[tor-talk] Problems migrating Tor hidden services

Cyrus cyrus_the_great at riseup.net
Fri Nov 15 23:54:42 UTC 2013

I host Tor hidden services on an OpenBSD server.

I am having a problem after migrating my torrc and all the private keys
in /var/lib/tor where sites can't be reached. The old server runs
OpenBSD 5.3 and the new server runs OpenBSD 5.4.

It complains about pending circuits, and on the old server this was
never a problem, though I've tried increasing MaxClientCircuitsPending
to 256 but this has not helped. It still complains. I worry this might
be an issue with OpenBSD 5.4's port of Tor.

Attempts to access Tor hidden services end very quickly with "SOCKS
request rejected or failed."

Here is out output in notices.log:
Nov 16 23:15:10.000 [notice] Tor (git-17c24b3118224d65) opening
log file.
Nov 16 23:15:10.000 [notice] Parsing GEOIP file /usr/local/share/tor/geoip.
Nov 16 23:15:11.000 [notice] This version of OpenSSL has a known-good
EVP counter-mode implementation. Using it.
Nov 16 23:15:11.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks
like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Nov 16 23:15:11.000 [notice] Reloaded microdescriptor cache.  Found 4694
Nov 16 23:15:11.000 [notice] We now have enough directory information to
build circuits.
Nov 16 23:15:11.000 [notice] Bootstrapped 80%: Connecting to the Tor
Nov 16 23:15:21.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with
217 circuits open. I've sent 0 kB and received 0 kB.
Nov 16 23:15:21.000 [notice] Bootstrapped 85%: Finishing handshake with
first hop.
Nov 16 23:15:21.000 [notice] We weren't able to find support for all of
the TLS ciphersuites that we wanted to advertise. This won't hurt
security, but it might make your Tor (if run as a client) more easy for
censors to block.
Nov 16 23:15:21.000 [notice] To correct this, use a version of OpenSSL
built with none of its ciphers disabled.
Nov 16 23:15:22.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Nov 16 23:15:22.000 [notice] Tor has successfully opened a circuit.
Looks like client functionality is working.
Nov 16 23:15:22.000 [notice] Bootstrapped 100%: Done.
Nov 16 23:15:22.000 [notice] Your network connection speed appears to
have changed. Resetting timeout to 60s after 18 timeouts and 269 buildtimes.
Nov 16 23:15:59.000 [notice] We'd like to launch a circuit to handle a
connection, but we already have 256 general-purpose client circuits
pending. Waiting until some finish.
Nov 16 23:17:15.000 [warn] Requested exit point
'$E5ECB2CA01E1D254D4EAB72CFAC16E5688CF471F' is not known. Closing.

CYRUSERV Onionland Hosting: http://cyruserv5hlagzhg.onion/

More information about the tor-talk mailing list