[tor-dev] Testing Network: Circuit buildup errors and missing guards

Katharina Kohls katharina.kohls at rub.de
Tue Feb 12 11:22:05 UTC 2019


Hey guys,

currently I am working on a private Tor setup and I repeatedly run into 
issues with the circuit buildup procedure (it's Tor
0.3.5.7  on linux, the setup consists of several debian jessie VMs).
The setup is as follows:
1 Client, 2 V3 Authorities, 6 Relays of which 3 have the ExitRelay 1 
option set.

In the torrc configs of all relays I define a list of fixed exits 
TestingDirAuthVoteExit and fixed guards TestingDirAuthVoteGuard and I 
use DirAuthority to fix the two V3 authorities of my setup.

All nodes bootstrap properly and reach 100%, the authorities both manage 
to vote and exchange information. Also the relays and the client 
bootstrap to 100%. Nevertheless, the consensus seems to lack relays with 
guard flags:

Feb 12 10:35:56.000 [notice] I learned some more directory information, 
but not enough to build a circuit: We need more microdescriptors: we 
have 2/2, and can only build 0% of likely paths. (We have 0% of guards 
bw, 100% of midpoint bw, and 100% of end bw (no exits in consensus, 
using mid) = 0% of path bw.)

Because of this, no default circuits can be built in the client or the 
relays in all logs the following message appears every second:

[warn] Failed to find node for hop #1 of our path. Discarding this 
circuit.

Google says it might be an ntp-sync problem. The VMs are not connected 
to the Internet (but can talk to each other), so I made sure that all 
machines are in sync and use the firewall as NTP server. Sync shouldn't 
be the problem.

In the data_dir/state file I see several guard entries:
Guard in=default rsa_id=[...] nickname=auth01 
sampled_on=2019-01-17T18:33:12 sampled_by=0.3.5.7 listed=1
Guard in=default rsa_id=[...] nickname=relay03 
sampled_on=2019-01-22T17:17:10 sampled_by=0.3.5.7 
unlisted_since=2019-01-27T11:00:36 listed=0
Guard in=default rsa_id=[...] nickname=relay02 
sampled_on=2019-01-24T22:19:10 sampled_by=0.3.5.7 
unlisted_since=2019-01-29T09:08:59 listed=0
Guard in=default rsa_id=[...] nickname=relay03 
sampled_on=2019-02-06T21:07:36 sampled_by=0.3.5.7 listed=1
Guard in=default rsa_id=[...] nickname=relay05 
sampled_on=2019-01-27T16:37:38 sampled_by=0.3.5.7 listed=1

The client also seems to receive a complete consensus, at least all 
fingerprints of my setup show up if I fetch the file manually.

Please find below an example of the configs I use for the different 
nodes.

Any help or hints would be great :)
Thanks,
Katharina


# DIRECTORIES, LOGGING
SafeLogging 0
ProtocolWarnings 1
DisableDebuggerAttachment 0
DataDirectory /var/lib/tor
PidFile /var/lib/tor/pid
Log notice file /var/lib/tor/notice.log
Log info file /var/lib/tor/info.log

# CONTACT
ContactInfo ...

# GENERAL
RunAsDaemon 1
AssumeReachable 1
ConnLimit 60
MaxMemInQueues 1507 MB
ShutdownWaitLength 0
HashedControlPassword ...

# FIXED AUTH
DirAuthority auth01 orport=5000 no-v2 v3ident=... ...:7000 
B218B78864CEF4397CEE0AEF61703459EEE64E38
DirAuthority auth02 orport=5000 no-v2 v3ident=... ...:7000 
431E50CDBB0B6FFDD0284A45ABEC875136D980E8

TestingDirAuthVoteExit 
2B74825BE33752B21D17713F88D101F3BADC79BC,E4B1152CDF0E5FE697A3E916716FC363A2A0ACF3,7353D324677B9E7A9A50240339C2C7366B381F64
TestingDirAuthVoteGuard 
911EDA6CB639AAE955517F02AA4D651E0F7F6EFD,C122CBB79DC660621E352D401AD7F781F8F6D62D,8E574F0C428D235782061F44B2D20A66E4336993

# PORTS
OrPort 5000
ControlPort 9051
SocksPort 9050

# FLAGS
ExitRelay 1

Nickname ...
Address ...


More information about the tor-dev mailing list