件便可安装。如与已经安装的无界一点通旧版有冲突,请先卸载旧版, 再安装新版。

3。详细说明见网址: 《网址》m.wujieliulan.com/userguide.html 《网址》

4。 注意事项:
建议使用无界一点通自带的浏览器。如果在VPN模式下使用其他浏览器(而不是无界一点通自带的浏览器),
a. 建议使用原装的国外的浏览器,如谷歌的Chrome或火狐等。手机自带浏览器或国内的浏览器可能对敏感网站有监控或封锁。
b.请使用其浏览器的“隐私模式”, 或退出无界一点通之后,请将浏览器的历史记录清除,否则在没有VPN的情况下无意中点击了这些历史记录,会有安全隐患。

原文:http://forums.internetfreedom.org/index.php?topic=22467.0

安卓版: 无界一点通4.1b测试版(2017年11月17日)

http://wujieliulan.com/download/um4.1b.apk

sha256: 1987b974667d482fc519313771b49bac5e850393d3f365dfc1d6a7c688c5920c
md5: 9195fc772e76eb31a0e08f1f4c3a5c75

谢谢。

**********
无界一点通4.1a测试版, 做了以下改进:

1. 加速电视/广播启动速度;
2. 修复新唐人某些网页白屏问题;
3. 增加明慧广播;
4. 解决新平台下载许可问题;
5.增强安全性和连通能力。

**********
无界一点通”是安卓版的翻墙软件, 让您看到没有被过滤的真实讯息。适用于安卓手机/安卓机顶盒等安卓平台。

安装”无界一点通”测试版:

1。需要首先对手机进行设置: 按“菜单”键 –> settings(设置)–> Applications(应用程序), 钩选”Unknown sources”(未知源)。
注: 有的版本是: 按“菜单”键 –> settings(设置)–> security (安全) 里面, 钩选”Unknown sources”(未知源)。

2。将下载的um.apk文件拷贝到手机SD卡(或内置SD卡)上。如果下载的为压缩文件, 无须解压, 直接将文件扩展名 .zip 更改为 .apk 。
在安卓手机上点击um.apk文件便可安装。如与已经安装的无界一点通旧版有冲突,请先卸载旧版, 再安装新版。

3。详细说明见网址: 《网址》m.wujieliulan.com/userguide.html 《网址》

4。 注: 如果在VPN模式下使用其他浏览器(而不是无界一点通自带的浏览器),请使用其浏览器的“隐私模式”, 或退出无界一点通之后,请将浏览器的历史记录清除,否则在没有VPN的情况下无意中点击了这些历史记录,会有安全隐患。

原文:http://forums.internetfreedom.org/index.php?topic=22452.0

Tor Browser 7.0.10 is released

Tor Browser 7.0.10 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to version 52.5.0esr and Tor to version version 0.3.1.8, the second stable release in the 0.3.1 series. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship. For Windows users we backported patches from the alpha series that update the msvcr100.dll runtime library we include and which should make Tor Browser more robust against crashes due to misbehvaing third party software.

The full changelog since Tor Browser 7.0.9 (7.0.8 for Windows) is:

  • All Platforms
    • Update Firefox to 52.5.0esr
    • Update Tor to 0.3.1.8
    • Update Torbutton to 1.9.7.10
      • Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.30
      • Bug 24178: Use make.sh for building HTTPS-Everywhere
    • Update NoScript to 5.1.5
      • Bug 23968: NoScript icon jumps to the right after update
  • Windows
    • Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
    • Bug 23396: Update the msvcr100.dll we ship
    • Bug 24052: Block file:// redirects early

原文:https://blog.torproject.org/tor-browser-7010-released

Tor 0.3.2.4-alpha is released, with several stability fixes by nickm

Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series. It fixes several stability and reliability bugs, especially including a major reliability issue that has been plaguing fast exit relays in recent months.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely in the next week or so.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Changes In Version 0.3.2.4-Alpha – 2017-11-08

  • Major bugfixes (exit relays, DNS):
    • Fix an issue causing DNS to fail on high-bandwidth exit nodes, making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for identifying and finding a workaround to this bug and to Moritz, Arthur Edelstein, and Roger for helping to track it down and analyze it.
  • Major bugfixes (scheduler, channel):
    • Stop processing scheduled channels if they closed while flushing cells. This can happen if the write on the connection fails leading to the channel being closed while in the scheduler loop. Fixes bug 23751; bugfix on 0.3.2.1-alpha.
  • Minor features (logging, scheduler):
    • Introduce a SCHED_BUG() function to log extra information about the scheduler state if we ever catch a bug in the scheduler. Closes ticket 23753.
  • Minor features (removed deprecations):
    • The ClientDNSRejectInternalAddresses flag can once again be set in non-testing Tor networks, so long as they do not use the default directory authorities. This change also removes the deprecation of this flag from 0.2.9.2-alpha. Closes ticket 21031.
  • Minor features (testing):
    • Our fuzzing tests now test the encrypted portions of v3 onion service descriptors. Implements more of 21509.
  • Minor bugfixes (directory client):
    • On failure to download directory information, delay retry attempts by a random amount based on the “decorrelated jitter” algorithm. Our previous delay algorithm tended to produce extra-long delays too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (IPv6, v3 single onion services):
    • Remove buggy code for IPv6-only v3 single onion services, and reject attempts to configure them. This release supports IPv4, dual-stack, and IPv6-only v3 onion services; and IPv4 and dual- stack v3 single onion services. Fixes bug 23820; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (logging, relay):
    • Give only a protocol warning when the ed25519 key is not consistent between the descriptor and microdescriptor of a relay. This can happen, for instance, if the relay has been flagged NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (manpage, onion service):
    • Document that the HiddenServiceNumIntroductionPoints option is 0-10 for v2 services and 0-20 for v3 services. Fixes bug 24115; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (memory leaks):
    • Fix a minor memory leak at exit in the KIST scheduler. This bug should have no user-visible impact. Fixes bug 23774; bugfix on 0.3.2.1-alpha.
    • Fix a memory leak when decrypting a badly formatted v3 onion service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha. Found by OSS-Fuzz; this is OSS-Fuzz issue 3994.
  • Minor bugfixes (onion services):
    • Cache some needed onion service client information instead of constantly computing it over and over again. Fixes bug 23623; bugfix on 0.3.2.1-alpha.
    • Properly retry HSv3 descriptor fetches when missing required directory information. Fixes bug 23762; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (path selection):
    • When selecting relays by bandwidth, avoid a rounding error that could sometimes cause load to be imbalanced incorrectly. Previously, we would always round upwards; now, we round towards the nearest integer. This had the biggest effect when a relay’s weight adjustments should have given it weight 0, but it got weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
    • When calculating the fraction of nodes that have descriptors, and all nodes in the network have zero bandwidths, count the number of nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
    • Actually log the total bandwidth in compute_weighted_bandwidths(). Fixes bug 24170; bugfix on 0.2.4.3-alpha.
  • Minor bugfixes (relay, crash):
    • Avoid a crash when transitioning from client mode to bridge mode. Previously, we would launch the worker threads whenever our “public server” mode changed, but not when our “server” mode changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  • Minor bugfixes (testing):
    • Fix a spurious fuzzing-only use of an uninitialized value. Found by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
    • Test that IPv6-only clients can use microdescriptors when running “make test-network-all”. Requires chutney master 61c28b9 or later. Closes ticket 24109.

原文:https://blog.torproject.org/tor-0324-alpha-released-several-stability-fixes

无界浏览17.04正式版 (2017年11月12日)

17.03发现了一些问题,请更新到17.04。

执行版:
http://wujieliulan.com/download/u1704.exe
SHA512: 9301e32dd888ed465c7d4c33fbe37ff5a2cf7b75b945fabd74e49c86d5bbd0ba9f3f230c801744778217696548250a5394b3768c7e3b22e86a354f30389493a9

压缩版:
http://wujieliulan.com/download/u1704.zip
SHA512: 85926536dee8b31255e06484b7d2bb647490f0dea823e2d236f97eaa6ffdb3f21a458add967f1a4c02e1677c5cd5347f5d13c642764e4eb4e28a94d46e91a96c

原文:http://forums.internetfreedom.org/index.php?topic=22439.0

无界浏览测17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

执行版:
http://wujieliulan.com/download/u1703.exe
SHA512: 7cc4e5eda688e9de1cc7e553fa9382e9b2f55c5d18f7fb5bcb017152e5a64489e9445e84cee7a46e701be2dfe5d4b7665bc24ecedfd05aef8a376eb8e9ecb178

压缩版:
http://wujieliulan.com/download/u1703.zip
SHA512: 6064788ae6058bb1e77263083f39bd0d434fca32bf0465a1c417a7fdebf40052a446445a0b42d068219d468a29d110cbeba986467b58ee40e1aae0abafe4c594

原文:http://forums.internetfreedom.org/index.php?topic=22432.0

无界安卓手机1.0.8正式版 (2017年11月11日)

更新内容:
修复了打不开某些https网页的问题(请测试)。

http://wujieliulan.com/download/u108a.apk
SHA512: 124e2c6263707919c8b14e744ecfbe54a758b63698d8b3fd3f0e1bb5cbad2f82eb4633e2fd1a73ea8944fd24c086db4330a05c8bf9d11bd1e9121e6bf82c3fc5

安装:将下载的apk文件拷贝到手机上, 在手机上点击此文件便可安装。如出现“禁止安装”警告,点“设置”,钩选“未知源”,继续安装。

功能与使用:

1. 只支持安卓4.1以上。
2. 只支持整机VPN模式, 不支持代理模式。
3. 开启后,轻触或滑动开关,显示“正在连接 …”,同时时上面会出现一个小钥匙和闪动的无界图标,表示正在连接。
4. 连接成功后无界图标停止闪动,显示“连接成功“。此时您可以使用任何浏览器或app,都在无界加密保护下。
5. 使用时,只要无界图标和小钥匙都在,就在在无界加密保护下。
6. 如果要停止使用,轻触或滑动开关即可。关闭后,无界图标和小钥匙会消失,这时手机直接联网,不在无界加密保护下。
7. 如果问题,可重启手机再运行无界。

注意事项:
1. 建议使用浏览器的“隐私模式”浏览敏感网站,这样不会留下历史纪录。
2. 如果浏览器不支持“隐私模式”,请手动清除所有历史纪录,或使用清除所有历史纪录的工具。
3. 为安全起见,建议关闭所有浏览器和其他app,再关闭无界,以免直连敏感网站。也可以直接重启手机, 这样最安全。

请大家测试并反馈, 谢谢

原文:http://forums.internetfreedom.org/index.php?topic=22433.0

无界Linux VPN 17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

http://wujieliulan.com/download/u1703
SHA512: 8e1c06b3f2631fc602e33bd77432fdd342d7840e671f1de45cc7940ab2fbe6d8dab9de76f3c09271c9e64dfe722c7b85eb316e393893716541c74084ee6b450c

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703,然后执行:./u1703, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703 -help 显示使用方法:
Usage of ./u1703:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703 -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703 -L :9666
如需要通过代理, 执行: ./u1703 -P 1.2.3.4:8080 或 ./u1703 -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703 -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 130.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703 -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703 -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://forums.internetfreedom.org/index.php?topic=22430.0

无界火狐扩展17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

http://wujieliulan.com/download/u1703.xpi
SHA512: 12df40fe39f0142758aa1461f1a62e141133bb5def0031c20df1016d270c948f0049b6b74d4353b90f1e91199b38bfc19fdde4cc564acbc07cf5bb405c9d7487

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22431.0

无界火狐扩展17.03c测试版 (2017年11月9日)

更新内容:
修复了打不开所有https类的网页的问题(请再测试)

http://wujieliulan.com/download/u1703c.xpi
SHA512: 12df40fe39f0142758aa1461f1a62e141133bb5def0031c20df1016d270c948f0049b6b74d4353b90f1e91199b38bfc19fdde4cc564acbc07cf5bb405c9d7487

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22431.0

无界Linux VPN 测试版 17.03c (2017年11月9日)

更新内容:
修复了打不开所有https类的网页的问题(请再测试)。

请大家测试并反馈:
http://wujieliulan.com/download/u1703c
SHA512: 8e1c06b3f2631fc602e33bd77432fdd342d7840e671f1de45cc7940ab2fbe6d8dab9de76f3c09271c9e64dfe722c7b85eb316e393893716541c74084ee6b450c

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703c,然后执行:./u1703c, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703c -help 显示使用方法:
Usage of ./u1703c:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or 管理员警告:禁止外部链接1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703c -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703c -L :9666
如需要通过代理, 执行: ./u1703c -P 1.2.3.4:8080 或 ./u1703c -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703c -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703c -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703c -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://forums.internetfreedom.org/index.php?topic=22430.0

无界安卓手机测试版 1.0.8a (2017年11月9日)

更新内容:
修复了打不开某些https网页的问题(请测试)。

http://wujieliulan.com/download/u108a.apk
SHA256: 486f2bb7b912497357e0a8a4b7db866f7c6e693d0892d2eda4606b0b47526d8b6d83ce168083c65599d06539d32c62dd12c0dc01221c834ae23b8c870ee1fa77

安装:将下载的apk文件拷贝到手机上, 在手机上点击此文件便可安装。如出现“禁止安装”警告,点“设置”,钩选“未知源”,继续安装。

功能与使用:

1. 只支持安卓4.1以上。
2. 只支持整机VPN模式, 不支持代理模式。
3. 开启后,轻触或滑动开关,显示“正在连接 …”,同时时上面会出现一个小钥匙和闪动的无界图标,表示正在连接。
4. 连接成功后无界图标停止闪动,显示“连接成功“。此时您可以使用任何浏览器或app,都在无界加密保护下。
5. 使用时,只要无界图标和小钥匙都在,就在在无界加密保护下。
6. 如果要停止使用,轻触或滑动开关即可。关闭后,无界图标和小钥匙会消失,这时手机直接联网,不在无界加密保护下。
7. 如果问题,可重启手机再运行无界。

注意事项:
1. 建议使用浏览器的“隐私模式”浏览敏感网站,这样不会留下历史纪录。
2. 如果浏览器不支持“隐私模式”,请手动清除所有历史纪录,或使用清除所有历史纪录的工具。
3. 为安全起见,建议关闭所有浏览器和其他app,再关闭无界,以免直连敏感网站。也可以直接重启手机, 这样最安全。

请大家测试并反馈, 谢谢

原文:http://forums.internetfreedom.org/index.php?topic=22433.0

无界浏览测试版17.03c (2017年11月9日)

1. 修复了打不开所有https类的网页的问题(请测试)
2. 解决了某些杀毒软件误报的问题。

执行版:
http://wujieliulan.com/download/u1703c.exe
SHA512: 7cc4e5eda688e9de1cc7e553fa9382e9b2f55c5d18f7fb5bcb017152e5a64489e9445e84cee7a46e701be2dfe5d4b7665bc24ecedfd05aef8a376eb8e9ecb178

压缩版:
http://wujieliulan.com/download/u1703c.zip
SHA512: 65ae8c3c6e4874543f4f357b6ab5e41903092dd7391956ba823109c699c4ae7a57613e6d72a4e9529bae418025fe2b9450784a91d1e7fce813a169035793b2fd

原文:http://forums.internetfreedom.org/index.php?topic=22432.0

Tor Browser 7.5a7 is released

Note: Tor Browser 7.5a7 is a security bugfix release in the alpha channel for macOS and Linux users only. Users of the alpha channel on Windows are not affected and stay on Tor Browser 7.5a6.

Tor Browser 7.5a7 is now available for our macOS and Linux users from the Tor Browser Project pageand also from our distribution directory.

This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails users and users of our sandboxed-tor-browser are unaffected, though.

The bug got reported to us on Thursday, October 26, by Filippo Cavallarin. We created a workaround with the help of Mozilla engineers on the next day which, alas, fixed the leak only partially. We developed an additional fix on Tuesday, October 31, plugging all known holes. We are not aware of this vulnerability being exploited in the wild. Thanks to everyone who helped during this process!

Known issues: The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.

Here is the full changelog since 7.5a6:

  • OS X
    • Bug 24052: Streamline handling of file:// resources
  • Linux
    • Bug 24052: Streamline handling of file:// resources

原文:https://blog.torproject.org/tor-browser-75a7-released

Tor Browser 7.0.9 is released

Note: Tor Browser 7.0.9 is a security bugfix release for macOS and Linux users only. Users on Windows are not affected and stay on Tor Browser 7.0.8.

Tor Browser 7.0.9 is now available for our macOS and Linux users from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address (note: as of Nov. 4, 2017, this link is non-public while Mozilla works on a fix for Firefox). Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails users and users of our sandboxed-tor-browser are unaffected, though.

The bug got reported to us on Thursday, October 26, by Filippo Cavallarin. We created a workaround with the help of Mozilla engineers on the next day which, alas, fixed the leak only partially. We developed an additional fix on Tuesday, October 31, plugging all known holes. We are not aware of this vulnerability being exploited in the wild. Thanks to everyone who helped during this process!

We are currently preparing updated macOS and Linux bundles for our alpha series which will be tentatively available on Monday, November 6. Meanwhile macOS and Linux users on that series are strongly encouraged to use the stable bundles or one of the above mentioned tools that are not affected by the underlying problem.
Update: Tor Browser 7.5a7 has now been released.

Known issues: The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.

Here is the full changelog since 7.0.8:

  • OS X
    • Bug 24052: Streamline handling of file:// resources
  • Linux
    • Bug 24052: Streamline handling of file:// resources

原文:https://blog.torproject.org/tor-browser-709-released

Tor 0.3.2.3-alpha is released, with small bugfixes

Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes numerous small bugs in earlier versions of 0.3.2.x, and adds a new directory authority, Bastet.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely some time in November.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Changes In Version 0.3.2.3-Alpha – 2017-10-27

  • Directory authority changes:
    • Add “Bastet” as a ninth directory authority to the default list. Closes ticket 23910.
    • The directory authority “Longclaw” has changed its IP address. Closes ticket 23592.
  • Minor features (bridge):
    • Bridge relays can now set the BridgeDistribution config option to add a “bridge-distribution-request” line to their bridge descriptor, which tells BridgeDB how they’d like their bridge address to be given out. (Note that as of Oct 2017, BridgeDB does not yet implement this feature.) As a side benefit, this feature provides a way to distinguish bridge descriptors from non-bridge descriptors. Implements tickets 18329.
  • Minor features (client, entry guards):
    • Improve log messages when missing descriptors for primary guards. Resolves ticket 23670.
  • Minor features (geoip):
    • Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (bridge):
    • Overwrite the bridge address earlier in the process of retrieving its descriptor, to make sure we reach it on the configured address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
  • Minor bugfixes (documentation):
    • Document better how to read gcov, and what our gcov postprocessing scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (entry guards):
    • Tor now updates its guard state when it reads a consensus regardless of whether it’s missing descriptors. That makes tor use its primary guards to fetch descriptors in some edge cases where it would previously have used fallback directories. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (onion service client):
    • When handling multiple SOCKS request for the same .onion address, only fetch the service descriptor once.
    • When a descriptor fetch fails with a non-recoverable error, close all pending SOCKS requests for that .onion. Fixes bug 23653; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion service):
    • Always regenerate missing onion service public key files. Prior to this, if the public key was deleted from disk, it wouldn’t get recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. Patch from “cathugger”.
    • Make sure that we have a usable ed25519 key when the intro point relay supports ed25519 link authentication. Fixes bug 24002; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion service, v2):
    • When reloading configured onion services, copy all information from the old service object. Previously, some data was omitted, causing delays in descriptor upload, and other bugs. Fixes bug 23790; bugfix on 0.2.1.9-alpha.
  • Minor bugfixes (memory safety, defensive programming):
    • Clear the target address when node_get_prim_orport() returns early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (relay):
    • Avoid a BUG warning when receiving a dubious CREATE cell while an option transition is in progress. Fixes bug 23952; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (testing):
    • Adjust the GitLab CI configuration to more closely match that of Travis CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha.
    • Prevent scripts/test/coverage from attempting to move gcov output to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
    • When running unit tests as root, skip a test that would fail because it expects a permissions error. This affects some continuous integration setups. Fixes bug 23758; bugfix on 0.3.2.2-alpha.
    • Stop unconditionally mirroring the tor repository in GitLab CI. This prevented developers from enabling GitLab CI on master. Fixes bug 23755; bugfix on 0.3.2.2-alpha.
    • Fix the onion service v3 descriptor decoding fuzzing to use the latest decoding API correctly. Fixes bug 21509; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (warnings):
    • When we get an HTTP request on a SOCKS port, tell the user about the new HTTPTunnelPort option. Previously, we would give a “Tor is not an HTTP Proxy” message, which stopped being true when HTTPTunnelPort was introduced. Fixes bug 23678; bugfix on 0.3.2.1-alpha.

原文:https://blog.torproject.org/tor-0323-alpha-released-small-bugfixes

vpngate-build-9651

  • 如何安装和使用
  • 可发布的文件
    本软件是免费的。您可以复制或分发已下载的文件。你可以把它上传到其他网站。如果你们政府的防火墙处于未知原因的故障, http://www.vpngate.net 网站不能从你的国家轻松访问,在你们国家的网站上发布 VPN Gate 程序文件,以帮助你身边的其他用户。
  • 注意
    如果可能的话,使用最新版本。有一天,如果贵国政府的防火墙导致未知错误,且 VPN Gate Client 软件有问题,更新 VPN Gate 到最新版本。如果在未来贵国政府的防火墙由于故障 http://www.vpngate.net 网站变得无法访问,建议记住 镜像站点 URL 列表。VPN Gate Client 插件包含 VPN Gate 服务。默认禁用。你可以手动激活它。

原文:http://www.vpngate.net/cn/download.aspx

Lantern4.4.2版

:red_circle:蓝灯最新版本下载地址请点这里:red_circle:

最新版本是4.4.x

Windows 版本(要求XP SP3以上) 备用地址

安卓版(要求4.1以上) 备用地址 Google Play下载

其他系统下载

请大家收藏本页面,方便日后下载新版。

蓝灯官方论坛

论坛帖子页面请点这里进入,或者点击左上方的Issues进入。

你可以在右上角“sign up” 注册账号。 通过邮件验证后,请点击 https://github.com/getlantern/forum 回到论坛。

在论坛内,可用右上角使用“New issue” 发新帖,或者在帖内使用“Comment”回复。

版规

:red_circle:使用遇到问题,请阅读蓝灯无法使用的解决办法 提问前,请先阅读蓝灯精华帖:red_circle:

本论坛可进行关于蓝灯(Lantern)翻墙软件的讨论。因为版面有限,请不要重复发帖,也请不要再开新帖发表邀请码。邀请码请发表到汇总贴或其他论坛。 禁止广告帖,包括非官方的讨论群。禁止刷版,人身攻击等恶劣行为。屡次违反版规会禁言甚至封号。

原文:https://github.com/getlantern/forum#%E8%93%9D%E7%81%AFlantern%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC%E4%B8%8B%E8%BD%BD

无界浏览测试版17.03b (2017年11月1日)

1.修复了打不开所有https类的网页的问题(请测试)
2.解决了某些杀毒软件误报的问题。

执行版:
http://wujieliulan.com/download/u1703b.exe
SHA512: 5282a1b9ac8a6f99f93de1592d3eabe4d3f9cf2107a5c9dec04763533b61d9525d0fab741318d4549050398b3c60ac0d94b98c13af826c6aeb46dea41507e85e

压缩版:
http://wujieliulan.com/download/u1703b.zip
SHA256: 24e254a81e9ddc7435cad94a070debf937e97171367bac84213aa2cd3b3d167f8d01a5b977b9dcb5d585c62aae2b44b2b253f6a7aabc191a4ce0e3519dc8714b

http://forums.internetfreedom.org/index.php?topic=22416.msg77273#msg77273

无界Linux VPN 测试版 17.03b (2017年11月1日)

更新内容:
修复了打不开所有https类的网页的问题(请测试)。

请大家测试并反馈:
http://wujieliulan.com/download/u1703b
SHA512: 5bf3e519658e79c67117a1474effe6094afb4d30b35f142c620100adb9770319f674826dee04c49b87ea7c80de9ead279a550ffdd159f10348b0357a99b78bee

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703b,然后执行:./u1703b, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703b -help 显示使用方法:
Usage of ./u1703b:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or 管理员警告:禁止外部链接1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703b -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703b -L :9666
如需要通过代理, 执行: ./u1703b -P 1.2.3.4:8080 或 ./u1703b -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703b -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703b -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703b -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://forums.internetfreedom.org/index.php?topic=22418.0

无界火狐扩展17.03b测试版 (2017年11月1日)

http://wujieliulan.com/download/u1703b.xpi
SHA512: 356509831c39053d82c667ffd5153225fba5b51fba5741f5fa4763ab88df401533c3215bf0a066d53ea06b6fcffebd1410a0826dc2eef5a285f248eb4fd46658

更新内容:
修复了打不开所有https类的网页的问题(请测试)

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22419.0

XX-Net V3.7.9

What is new:

  • GAE check cert using POST
  • no_mess system config
  • X-tunnel status detail info
  • GAE add sni on TLS

Downloads

最新状态:

2017-11-2

提示:

原文:https://github.com/XX-net/XX-Net/releases/tag/3.7.9

宽带IP地址被屏蔽(2017年10月17日更新)

最近封锁比较严重,如果使用无界16.03,17.01,无界火狐扩展, 无界安卓手机(英文版)无法连接服务器,或连接不稳定,可能是您的宽带IP地址被屏蔽,请关闭所有翻墙软件(包括无界),10分钟后再打开无界浏览。有时可能需要反复几次,每次最好运行几分钟(即使无法链接),3-5分钟就可以了。如果能更换您的宽带IP地址,就无需等待10分钟。

可参考以下步骤更换您的宽带IP地址:
1.关闭所有翻墙软件.
2.更换您的宽带IP地址:
最简单的方法是关闭您的宽带调制解调器和路由器的电源,等待1分钟后再打开电源。
如果您是用电脑直接拨接宽带服务,只需掉宽带连接,1分钟后再重新拨接。
3.等连上宽带后再打开无界浏览。
4.如以上步骤不成功,宽带IP地址没有更新,请等待10分钟后再打开无界浏览。

目前封锁比较严重,有些翻墙软件(包括旧版无界)可能会造成您的宽带IP地址被屏蔽。

请大家分享一下效果和更换宽带IP地址的经验。

原文:http://forums.internetfreedom.org/index.php?topic=22344.0