Re: [tor-relays] network diversity with freeBSD - solved
Hi Tim! Thanks a lot for your hint. I've changed it. I'd recognized the public IPs with arm, but didn't know the circumstances. Now it should be in a more secure mode, than before. Regards, On 05.12.2016 23:49, teor wrote: > >> On 6 Dec. 2016, at 08:32, diffusae wrote: >> >> Hi! >> >> On 05.12.2016 21:32, pa011 wrote: >>> its working currently on Tor 0.2.8.9 (recommended) >>> otherwise it might conflict with arm? >> >> Yes I know this, you could solve this with a jail. So if you run >> tor-devel inside a jail and use a cloned loopback interface for the >> control port. > > It's much better to use a unix socket for the control connection. > > ControlPort unix:/path/no/spaces > > (There's a bug in parsing control socket paths with spaces that's fixed > in 0.2.9.4-alpha, but not 0.2.8.) > > Loopback interfaces and jails have a tendency to leave your control port > open on a public IP address if configured incorrectly. Some jail setups > default to this insecure mode. > > https://trac.torproject.org/projects/tor/ticket/17901 > > T > >>> Any quick idea how to solve that one: >> >>> To connect to svn.torproject.org insecurely, use >>> `--no-check-certificate'. >> >> pkg install ca_root_nss should help. With curl I can connect to svn. >> >> Welcome to svn.torproject.org! >> >> Regards, >> Reiner >> >>> Am 05.12.2016 um 18:42 schrieb diffusae: Hi! That's nice to hear. RAM is also very good for tor relays. :-) Maybe you want to change your version to tor-devel-0.2.9.5.a, if you don't done this already (e. g. portsnap fetch update && portmaster security/tor-devel). Regards, On 05.12.2016 18:32, pa011 wrote: > Working :-) > > It looks like it was missing the Address in torrc. > I added up some RAM before- that didn’t help. > > Ok, now I have time to follow up all your other recommendations in the > coming days. > > Thank you all very much for your help! > > Best Regards > Paul > > p.s. as it is finally that easy to get BSD running, hopefully more will > follow in diversifying the tor world. > > >> >> You might also want to try setting the "Address" knob. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > T > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] network diversity with freeBSD - solved
> On 6 Dec. 2016, at 08:32, diffusae wrote: > > Hi! > > On 05.12.2016 21:32, pa011 wrote: >> its working currently on Tor 0.2.8.9 (recommended) >> otherwise it might conflict with arm? > > Yes I know this, you could solve this with a jail. So if you run > tor-devel inside a jail and use a cloned loopback interface for the > control port. It's much better to use a unix socket for the control connection. ControlPort unix:/path/no/spaces (There's a bug in parsing control socket paths with spaces that's fixed in 0.2.9.4-alpha, but not 0.2.8.) Loopback interfaces and jails have a tendency to leave your control port open on a public IP address if configured incorrectly. Some jail setups default to this insecure mode. https://trac.torproject.org/projects/tor/ticket/17901 T >> Any quick idea how to solve that one: > >> To connect to svn.torproject.org insecurely, use >> `--no-check-certificate'. > > pkg install ca_root_nss should help. With curl I can connect to svn. > > Welcome to svn.torproject.org! > > Regards, > Reiner > >> Am 05.12.2016 um 18:42 schrieb diffusae: >>> Hi! >>> >>> That's nice to hear. >>> >>> RAM is also very good for tor relays. :-) >>> >>> Maybe you want to change your version to tor-devel-0.2.9.5.a, if you >>> don't done this already (e. g. portsnap fetch update && portmaster >>> security/tor-devel). >>> >>> Regards, >>> >>> >>> On 05.12.2016 18:32, pa011 wrote: Working :-) It looks like it was missing the Address in torrc. I added up some RAM before- that didn’t help. Ok, now I have time to follow up all your other recommendations in the coming days. Thank you all very much for your help! Best Regards Paul p.s. as it is finally that easy to get BSD running, hopefully more will follow in diversifying the tor world. > > You might also want to try setting the "Address" knob. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] network diversity with freeBSD - solved
Hi! On 05.12.2016 21:32, pa011 wrote: > its working currently on Tor 0.2.8.9 (recommended) > otherwise it might conflict with arm? Yes I know this, you could solve this with a jail. So if you run tor-devel inside a jail and use a cloned loopback interface for the control port. > Any quick idea how to solve that one: > To connect to svn.torproject.org insecurely, use > `--no-check-certificate'. pkg install ca_root_nss should help. With curl I can connect to svn. Welcome to svn.torproject.org! Regards, Reiner > Am 05.12.2016 um 18:42 schrieb diffusae: >> Hi! >> >> That's nice to hear. >> >> RAM is also very good for tor relays. :-) >> >> Maybe you want to change your version to tor-devel-0.2.9.5.a, if you >> don't done this already (e. g. portsnap fetch update && portmaster >> security/tor-devel). >> >> Regards, >> >> >> On 05.12.2016 18:32, pa011 wrote: >>> Working :-) >>> >>> It looks like it was missing the Address in torrc. >>> I added up some RAM before- that didn’t help. >>> >>> Ok, now I have time to follow up all your other recommendations in the >>> coming days. >>> >>> Thank you all very much for your help! >>> >>> Best Regards >>> Paul >>> >>> p.s. as it is finally that easy to get BSD running, hopefully more will >>> follow in diversifying the tor world. >>> >>> You might also want to try setting the "Address" knob. >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] network diversity with freeBSD - solved
its working currently on Tor 0.2.8.9 (recommended) otherwise it might conflict with arm? $ sudo pkg update && sudo pkg upgrade -y Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. Any quick idea how to solve that one: Resolving svn.torproject.org (svn.torproject.org)... 2a01:4f8:172:1b46:0:abba:14:1, 138.201.14.206 Connecting to svn.torproject.org (svn.torproject.org)|2a01:4f8:172:1b46:0:abba:14:1|:443... connected. ERROR: cannot verify svn.torproject.org's certificate, issued by 'CN=Let\'s Encrypt Authority X3,O=Let\'s Encrypt,C=US': Unable to locally verify the issuer's authority. To connect to svn.torproject.org insecurely, use `--no-check-certificate'. Rgds Paul Am 05.12.2016 um 18:42 schrieb diffusae: > Hi! > > That's nice to hear. > > RAM is also very good for tor relays. :-) > > Maybe you want to change your version to tor-devel-0.2.9.5.a, if you > don't done this already (e. g. portsnap fetch update && portmaster > security/tor-devel). > > Regards, > > > On 05.12.2016 18:32, pa011 wrote: >> Working :-) >> >> It looks like it was missing the Address in torrc. >> I added up some RAM before- that didn’t help. >> >> Ok, now I have time to follow up all your other recommendations in the >> coming days. >> >> Thank you all very much for your help! >> >> Best Regards >> Paul >> >> p.s. as it is finally that easy to get BSD running, hopefully more will >> follow in diversifying the tor world. >> >> >>> >>> You might also want to try setting the "Address" knob. >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] network diversity with freeBSD - solved
Hi! That's nice to hear. RAM is also very good for tor relays. :-) Maybe you want to change your version to tor-devel-0.2.9.5.a, if you don't done this already (e. g. portsnap fetch update && portmaster security/tor-devel). Regards, On 05.12.2016 18:32, pa011 wrote: > Working :-) > > It looks like it was missing the Address in torrc. > I added up some RAM before- that didn’t help. > > Ok, now I have time to follow up all your other recommendations in the coming > days. > > Thank you all very much for your help! > > Best Regards > Paul > > p.s. as it is finally that easy to get BSD running, hopefully more will > follow in diversifying the tor world. > > >> >> You might also want to try setting the "Address" knob. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] network diversity with freeBSD - solved
Working :-) It looks like it was missing the Address in torrc. I added up some RAM before- that didn’t help. Ok, now I have time to follow up all your other recommendations in the coming days. Thank you all very much for your help! Best Regards Paul p.s. as it is finally that easy to get BSD running, hopefully more will follow in diversifying the tor world. > > You might also want to try setting the "Address" knob. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
