Tor On Private Network

[Ringo Kamens]

I am trying to set up tor on a private network. I used the python script
that was mentioned previously to make the torrc and the only changes I made
were adding my directory servers and changing the data dir.

I'm running these on OSX Darwin and there's no reason for them to resolve
hostnames because all of my directory servers are run on the LAN and the
torrc only references their IP addresses. I get the following error when I
start Tor.

[warn] Unable to stat resolver configuration in /etc/resolve.conf: No such
file or directory
[err] Error initializing DNS subsystem; exiting

I have run tor on these machines before and never gotten this error until I
tried running it over LAN with my own authoritative directory servers. I
looked at resolve.conf and it's just a shortcut pointing to a file that
doesn't exist. Is there a way to make tor not check this file? Any ideas?
Any help appreciated,
Comrade Ringo Kamens

Re: Tor On Private Network

[Karsten Loesing]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ringo Kamens wrote:
| Is there a way to make tor not check this file? Any ideas?

ServerDNSAllowBrokenResolvConf sounds like a useful option here.

Have a look at the last section of proposal 135 that contains a bunch of
useful config options for private Tor networks:

https://tor-svn.freehaven.net/svn/tor/trunk/doc/spec/proposals/135-private-tor-networks.txt

- --Karsten
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIId6L0M+WPffBEmURAgwRAKDB4oSnUO7l6fx92CDJkF5snJ3H1gCeKA0p
ybDyFPiLHoogcOXUfxtu4A8=
=ZHHB
-END PGP SIGNATURE-

Re: Tor On Private Network

[Ringo Kamens]

I tried setting localhost as the DNS and it might have worked. Tor no
longer exists because the DNS resolving configuration is broken, but
watch what happens. Just for reference, my private network consists of
three servers who are each set up to be Auth Dir and exit servers and
inherently trust eachother. They are on 169.254.46.12*, this computer
is .125. At some point, Tor realizes that my DNS entry is fake but
thinks that the DNS server is hijacking requests.


Laptop-9:~ adb$ tor

Jan 18 15:41:06.054 [notice] Tor v0.1.2.19. This is experimental
software. Do not rely on it for strong anonymity.

Jan 18 15:41:06.077 [notice] Your ContactInfo config option is not
set. Please consider setting it, so we can contact you if your server
is misconfigured or something else goes wrong.

Jan 18 15:41:06.079 [warn] You have used DirServer to specify
directory authorities in your configuration. This is potentially
dangerous: it can make you look different from all other Tor users,
and hurt your anonymity. Even if you've specified the same authorities
as Tor uses by default, the defaults could change in the future. Be
sure you know what you're doing.

Jan 18 15:41:06.080 [notice] Enabling experimental OS X kqueue support
with libevent 1.3e. If this turns out to not work, set the environment
variable EVENT_NOKQUEUE, and tell the Tor developers.

Jan 18 15:41:06.082 [notice] Initialized libevent version 1.3e using
method kqueue. Good.

Jan 18 15:41:06.083 [notice] Opening OR listener on 127.0.0.1:3003

Jan 18 15:41:06.084 [notice] Opening OR listener on 169.254.46.125:3003

Jan 18 15:41:06.085 [notice] Opening Directory listener on 127.0.0.1:3004

Jan 18 15:41:06.086 [notice] Opening Directory listener on 169.254.46.125:3004

Jan 18 15:41:06.087 [notice] Opening Socks listener on 127.0.0.1:3005

Jan 18 15:41:06.088 [notice] Opening Control listener on 127.0.0.1:9051

Jan 18 15:41:06.089 [debug] parse_dir_server_line(): Trusted dirserver
at 127.0.0.1:3001 (1944)

Jan 18 15:41:06.120 [debug] parse_dir_server_line(): Trusted dirserver
at 169.254.46.126:3001 (1944)

Jan 18 15:41:06.122 [debug] parse_dir_server_line(): Trusted dirserver
at 169.254.46.127:3004 (1944)

Jan 18 15:41:06.124 [info] or_state_load(): Loaded state from data/state

Jan 18 15:41:06.138 [info] crypto_seed_rng(): Seeding RNG from /dev/urandom

Jan 18 15:41:06.140 [info] configure_nameservers(): Parsing resolver
configuration in '/etc/resolv.conf'

Jan 18 15:41:06.142 [info] eventdns: Parsing resolv.conf file /etc/resolv.conf

Jan 18 15:41:06.143 [info] eventdns: Added nameserver 169.254.46.125

Jan 18 15:41:06.144 [info] eventdns: Setting maximum allowed timeouts to 16

Jan 18 15:41:06.145 [info] eventdns: Setting timeout to 10

Jan 18 15:41:06.149 [info] init_keys(): Reading/making identity key
data/keys/secret_id_key...

Jan 18 15:41:06.284 [info] init_keys(): Reading/making onion key
data/keys/secret_onion_key...

Jan 18 15:41:07.206 [debug] resolve_my_address(): Resolved Address to
'169.254.46.125'.

Jan 18 15:41:07.208 [debug] parse_addr_policy(): Adding new entry 'reject *:25'

Jan 18 15:41:07.209 [debug] parse_addr_policy(): Adding new entry 'reject *:119'

Jan 18 15:41:07.210 [debug] parse_addr_policy(): Adding new entry
'reject *:135-139'

Jan 18 15:41:07.211 [debug] parse_addr_policy(): Adding new entry 'reject *:445'

Jan 18 15:41:07.212 [debug] parse_addr_policy(): Adding new entry 'reject *:465'

Jan 18 15:41:07.213 [debug] parse_addr_policy(): Adding new entry 'reject *:563'

Jan 18 15:41:07.213 [debug] parse_addr_policy(): Adding new entry 'reject *:587'

Jan 18 15:41:07.214 [debug] parse_addr_policy(): Adding new entry
'reject *:1214'

Jan 18 15:41:07.214 [debug] parse_addr_policy(): Adding new entry
'reject *:4661-4666'

Jan 18 15:41:07.215 [debug] parse_addr_policy(): Adding new entry
'reject *:6346-6429'

Jan 18 15:41:07.215 [debug] parse_addr_policy(): Adding new entry
'reject *:6699'

Jan 18 15:41:07.216 [debug] parse_addr_policy(): Adding new entry
'reject *:6881-6999'

Jan 18 15:41:07.216 [debug] parse_addr_policy(): Adding new entry 'accept *:*'

Jan 18 15:41:07.254 [debug] router_get_my_descriptor(): my desc is
'router onetwofive 169.254.46.125 3003 0 3004

platform Tor 0.1.2.19 on Darwin Power Macintosh

published 1970-01-18 20:41:07

opt fingerprint 7751 1690 757D 05DA D428 4ADA 3821 2D89 27B5 4610

uptime 0

bandwidth 3145728 6291456 0

onion-key

-BEGIN RSA PUBLIC KEY-

MIGJAoGBALdlAhyM5ErOCP7tuODdz1Ah3EDUzaRg95X2ZzFLUdw77Hfb6T6o1pMy

DfMAXBKXov8/aARCwodjZn/VwdvEUDyKg+mXZ9UmxuRSHGkrJItQoGjhcv4UJ0mI

9A2iOvi7gmJvrEuac3AR1lgHZT7t9o/7As85mraHKYQmmKf2fkyDAgMBAAE=

-END RSA PUBLIC KEY-

signing-key

-BEGIN RSA PUBLIC KEY-

MIGJAoGBAL2n77/3JUxmQNMSECQczfyxEhZukkQR5JPDXyURFP94O6jgK5kDHflB

XhpZL7/opXFAUMXL+Rgf+FAjOaoSFB1kaWhJoHpOwlmapDU6a6wJRzo9ttUS7yoo

xUplKWYHHSjkD9DbHnzfHElKPGKpRR60QyGO1mb5JY7qvdnIqiXhAgMBAAE=

-END RSA PUBLIC KEY-

opt write-history 1970-01-17 23:06:40 (900 s)

opt