[tor-relays] No stable flag from 6 out of 9?

Vasilis andz at torproject.org
Mon Mar 26 10:50:00 UTC 2018 

(Moving email communication to tor-relays)

Hi Ole,

Ole Rydahl:
> My relay nicknamed dobbo appear to be partly in "bad standings" on most of
> the consensus authorities.>
> I stumbled upon another relay - matlink - with a similar faith.
> 
> I suspect something in my setup to be the culprit. The only thing in the
> log that looks a bit suspicious is a warning about a mismatch in ssl
> versions -
> "OpenSSL version from headers does not match the version we're running
> with".

Could you please provide more details of your system, how did you install tor
and also the complete log line(s)? This could help to spot potential issues.

Your relay seems to be running version 0.3.1.10 it will good to update it to the
newest version.


Cheers,
~Vasilis
-- 
Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162

> Hi Vasilis,
> 
> I have been running a relay since 2013. At first on an openwrt router. Since 
> it crashed when the load got high, I moved it to my (mail-) server. At present 
> I run Fedora 27 and only upgrade Tor, when a new version is offered there. At 
> present I start it manually after reboot - since doing it via systemctl no 
> longer works (for me).
> 
> For some long periods mu relay has been un-operational. The latest down period 
> was coursed by my non-intentional enabling an ipv6 firewall while claiming it 
> could be reached by ipv6.
> 
> 
> 
> This is what I typically se in the log:
> 
> Mar 22 13:41:09 linux4 Tor[1731]: OpenSSL version from headers does not match 
> the version we're running with. If you get weird crashes, that might be why. 
> (Compiled with 1010007f: OpenSSL 1.1.0g  2 Nov 2017; running with 10100
> 07f: OpenSSL 1.1.0g-fips  2 Nov 2017).
> Mar 22 13:41:09 linux4 Tor[1731]: Tor 0.3.1.10 (git-e3966d47c7252409) running 
> on Linux with Libevent 2.0.22-stable, OpenSSL 1.1.0g-fips, Zlib 1.2.11, 
> Liblzma N/A, and Libzstd N/A.
> Mar 22 13:41:09 linux4 Tor[1731]: Tor can't help you if you use it wrong! 
> Learn how to be safe at https://www.torproject.org/download/download#warning
> Mar 22 13:41:09 linux4 Tor[1731]: Read configuration file "/etc/tor/torrc".
> Mar 22 13:41:09 linux4 Tor[1731]: Based on detected system memory, 
> MaxMemInQueues is set to 2048 MB. You can override this by setting 
> MaxMemInQueues by hand.
> Mar 22 13:41:09 linux4 Tor[1731]: Opening Control listener on 127.0.0.1:9051
> Mar 22 13:41:09 linux4 Tor[1731]: Opening OR listener on 0.0.0.0:9001
> Mar 22 13:41:09 linux4 Tor[1731]: Opening OR listener on 
> [2a05:f6c7:62:1::5]:9002
> Mar 22 13:41:09 linux4 Tor[1731]: Opening Directory listener on 0.0.0.0:9030
> Mar 22 13:41:30 linux4 Tor[1731]: Parsing GEOIP IPv4 file 
> /usr/share/tor/geoip.
> Mar 22 13:41:30 linux4 Tor[1731]: Parsing GEOIP IPv6 file 
> /usr/share/tor/geoip6.
> Mar 22 13:41:33 linux4 Tor[1731]: Your Tor server's identity key fingerprint 
> is 'dobbo CE1FD7659F2DFE92B883083C0C6C974616D17F3D'
> Mar 22 13:41:33 linux4 Tor[1731]: Bootstrapped 0%: Starting
> Mar 22 13:43:02 linux4 Tor[1731]: Starting with guard context "default"
> Mar 22 13:43:02 linux4 Tor[1731]: Bootstrapped 80%: Connecting to the Tor 
> network
> Mar 22 13:43:03 linux4 Tor[1731]: Guessed our IP address as 185.15.72.62 
> (source: 171.25.193.9).
> Mar 22 13:43:03 linux4 Tor[1731]: Self-testing indicates your ORPort is 
> reachable from the outside. Excellent.
> Mar 22 13:43:03 linux4 Tor[1731]: Bootstrapped 85%: Finishing handshake with 
> first hop
> Mar 22 13:43:04 linux4 Tor[1731]: Bootstrapped 90%: Establishing a Tor circuit
> Mar 22 13:43:06 linux4 Tor[1731]: Tor has successfully opened a circuit. Looks 
> like client functionality is working.
> Mar 22 13:43:06 linux4 Tor[1731]: Bootstrapped 100%: Done
> Mar 22 13:44:03 linux4 Tor[1731]: Self-testing indicates your DirPort is 
> reachable from the outside. Excellent. Publishing server descriptor.
> Mar 22 13:44:05 linux4 Tor[1731]: Performing bandwidth self-test...done.
> Mar 22 19:43:02 linux4 Tor[1731]: Heartbeat: Tor's uptime is 5:59 hours, with 
> 4471 circuits open. I've sent 65.11 GB and received 64.45 GB.
> Mar 22 19:43:02 linux4 Tor[1731]: Circuit handshake stats since last time: 
> 18847/18847 TAP, 193853/193853 NTor.
> Mar 22 19:43:02 linux4 Tor[1731]: Since startup, we have initiated 0 v1 
> connections, 0 v2 connections, 0 v3 connections, and 4701 v4 connections; and 
> received 0 v1 connections, 1303 v2 connections, 2699 v3 connections, and 330
> 8 v4 connections.
> Mar 22 19:43:02 linux4 Tor[1731]: DoS mitigation since startup: 0 circuits 
> rejected, 0 marked addresses. 0 connections closed. 103 single hop clients 
> refused.
> Mar 23 01:43:02 linux4 Tor[1731]: Heartbeat: Tor's uptime is 11:59 hours, with 
> 584 circuits open. I've sent 111.49 GB and received 110.41 GB.
> Mar 23 01:43:02 linux4 Tor[1731]: Circuit handshake stats since last time: 
> 12687/12687 TAP, 112931/112931 NTor.
> Mar 23 01:43:02 linux4 Tor[1731]: Since startup, we have initiated 0 v1 
> connections, 0 v2 connections, 0 v3 connections, and 7850 v4 connections; and 
> received 0 v1 connections, 2033 v2 connections, 4125 v3 connections, and 538
> 3 v4 connections.
> Mar 23 01:43:02 linux4 Tor[1731]: DoS mitigation since startup: 0 circuits 
> rejected, 0 marked addresses. 0 connections closed. 187 single hop clients 
> refused.
> Mar 23 07:43:02 linux4 Tor[1731]: Heartbeat: Tor's uptime is 17:59 hours, with 
> 588 circuits open. I've sent 113.60 GB and received 112.47 GB.
> Mar 23 07:43:02 linux4 Tor[1731]: Circuit handshake stats since last time: 
> 206/206 TAP, 1417/1417 NTor.
> Mar 23 07:43:02 linux4 Tor[1731]: Since startup, we have initiated 0 v1 
> connections, 0 v2 connections, 0 v3 connections, and 8171 v4 connections; and 
> received 0 v1 connections, 2082 v2 connections, 4310 v3 connections, and 573
> 0 v4 connections.
> 
> 
> 
> 
> This is my torrc:
> 
> Address qp12.dk
> #ControlSocket /run/tor/control
> #ControlSocketsGroupWritable 1
> #CookieAuthentication 1
> #CookieAuthFile /run/tor/control.authcookie
> #CookieAuthFileGroupReadable 1
> User toranon
> #BridgeRelay 1
> ContactInfo 0x31384448 Ole Rydahl (Had a cat named Dobbo) <ole_rydahl at qp12 
> dot dk>
> ControlPort 9051
> CookieAuthentication 1
> #RunAsDaemon 1
> DataDirectory /var/lib/tor
> SocksPort 0
> Log notice syslog
> DirPort 9030
> DirReqStatistics 0
> ExitPolicy reject *:*
> Nickname dobbo
> ORPort 9001
> ORPort [2a05:f6c7:62:1::5]:9002
> RelayBandwidthBurst 24144000
> RelayBandwidthRate 24144000
> 
> I have a single public ipv4 address and a /56 range of ipv6 addresses. My isp 
> don't bandwidth limit my 1Gbit fiber. When I do speed test it around 400Mbit 
> up or down. The router handles 6000+ connections without reservations.
> 

> -----Oprindelig meddelelse-----
> Fra: Vasilis [mailto:andz at torproject.org]
> Sendt: 25. marts 2018 23:19
> 
> Hum, have you check for any weird logs in your router?
> 
> My apologies this email was supposed to go (MUA rules!) to the tor-relays
> mailing list instead. If you are OK with that we can move this discussion to
> tor-relays so others may be able to help, provide comments or
> resolve/understand similar issues.
> 
> Thanks.
> 
> Regards,
> ~Vasilis

> Hi,
> 
> Feel free to move the thread to the mailing list.
> 
> The router typically has a low load - at present < 0.2, while serving 4000+ 
> connections - 27% of the maximum 16384 connections. It reports 70 Mbyte free 
> memory. Once a month or less it reports a ddos attach. I have stressed the 
> router by sending a burst - 56 Mbyte/s - fragmented 64 kbyte pings. It 
> generates a load of 4 but everything else appear to work as expected. Below is 
> the repeated sequence in the log from the router
> 
> 
> Mon Mar 26 09:40:24 2018 daemon.warn hnetd[13086]: Router DF849732
> Mon Mar 26 09:40:57 2018 daemon.notice netifd: E0_4 (3731): Sending renew...
> Mon Mar 26 09:40:57 2018 daemon.notice netifd: E0_4 (3731): udhcpc: connect: 
> Network is unreachable
> Mon Mar 26 09:41:34 2018 daemon.notice netifd: E0_4 (3731): Sending renew...
> Mon Mar 26 09:41:34 2018 daemon.notice netifd: E0_4 (3731): Lease of 
> 185.15.72.62 obtained, lease time 300
> Mon Mar 26 09:41:35 2018 daemon.info hnetd[3521]: platform: interface update 
> for br-E0 detected
> Mon Mar 26 09:41:35 2018 daemon.info hnetd[3521]: platform: interface update 
> for br-E0 detected
> Mon Mar 26 09:41:35 2018 daemon.info hnetd[3521]: platform: interface update 
> for br-E0 detected
> Mon Mar 26 09:41:35 2018 daemon.info hnetd[3521]: iface: updated delegated 
> prefix 2a05:f6c7:62::/56 to br-E0
> Mon Mar 26 09:41:35 2018 daemon.info hnetd[3521]: platform: interface update 
> for br-lan detected
> Mon Mar 26 09:41:35 2018 daemon.info hnetd[3521]: platform: interface update 
> for lo detected
> Mon Mar 26 09:41:35 2018 daemon.notice hnetd[3521]: [pa]_tlv_cb remove local 
> <TLV id=33,len=19: 0022000F000927C0000493E030FD123456789A>
> Mon Mar 26 09:41:35 2018 daemon.notice hnetd[3521]: [pa]_tlv_cb remove local 
> <TLV id=33,len=120: 
> 002200180004CBB000040860382A05F6C7006200002B00010000000000220020000927C0000493E06800000000000000000000FFFF0A0000002B000100000000002500240017002020014860486000000000000000008888200148604860000000000000000088440026000A060808080808080804040000>
> Mon Mar 26 09:41:35 2018 daemon.notice hnetd[3521]: [sd]_tlv_cb remove local 
> <TLV id=33,len=19: 0022000F000927C0000493E030FD123456789A>
> Mon Mar 26 09:41:35 2018 daemon.notice hnetd[3521]: [sd]_tlv_cb remove local 
> <TLV id=33,len=120: 
> 002200180004CBB000040860382A05F6C7006200002B00010000000000220020000927C0000493E06800000000000000000000FFFF0A0000002B000100000000002500240017002020014860486000000000000000008888200148604860000000000000000088440026000A060808080808080804040000>
> Mon Mar 26 09:41:35 2018 daemon.notice hnetd[3521]: [pa]_tlv_cb add local <TLV 
> id=33,len=19: 0022000F0008134200037F6230FD123456789A>
> Mon Mar 26 09:41:35 2018 daemon.notice hnetd[3521]: [pa]_tlv_cb add local <TLV 
> id=33,len=120: 
> 002200180003B5380002F1E8382A05F6C7006200002B000100000000002200200008134200037F626800000000000000000000FFFF0A0000002B000100000000002500240017002020014860486000000000000000008888200148604860000000000000000088440026000A060808080808080804040000>
> Mon Mar 26 09:41:35 2018 daemon.notice hnetd[3521]: [sd]_tlv_cb add local <TLV 
> id=33,len=19: 0022000F0008134200037F6230FD123456789A>
> Mon Mar 26 09:41:35 2018 daemon.notice hnetd[3521]: [sd]_tlv_cb add local <TLV 
> id=33,len=120: 
> 002200180003B5380002F1E8382A05F6C7006200002B000100000000002200200008134200037F626800000000000000000000FFFF0A0000002B000100000000002500240017002020014860486000000000000000008888200148604860000000000000000088440026000A060808080808080804040000>
> Mon Mar 26 09:41:35 2018 daemon.warn hnetd[13139]: Router DF849732
> Mon Mar 26 09:42:18 2018 daemon.info hnetd[3521]: platform: interface update 
> for br-E0 detected
> Mon Mar 26 09:42:18 2018 daemon.info hnetd[3521]: platform: interface update 
> for br-E0 detected
> Mon Mar 26 09:42:18 2018 daemon.info hnetd[3521]: platform: interface update 
> for br-E0 detected
> Mon Mar 26 09:42:18 2018 daemon.info hnetd[3521]: iface: updated delegated 
> prefix 2a05:f6c7:62::/56 to br-E0
> Mon Mar 26 09:42:18 2018 daemon.info hnetd[3521]: platform: interface update 
> for br-lan detected
> Mon Mar 26 09:42:18 2018 daemon.info hnetd[3521]: platform: interface update 
> for lo detected
> Mon Mar 26 09:42:18 2018 daemon.notice hnetd[3521]: [pa]_tlv_cb remove local 
> <TLV id=33,len=19: 0022000F0008134200037F6230FD123456789A>
> Mon Mar 26 09:42:18 2018 daemon.notice hnetd[3521]: [pa]_tlv_cb remove local 
> <TLV id=33,len=120: 
> 002200180003B5380002F1E8382A05F6C7006200002B000100000000002200200008134200037F626800000000000000000000FFFF0A0000002B000100000000002500240017002020014860486000000000000000008888200148604860000000000000000088440026000A060808080808080804040000>
> Mon Mar 26 09:42:18 2018 daemon.notice hnetd[3521]: [sd]_tlv_cb remove local 
> <TLV id=33,len=19: 0022000F0008134200037F6230FD123456789A>
> Mon Mar 26 09:42:18 2018 daemon.notice hnetd[3521]: [sd]_tlv_cb remove local 
> <TLV id=33,len=120: 
> 002200180003B5380002F1E8382A05F6C7006200002B000100000000002200200008134200037F626800000000000000000000FFFF0A0000002B000100000000002500240017002020014860486000000000000000008888200148604860000000000000000088440026000A060808080808080804040000>
> Mon Mar 26 09:42:18 2018 daemon.notice hnetd[3521]: [pa]_tlv_cb add local <TLV 
> id=33,len=19: 0022000F000769290002D54930FD123456789A>
> Mon Mar 26 09:42:18 2018 daemon.notice hnetd[3521]: [pa]_tlv_cb add local <TLV 
> id=33,len=120: 
> 0022001800055730000493E0382A05F6C7006200002B00010000000000220020000769290002D5496800000000000000000000FFFF0A0000002B000100000000002500240017002020014860486000000000000000008888200148604860000000000000000088440026000A060808080808080804040000>
> Mon Mar 26 09:42:18 2018 daemon.notice hnetd[3521]: [sd]_tlv_cb add local <TLV 
> id=33,len=19: 0022000F000769290002D54930FD123456789A>
> Mon Mar 26 09:42:18 2018 daemon.notice hnetd[3521]: [sd]_tlv_cb add local <TLV 
> id=33,len=120: 
> 0022001800055730000493E0382A05F6C7006200002B00010000000000220020000769290002D5496800000000000000000000FFFF0A0000002B000100000000002500240017002020014860486000000000000000008888200148604860000000000000000088440026000A060808080808080804040000>
> Mon Mar 26 09:42:18 2018 daemon.warn hnetd[13195]: Router DF849732
> 
> /Ole

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180326/d73c59a8/attachment-0001.sig>

More information about the tor-relays mailing list