For what it's worth process permissions aren't at play here. Arm is failing to talk with the control port - permissions could cause us to be unable to read the authentication cookie, but that would be a different message. Cheers! -Damian On Fri, Dec 4, 2015 at 5:36 PM, Manager Bahia del Sol LLC <manager@bahiadelsol.io> wrote:
No worries,
Are you sure the user or group is debian_tor? The default is debian-tor in Ubuntu.
If that isn't the problem,
First I would be sure tor is actually running. top or top -u debian-tor The second will show if tor is actually running as the user you think it is.
If it is, then see if it is listening on the control port sudo netstat -ntlp | grep LISTEN
If it is I would suspect that either a firewall is blocking that port. If you have one running try shutting it down for a few minutes while you try to start arm.
Or maybe it is a permissions issue where arm is not running as the same user as tor. You could try starting arm as root to see if it would start. But, do not run arm as root full time. Only try to start it as a test.
-- Manager of Bahia del Sol LLC
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/4/2015 8:25 PM, Damian Johnson wrote:
For what it's worth process permissions aren't at play here. Arm is failing to talk with the control port - permissions could cause us to be unable to read the authentication cookie, but that would be a different message.
Cheers! -Damian
On Fri, Dec 4, 2015 at 5:36 PM, Manager Bahia del Sol LLC <manager@bahiadelsol.io> wrote:
No worries,
Are you sure the user or group is debian_tor? The default is debian-tor in Ubuntu.
If that isn't the problem,
First I would be sure tor is actually running. top or top -u debian-tor The second will show if tor is actually running as the user you think it is.
If it is, then see if it is listening on the control port sudo netstat -ntlp | grep LISTEN
If it is I would suspect that either a firewall is blocking that port. If you have one running try shutting it down for a few minutes while you try to start arm.
Or maybe it is a permissions issue where arm is not running as the same user as tor. You could try starting arm as root to see if it would start. But, do not run arm as root full time. Only try to start it as a test.
-- Manager of Bahia del Sol LLC
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Dec 05 21:17:46.000 [notice] Your IP address seems to have changed to 167.114.35.28 (METHOD=INTERFACE). Updating. Dec 05 21:17:46.000 [notice] Our IP Address has changed from 142.4.217.95 to 167.114.35.28; rebuilding descriptor (source: METHOD=INTERFACE). Dec 05 21:18:42.000 [notice] Your IP address seems to have changed to 142.4.217.95 (METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Updating. Dec 05 21:18:42.000 [notice] Our IP Address has changed from 167.114.35.28 to 142.4.217.95; rebuilding descriptor (source: METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Dec 05 21:18:43.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Dec 05 21:38:37.000 [warn] Your server (142.4.217.95:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Dec 05 21:58:37.000 [warn] Your server (142.4.217.95:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. I've gotten this far, not being much good at networking I can't tell where the problem lies.. do I need to forward something?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJWYzh6AAoJEJQqkaGlFNDPCeYIAJln5C5Z+7n69zcoW1/RdUxi iduyKB/lnXc1Be190dSsHikjXVWv2hYvbnwvn3RuGOAft29WHd/OJi+GK9qBAB57 qdL+sl4PvlJVlWYH8hDK65FHqmZ85UYRX0nP5KsvRLbzKlNiX1rGSJPfpVSeOlK8 2bvSG/b4+Y4ZqmlxmLyJW5eJnMMzOHJdTf/OgUefnqic5KB1BLXygFi566lYYNMC d8R8RObw8Rez/9H4+cKXcbNfnN2Yh0RMwpHF8nqpU8D292kO+Koz/xhfsu9VXRfe DBKhCSfKdDJBNiP0zI13Y1OB5tq4SG0sKhhGCCavW+3oelT2ujyTBgB4xAyszkY= =U+4y -----END PGP SIGNATURE-----
Just build new torrc, that fixed my issue. cd /etc/tor/ cp torrc torrc.bak touch torrc Use this for torrc (nano torrc), replace some info to match your relay http://0bin.net/paste/tdUuzTHwZI-BRWQy#JPmufzd+g0W0cx0WyB4g0iU12jU0WFpZRWtKV... When you are done: sevice tor restart Then, sudo -u debian-tor arm I use screen session for this. On 5 December 2015 at 20:18, Kurt Besig <kbesig@socal.rr.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/4/2015 8:25 PM, Damian Johnson wrote:
For what it's worth process permissions aren't at play here. Arm is failing to talk with the control port - permissions could cause us to be unable to read the authentication cookie, but that would be a different message.
Cheers! -Damian
On Fri, Dec 4, 2015 at 5:36 PM, Manager Bahia del Sol LLC <manager@bahiadelsol.io> wrote:
No worries,
Are you sure the user or group is debian_tor? The default is debian-tor in Ubuntu.
If that isn't the problem,
First I would be sure tor is actually running. top or top -u debian-tor The second will show if tor is actually running as the user you think it is.
If it is, then see if it is listening on the control port sudo netstat -ntlp | grep LISTEN
If it is I would suspect that either a firewall is blocking that port. If you have one running try shutting it down for a few minutes while you try to start arm.
Or maybe it is a permissions issue where arm is not running as the same user as tor. You could try starting arm as root to see if it would start. But, do not run arm as root full time. Only try to start it as a test.
-- Manager of Bahia del Sol LLC
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Dec 05 21:17:46.000 [notice] Your IP address seems to have changed to 167.114.35.28 (METHOD=INTERFACE). Updating. Dec 05 21:17:46.000 [notice] Our IP Address has changed from 142.4.217.95 to 167.114.35.28; rebuilding descriptor (source: METHOD=INTERFACE). Dec 05 21:18:42.000 [notice] Your IP address seems to have changed to 142.4.217.95 (METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Updating. Dec 05 21:18:42.000 [notice] Our IP Address has changed from 167.114.35.28 to 142.4.217.95; rebuilding descriptor (source: METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Dec 05 21:18:43.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Dec 05 21:38:37.000 [warn] Your server (142.4.217.95:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Dec 05 21:58:37.000 [warn] Your server (142.4.217.95:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. I've gotten this far, not being much good at networking I can't tell where the problem lies.. do I need to forward something?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJWYzh6AAoJEJQqkaGlFNDPCeYIAJln5C5Z+7n69zcoW1/RdUxi iduyKB/lnXc1Be190dSsHikjXVWv2hYvbnwvn3RuGOAft29WHd/OJi+GK9qBAB57 qdL+sl4PvlJVlWYH8hDK65FHqmZ85UYRX0nP5KsvRLbzKlNiX1rGSJPfpVSeOlK8 2bvSG/b4+Y4ZqmlxmLyJW5eJnMMzOHJdTf/OgUefnqic5KB1BLXygFi566lYYNMC d8R8RObw8Rez/9H4+cKXcbNfnN2Yh0RMwpHF8nqpU8D292kO+Koz/xhfsu9VXRfe DBKhCSfKdDJBNiP0zI13Y1OB5tq4SG0sKhhGCCavW+3oelT2ujyTBgB4xAyszkY= =U+4y -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Dec 05 21:17:46.000 [notice] Your IP address seems to have changed to 167.114.35.28 (METHOD=INTERFACE). Updating. Dec 05 21:17:46.000 [notice] Our IP Address has changed from 142.4.217.95 to 167.114.35.28; rebuilding descriptor (source: METHOD=INTERFACE). Dec 05 21:18:42.000 [notice] Your IP address seems to have changed to 142.4.217.95 (METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Updating. Dec 05 21:18:42.000 [notice] Our IP Address has changed from 167.114.35.28 to 142.4.217.95; rebuilding descriptor (source: METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Dec 05 21:18:43.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Dec 05 21:38:37.000 [warn] Your server (142.4.217.95:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Dec 05 21:58:37.000 [warn] Your server (142.4.217.95:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. I've gotten this far, not being much good at networking I can't tell where the problem lies.. do I need to forward something? Check your firewall, and gateway port forwards if the server is behind a NAT. If you're not sure where to start, post the output of "sudo iptables -L"
--Sean
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/5/2015 3:20 PM, Sean Greenslade wrote:
Dec 05 21:17:46.000 [notice] Your IP address seems to have changed to 167.114.35.28 (METHOD=INTERFACE). Updating. Dec 05 21:17:46.000 [notice] Our IP Address has changed from 142.4.217.95 to 167.114.35.28; rebuilding descriptor (source: METHOD=INTERFACE). Dec 05 21:18:42.000 [notice] Your IP address seems to have changed to 142.4.217.95 (METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Updating. Dec 05 21:18:42.000 [notice] Our IP Address has changed from 167.114.35.28 to 142.4.217.95; rebuilding descriptor (source: METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Dec 05 21:18:43.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Dec 05 21:38:37.000 [warn] Your server (142.4.217.95:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Dec 05 21:58:37.000 [warn] Your server (142.4.217.95:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. I've gotten this far, not being much good at networking I can't tell where the problem lies.. do I need to forward something? Check your firewall, and gateway port forwards if the server is behind a NAT. If you're not sure where to start, post the output of "sudo iptables -L"
--Sean _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I've made several iptables and saved them, I thought, however every time I reboot the VPS all my rules are gone. ~$ sudo iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
but: cat /etc/iptables.rules # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *raw :PREROUTING ACCEPT [2424:210831] :OUTPUT ACCEPT [1856:540218] COMMIT # Completed on Fri Dec 4 04:30:56 2015 # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *nat :PREROUTING ACCEPT [229:8057] :POSTROUTING ACCEPT [86:5885] :OUTPUT ACCEPT [86:5885] COMMIT # Completed on Fri Dec 4 04:30:56 2015 # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *mangle :PREROUTING ACCEPT [2424:210831] :INPUT ACCEPT [2424:210831] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1856:540218] :POSTROUTING ACCEPT [1856:540218] COMMIT # Completed on Fri Dec 4 04:30:56 2015 # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [581:184073] - -A INPUT -i lo -j ACCEPT - -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 9052 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 9051 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 9030 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT - -A INPUT -j DROP COMMIT # Completed on Fri Dec 4 04:30:56 2015
3:/etc/network$ cat interfaces # This configuration file is auto-generated. # # WARNING: Do not edit this file, your changes will be lost. # Please create/edit /etc/network/interfaces.head and # /etc/network/interfaces.tail instead, their contents will be # inserted at the beginning and at the end of this file, respectively. # # NOTE: it is NOT guaranteed that the contents of /etc/network/interfaces.tail # will be at the very end of this file. #
# Auto generated lo interface auto lo iface lo inet loopback
# Auto generated venet0 interface auto venet0 iface venet0 inet manual up ifconfig venet0 up up ifconfig venet0 127.0.0.2 up route add default dev venet0 down route del default dev venet0 down ifconfig venet0 down
iface venet0 inet6 manual up route -A inet6 add default dev venet0 down route -A inet6 del default dev venet0
auto venet0:0 iface venet0:0 inet static address 167.114.35.28 netmask 255.255.255.255
cat sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6 # Enabling this option disables Stateless Address Autoconfiguration # based on Router Advertisements for this host net.ipv6.conf.all.forwarding=1
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJWY4QyAAoJEJQqkaGlFNDPpiEH/jpcbG8GurVjOsSDneOQvKU3 o9cY536TmP2J8+t+JgTfG5KVm/lL1jzBT6/NE62xkWMPrrrdRGx4mLLJJ+AKjTdJ t+89gBgBdtBfaWtGu29XcgXh/wbWB9EDMZgkKi2iSh9CEVMC5uTZKPXtzslUl6Rk aul1cObhhlzrOEBa3mR6CV5jiD5ikmF+l7iBCsc4vtYqK7ss91IHdndAxFlrWiJv 1dUZzkm7DrukwMhAmcFJmynQiQwNbiKRlysOmqqHl/f/HRvf4YJZwHYxDEUBo92L A/4U4z/83OlhsDJQpD8a32QnYk3DRiP76jhwQjSS6vNqckMW0cf4CQZwhPnnp+g= =42BP -----END PGP SIGNATURE-----
Check your firewall, and gateway port forwards if the server is behind a NAT. If you're not sure where to start, post the output of "sudo iptables -L"
--Sean
I've made several iptables and saved them, I thought, however every time I reboot the VPS all my rules are gone. ~$ sudo iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
but: cat /etc/iptables.rules # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *raw :PREROUTING ACCEPT [2424:210831] :OUTPUT ACCEPT [1856:540218] COMMIT # Completed on Fri Dec 4 04:30:56 2015 # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *nat :PREROUTING ACCEPT [229:8057] :POSTROUTING ACCEPT [86:5885] :OUTPUT ACCEPT [86:5885] COMMIT # Completed on Fri Dec 4 04:30:56 2015 # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *mangle :PREROUTING ACCEPT [2424:210831] :INPUT ACCEPT [2424:210831] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1856:540218] :POSTROUTING ACCEPT [1856:540218] COMMIT # Completed on Fri Dec 4 04:30:56 2015 # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [581:184073] - -A INPUT -i lo -j ACCEPT - -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 9052 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 9051 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 9030 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT - -A INPUT -j DROP COMMIT # Completed on Fri Dec 4 04:30:56 2015
3:/etc/network$ cat interfaces # This configuration file is auto-generated. # # WARNING: Do not edit this file, your changes will be lost. # Please create/edit /etc/network/interfaces.head and # /etc/network/interfaces.tail instead, their contents will be # inserted at the beginning and at the end of this file, respectively. # # NOTE: it is NOT guaranteed that the contents of /etc/network/interfaces.tail # will be at the very end of this file. #
# Auto generated lo interface auto lo iface lo inet loopback
# Auto generated venet0 interface auto venet0 iface venet0 inet manual up ifconfig venet0 up up ifconfig venet0 127.0.0.2 up route add default dev venet0 down route del default dev venet0 down ifconfig venet0 down
iface venet0 inet6 manual up route -A inet6 add default dev venet0 down route -A inet6 del default dev venet0
auto venet0:0 iface venet0:0 inet static address 167.114.35.28 netmask 255.255.255.255
cat sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6 # Enabling this option disables Stateless Address Autoconfiguration # based on Router Advertisements for this host net.ipv6.conf.all.forwarding=1
iptables doesn't automatically load anything on boot; it starts with a clean slate. Most distros have a preferred way of loading that save file on boot, typically a service of some sort. Check your distro's docs for the specifics. But before you go enabling the firewall, verify that the tor process is binding to the ports correctly. Restart the VPS, make sure tor is running, then run the following: "sudo lsof | grep LISTEN" It should output something like this:
sshd 398 root 3u IPv4 104876616 0t0 TCP *:ssh (LISTEN) sshd 398 root 4u IPv6 104876623 0t0 TCP *:ssh (LISTEN) tor 1129 _tor 6u IPv4 105943714 0t0 TCP *:https (LISTEN) tor 1129 _tor 7u IPv4 105943715 0t0 TCP *:http (LISTEN) tor 1129 1130 _tor 6u IPv4 105943714 0t0 TCP *:https (LISTEN) tor 1129 1130 _tor 7u IPv4 105943715 0t0 TCP *:http (LISTEN)
Note that I'm using the HTTP(S) ports for my relay, you should see the ports you have selected for ORPort and DIRPort. Also note the asterisk indicating that it is listening on all network interfaces. If it only lists one specific interface, ensure that it is the correct (internet-facing) interface. --Sean
participants (5)
-
Damian Johnson -
Kurt Besig -
Manager Bahia del Sol LLC -
Sean Greenslade -
ZEROF