cypherstack
Bug: Monero - server unreachable when rpc-login is ON
Is there an existing issue for this?
- [X] I have searched the existing issues
Current Behavior
When I try connecting to my own monero node, I'm prompted to confirm untrusted certificate. As soon as I click trust I get the server unreachable error. I'm a 100% sure I provide the correct login credentials since I have no issues connecting to my node in Cake Wallet under these circumstances.
I can connect to the node with Stack when rpc_login is NOT set.
Expected Behavior
After clicking trust I should be able to connect to the server because the app can obviously communicate with it since it shows me the certificate fingerprint.
Reproduce Steps
-
monerod.conf: setrpc-login=<user>:<password> - add new node to Stack with the correct login credentials
- click "test connection"
- click "trust" certificate
Error
Environment
Server:
- Operating system and version: Ubuntu 24.04 LTS
- Device platform and version: Intel NUC 13
Client:
- Operating system and version: iOS 17.6.1
- Device platform and version: iPhone 15 Pro, Stack 2.1.5
Logs
No response
Further Information
No response
Here's a video demo, as well as a (seemingly related?) Issue where the app insists on adding http:// to a local IP address; https://youtu.be/T0Xy2B8h7ZQ
Issue where the app insists on adding
http://to a local IP address; https://youtu.be/T0Xy2B8h7ZQ
That’s fine. The rpc calls are made over http.
I made this tool which should now be able to resolve this issue: https://pub.dev/packages/digest_auth when replacing the functionality in testMoneroNodeConnection here: https://github.com/cypherstack/stack_wallet/blob/2907f7d96203f51e0d1313a6f1039a99ad284b3d/lib/utilities/test_monero_node_connection.dart#L42-L87
or https://pub.dev/packages/monero_rpc might also be able to solve the issue and possibly a bit cleaner, your choice there
Reproducible via NiXium's Monero Node: https://github.com/Arcanyx-org/NiXium/tree/central?tab=readme-ov-file#monero-node
Still says server not reachable on version 2.1.9.
Tor connection provided via inviziblePro app that does system-wide Tor and for stack the app is set as excluded application since it has built-in Tor.
Is there a timeline on a possible fix for this? I'm concerned about using stack wallet now due to the lack of being able to connect to my own node. As has recently been discovered, a malicious node can undermine the effects of ring-CT, and we have evidence that malicious actors are running such nodes.
Primary source (leaked original presentation) for ongoing de-anonymization attack through malicious nodes: http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/monero-chain.mp4
Secondary summary of the situation: dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/6de54b143e669e368af6
Considering the information provided by GhostDog98 above i would recommend removing the monero node that stack uses out of clearweb and make it Tor Only or ideally prompt users to deploy their own to have Dandelion++ protection as it currently makes stack kinda dangerous to use for Monero.
NiXium Node above has a reference configuration for a Tor-Only Node if needed.
Posted in https://github.com/cypherstack/stack_wallet/issues/1066
Just got bitten by this bug. I enabled rpc-login on my own onion monerod server. Entered my username:password on the stack wallet "add node" UI. But stack wallet is unable to connect to my node. I can connect to the same node after entering my username:password on feather wallet.
Just got bitten by this bug. I enabled rpc-login on my own onion monerod server. Entered my username:password on the stack wallet "add node" UI. But stack wallet is unable to connect to my node. I can connect to the same node after entering my username:password on feather wallet.
Is this using localhost or 127.0.0.1 as your node address?
That issue may be distinct from this RPC-related auth issue, which should've been addressed by https://github.com/cypherstack/stack_wallet/pull/1063
but please try again @k4r4b3y, as I see that PR which should've fixed this was from before your comment
Is this using localhost or 127.0.0.1 as your node address?
what do you mean by this? I am entering my .onion URL for my monero node.
but please try again
Alright, let me fire up stack wallet again. Will report back in a few minutes.
Just re-tried again. Tapping on test connection results in Server Unreachable error.
Here are the relevant sections of my monerod.conf file:
rpc-restricted-bind-ip=127.0.0.1
rpc-restricted-bind-port=18089
rpc-login=REDACTED:REDACTED
I just tried visiting my node's onion address, my-node.onion:18089/get_info ; weirdly enough, I am not able to connect to that URL on the tor browser. The problem might be with my configuration. I will try to debug further.
I changed rpc-restricted-bind-ip=127.0.0.1 to rpc-restricted-bind-ip=0.0.0.0, and restarted everything. I can now reach my-node.onion:18089/get_info on my torbrowser, and it correctly asks for my rpc-login credentials. Once I enter them correctly, torbrowser displays the status of my node.
Then, I try to add this node in stack wallet, as in the screenshot above, and hit "Test connection," it says "Server unreachable."
As of today, using stackwallet version 2.2.1 from f-droid release, I am able to connect to my monerod node which has:
- onion url
- RPC login enabled
using stackwallet's "Add new node" functionality, entering the onion URL, along with the port, and along with the RPC loging username and password, and selecting "Tor connection only", makes stackwallet to connect to my node.
It seems like my abovementioned problem got solved.
Confirmed. I can connect over taiscale now too. Thank you for fixing it! There is an unrelated issue though, the app is called “PlaceHolderName” now.
@mariodian there should be an update showing up in the app store soon that includes a fix for that name. It should just be cosmetic
