Re: Tor On Private Network
Thanks, I'll give it a try. I have no preference as to what directory version I use. On Sep 3, 2008, at 4:17 AM, Karsten Loesing wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am trying to run Tor on an internal network and I seem to be having a problem with the Directory Server. The Directory Server starts up but I am seeing the following message in notices.log: Sep 02 20:44:28.840 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 14) Any idea what that means? A fine question. Your config looks sane, but I'm running into the same problem. I'm sure we could figure that out, but you should rather consider running the v3 directory protocol instead of v2. At least I can tell that it's working with a v3 directory authority. You'll find more information about running a private network with a v3 directory authority here: https://tor-svn.freehaven.net/svn/tor/trunk/doc/v3-authority-howto.txt https://tor-svn.freehaven.net/svn/tor/trunk/doc/spec/proposals/135-private-tor-networks.txt And at some point there will also be an update to the FAQ entry... As an example, this is a torrc for a private Tor network with three v3 directory authorities (you can leave out some of the options): DataDirectory . SafeLogging 0 UseEntryGuards 0 Log info stdout Log info file log ControlPort 4324 SocksPort 4325 ContactInfo [EMAIL PROTECTED] HidServDirectoryV2 1 ORPort 4326 Nickname dir1 DirPort 4327 Address 127.0.0.1 ORListenAddress 127.0.0.1 DirListenAddress 127.0.0.1 AuthoritativeDirectory 1 V2AuthoritativeDirectory 1 V3AuthoritativeDirectory 1 DirAllowPrivateAddresses 1 MinUptimeHidServDirectoryV2 0 minutes TestingTorNetwork 1 DirServer dir3 v3ident=09C9ADB5E47D2536C17FB91AE7A43B1B215A624E orport=4334 127.0.0.1:4335 49A7 4E44 B7EC A22C 72CC B5E2 EAEB 6CDB 529A 2B2A DirServer dir1 v3ident=588CC7268BEC4224E913F5E723059B694494C42C orport=4326 127.0.0.1:4327 62C0 0C87 1C55 6726 AB9E BAA7 9316 519C 4A3F 7B7D DirServer dir2 v3ident=B66E944D985D9D3F6AC77D2B4CC44E2CF249A6E4 orport=4330 127.0.0.1:4331 ABAD 3F46 5EAA 7A97 AD29 D42B 53E7 EE77 1939 F943 Also, should I set the Directory Server's "DirServer" to point to itself or do I need to run mulitple Dir Servers and point them to each other? It should be sufficient to run a single directory server pointing to itself (all the other nodes in the network need to point to it, too). Hope that helps, - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIvkgv0M+WPffBEmURArF7AJ4gVYC5plkPWa8/HXIys1KV0wnOWgCfSjEO LsKPKy9JjOcVHkCT/yvyxw4= =bng8 -END PGP SIGNATURE-
Re: Tor On Private Network
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > I am trying to run Tor on an internal network and I seem to be having a > problem with the Directory Server. The Directory Server starts up but I > am seeing the following message in notices.log: > > Sep 02 20:44:28.840 [notice] While fetching directory info, no running > dirservers known. Will try again later. (purpose 14) > > Any idea what that means? A fine question. Your config looks sane, but I'm running into the same problem. I'm sure we could figure that out, but you should rather consider running the v3 directory protocol instead of v2. At least I can tell that it's working with a v3 directory authority. You'll find more information about running a private network with a v3 directory authority here: https://tor-svn.freehaven.net/svn/tor/trunk/doc/v3-authority-howto.txt https://tor-svn.freehaven.net/svn/tor/trunk/doc/spec/proposals/135-private-tor-networks.txt And at some point there will also be an update to the FAQ entry... As an example, this is a torrc for a private Tor network with three v3 directory authorities (you can leave out some of the options): DataDirectory . SafeLogging 0 UseEntryGuards 0 Log info stdout Log info file log ControlPort 4324 SocksPort 4325 ContactInfo [EMAIL PROTECTED] HidServDirectoryV2 1 ORPort 4326 Nickname dir1 DirPort 4327 Address 127.0.0.1 ORListenAddress 127.0.0.1 DirListenAddress 127.0.0.1 AuthoritativeDirectory 1 V2AuthoritativeDirectory 1 V3AuthoritativeDirectory 1 DirAllowPrivateAddresses 1 MinUptimeHidServDirectoryV2 0 minutes TestingTorNetwork 1 DirServer dir3 v3ident=09C9ADB5E47D2536C17FB91AE7A43B1B215A624E orport=4334 127.0.0.1:4335 49A7 4E44 B7EC A22C 72CC B5E2 EAEB 6CDB 529A 2B2A DirServer dir1 v3ident=588CC7268BEC4224E913F5E723059B694494C42C orport=4326 127.0.0.1:4327 62C0 0C87 1C55 6726 AB9E BAA7 9316 519C 4A3F 7B7D DirServer dir2 v3ident=B66E944D985D9D3F6AC77D2B4CC44E2CF249A6E4 orport=4330 127.0.0.1:4331 ABAD 3F46 5EAA 7A97 AD29 D42B 53E7 EE77 1939 F943 > Also, should I set the Directory Server's > "DirServer" to point to itself or do I need to run mulitple Dir Servers > and point them to each other? It should be sufficient to run a single directory server pointing to itself (all the other nodes in the network need to point to it, too). Hope that helps, - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIvkgv0M+WPffBEmURArF7AJ4gVYC5plkPWa8/HXIys1KV0wnOWgCfSjEO LsKPKy9JjOcVHkCT/yvyxw4= =bng8 -END PGP SIGNATURE-
Tor On Private Network
I am trying to run Tor on an internal network and I seem to be having a problem with the Directory Server. The Directory Server starts up but I am seeing the following message in notices.log: Sep 02 20:44:28.840 [notice] While fetching directory info, no running dirservers known. Will try again later. (purpose 14) Any idea what that means? Also, should I set the Directory Server's "DirServer" to point to itself or do I need to run mulitple Dir Servers and point them to each other? Here's the configuration file I am using: Nickname Me ContactInfo [EMAIL PROTECTED] Address 192.168.2.7 ORPort 9001 DirAllowPrivateAddresses 1 EnforceDistinctSubnets 0 AssumeReachable 1 AuthoritativeDirectory 1 V2AuthoritativeDirectory 1 DirPort 9030 RunAsDaemon 1 DirServer Me 192.168.2.7:9030 5B99 9839 164F 52CB FA8C ACC0 1A70 7E1B CB7E A9B5 #DirServer Me 127.0.0.1:1 Log notice file /home/test/notices.log
Re: Tor On Private Network
On Wed, 7 May 2008 20:48:57 -0400 "Ringo Kamens" <[EMAIL PROTECTED]> top-posted: >I tried setting localhost as the DNS and it might have worked. Tor no >longer exists because the DNS resolving configuration is broken, but >watch what happens. Just for reference, my private network consists of >three servers who are each set up to be Auth Dir and exit servers and >inherently trust eachother. They are on 169.254.46.12*, this computer >is .125. At some point, Tor realizes that my DNS entry is fake but >thinks that the DNS server is hijacking requests. > > >Laptop-9:~ adb$ tor > > [long debugging output deleted --SJB] > >Sorry for the incredibly long, detailed log but I wanted there to be >sure there was enough information. > I keep wondering why you don't post the contents of /etc/resolv.conf. > > >My questions are: > >1. Does it matter that Tor thinks its requests are being hijacked? >(Since I know I can trust the servers) Have you tried setting "ServerDNSDetectHijacking 0"? > >2. How come it says it can't get any network status documents? > I'm not clear enough on your test setup to answer that, but it may be something to do with the fact that your "authoritative" directory servers are not the ones hard-coded into tor. >3. What next? > Have you looked at making an alternate version of your system's /etc/resolv.conf file and telling tor about it with ServerDNSresolvConfFile? Note that ServerDNSSearchDomains may also be helpful, depending upon your setup. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Tor On Private Network
I tried setting localhost as the DNS and it might have worked. Tor no longer exists because the DNS resolving configuration is broken, but watch what happens. Just for reference, my private network consists of three servers who are each set up to be Auth Dir and exit servers and inherently trust eachother. They are on 169.254.46.12*, this computer is .125. At some point, Tor realizes that my DNS entry is fake but thinks that the DNS server is hijacking requests. Laptop-9:~ adb$ tor Jan 18 15:41:06.054 [notice] Tor v0.1.2.19. This is experimental software. Do not rely on it for strong anonymity. Jan 18 15:41:06.077 [notice] Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is misconfigured or something else goes wrong. Jan 18 15:41:06.079 [warn] You have used DirServer to specify directory authorities in your configuration. This is potentially dangerous: it can make you look different from all other Tor users, and hurt your anonymity. Even if you've specified the same authorities as Tor uses by default, the defaults could change in the future. Be sure you know what you're doing. Jan 18 15:41:06.080 [notice] Enabling experimental OS X kqueue support with libevent 1.3e. If this turns out to not work, set the environment variable EVENT_NOKQUEUE, and tell the Tor developers. Jan 18 15:41:06.082 [notice] Initialized libevent version 1.3e using method kqueue. Good. Jan 18 15:41:06.083 [notice] Opening OR listener on 127.0.0.1:3003 Jan 18 15:41:06.084 [notice] Opening OR listener on 169.254.46.125:3003 Jan 18 15:41:06.085 [notice] Opening Directory listener on 127.0.0.1:3004 Jan 18 15:41:06.086 [notice] Opening Directory listener on 169.254.46.125:3004 Jan 18 15:41:06.087 [notice] Opening Socks listener on 127.0.0.1:3005 Jan 18 15:41:06.088 [notice] Opening Control listener on 127.0.0.1:9051 Jan 18 15:41:06.089 [debug] parse_dir_server_line(): Trusted dirserver at 127.0.0.1:3001 (1944) Jan 18 15:41:06.120 [debug] parse_dir_server_line(): Trusted dirserver at 169.254.46.126:3001 (1944) Jan 18 15:41:06.122 [debug] parse_dir_server_line(): Trusted dirserver at 169.254.46.127:3004 (1944) Jan 18 15:41:06.124 [info] or_state_load(): Loaded state from "data/state" Jan 18 15:41:06.138 [info] crypto_seed_rng(): Seeding RNG from "/dev/urandom" Jan 18 15:41:06.140 [info] configure_nameservers(): Parsing resolver configuration in '/etc/resolv.conf' Jan 18 15:41:06.142 [info] eventdns: Parsing resolv.conf file /etc/resolv.conf Jan 18 15:41:06.143 [info] eventdns: Added nameserver 169.254.46.125 Jan 18 15:41:06.144 [info] eventdns: Setting maximum allowed timeouts to 16 Jan 18 15:41:06.145 [info] eventdns: Setting timeout to 10 Jan 18 15:41:06.149 [info] init_keys(): Reading/making identity key "data/keys/secret_id_key"... Jan 18 15:41:06.284 [info] init_keys(): Reading/making onion key "data/keys/secret_onion_key"... Jan 18 15:41:07.206 [debug] resolve_my_address(): Resolved Address to '169.254.46.125'. Jan 18 15:41:07.208 [debug] parse_addr_policy(): Adding new entry 'reject *:25' Jan 18 15:41:07.209 [debug] parse_addr_policy(): Adding new entry 'reject *:119' Jan 18 15:41:07.210 [debug] parse_addr_policy(): Adding new entry 'reject *:135-139' Jan 18 15:41:07.211 [debug] parse_addr_policy(): Adding new entry 'reject *:445' Jan 18 15:41:07.212 [debug] parse_addr_policy(): Adding new entry 'reject *:465' Jan 18 15:41:07.213 [debug] parse_addr_policy(): Adding new entry 'reject *:563' Jan 18 15:41:07.213 [debug] parse_addr_policy(): Adding new entry 'reject *:587' Jan 18 15:41:07.214 [debug] parse_addr_policy(): Adding new entry 'reject *:1214' Jan 18 15:41:07.214 [debug] parse_addr_policy(): Adding new entry 'reject *:4661-4666' Jan 18 15:41:07.215 [debug] parse_addr_policy(): Adding new entry 'reject *:6346-6429' Jan 18 15:41:07.215 [debug] parse_addr_policy(): Adding new entry 'reject *:6699' Jan 18 15:41:07.216 [debug] parse_addr_policy(): Adding new entry 'reject *:6881-6999' Jan 18 15:41:07.216 [debug] parse_addr_policy(): Adding new entry 'accept *:*' Jan 18 15:41:07.254 [debug] router_get_my_descriptor(): my desc is 'router onetwofive 169.254.46.125 3003 0 3004 platform Tor 0.1.2.19 on Darwin Power Macintosh published 1970-01-18 20:41:07 opt fingerprint 7751 1690 757D 05DA D428 4ADA 3821 2D89 27B5 4610 uptime 0 bandwidth 3145728 6291456 0 onion-key -BEGIN RSA PUBLIC KEY- MIGJAoGBALdlAhyM5ErOCP7tuODdz1Ah3EDUzaRg95X2ZzFLUdw77Hfb6T6o1pMy DfMAXBKXov8/aARCwodjZn/VwdvEUDyKg+mXZ9UmxuRSHGkrJItQoGjhcv4UJ0mI 9A2iOvi7gmJvrEuac3AR1lgHZT7t9o/7As85mraHKYQmmKf2fkyDAgMBAAE= -END RSA PUBLIC KEY- signing-key -BEGIN RSA PUBLIC KEY- MIGJAoGBAL2n77/3JUxmQNMSECQczfyxEhZukkQR5JPDXyURFP94O6jgK5kDHflB XhpZL7/opXFAUMXL+Rgf+FAjOaoSFB1kaWhJoHpOwlmapDU6a6wJRzo9ttUS7yoo xUplKWYHHSjkD9DbHnzfHElKPGKpRR60QyGO1mb5JY7qvdnIqiXhAgMBAAE= -END RSA PUBLIC KEY- opt write-history 1970-01-17 23:06:40 (900 s) opt read
Re: Tor On Private Network
I took a look at that document, and the only suggested options that seemed to work were: EnforceDistinctSubnets 0 ExitPolicyRejectPrivate 0 The rest said that they were unknown options, including ServerDNSAllowBrokenResolvConf. Any ideas as to why this might be? I tried setting the DNS settings to make localhost the DNS server but that didn't seem to work either. Thanks, Comrade Ringo Kamens On 5/7/08, Karsten Loesing <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Ringo Kamens wrote: > | Is there a way to make tor not check this file? Any ideas? > > ServerDNSAllowBrokenResolvConf sounds like a useful option here. > > Have a look at the last section of proposal 135 that contains a bunch of > useful config options for private Tor networks: > > > https://tor-svn.freehaven.net/svn/tor/trunk/doc/spec/proposals/135-private-tor-networks.txt > > - --Karsten > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFIId6L0M+WPffBEmURAgwRAKDB4oSnUO7l6fx92CDJkF5snJ3H1gCeKA0p > ybDyFPiLHoogcOXUfxtu4A8= > =ZHHB > -END PGP SIGNATURE- >
Re: Tor On Private Network
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ringo Kamens wrote: | Is there a way to make tor not check this file? Any ideas? ServerDNSAllowBrokenResolvConf sounds like a useful option here. Have a look at the last section of proposal 135 that contains a bunch of useful config options for private Tor networks: https://tor-svn.freehaven.net/svn/tor/trunk/doc/spec/proposals/135-private-tor-networks.txt - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIId6L0M+WPffBEmURAgwRAKDB4oSnUO7l6fx92CDJkF5snJ3H1gCeKA0p ybDyFPiLHoogcOXUfxtu4A8= =ZHHB -END PGP SIGNATURE-
Tor On Private Network
I am trying to set up tor on a private network. I used the python script that was mentioned previously to make the torrc and the only changes I made were adding my directory servers and changing the data dir. I'm running these on OSX Darwin and there's no reason for them to resolve hostnames because all of my directory servers are run on the LAN and the torrc only references their IP addresses. I get the following error when I start Tor. [warn] Unable to stat resolver configuration in /etc/resolve.conf: No such file or directory [err] Error initializing DNS subsystem; exiting I have run tor on these machines before and never gotten this error until I tried running it over LAN with my own authoritative directory servers. I looked at resolve.conf and it's just a shortcut pointing to a file that doesn't exist. Is there a way to make tor not check this file? Any ideas? Any help appreciated, Comrade Ringo Kamens
