[tor-dev] Testing Network: Circuit buildup errors and missing guards

Katharina Kohls katharina.kohls at rub.de
Tue Feb 12 11:22:05 UTC 2019

Hey guys,

currently I am working on a private Tor setup and I repeatedly run into 
issues with the circuit buildup procedure (it's Tor  on linux, the setup consists of several debian jessie VMs).
The setup is as follows:
1 Client, 2 V3 Authorities, 6 Relays of which 3 have the ExitRelay 1 
option set.

In the torrc configs of all relays I define a list of fixed exits 
TestingDirAuthVoteExit and fixed guards TestingDirAuthVoteGuard and I 
use DirAuthority to fix the two V3 authorities of my setup.

All nodes bootstrap properly and reach 100%, the authorities both manage 
to vote and exchange information. Also the relays and the client 
bootstrap to 100%. Nevertheless, the consensus seems to lack relays with 
guard flags:

Feb 12 10:35:56.000 [notice] I learned some more directory information, 
but not enough to build a circuit: We need more microdescriptors: we 
have 2/2, and can only build 0% of likely paths. (We have 0% of guards 
bw, 100% of midpoint bw, and 100% of end bw (no exits in consensus, 
using mid) = 0% of path bw.)

Because of this, no default circuits can be built in the client or the 
relays in all logs the following message appears every second:

[warn] Failed to find node for hop #1 of our path. Discarding this 

Google says it might be an ntp-sync problem. The VMs are not connected 
to the Internet (but can talk to each other), so I made sure that all 
machines are in sync and use the firewall as NTP server. Sync shouldn't 
be the problem.

In the data_dir/state file I see several guard entries:
Guard in=default rsa_id=[...] nickname=auth01 
sampled_on=2019-01-17T18:33:12 sampled_by= listed=1
Guard in=default rsa_id=[...] nickname=relay03 
sampled_on=2019-01-22T17:17:10 sampled_by= 
unlisted_since=2019-01-27T11:00:36 listed=0
Guard in=default rsa_id=[...] nickname=relay02 
sampled_on=2019-01-24T22:19:10 sampled_by= 
unlisted_since=2019-01-29T09:08:59 listed=0
Guard in=default rsa_id=[...] nickname=relay03 
sampled_on=2019-02-06T21:07:36 sampled_by= listed=1
Guard in=default rsa_id=[...] nickname=relay05 
sampled_on=2019-01-27T16:37:38 sampled_by= listed=1

The client also seems to receive a complete consensus, at least all 
fingerprints of my setup show up if I fetch the file manually.

Please find below an example of the configs I use for the different 

Any help or hints would be great :)

SafeLogging 0
ProtocolWarnings 1
DisableDebuggerAttachment 0
DataDirectory /var/lib/tor
PidFile /var/lib/tor/pid
Log notice file /var/lib/tor/notice.log
Log info file /var/lib/tor/info.log

ContactInfo ...

RunAsDaemon 1
AssumeReachable 1
ConnLimit 60
MaxMemInQueues 1507 MB
ShutdownWaitLength 0
HashedControlPassword ...

DirAuthority auth01 orport=5000 no-v2 v3ident=... ...:7000 
DirAuthority auth02 orport=5000 no-v2 v3ident=... ...:7000 


OrPort 5000
ControlPort 9051
SocksPort 9050

ExitRelay 1

Nickname ...
Address ...

More information about the tor-dev mailing list