I wasn't aware that Orbot was on app store, so I've been manually compiling and using iCepa for last couple of years and it worked correctly.

However, after iOS 17.2.1 update it stopped working - every time a successful VPN connection was established, as soon as a single packet tries to go over it, it crashes.

Last Friday, I took some time to investigate, and seeing the iCepa upstream project basically dead, I went on to find what is the cause of VPN not working.

I managed to capture a crash trace in Tor.framework that I reported here.

I tried to investigate further and then saw that this project is also using the Tor.framework so I tried to download and install the app and it has exactly the same behaviour - as soon as connection is established and first packet tries going over Tor, it crashes.

Unfortunately, I couldn't capture any traces in the robot app, since I installed it from the AppStore, but I'm posting this here in the hope that it may be relevant or possibly even the same.

Hi! Thanks for your message.

Yes, the iCepa project is basically dead. It was always a research project, and when we finally managed to make it do what it should, we moved to creating a useful published app under the Orbot brand, known from Android.

Unfortunately, in the last year, Orbot became broken again.

A first primer of what's going on, can be found here: https://orbot.app/en/faqs/
(You can also find somewhat deeper info in older issues here.)

However, I'm afraid, Orbot, or iCepa currently doesn't really work under most circumstances. Sorry. 🤷

The interesting thing is that iCepa used to work correctly for me up until the last iOS update (iOS 17.2). And even after the last update, it does connect, but as soon as the packet tries to go over Tor, it crashes.

I hope the crash trace I managed to obtain in the iCepa will also help here, as it points to the Tor.framework, which is common to both projects.

It mostly depends on how big the window of Tor nodes is, you can see from your location.

The main driver of RAM usage are the so called "microdescriptors" (which aren't so micro after all) of the Tor nodes available. Every Tor client tries to discover as many available nodes as possible and then creates the needed "circuits" (lists of 3 nodes each to use as tunnels) from that information.

If you see too many (which happens when your network isn't restricted by any censors, resp. censorship circumvention works properly), RAM usage explodes and hits the stupid 50 MB limit imposed by Apple.

Unfortunately your mislead, if you think the crashlog points to Tor.framework. The crash actually happened in Tor itself. Typically, this happens because Tor couldn't allocate more RAM because the Network Extension limit was hit.

You can see this behaviour for yourself.

From Xcode, start Orbot or iCepa on an iOS device.
Before you start the network extension, hit "Debug" -> "Attach to process by PID or name..." -> Enter the name of the network extension (in case of Orbot, it's "TorVPN") -> Attach

Look at the debug navigator pane (the spray can) on the left.
You will see a message about "waiting to attach".
Now start the network extension.

In the debug pane, the Network Extension process will show up. Click the "memory" line. You will see a graph in the center about the development of RAM usage. You will see a limit line at 50 MB.

Wait until it reaches that limit. The Network Extension will crash immediately, because Jetsam (the iOS memory watchdog) will kill it immediately after reaching the threshold.

Hi @tladesignz!

I finally found some time to play with your suggestions and went to compile iCepa again, as I'm more familiar with that project.

So, I took all the latest dependencies (Tor.framework v408.10.1, leaf 0.10.9 where I needed to change two lines to be able to compile with rust 1.76), compiled the app in order to attach with the debugger to see where are the issues, and opened the tor service page, and...

... it worked correctly.

I thought then that maybe Tor network is less busy today, so I disconnected and tried Orbot (latest version from AppStore, I didn't go through the hassle of compiling it due to all those certificates I need to set up) and it was failing to connect - it kept restarting the VPN process just like before.

So, apparently, something in the latest versions of leaf and Tor.framework did the trick so that VPN via Tor now works.

I'll see for how long will it work and try using your debug attaching approach to get the traces if it starts crashing again.

Hey, thanks for pointing out that the latest leaf actually works! I updated that. However, that didn't bring down the memory consumption. I still hit the 50 MB limit.
When I ran it on macOS, though, I recognized it only uses 35 MB there. I need to investigate that more. But that could just be a fluctuation.

It could be a fluctuation, but using latest leaf in iCepa I can at least access my Tor services, unlike with latest Orbot from AppStore, so it's at least something.

Indeed, it does crash sometimes, but it also works sometimes, which is better than not working at all.

I now understand why your iCepa works. I removed IPtProxy/UI from the Network Extension in Orbot, and the GeoIP files. When I start clean, it works. When I start with a warm microdescriptor cache, it doesn't again.