cannot keep my bridge up
Hello: I hope you can help me. I'm having trouble keeping my bridge up. Ports are forwarded. Running latest version of Tor. I had it running for at least roughly 7 to 10 days and then it went down and keeping it up is trouble. I even setup dynamic dns on my router using no-ip.com to see if that would help and still no. I've pasted logs from this morning here. Any help is appreciated. Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF tor[17727]: Dec 20 08:55:16.929 [notice] Opened Extended OR listener connection (ready) on 127.0.0.1:34445 Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: We compiled with OpenSSL 30000020: OpenSSL 3.0.2 15 Mar 2022 and we are running with OpenSSL 30000020: 3.0.2. These two versions should be binary compatible. Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Tor 0.4.7.12 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.2, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.35 as libc. Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/ Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Read configuration file "/etc/tor/torrc". Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Based on detected system memory, MaxMemInQueues is set to 2849 MB. You can override this by setting MaxMemInQueues by hand. Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opening Socks listener on 127.0.0.1:9050 Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opened Socks listener connection (ready) on 127.0.0.1:9050 Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opening OR listener on 0.0.0.0:443 Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opened OR listener connection (ready) on 0.0.0.0:443 Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opening Extended OR listener on 127.0.0.1:0 Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Extended OR listener listening on port 34445. Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opened Extended OR listener connection (ready) on 127.0.0.1:34445 Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF kernel: [137278.310446] audit: type=1400 audit(1671544516.974:36): apparmor="DENIED" operation="open" profile="system_tor" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=17728 comm="obfs4proxy" requested_mask="r" denied_mask="r" fsuid=128 ouid=0 Dec 20 08:55:17 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Parsing GEOIP IPv4 file /usr/share/tor/geoip. Dec 20 08:55:17 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Dec 20 08:55:17 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your Tor server's identity key fingerprint is 'h4ck3rspace 93695FBD832C2A29A2DE719CC82B29F06C0B4E09' Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your Tor bridge's hashed identity key fingerprint is 'h4ck3rspace 709E7C37DFE418F6A28B3F0352787606B51A66C6' Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your Tor server's identity key ed25519 fingerprint is 'h4ck3rspace WpmTmQmwNU2PXhaGrwguLXwxiPL3g/4hHuXZRZxZli0' Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: You can check the status of your bridge relay at https://bridges.torproject.org/status?id=709E7C37DFE418F6A28B3F0352787606B51... Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 0% (starting): Starting Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Starting with guard context "default" Dec 20 08:55:26 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Signaled readiness to systemd Dec 20 08:55:26 mxh-HP-Compaq-Pro-6300-SFF systemd[1]: Started Anonymizing overlay network for TCP. Dec 20 08:55:26 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Registered server transport 'obfs4' at '[::]:52812' Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 5% (conn): Connecting to a relay Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opening Socks listener on /run/tor/socks Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opened Socks listener connection (ready) on /run/tor/socks Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opening Control listener on /run/tor/control Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opened Control listener connection (ready) on /run/tor/control Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Unable to find IPv4 address for ORPort 443. You might want to specify IPv6Only to it or set an explicit address or set Address. Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 10% (conn_done): Connected to a relay Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 14% (handshake): Handshaking with a relay Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 15% (handshake_done): Handshake with a relay done Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 95% (circuit_create): Establishing a Tor circuit Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: External address seen and suggested by a directory authority: 100.38.62.232 Dec 20 08:55:28 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 100% (done): Done Dec 20 08:56:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Now checking whether IPv4 ORPort 100.38.62.232:443 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) Dec 20 09:00:01 mxh-HP-Compaq-Pro-6300-SFF CRON[17784]: (root) CMD (timeshift --check --scripted) Dec 20 09:00:01 mxh-HP-Compaq-Pro-6300-SFF crontab[17820]: (root) LIST (root) Dec 20 09:00:01 mxh-HP-Compaq-Pro-6300-SFF crontab[17821]: (root) LIST (root) Dec 20 09:00:01 mxh-HP-Compaq-Pro-6300-SFF systemd[1]: run-timeshift-17784-backup.mount: Deactivated successfully. Dec 20 09:15:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your server has not managed to confirm reachability for its ORPort(s) at 100.38.62.232:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Dec 20 09:17:01 mxh-HP-Compaq-Pro-6300-SFF CRON[18262]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Sent with [Proton Mail](https://proton.me/) secure email.
On 12/20/22 15:27, Anonforpeace via tor-relays wrote:
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF kernel: [137278.310446] audit: type=1400 audit(1671544516.974:36): apparmor="DENIED" operation="open" profile="system_tor" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=17728 comm="obfs4proxy" requested_mask="r" denied_mask="r" fsuid=128 ouid=0
What about this ? -- Toralf
I'm not sure I understand. Are you showing me more lines of code to add? Sent from Proton Mail mobile -------- Original Message -------- On Dec 21, 2022, 5:18 AM, Toralf Förster wrote:
On 12/20/22 15:27, Anonforpeace via tor-relays wrote: > Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF kernel: [137278.310446] > audit: type=1400 audit(1671544516.974:36): apparmor="DENIED" > operation="open" profile="system_tor" > name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=17728 > comm="obfs4proxy" requested_mask="r" denied_mask="r" fsuid=128 ouid=0 What about this ? -- Toralf _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi, These lines Toralf references come from the logs you sent. It looks like apparmor didn't want obfs4proxy to open some file. I'm not sure why obfs4proxy would care about this file, maybe it's something the go runtime likes to look at. It does not look fatal though. Logs also says
Dec 20 09:15:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your server has not managed to confirm reachability for its ORPort(s) at 100.38.62.232:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
It looks like your bridge isn't reachable from the internet. Have you checked if your firewall accepts incoming connections? If you are on an at home installation, have you checked if your router NAT is configured to forward that port properly. If you are on an at home installation too, is it possible you are behind a CG-NAT (https://en.wikipedia.org/wiki/Carrier-grade_NAT)? Sidenotes: these logs contains your bridge fingerprint and its ip address. These are informations you should never share publicly as it allows censors to block your bridge easily, while being hard to block is supposed to be the whole purpose of bridges. Regards, trinity-1686a On Thu, 22 Dec 2022 at 12:47, Anonforpeace via tor-relays <tor-relays@lists.torproject.org> wrote:
I'm not sure I understand. Are you showing me more lines of code to add?
Sent from Proton Mail mobile
-------- Original Message -------- On Dec 21, 2022, 5:18 AM, Toralf Förster < toralf.foerster@gmx.de> wrote:
On 12/20/22 15:27, Anonforpeace via tor-relays wrote: > Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF kernel: [137278.310446] > audit: type=1400 audit(1671544516.974:36): apparmor="DENIED" > operation="open" profile="system_tor" > name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=17728 > comm="obfs4proxy" requested_mask="r" denied_mask="r" fsuid=128 ouid=0 What about this ? -- Toralf _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thank you for this. Is there any way around this? This didn't used to be problem. Sent with Proton Mail secure email. ------- Original Message ------- On Thursday, December 22nd, 2022 at 7:15 AM, trinity pointard <trinity.pointard@gmail.com> wrote:
Hi,
These lines Toralf references come from the logs you sent. It looks like apparmor didn't want obfs4proxy to open some file. I'm not sure why obfs4proxy would care about this file, maybe it's something the go runtime likes to look at. It does not look fatal though.
Logs also says
Dec 20 09:15:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your server has not managed to confirm reachability for its ORPort(s) at 100.38.62.232:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
It looks like your bridge isn't reachable from the internet. Have you checked if your firewall accepts incoming connections? If you are on an at home installation, have you checked if your router NAT is configured to forward that port properly. If you are on an at home installation too, is it possible you are behind a CG-NAT (https://en.wikipedia.org/wiki/Carrier-grade_NAT)?
Sidenotes: these logs contains your bridge fingerprint and its ip address. These are informations you should never share publicly as it allows censors to block your bridge easily, while being hard to block is supposed to be the whole purpose of bridges.
Regards,
trinity-1686a
On Thu, 22 Dec 2022 at 12:47, Anonforpeace via tor-relays tor-relays@lists.torproject.org wrote:
I'm not sure I understand. Are you showing me more lines of code to add?
Sent from Proton Mail mobile
-------- Original Message -------- On Dec 21, 2022, 5:18 AM, Toralf Förster < toralf.foerster@gmx.de> wrote:
On 12/20/22 15:27, Anonforpeace via tor-relays wrote: > Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF kernel: [137278.310446] > audit: type=1400 audit(1671544516.974:36): apparmor="DENIED" > operation="open" profile="system_tor" > name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=17728 > comm="obfs4proxy" requested_mask="r" denied_mask="r" fsuid=128 ouid=0 What about this ? -- Toralf _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Personally, I've had enough problems with apparmor doing this exact sort of thing that I just remove/purge it and mark it as on hold so that it doesn't reinstall. Since apparmor is 'security' software, that may not be the best advice, but at the same time, I have a hard time trusting security software that has the power that apparmor has (and screws up other legit software so often). Another option is to do a web search for your problem. Apparmor thinks it's just doing it's job blocking a dangerous file, but I'm sure there are changes you can make in apparmor to flag the file/program as safe/legit. On Sat, 2022-12-24 at 18:19 +0000, Anonforpeace via tor-relays wrote:
Thank you for this. Is there any way around this? This didn't used to be problem.
participants (4)
-
Anonforpeace -
Overthefalls -
Toralf Förster -
trinity pointard