[tor-relays] Is Tor being blocked by ISP? (Mexico)

Fabian Bustillos Vega fbnaia at riseup.net
Sat Jan 9 00:41:08 UTC 2016 

Been running a node (relay non-exit) for about 5 years. Since the new
year, i noticed that my node went down, and that it did not appear on
the usual places
(http://torstatus.blutmagie.de/router_detail.php?FP=78382b769d5d3baa41e89e5d9d7ff88e1a96a6b3
and
https://atlas.torproject.org/#details/78382B769D5D3BAA41E89E5D9D7FF88E1A96A6B3)
with the last seen timestamp of 2015-12-31 20:00:00.

I run my node on a dedicated server under my physical control. I checked
the Tor process and in the system it was running, with the logs showing:
[warn] connection_edge_process_relay_cell (at origin) failed.
and
[notice] Heartbeat: It seems like we are not in the cached consensus.
I confirmed and double checked all my settings and restarted my Tor
node, but still noticed that it was not appearing as running on globe
https://globe.torproject.org/#/relay/78382B769D5D3BAA41E89E5D9D7FF88E1A96A6B3
or atlas
https://atlas.torproject.org/#details/78382B769D5D3BAA41E89E5D9D7FF88E1A96A6B3
after almost 6 hours.

I noticed on the logs i was getting "[notice] Your network connection
speed appears to have changed. Resetting timeout to 60s after 18
timeouts and 1000 buildtimes." after restarting the node.
I tried to open Tor Browser on my personal use computer, and it stalls
in "connecting to a relay directory" with "Connecting to a relay
directory failed (no route to host - 86.59.21.38:443)". I was however
able to connect with Orbot on my smartphone after several retries.
That's when i tried to ping and do a trecepath to Tor directory
authorities https://atlas.torproject.org/#search/flag:authority
Of the ten Tor directory authorities i was not able to ping and
tracepath any of them using my ISP Telefonos del Noroeste (telnor). But
i was able to ping and tracepath all of the directory authorities using
Riseup's Vpn servie https://black.riseup.net/ .

I even tried to traceroute directly from within the ISP provided
Internet Router and was still not able to get thru to any Tor directory
authority or even a Tor node.

traceroute to dannenberg directory authority with Telnor ISP:
traceroute to 193.23.244.244 (193.23.244.244), 30 hops max, 60 byte packets
1 192.168.254.254 (192.168.254.254) 1.500 ms 1.650 ms 2.120 ms
2 dsl-servicio-l200.uninet.net.mx (200.38.193.226) 10.721 ms 10.758 ms
10.702 ms
3 * * *
4 * * *
-snip-
30 * * *

traceroute to dannenberg directory authority with Riseup Vpn:
traceroute to 193.23.244.244 (193.23.244.244), 30 hops max, 60 byte packets
1 10.42.0.1 (10.42.0.1) 42.364 ms 42.342 ms 42.339 ms
2 wren.riseup.net (198.252.153.1) 43.103 ms 43.103 ms 43.101 ms
-snip-
22 dannenberg.torauth.de (193.23.244.244) 205.293 ms 205.783 ms 204.446 ms

Similar when i tracepath to a random Tor node in france
(http://torstatus.blutmagie.de/router_detail.php?FP=7407277411041dc7bee802bf526af23111d79355):

With Telnor ISP: tracepath 149.202.193.100 1?: [LOCALHOST] pmtu 1500
1: 192.168.254.254 1.500ms
1: 192.168.254.254 1.419ms
2: no reply
3: no reply
4: no reply
5: no reply
6: no reply C

With Riseup Vpn:
tracepath 149.202.193.100
1?: [LOCALHOST] pmtu 1500
1: 10.42.0.1 43.093ms
1: 10.42.0.1 39.373ms
2: wren.riseup.net 44.108ms
3: gi0-0-0-5.agr13.sea02.atlas.cogentco.com 42.399ms
4: multi-use.cogentco.com 44.246ms
5: be2288.ccr21.sea02.atlas.cogentco.com 44.367ms
6: level3.sea02.atlas.cogentco.com 41.783ms asymm 7
7: no reply
8: no reply
9: nwk-1-a9.nj.us 133.351ms asymm 15
10: ldn-1-a9.uk.eu 198.174ms asymm 17
11: rbx-g1-a9.fr.eu 202.478ms asymm 17
12: fra-1-a9.de.eu 206.248ms asymm 18
13: sbg-g1-a9.fr.eu 213.218ms asymm 20
14: sbg-4b-a9.fr.eu 215.017ms asymm 21
15: ns3015177.ip-149-202-193.eu 213.182ms
reached
Resume: pmtu 1500 hops 15 back 21

Before the new year, there used to be around 5 to 8 Tor nodes located in
Mexico, right now, only one appears as online:

http://torstatus.blutmagie.de/router_detail.php?FP=92dd0214bc72cb52777e2015230ead3be6b2ebb7


that i am not able to ping or traceroute to.
I have a dynamic IP, so i rebooted the ISP provided router and tried
with several IP's that where assigned by my ISP and all provided the
same results.
I plan on doing more testing and calling my ISP and asking directly
about the IP's i am not able to reach and specifically if they block or
plan on blocking Tor.

UPDATE:
Tech support chat with ISP - Jan 02 2016:

http://pastebin.com/xZuWqAkX

They confirmed that i can not access the IP's but don't have any info
about why i am not able to access. They "escalated" the issue...

Tech support chat with ISP - Jan 03 2016:

http://pastebin.com/6MA2gj9e

They said: Telnor connections to the rest of the world is thru the U.S.
from Telnor no blocking is made to the rest of the world.

I'm not seeing any Tor nodes with telnor/telmex/infinitum at
http://torstatus.blutmagie.de/index.php only Axtel and Megared.

I am sometimes able to connect to "longclaw" longclaw.riseup.net
(199.254.238.53) but not always. Sometimes i get "Connecting to a relay
directory failed (no route to host - directory_ip:port)" when using the
Tor Browser, but if i try several times i am able to use the Tor browser.

I would really like to keep running my Tor node, and i am willing to
change ISP's, but i am still hoping that it's something on my end, but i
am not seeing any more relays with Telmex/Telnor/Infinitum as ISP. Is
there anyway to confirm that it's my ISP? any other reports from Mexico
about similar issues?.

In the meantime, i already donated $100 while my Tor node is down. (no
t-shirt yet though :(  )

Tor logs here:
http://pastebin.com/4XQaQyLd

torrc contents:
ContactInfo fabian dot bustillos at riseup dot net
ControlPort 9051
DirPort 9030
ORPort 9001
ExitPolicy reject *:*
HashedControlPassword ------------------------------------------------
Nickname fbnaiaTorRelay
SocksListenAddress 127.0.0.1
DisableDebuggerAttachment 0

More information about the tor-relays mailing list