Re: [tor-talk] Problem with new multiple-instance exit nodes never showing up in directory (cached consensus)
On 7/26/12, Name Withheld surv...@gmail.com wrote: Thank you for the response. I'm assuming you're implying option A) (get the dirauth operators to increase the value) is not actually serious. Please correct me if I'm wrong (because I see know way of going about this). It's not the easiest option, but it is possible. If you can make a convincing argument that whichever value you want them to set is still low enough to not make serious attacks significantly easier, or that raising the limit will let a significant amount of ‘good’ relay capacity enter the network, the limit will probably be raised. It might be even easier to persuade ‘enough’ dirauth operators to try raising the limit and see whether the result is ‘good’ or ‘bad’ in various ways; if nothing especially bad happens after a week or two, they'll probably change the default limit. For B), this is probably a total newbie question, since I've never had to run a program like this before. If I can get a second IP from the ISP for the same physical server, is there a configuration option in Debian (or something in the torrc file) I'll need to set to get it to the additional tor daemons binding to the secondary address? I have no idea how to configure your OS to allow you to use a second IP address. That sounds like a common task, though, so there must be instructions for it somewhere. To configure Tor to listen on a specific IP address: Use Tor 0.2.3.x on the relay, specify an IP address on your ORPort torrc line, and if Tor refuses to start, read and act on its log messages. (Bonus points for reading the log messages yourself instead of pasting them into e-mail or IRC and waiting for someone else to echo them back to you.) You might need to specify an IP address explicitly for all of the relays (even the ones you want to listen on your server's default IP address); being explicit about that certainly won't hurt anything on a server with static IP addresses. I recommend continuing to use a different ORPort for each Tor instance, since some/many/most censoring firewalls censor connections with different server ports in different ways. Robert Ransom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Problem with new multiple-instance exit nodes never showing up in directory (cached consensus)
On 27.07.2012 05:48, Name Withheld wrote: For B), this is probably a total newbie question, since I've never had to run a program like this before. If I can get a second IP from the ISP for the same physical server, is there a configuration option in Debian (or something in the torrc file) I'll need to set to get it to the additional tor daemons binding to the secondary address? Use *Address to bind your Tor to your second addres. From http://www.torservers.net/misc/config/torrc : ORPort 443 DirPort 80 Address 109.163.233.200 OutboundBindAddress 109.163.233.200 ORListenAddress 109.163.233.200:443 DirListenAddress 109.163.233.200:80 DataDirectory /var/lib/tor/0 PidFile /var/run/tor/tor0.pid Log notice file /var/log/tor/notices0.log -- Moritz Bartl https://www.torservers.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Problem with new multiple-instance exit nodes never showing up in directory (cached consensus)
Thank you again, all. I'll work on this. On 7/27/2012 4:45 AM, Moritz Bartl wrote: On 27.07.2012 05:48, Name Withheld wrote: For B), this is probably a total newbie question, since I've never had to run a program like this before. If I can get a second IP from the ISP for the same physical server, is there a configuration option in Debian (or something in the torrc file) I'll need to set to get it to the additional tor daemons binding to the secondary address? Use *Address to bind your Tor to your second addres. From http://www.torservers.net/misc/config/torrc : ORPort 443 DirPort 80 Address 109.163.233.200 OutboundBindAddress 109.163.233.200 ORListenAddress 109.163.233.200:443 DirListenAddress 109.163.233.200:80 DataDirectory /var/lib/tor/0 PidFile /var/run/tor/tor0.pid Log notice file /var/log/tor/notices0.log ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Problem with new multiple-instance exit nodes never showing up in directory (cached consensus)
Hi guys, I've got a 1gbps (shared) debian server set up as an exit that can't seem to handle all the b/w through a single instance of tor. After getting some help from the tor lists previously, I've started setting up additional instances of tor that run simultaneously to help handle more traffic. Unfortunately, only the first of the extra instances works (even though I copied the config from the known good config and only changed the ports during other attempts). Other instances seem to work at first, setting up the initial tunnels and passing very small amounts of traffic for about a half hour, but never seem to get listed in the directory, so they never get any other traffic once the initial tunnels all close, even after many hours pass. Does anyone know why this is happening, and what I need to do to fix it? Thank you. Jul 26 12:26:06.064 [notice] Tor v0.2.3.19-rc (git-adf14e42194ebfb7) running on Linux. Jul 26 12:26:06.064 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jul 26 12:26:06.064 [notice] Read configuration file /etc/tor/tor4.cfg. Jul 26 12:26:06.065 [notice] Initialized libevent version 1.4.13-stable using method epoll. Good. Jul 26 12:26:06.065 [notice] Opening Socks listener on 127.0.0.1:10054 Jul 26 12:26:06.065 [notice] Opening Control listener on 127.0.0.1:9054 Jul 26 12:26:06.065 [notice] Opening OR listener on 0.0.0.0:10004 Jul 26 12:26:06.065 [notice] Opening Directory listener on 0.0.0.0:10034 Jul 26 12:26:06.000 [notice] Not disabling debugger attaching for unprivileged users. Jul 26 12:26:06.000 [notice] Parsing GEOIP file /usr/share/tor/geoip. Jul 26 12:26:06.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. Jul 26 12:26:06.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't. Jul 26 12:26:06.000 [notice] No AES engine found; using AES_* functions. Jul 26 12:26:06.000 [notice] This version of OpenSSL has a slow implementation of counter mode; not using it. Jul 26 12:26:06.000 [notice] OpenSSL OpenSSL 0.9.8o 01 Jun 2010 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation Jul 26 12:26:06.000 [notice] Your Tor server's identity key fingerprint is '00Teh0S1gnul00 26F728EF33D03C054B9417FAE92C809DCDEF5ED4' Jul 26 12:26:06.000 [notice] Reloaded microdescriptor cache. Found 3016 descriptors. Jul 26 12:26:06.000 [notice] We now have enough directory information to build circuits. Jul 26 12:26:06.000 [notice] Bootstrapped 80%: Connecting to the Tor network. *Jul 26 12:26:07.000 [notice] Heartbeat: It seems like we are not in the cached consensus.** *Jul 26 12:26:07.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 2 circuits open. I've sent 2 kB and received 2 kB. Jul 26 12:26:07.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. Jul 26 12:26:07.000 [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, bu t it might make your Tor (if run as a client) more easy for censors to block. Jul 26 12:26:07.000 [notice] To correct this, use a more recent OpenSSL, built without disabling any secure ciphers or features. Jul 26 12:26:08.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Jul 26 12:26:09.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Jul 26 12:26:09.000 [notice] Bootstrapped 100%: Done. Jul 26 12:26:09.000 [notice] Now checking whether ORPort 93.114.43.156:10004 and DirPort 93.114.43.156:10034 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) Jul 26 12:26:10.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Jul 26 12:26:13.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Jul 26 12:26:19.000 [notice] Performing bandwidth self-test...done. Jul 26 12:29:25.000 [notice] New control connection opened. Jul 26 12:36:43.000 [notice] New control connection opened. Jul 26 12:36:52.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. Jul 26 12:36:52.000 [notice] Read configuration file /etc/tor/tor4.cfg. Jul 26 12:54:25.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. Jul 26 12:54:25.000 [notice] Read configuration file /etc/tor/tor4.cfg. *Jul 26 18:26:07.000 [notice] Heartbeat: It seems like we are not in the cached consensus.** **Jul 26 18:26:07.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 0 circuits open. I've sent 1.32 MB and received 4.44 MB.* Jul 26 23:05:50.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. Jul 26 23:05:50.000 [notice] Read configuration file
Re: [tor-talk] Problem with new multiple-instance exit nodes never showing up in directory (cached consensus)
On 7/26/12, Name Withheld surv...@gmail.com wrote: Hi guys, I've got a 1gbps (shared) debian server set up as an exit that can't seem to handle all the b/w through a single instance of tor. After getting some help from the tor lists previously, I've started setting up additional instances of tor that run simultaneously to help handle more traffic. Unfortunately, only the first of the extra instances works (even though I copied the config from the known good config and only changed the ports during other attempts). Other instances seem to work at first, setting up the initial tunnels and passing very small amounts of traffic for about a half hour, but never seem to get listed in the directory, so they never get any other traffic once the initial tunnels all close, even after many hours pass. Does anyone know why this is happening, and what I need to do to fix it? From https://www.torproject.org/docs/tor-manual-dev: AuthDirMaxServersPerAddr NUM Authoritative directories only. The maximum number of servers that we will list as acceptable on a single IP address. Set this to 0 for no limit. (Default: 2) The dirauth operators all have this option unspecified (or set to 2). To fix this, either (a) persuade the dirauth operators to increase this value or (b) get more IP addresses and run at most two relays on each of them. Robert Ransom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Problem with new multiple-instance exit nodes never showing up in directory (cached consensus)
Thank you for the response. I'm assuming you're implying option A) (get the dirauth operators to increase the value) is not actually serious. Please correct me if I'm wrong (because I see know way of going about this). For B), this is probably a total newbie question, since I've never had to run a program like this before. If I can get a second IP from the ISP for the same physical server, is there a configuration option in Debian (or something in the torrc file) I'll need to set to get it to the additional tor daemons binding to the secondary address? Much obliged! On Thu, Jul 26, 2012 at 4:19 PM, Robert Ransom rransom.8...@gmail.comwrote: On 7/26/12, Name Withheld surv...@gmail.com wrote: Does anyone know why this is happening, and what I need to do to fix it? From https://www.torproject.org/docs/tor-manual-dev: AuthDirMaxServersPerAddr NUM Authoritative directories only. The maximum number of servers that we will list as acceptable on a single IP address. Set this to 0 for no limit. (Default: 2) The dirauth operators all have this option unspecified (or set to 2). To fix this, either (a) persuade the dirauth operators to increase this value or (b) get more IP addresses and run at most two relays on each of them. Robert Ransom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
