Re: [tor-relays] [Tor Weather] Node Down! - AccountingMax and ORPort 80
On 11/21/2014 09:44 AM, Chuck Peters wrote: Nov 16 00:00:00.000 [notice] Opening OR listener on 0.0.0.0:80 Nov 16 00:00:00.000 [warn] Could not bind to 0.0.0.0:80: Permission denied As stated in [1] you could try something like $ setcap 'cap_net_bind_service=+ep' /usr/bin/tor [1] http://serverfault.com/questions/112795/how-can-i-run-a-server-on-linux-on-port-80-as-a-normal-user -- Toralf pgp key: 0076 E94E ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] OrPort self-testing sometimes fails
Hi everybody, Second time it happen to me so I would like to know if you have ideas about it. Sometimes after a reboot, I haven't the following message into the log : Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. And after a while (fortunately), I receive a warning (Tor Weather) because my server is shown as offline. So I just type /etc/init.d/tor stop and /etc/init.d/tor start, and it works fine. I would like to know how does the test works, in order to check what can fail during the test. If my server's IP (95.130.9.190) is not reachable by a part of the Internet for example, in order to open a support ticket with my ISP (do you know how I can easily check it ?). Also, since few month now, the bandwith usage seems to keeps far below what I had before (even with a good consensus weight, fresh OS install with new keys and name a month ago) so I now realize that may be there is a problem somewhere with this machine. Thank you in advance for your help and ideas ! Best Regards, Julien ROBIN Please find below the logs of the failed start, followed by the working start Nov 21 11:56:53.000 [notice] Tor 0.2.5.10 (git-43a5f3d91e726291) opening log file. Nov 21 11:56:53.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. Nov 21 11:56:53.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Nov 21 11:56:53.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. Nov 21 11:56:53.000 [notice] Caching new entry debian-tor for debian-tor Nov 21 11:56:53.000 [notice] Caching new entry debian-tor for debian-tor Nov 21 11:56:53.000 [notice] Your Tor server's identity key fingerprint is 'MagnetronFR1 145AEE9359A8943189500C5451722CAA7EEEC6C3' Nov 21 11:56:53.000 [notice] Bootstrapped 0%: Starting Nov 21 11:56:57.000 [notice] We now have enough directory information to build circuits. Nov 21 11:56:57.000 [notice] Bootstrapped 80%: Connecting to the Tor network Nov 21 11:56:57.000 [notice] Bootstrapped 85%: Finishing handshake with first hop Nov 21 11:56:58.000 [notice] Bootstrapped 90%: Establishing a Tor circuit Nov 21 11:57:00.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Nov 21 11:57:00.000 [notice] Bootstrapped 100%: Done Nov 21 13:56:58.000 [notice] Interrupt: we have stopped accepting new connections, and will shut down in 30 seconds. Interrupt again to exit now. Nov 21 13:57:28.000 [notice] Clean shutdown finished. Exiting. Nov 21 13:57:39.000 [notice] Tor 0.2.5.10 (git-43a5f3d91e726291) opening log file. Nov 21 13:57:39.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. Nov 21 13:57:39.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Nov 21 13:57:39.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. Nov 21 13:57:39.000 [notice] Caching new entry debian-tor for debian-tor Nov 21 13:57:39.000 [notice] Caching new entry debian-tor for debian-tor Nov 21 13:57:39.000 [notice] Your Tor server's identity key fingerprint is 'MagnetronFR1 145AEE9359A8943189500C5451722CAA7EEEC6C3' Nov 21 13:57:39.000 [notice] Bootstrapped 0%: Starting Nov 21 13:57:39.000 [notice] Bootstrapped 5%: Connecting to directory server Nov 21 13:57:41.000 [notice] We now have enough directory information to build circuits. Nov 21 13:57:41.000 [notice] Bootstrapped 80%: Connecting to the Tor network Nov 21 13:57:41.000 [notice] Bootstrapped 85%: Finishing handshake with first hop Nov 21 13:57:41.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Nov 21 13:57:43.000 [notice] Bootstrapped 90%: Establishing a Tor circuit Nov 21 13:57:44.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Nov 21 13:57:44.000 [notice] Bootstrapped 100%: Done ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Website no longer available from Tor
Hi from a few weeks the site spacemarc.it is no longer accessible via TOR. My hosting does not apply any filter nor I do it from code. I do not get any error from web server (forbidden, timeout and so on...) but the Tor Browser (v4.0.1) simply tries to connect for several seconds but to no avail (try yourself please). I checked the Apache logs and I do not see any request from an IP Tor. In your opinion why is not it more accessible? Thanks ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] building Tor against LibreSSL 2.1.1 fails with undefined reference to `EVP_aes_128_ctr' error
I am also very interested in hearing from people who have built tor with LibreSSL... specifically I'd love it if someone worked out all the details to do this as a static build in OpenBSD. On Fri, Nov 21, 2014 at 3:22 PM, Seth l...@sysfu.com wrote: I'm trying to build tor-0.2.5.10 from source against LibreSSL 2.1.1 on a FreeBSD 9.3x jail system. It fails with this message --- CC src/tools/tor-gencert.o CCLD src/tools/tor-gencert src/common/libor-crypto.a(aes.o): In function `aes_new_cipher': /usr/local/src/tor-0.2.5.10/src/common/aes.c:100: undefined reference to `EVP_aes_128_ctr' *** [src/tools/tor-gencert] Error code 1 Stop in /usr/local/src/tor-0.2.5.10. *** [all] Error code 1 Stop in /usr/local/src/tor-0.2.5.10. -- Has anyone has any luck building Tor against LibreSSL? -- Seth I 3 nicely trimmed email replies ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Website no longer available from Tor
In your opinion why is not it more accessible? You asked four times. We can't see your systems or your exits so we don't know. Run your own restricted exits on your own various computers, starting with those you can reach it with via clearnet, then route all your traffic out those exits and do more testing, beginning with tcpdump or some form of log/traffic analysis on both the exit and webserver. There's obviously blocking or misconfiguration involved. Let us know what you find. https://www.torproject.org/docs/documentation.html.en ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] OrPort self-testing sometimes fails
On Fri, Nov 21, 2014, at 09:18 AM, Julien ROBIN wrote: snip I would like to know how does the test works, in order to check what can fail during the test. If my server's IP (95.130.9.190) is not reachable by a part of the Internet for example, in order to open a support ticket with my ISP (do you know how I can easily check it ?). snip I cannot comment on how the test is performed (although it may be in the documentation) but if you are looking to test connectivity to your ipv4 address, you could always use a Looking Glass or route server for some basic connectivity tests (pinging / traceroute / etc). If you do discover an issue, it would be very beneficial to provide traceroute data (if it's not blocked by a firewall somewhere) in *both* directions (your server to the looking glass ip and looking glass to your server ip)... this helps identify any potential routing issues where asymmetric routing may be in place. Just search for Looking Glass or route server and you should find many available from numerous ISPs and locations that may be helpful in your testing. Good luck and I hope someone else is able to answer with details regarding the testing of your relay. Regards, Ryan Getz ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Fast Exit Node Operators - ISP in US
Dear Relay Operators, I noticed there are very few US based exit nodes in the network. And more and more people are jumping on the same set of AS numbers in Europe. I am not if the reason is lack of Tor friendly ISPs or people are just too freaked out about the summer of Snowden. I think it's very wrong to assume that EU countries are not part of the world-wide-wiretap, packets are going through a few internet exchanges anyways. I have been hosting/operating Faravahar (one of the authority directory servers) at Rethem Hosting (rethemhosting.net) for a couple of years now, and never had any issues. I also just brought up 2 exit nodes there: https://atlas.torproject.org/#details/A5B1C342B316C2AE5695B903CED18F619A8361CC https://atlas.torproject.org/#details/6FFCDF910C32D620FCC6EEF7A8A57F3E9A234649 If anyone is interested in running fast Tor Exit nodes at Rethem Hosting. Feel free to contact me directly, so I can make proper referral/introductions. Rethem Hosting is also able to provide hosting In IceLand, but you get the most bang for your buck in the US datacenter. Thank you for contributing to Tor. All the best, SiNA # Consensus Weights Advertised BandwidthGuard Probability Middle Probability Exit ProbabilityNicknameFingerprint ExitGuard Country Autonomous System 1.5958% 0.% 0.% 0.% 4.8946% (11 other relay groups) 17.6751%0.% 0.% 0.% 54.2124%(total in selection) 1 4.1722% 0.% 0.% 0.% 12.7968%* (26 relays) (26)(22)FR (4) 2 3.8256% 0.% 0.% 0.% 11.7338%* (19 relays) (19)(16)DE (6) 3 2.1098% 0.% 0.% 0.% 6.4712% * (10 relays) (10) (8) NL (6) 4 1.4620% 0.% 0.% 0.% 4.4843% * (5 relays) (5) (5) RO (1) 5 0.9090% 0.% 0.% 0.% 2.7881% * (6 relays) (6) (5) SE (4) 6 0.8788% 0.% 0.% 0.% 2.6955% * (4 relays) (4) (4) CH (2) 7 0.8560% 0.% 0.% 0.% 2.6255% * (3 relays) (3) (3) LU (1) 8 0.6510% 0.% 0.% 0.% 1.9967% * (1 relays) (1) (1) LR (1) 9 0.6433% 0.% 0.% 0.% 1.9731% * (10 relays) (10) (8) US (10) 10 0.5715% 0.% 0.% 0.% 1.7528% * (2 relays) (2) (2) GB (1) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Fast Exit Node Operators - ISP in US
Hi SiNA, On 11/22/2014 01:08 AM, SiNA Rabbani wrote: Dear Relay Operators, I noticed there are very few US based exit nodes in the network. And more and more people are jumping on the same set of AS numbers in Europe. [...] Thank you, SiNA. A reminder to relay operators: Diversity is important. A very good paper everyone should read is Traffic Correlation on Tor by Realistic Adversaries [1]. Compass [2] is very useful in at least determining country- and AS-level diversity. It would be nice to have more than just a feeling of when to rule out a potential ISP and/or country, but I would at least try to avoid any of the popular AS. lowendbox.com is not a bad source for virtual machine hosting. If you plan to run an exit relay, it is imperative that you ask the ISP beforehand, and you should read the Exit Guidelines [3]. Add the answer of the ISP to the GoodBadRelays wiki page [4]. For non-exit relays, I wouldn't ask or tell the ISP, they don't have to know. When you pick a cheap provider with unlimited (fair use) bandwidth, make sure you contact the ISP beforehand to find out how much constant traffic they are actually ok with, and configure your relay accordingly. The hibernation options are quite useful in that regard. For larger exits (dedicated, higher bandwidth), webhostingtalk.com can be a good source. It is generally cheaper to pool money and rent a bigger server. Ideally, you find some people around you. For example, if you have a local hackerspace or makerspace nearby, you should leave contact info and ask if there's interest to collectively run a larger relay. I always wanted to get Tor User Relay Operator Groups going. A quite outdated and lame attempt is a wiki page on the torservers wiki [5]. The next step may be to set up an organization around your exit(s). Many groups chose the non-profit model [6]. This type of organization is surprisingly easy to create and manage, but it does produce overhead. Think a bit about who wants to play accountant and all that. After a while, you might consider joining the Torservers.net reimbursement partnership. While the program does not formally require you to have an organization, we do prefer them, simply because they are a sign of a more stable environment. For more information, see [7]. [1] http://freehaven.net/anonbib/#ccs2013-usersrouted [2] https://compass.torproject.org/ [3] https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines [4] https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs [5] https://www.torservers.net/wiki/usergroups [6] https://www.torservers.net/partners.html [7] https://blog.torservers.net/20130917/reimbursement-for-exit-operators.html -- Moritz Bartl https://www.torservers.net/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Website no longer available from Tor
On Fri, Nov 21, 2014 at 12:50:39PM -0500, grarpamp wrote: In your opinion why is not it more accessible? You asked four times. We can't see your systems or your exits so we don't know. Indeed! You can increase the Tor client debugging level on the machine you're trying to TBB from, find out what exit you used to try to connect, and then try tcptraceroute and other debugging tools from your server to see if you can debug the connectivity failure. -andy ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] building Tor against LibreSSL 2.1.1 fails with undefined reference to `EVP_aes_128_ctr' error
On Fri, 21 Nov 2014 09:10:11 -0800, David Stainton dstainton...@gmail.com wrote: I am also very interested in hearing from people who have built tor with LibreSSL... If you want to try building a FreeBSD port using LibreSSL instead of OpenSSL add this to /etc/make.conf OPENSSL_PORT=security/libressl WITH_OPENSSL_PORT=yes specifically I'd love it if someone worked out all the details to do this as a static build in OpenBSD. Not sure about static builds, what's the benefit? I do know OpenBSD 5.6 has LibreSSL baked in and it works with Tor. Just install the tor package, edit /etc/tor/torrc and you're up and running. Next time I stand up another relay or exit node on OpenBSD I think I'll kick it up a notch with some chroot and/or systrace sauce. https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity#RunTorandOtherServicesinaRestrictedEnvironment Am also interested in hearing any tips for minimizing data retention. I thought about making a hardlink or symlink from /var/log to /dev/null, but I have a feeling there's more to it than that. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays