Hey guys,
currently I am working on a private Tor setup and I repeatedly run into issues with the circuit buildup procedure (it's Tor 0.3.5.7 on linux, the setup consists of several debian jessie VMs). The setup is as follows: 1 Client, 2 V3 Authorities, 6 Relays of which 3 have the ExitRelay 1 option set.
In the torrc configs of all relays I define a list of fixed exits TestingDirAuthVoteExit and fixed guards TestingDirAuthVoteGuard and I use DirAuthority to fix the two V3 authorities of my setup.
All nodes bootstrap properly and reach 100%, the authorities both manage to vote and exchange information. Also the relays and the client bootstrap to 100%. Nevertheless, the consensus seems to lack relays with guard flags:
Feb 12 10:35:56.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 2/2, and can only build 0% of likely paths. (We have 0% of guards bw, 100% of midpoint bw, and 100% of end bw (no exits in consensus, using mid) = 0% of path bw.)
Because of this, no default circuits can be built in the client or the relays in all logs the following message appears every second:
[warn] Failed to find node for hop #1 of our path. Discarding this circuit.
Google says it might be an ntp-sync problem. The VMs are not connected to the Internet (but can talk to each other), so I made sure that all machines are in sync and use the firewall as NTP server. Sync shouldn't be the problem.
In the data_dir/state file I see several guard entries: Guard in=default rsa_id=[...] nickname=auth01 sampled_on=2019-01-17T18:33:12 sampled_by=0.3.5.7 listed=1 Guard in=default rsa_id=[...] nickname=relay03 sampled_on=2019-01-22T17:17:10 sampled_by=0.3.5.7 unlisted_since=2019-01-27T11:00:36 listed=0 Guard in=default rsa_id=[...] nickname=relay02 sampled_on=2019-01-24T22:19:10 sampled_by=0.3.5.7 unlisted_since=2019-01-29T09:08:59 listed=0 Guard in=default rsa_id=[...] nickname=relay03 sampled_on=2019-02-06T21:07:36 sampled_by=0.3.5.7 listed=1 Guard in=default rsa_id=[...] nickname=relay05 sampled_on=2019-01-27T16:37:38 sampled_by=0.3.5.7 listed=1
The client also seems to receive a complete consensus, at least all fingerprints of my setup show up if I fetch the file manually.
Please find below an example of the configs I use for the different nodes.
Any help or hints would be great :) Thanks, Katharina
# DIRECTORIES, LOGGING SafeLogging 0 ProtocolWarnings 1 DisableDebuggerAttachment 0 DataDirectory /var/lib/tor PidFile /var/lib/tor/pid Log notice file /var/lib/tor/notice.log Log info file /var/lib/tor/info.log
# CONTACT ContactInfo ...
# GENERAL RunAsDaemon 1 AssumeReachable 1 ConnLimit 60 MaxMemInQueues 1507 MB ShutdownWaitLength 0 HashedControlPassword ...
# FIXED AUTH DirAuthority auth01 orport=5000 no-v2 v3ident=... ...:7000 B218B78864CEF4397CEE0AEF61703459EEE64E38 DirAuthority auth02 orport=5000 no-v2 v3ident=... ...:7000 431E50CDBB0B6FFDD0284A45ABEC875136D980E8
TestingDirAuthVoteExit 2B74825BE33752B21D17713F88D101F3BADC79BC,E4B1152CDF0E5FE697A3E916716FC363A2A0ACF3,7353D324677B9E7A9A50240339C2C7366B381F64 TestingDirAuthVoteGuard 911EDA6CB639AAE955517F02AA4D651E0F7F6EFD,C122CBB79DC660621E352D401AD7F781F8F6D62D,8E574F0C428D235782061F44B2D20A66E4336993
# PORTS OrPort 5000 ControlPort 9051 SocksPort 9050
# FLAGS ExitRelay 1
Nickname ... Address ...