tor-relays

tor-relays@lists.torproject.org

36 participants
4815 discussions

Re: [tor-relays] [tor-talk] obfsproxy failure: obfs3
by lee colleton 21 Aug '13

21 Aug '13

-tor-relay +tor-relays On Thu, Aug 15, 2013 at 10:13 AM, lee colleton <lee(a)colleton.net> wrote: > All of the ports respond on the external IP except for 443 but I can > connect via SSL on 9001. I don't understand how ORListenAddress is > supposed to work: my bridge times out on 443 but when I comment out the ORListenAddress > line it doesn't connect via obfsproxy at all. > > Please advise. > > > On Thu, Aug 15, 2013 at 1:47 AM, lee colleton <lee(a)colleton.net> wrote: > >> With the ORListenAddress line uncommented, a slightly different failure >> results: >> >> Orbot is starting… >> Orbot is starting… >> got tor proc id: 28490 >> Tor process id=28490 >> >> Connecting to control port: 9051 >> SUCCESS connected to control port >> SUCCESS authenticated to control port >> Starting Tor client… complete. >> adding control port event handler >> SUCCESS added control port event handler >> Starting privoxy process >> /data/data/org.torproject.android/app_bin/privoxy >> /data/data/org.torproject.android/app_bin/privoxy.config & >> NOTICE: Heartbeat: Tor's uptime is 0:00 hours, with 0 circuits open. I've >> sent 0 kB and received 0 kB. >> Privoxy is running on port:8118 >> Privoxy process id=28508 >> >> Network connectivity is good. Waking Tor up... >> Circuit (1) LAUNCHED: >> NOTICE: Bootstrapped 5%: Connecting to directory server. >> orConnStatus (173.255.119.202:443): LAUNCHED >> NOTICE: Bootstrapped 10%: Finishing handshake with directory server. >> Circuit (1) FAILED: ONEHOP_TUNNEL > IS_INTERNAL > NEED_CAPACITY >> NOTICE: Your application (using socks4a to port 443) instructed Tor to >> take care of the DNS resolution itself if necessary. This is good. >> NOTICE: Your application (using socks4a to port 80) instructed Tor to >> take care of the DNS resolution itself if necessary. This is good. >> NOTICE: Your application (using socks4a to port 443) instructed Tor to >> take care of the DNS resolution itself if necessary. This is good. >> NOTICE: Your application (using socks4a to port 80) instructed Tor to >> take care of the DNS resolution itself if necessary. This is good. >> NOTICE: Your application (using socks4a to port 443) instructed Tor to >> take care of the DNS resolution itself if necessary. This is good. >> NOTICE: Your application (using socks4a to port 80) instructed Tor to >> take care of the DNS resolution itself if necessary. This is good. >> NOTICE: Your application (using socks4a to port 443) instructed Tor to >> take care of the DNS resolution itself if necessary. This is good. >> NOTICE: Tried for 120 seconds to get a connection to [scrubbed]:443. >> Giving up. (waiting for circuit) >> NOTICE: Your application (using socks4a to port 443) instructed Tor to >> take care of the DNS resolution itself if necessary. This is good. >> >> On Aug 15, 2013 1:41 AM, "lee colleton" <lee(a)colleton.net> wrote: >> >>> When I attempt to connect to this bridge, I see a failure in handshaking: >>> >>> Orbot is starting… >>> Orbot is starting… >>> got tor proc id: 27365 >>> Tor process id=27365 >>> Connecting to control port: 9051 >>> SUCCESS connected to control port >>> SUCCESS authenticated to control port >>> Starting Tor client… complete. >>> adding control port event handler >>> SUCCESS added control port event handler >>> Starting privoxy process >>> /data/data/org.torproject.android/app_bin/privoxy >>> /data/data/org.torproject.android/app_bin/privoxy.config & >>> NOTICE: Heartbeat: Tor's uptime is 0:00 hours, with 0 circuits open. >>> I've sent 0 kB and received 0 kB. >>> Privoxy is running on port:8118 >>> Privoxy process id=27393 >>> Network connectivity is good. Waking Tor up... >>> Circuit (1) LAUNCHED: >>> NOTICE: Bootstrapped 5%: Connecting to directory server. >>> orConnStatus (173.255.119.202:443): LAUNCHED >>> NOTICE: Bootstrapped 10%: Finishing handshake with directory server. >>> NOTICE: We weren't able to find support for all of the TLS ciphersuites >>> that we wanted to advertise. This won't hurt security, but it might make >>> your Tor (if run as a client) more easy for censors to block. >>> NOTICE: To correct this, use a more recent OpenSSL, built without >>> disabling any secure ciphers or features. >>> Circuit (1) FAILED: ONEHOP_TUNNEL > IS_INTERNAL > NEED_CAPACITY >>> orConnStatus (173.255.119.202:443): FAILED >>> WARN: Problem bootstrapping. Stuck at 10%: Finishing handshake with >>> directory server. (DONE; DONE; count 1; recommendation warn) >>> WARN: 1 connections have failed: >>> WARN: 1 connections died in state handshaking (TLS) with SSL state >>> SSLv2/v3 read server hello A in HANDSHAKE >>> NOTICE: Your application (using socks4a to port 80) instructed Tor to >>> take care of the DNS resolution itself if necessary. This is good. >>> NOTICE: Your application (using socks4a to port 443) instructed Tor to >>> take care of the DNS resolution itself if necessary. This is good. >>> NOTICE: Your application (using socks4a to port 80) instructed Tor to >>> take care of the DNS resolution itself if necessary. This is good. >>> On Aug 15, 2013 12:31 AM, "lee colleton" <lee(a)colleton.net> wrote: >>> >>>> When I comment out the ORListenAddress line things look OK. >>>> >>>> # Listen on a port other than the one advertised in ORPort (that is, >>>> # advertise 443 but bind to 9001). >>>> #ORListenAddress 0.0.0.0:9001 >>>> >>>> Aug 15 06:52:50.000 [notice] Tor 0.2.4.16-rc (git-dcf6b6d7dda9ffbd) opening log file. >>>> Aug 15 06:52:50.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster. >>>> Aug 15 06:52:50.000 [notice] Your Tor server's identity key fingerprint is 'gcedemo 08C752E8E86EB5916574A8625030B0EC204EABB8' >>>> Aug 15 06:52:50.000 [notice] Configured hibernation. This interval began at 2013-08-15 00:00:00; the scheduled wake-up time was 2013-08-15 00:00:00; we expect to exhaust our quota for this interval around 2013-08-16 00:00:00; the next interval begins at 2013-08-16 00:00:00 (all times local) >>>> Aug 15 06:52:50.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. >>>> Aug 15 06:52:50.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. >>>> Aug 15 06:52:50.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. >>>> Aug 15 06:52:51.000 [notice] We now have enough directory information to build circuits. >>>> Aug 15 06:52:51.000 [notice] Bootstrapped 80%: Connecting to the Tor network. >>>> Aug 15 06:52:52.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. >>>> Aug 15 06:52:53.000 [notice] Guessed our IP address as 173.255.119.202 (source: 38.229.70.33). >>>> Aug 15 06:52:53.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. >>>> Aug 15 06:52:53.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:40872' >>>> Aug 15 06:52:53.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:52176' >>>> Aug 15 06:52:55.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. >>>> Aug 15 06:52:55.000 [notice] Bootstrapped 100%: Done. >>>> Aug 15 06:52:55.000 [notice] Now checking whether ORPort 173.255.119.202:443 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) >>>> Aug 15 06:53:04.000 [notice] New control connection opened. >>>> Aug 15 07:10:11.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. >>>> >>>> >>>> >>>> On Wed, Aug 14, 2013 at 9:53 PM, lee colleton <lee(a)colleton.net> wrote: >>>> >>>>> Yes, I've opened the ports in the Google Compute Engine (see below). >>>>> I'll follow up on their forum to make sure I've altered the firewall >>>>> properly. >>>>> >>>>> --lee >>>>> >>>>> lee@li388-156:~$ gcutil --service_version="v1beta15" --project="colleton.net:tor-cloud" listfirewalls >>>>> +------------------------+---------------------------------------+---------+------------+-------------+-------------+ >>>>> | name | description | network | source-ips | source-tags | target-tags | >>>>> +------------------------+---------------------------------------+---------+------------+-------------+-------------+ >>>>> | default-allow-internal | Internal traffic from default allowed | default | 10.0.0.0/8 | | | >>>>> | default-ssh | SSH allowed from anywhere | default | 0.0.0.0/0 | | | >>>>> | tor-obfsproxy | | default | 0.0.0.0/0 | | obfsproxy | >>>>> +------------------------+---------------------------------------+---------+------------+-------------+-------------+ >>>>> lee@li388-156:~$ gcutil --service_version="v1beta15" --project="colleton.net:tor-cloud" getfirewall tor-obfsproxy >>>>> +---------------+-------------------------------+ >>>>> | property | value | >>>>> +---------------+-------------------------------+ >>>>> | name | tor-obfsproxy | >>>>> | description | | >>>>> | creation-time | 2013-08-07T18:37:35.986-07:00 | >>>>> | network | default | >>>>> | source-ips | 0.0.0.0/0 | >>>>> | source-tags | | >>>>> | target-tags | obfsproxy | >>>>> | allowed | tcp: 443, 9001, 40872, 52176 | >>>>> +---------------+-------------------------------+ >>>>> lee@li388-156:~$ >>>>> >>>>> >>>>> >>>>> On Wed, Aug 14, 2013 at 9:19 PM, Roger Dingledine <arma(a)mit.edu>wrote: >>>>> >>>>>> On Wed, Aug 14, 2013 at 09:08:03AM -0700, lee colleton wrote: >>>>>> > There's a more serious issue in that my server doesn't appear to be >>>>>> > reachable. I've opened tcp:443,9001 along with the two >>>>>> specifiedobfsproxy >>>>>> > ports >>>>>> > >>>>>> > Aug 14 15:26:58.000 [notice] Bootstrapped 100%: Done. >>>>>> > Aug 14 15:26:58.000 [notice] Now checking whether ORPort >>>>>> > 173.255.119.202:443 is reachable... (this may take up to 20 >>>>>> minutes -- >>>>>> > look for log messages indicating success) >>>>>> > Aug 14 15:28:00.000 [notice] New control connection opened. >>>>>> > Aug 14 15:46:56.000 [warn] Your server (173.255.119.202:443) has >>>>>> not >>>>>> > managed to confirm that its ORPort is reachable. Please check your >>>>>> > firewalls, ports, address, /etc/hosts file, etc. >>>>>> >>>>>> Well, that's because it's unreachable. (I just tried.) >>>>>> >>>>>> Can you try following the suggestion in the log message? >>>>>> >>>>>> --Roger >>>>>> >>>>>> -- >>>>>> tor-talk mailing list - tor-talk(a)lists.torproject.org >>>>>> To unsusbscribe or change other settings go to >>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >>>>>> >>>>> >>>>> >>>> >

1 1

Experience with obfuscated bridge on Raspberry Pi Raspian
by z0rc 21 Aug '13

21 Aug '13

Hi, As lately there were many discussions on getting Tor from the experimental repository running on Raspian, I thought I would share my experiences here. First, I tried to install Tor following [1] and [2] and ran into the same compatibility issues as most of you. But then I just downloaded the soft-float version of Raspian "wheezy" from [3]. And I could install Tor and obsproxy from the experimental repository without any issues (i.e. without any compiling or complex configurations). I ran the obfuscated bridge for a week and it relayed a few 100 MB without any problems. The bridge is connected to a standard home cable connection in Switzerland (router runs pfSense). Of course the load was not too high due to only running an obfuscated bridge. After the week I decided to shut the bridge down because I heard from people being contacted by the police even though only running a non-exit relay. As I share a flat with some friends, I absolutely cannot afford being raided or similar. If anyone can give me some advice on running non-exit relays at home in Switzerland, I might consider running the bridge again. Hope this helps. Cheers, Damian [1] https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en#i… [2] https://www.torproject.org/docs/debian.html.en#development [3] http://www.raspberrypi.org/downloads

4 5

Key files encryption methods.
by Tony Xue 21 Aug '13

21 Aug '13

Hi, As shown on the Tor website, the most important file of Tor is the key files. So is there any efficient way to encrypt those files in order to prevent anyone else, i.e. Hosting provider, getting and reading them? Is that those key files are only loaded when the Tor start and reload? So could it be possible to decrypt the file before the start-up and encrypt them again after the Tor start-up process is complete? Cheers, Tony

2 1

Upgrading an obfsbridge to the latest alpha on git master, on raspberry pi
by Kostas Jakeliunas 21 Aug '13

21 Aug '13

A few days ago, George posted an invitation for obfsproxy operators to upgrade their Tor software to the latest version on the master branch in the Tor git repo. [1] I'm running a low traffic obfsbridge on a raspberry pi, the whole thing is rather experimental in its nature already, so decided to try just that. Presumably everyone for whom this might be relevant already knows these things much better than myself, but since they might be applicable to all/some Debian users (raspberrypi + raspbian/debian users for sure), i'm outlining a couple of snags that can maybe be avoided. Previously I ran 0.2.4.15-rc compiled from deb-src (http://deb.torproject.org/torproject.orgexperimental-wheezy main); I think it'd have been the same if a precompiled package had been used. I'd still like to be able to manage Tor via init scripts with as little change as possible, etc. TL;DR: - after make && make install, do a whereis tor; in all likelihood, your new version will be at /usr/local/bin/tor, old one at /usr/sbin/tor etc.; /etc/init.d/tor will be using /usr/sbin/tor, so need to change the DAEMON key there - torrc-defaults will have different values in different distro packages. cd /usr/local/etc/tor; if there's no torrc there: sudo ln -s /etc/tor/torrc (presumably that's where you kept your torrc before; ~/.torrc should work in any case) $ git clone https://git.torproject.org/tor.git && cd tor $ ./autogen.sh if it complains about no aclocal (et al.): $ sudo apt-get install automake && ./autogen.sh $ ./configure $ make $ sudo make install # or, just use it like that (Tor binary is in src/or/) If you're using service tor {start,stop,reload,etc}: $ /usr/sbin/tor --version; /usr/local/bin/tor --version $ grep DAEMON= /etc/init.d/tor The latter will likely point to /usr/sbin/tor, which might be outdated (check above). If that's the case, change that line in init.d/tor to point to the new Tor executable /usr/local/bin/tor - that's where it *should* be; if you don't like that, change BINDIR = /usr/local/bin in Tor's Makefile and make install again. The Debian Tor packages seem to like to assume torrc will be placed in /etc/tor/torrc. If that's where your torrc resides, make a symlink to it from /usr/local/etc/tor, which is where the new Tor executable will look for it. This is probably an insanely ugly way of dealing with these snags, but if anyone is reserved to upgrade because of things like that, maybe this'll help someone.. Kostas. [1]: https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html

2 2

Re: [tor-relays] Experience with obfuscated bridge on Raspberry Pi Raspian
by TonyXue 20 Aug '13

20 Aug '13

>China's internet censorship / 'firewall' thing seems to have been trying to enumerate bridges for a while now. Yes, it does. I guess it's actually detecting bridges from users. The bridges become 'one-off', you can only use those bridges one time(at least in a period of time) and the second time you try to connect through the same bridges, it won't work. From: tony.x(a)outlook.com To: tor-relays(a)lists.torproject.org Subject: RE: [tor-relays] Experience with obfuscated bridge on Raspberry Pi Raspian Date: Tue, 20 Aug 2013 18:42:41 +0800 >China's internet censorship / 'firewall' thing seems to have been trying to enumerate bridges for a while now. Yes, it does. I guess it's actually detecting bridges from users. The bridges become 'one-off', you can only use those bridges one time(at least in a period of time) and the second time you try to connect through the same bridges, it won't work. From: kostas(a)jakeliunas.com Date: Tue, 20 Aug 2013 13:01:35 +0300 To: tor-relays(a)lists.torproject.org Subject: Re: [tor-relays] Experience with obfuscated bridge on Raspberry Pi Raspian Thanks for sharing your experience! > After the week I decided to shut the bridge down because I heard from people being contacted by the police even though only running a non-exit relay. Do you remember where you did hear this? Was it in writing, are you by chance maybe able to link to it? It would be interesting to know more. All non-bridge relays (exit or non-exit) can be enumerated by anyone (that's by design); this is not the case with bridges. However I suppose the extent to which any potential efforts to do just that may be happening does very much depend on the jurisdiction where that bridge is being run; China's internet censorship / 'firewall' thing seems to have been trying to enumerate bridges for a while now. [1] In any case, as far as I'm concerned, it would be *really* interesting to hear of any incidents between the police and non-exit relay operators. [1]: https://blog.torproject.org/blog/knock-knock-knockin-bridges-doors On Tue, Aug 20, 2013 at 2:00 AM, z0rc <damian.goeldi(a)gmail.com> wrote: Hi, As lately there were many discussions on getting Tor from the experimental repository running on Raspian, I thought I would share my experiences here. First, I tried to install Tor following [1] and [2] and ran into the same compatibility issues as most of you. But then I just downloaded the soft-float version of Raspian "wheezy" from [3]. And I could install Tor and obsproxy from the experimental repository without any issues (i.e. without any compiling or complex configurations). I ran the obfuscated bridge for a week and it relayed a few 100 MB without any problems. The bridge is connected to a standard home cable connection in Switzerland (router runs pfSense). Of course the load was not too high due to only running an obfuscated bridge. After the week I decided to shut the bridge down because I heard from people being contacted by the police even though only running a non-exit relay. As I share a flat with some friends, I absolutely cannot afford being raided or similar. If anyone can give me some advice on running non-exit relays at home in Switzerland, I might consider running the bridge again. Hope this helps. Cheers, Damian [1] https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en#i… [2] https://www.torproject.org/docs/debian.html.en#development [3] http://www.raspberrypi.org/downloads _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

1 0

Re: [tor-relays] Raspberry Pi Relay Node Performance and future Plans on Documentation and more
by tor_bridge＠mail.md 18 Aug '13

18 Aug '13

Hello all, > For any Raspberry Pi Tor node operators breathlessly following this > thread :P I succeeded in building 0.2.4.16-rc on the Pi. We will see > how it performs now vs the circuit creation storms. me too on the pi with kernel 3.6.11, using this source: https://www.torproject.org/dist/tor-0.2.4.16-rc.tar.gz it took 32 minutes to configure and compile (make && make install). > This is not a simple Debian-type binary package install, as the > packages present in the Tor Project experimental repos are built for > *Debian* wheezy - that is, ARMv7 - and not *Raspbian* which was built > to support the ARMv6 CPU on the Pi. I'm wondering, is there any other method for running a tor bridge/relay on the raspberry pi, other than downloading the source and compiling it yourself? Is it possible for the Tor project to make an extra option on the page https://www.torproject.org/download/download-unix.html.en with instructions for people to run a bridge/relay on the Pi? I think it will help people not to spend time on installing the experimental wheezy package for the ARMv7 architecture. Tor_Bridge

8 16

Exit node move from Win to LInux
by var 18 Aug '13

18 Aug '13

Hello everybody after some trouble with our Linux Exit Node, we hope that you can point the finger at the problem. We changed from a Windows Server 2003 + Vidalia Exit Node to a Linux System. With the Windows Server everything went fine no problems. Since we got the Linux server there are a lot of problems. When the relay starts our Internet goes down. Its more like some DNS problem but i cant point the finger on it. The connection is still there but he need a lot of time to resolve the names. Is this a overkill for our router? Any suggestions? Need more info? Cheers guys&girls VarVarna

5 4

Running a relay and a bridge relay in the same time?
by TonyXue 18 Aug '13

18 Aug '13

Is that possible to configure the server to run a relay and a bridge relay in the same time? The comments in the torrc said that BridgeRelay 1 will make the server into a bridge relay. Does that mean the server will only be a bridge relay and not a relay anymore?

2 1

Re: [tor-relays] tor-relays Digest, Vol 31, Issue 23
by tw9eef 18 Aug '13

18 Aug '13

windows 2013/8/13 <tor-relays-request(a)lists.torproject.org> > Send tor-relays mailing list submissions to > tor-relays(a)lists.torproject.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > or, via email, send a message with subject or body 'help' to > tor-relays-request(a)lists.torproject.org > > You can reach the person managing the list at > tor-relays-owner(a)lists.torproject.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tor-relays digest..." > > > Today's Topics: > > 1. Re: Planningon running bridge with bw limitation - config > help (Kostas Jakeliunas) > 2. Re: Raspberry Pi Relay Node Performance and future Plans on > Documentation and more (tor_bridge(a)mail.md) > 3. Re: Raspberry Pi Relay Node Performance and future Plans on > Documentation and more (Roman Mamedov) > 4. Is it safe to run an exit node from a VPS provider? > (Sindhudweep Sarkar) > 5. Re: Raspberry Pi Relay Node Performance and future Plans on > Documentation and more (Kostas Jakeliunas) > 6. Re: Is it safe to run an exit node from a VPS provider? > (Moritz Bartl) > 7. Re: Is it safe to run an exit node from a VPS provider? > (Steve Snyder) > 8. Question about TOR bandwidth management (tor(a)t-3.net) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 13 Aug 2013 15:20:25 +0300 > From: Kostas Jakeliunas <kostas(a)jakeliunas.com> > To: tor-relays(a)lists.torproject.org > Subject: Re: [tor-relays] Planningon running bridge with bw limitation > - config help > Message-ID: > <CAN0KoyhUfWa+W_T=x= > bcqZ+oerrnS-V0D0hPedu2mG2ywR-c9A(a)mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > On Tue, Aug 13, 2013 at 2:39 PM, Moritz Bartl <moritz(a)torservers.net> > wrote: > > > On 13.08.2013 08:02, Kali Tor wrote: > > > I am actually in double minds about using obsproxy. Is there a demand > > for it? > > > > Yes! Please do set up obfsproxy. > > > Since obfsproxy bridges are usually really low traffic, I think the > combination of an obfsproxy bridge and raspberrypi makes quite a bit of > sense (that's what I'm running in any case, no problems so far (I also had > to compile Tor for armv6 from source)) :) >

1 0

mismatch between sent and received
by Dave Lahr 16 Aug '13

16 Aug '13

Hello There appears to be a growing mismatch between the amount of data sent and received for my relay. Most recent Heartbeats (in GB): sent received 8.07 10.87 7.30 10.10 6.87 9.68 6.41 9.22 6.18 8.50 This seems like something I should be concerned about, my are there GB of data that are stopping at my relay? This is not an exit relay, it is running on a raspberry pi running raspbian (debian). Any thoughts? Thank you in advance, Dave

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays