Re: Can't Contact Scroogle

[Gitano]

On 2011-02-12 11:01, Jim wrote:

 I currently cannot reach https://ssl.scroogle.org:443/ via Tor.

Me too.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: quick question about my bridge relay...

[Gitano]

On 2011-01-31 15:26, Joseph Lorenzo Hall wrote:

 I've set up a bridge relay and it seems to work for a bit and then
 stop routing traffic.  I'm wondering if I've misconfigured it or
 something.

Get your 'external' address (http://checkip.dyndns.com/) and start your
bridge with this IP.

Better: Create a free hostname (www.no-ip.com, www.dyndns.com, etc.) and
use this for your bridge relay.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Is gatereloaded a Bad Exit?

[Gitano]

On 2011-01-29 19:46, Jan Weiher wrote:

 while scrolling through the tor status page (torstatus.blutmagie.de), I
 stumpled upon the following node (the reason why it came to my eye was
 the long uptime):
 
 gatereloaded 550C C972 4FA7 7C7F 9260 B939 89D2 2A70 654D 3B92
 
 This node looks suspicious to me, because there is no contact info given
 and the exit policy allows only unencrypted traffic:
 
 reject 0.0.0.0/8:*
 reject 169.254.0.0/16:*
 reject 127.0.0.0/8:*
 reject 192.168.0.0/16:*
 reject 10.0.0.0/8:*
 reject 172.16.0.0/12:*
 reject 194.154.227.109:*
 accept *:21
 accept *:80
 accept *:110
 accept *:143
 reject *:*
 
 Am I missing something? I'm wondering why the status page lists this
 node as non-exit, because it clearly allows outgoing traffic on ports
 21,80,110 and 143?

See:
'https://gitweb.torproject.org/arma/tor.git/blob_plain/03b9c2cb903cc59f83139039d963f1fdea99b83a:/doc/spec/dir-spec.txt'

   Exit -- A router is called an 'Exit' iff it allows exits to at
least two of the ports 80, 443, and 6667 and allows exits to at
least one /8 address space.

Also: http://www.mail-archive.com/or-talk@freehaven.net/msg10275.html
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: cave updates, Qwest

[Gitano]

On 2011-01-28 20:23, scar wrote:

 Unfortunately, there still exist some problems and hiccups i've been
 dealing with.  While the DMCA complaints have so far stopped, my
 internet has been disabled three times now due to 'malicious' behavior.

Maybe it will help to disable the exit to your isp's net:

reject 184.96.0.0/13:*
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Problem with: Bridge IP:ORPort fingerprint

[Gitano]

If you start Tor with: Bridge IP:ORPort fingerprint and there exists
an old entry with the same fingerprint in
'/var/lib/tor/cached-descriptors' then 'IP:ORPort' (or 'url:ORPort')
will be disregarded and the ''IP:ORPort' from the old entry is used instead.

This is bad for unregistered bridges with dynamic ip-addresses and/or
dynalias-urls.

(observed on Tor 0.2.2.20-alpha)
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: tor is blocked in china

[Gitano]

On 2010-12-23 06:49, Lu Wei wrote:

 Only a little inconvenience is that bridge address must be entered
 digitally.

You can also use the following Syntax:

   Bridge URL:portnumber fingerprint
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Who knows 'gabelmoo-legacy' and 'moria1-legacy'

[Gitano]

On 2010-11-14 14:11, I wrote:

 Today my Tor-Node v0.2.2.17-alpha (git-d30d4eb843f12e65) crashed two
 times with the following log-entries:
 
 ###
 Nov 14 10:22:41.627 [info] Consensus includes unrecognized authority
 'gabelmoo-legacy' at 80.190.246.100:8180 (contact n/a; identity
 81349FC1F2DBA2C2C11B45CB9706637D480AB913)
 Nov 14 10:22:41.627 [info] Consensus includes unrecognized authority
 'moria1-legacy' at 128.31.0.34:9131 (contact n/a; identity
 E2A2AF57015D738736D0DD58169CC61D8A8B)

Switching back to Tor v0.2.1.26 no crashes anymore.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Who knows 'gabelmoo-legacy' and 'moria1-legacy'

[Gitano]

Today my Tor-Node v0.2.2.17-alpha (git-d30d4eb843f12e65) crashed two
times with the following log-entries:

###
Nov 14 10:22:41.627 [info] Consensus includes unrecognized authority
'gabelmoo-legacy' at 80.190.246.100:8180 (contact n/a; identity
81349FC1F2DBA2C2C11B45CB9706637D480AB913)
Nov 14 10:22:41.627 [info] Consensus includes unrecognized authority
'moria1-legacy' at 128.31.0.34:9131 (contact n/a; identity
E2A2AF57015D738736D0DD58169CC61D8A8B)
Nov 14 10:22:41.627 [info] A consensus needs 5 good signatures from
recognized authorities for us to accept it. This one has 8. It has 2
signatures from authorities we don't recognize.

- syslog -
Nov 14 10:22:41 Server kernel: [2143450.316348] tor[11153]: segfault at
b0b0b0f ip 00e404d5 sp bfc1be10 error 4 in tor[e31000+133000]
###

and sometimes later (after a restart):

###
Nov 14 11:50:52.056 [info] Consensus includes unrecognized authority
'gabelmoo-legacy' at 80.190.246.100:8180 (contact n/a; identity
81349FC1F2DBA2C2C11B45CB9706637D480AB913)
Nov 14 11:50:52.057 [info] Consensus includes unrecognized authority
'moria1-legacy' at 128.31.0.34:9131 (contact n/a; identity
E2A2AF57015D738736D0DD58169CC61D8A8B)
Nov 14 11:50:52.057 [info] A consensus needs 5 good signatures from
recognized authorities for us to accept it. This one has 8. It has 2
signatures from authorities we don't recognize.

- syslog -
Nov 14 11:50:52 Server kernel: [2148740.746147] tor[11219]: segfault at
b0b0b0f ip 00d6f4d5 sp bffb9d50 error 4 in tor[d6+133000]
###

'https://torstatus.blutmagie.de/index.php' shows authority 'gabelmoo'
(ipx14543.ipxserver.de [80.190.246.100]) and 'moria1'
(moria.csail.mit.edu [128.31.0.34]), but not 'gabelmoo-legacy' nor
'moria1-legacy'.

What's going on there?
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Privoxy doesn't start on booting

[Gitano]

On 2010-11-01 19:47, James Brown wrote:

 I have the next recordes in my logs of the privoxy:
 Nov 01 16:16:53.541 7f2ec27fa6f0 Info: Privoxy version 3.0.13
 Nov 01 16:16:53.567 7f2ec27fa6f0 Info: Program name: /usr/sbin/privoxy
 Nov 01 16:16:53.572 7f2ec27fa6f0 Info: Listening on port 8118 on IP address 
 localhost
 Nov 01 16:16:53.572 7f2ec27fa6f0 Error: Can not resolve localhost: Name or 
 service not known
 Nov 01 16:16:53.572 7f2ec27fa6f0 Fatal error: can't bind to localhost:8118: 
 The hostname is not resolvable

Please try '127.0.0.1' instead of 'localhost' and/or check '/etc/hosts'.

-- 'man hosts'
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: ... identity key was not as expected:

[Gitano]

On 2010-10-04 18:02, Gitano wrote:

 Today I found these two entries in the logfile of my relay (Picolino):
 
 Oct 03 20:20:46.513 [warn] Tried connecting to router at
 78.53.207.239:443, but identity key was not as expected: wanted
 8557B4AA9D3E5784E013F15C310DBFF593687D84 but got
 C221743B643DE6178AC034370E324A0B232E75DA.
 
 Oct 04 00:13:43.178 [warn] Tried connecting to router at
 207.112.0.40:443, but identity key was not as expected: wanted
 A807A1253B9550B79F0E32D0B4B3D253A09F9335 but got
 FDAC6132936C45D6E2EE855F9ABAE7769968CCE7.

More entries:

Oct 04 19:13:35.561 [warn] Tried connecting to router at
78.114.143.246:443, but identity key was not as expected: wanted
89C796D378C4D40A4AD4F296C64B03AACE5EE6D8 but got
30791B07F15A17CE3267BAC80DF80DBD8EC6DB3E.

Oct 04 20:52:37.784 [warn] Tried connecting to router at
91.5.144.131:443, but identity key was not as expected: wanted
A18428DB6DC890C6C681495E50045929F41832AC but got
83BEF4C471BB2C098E8664CF807FFC6036D36ECA.

Oct 05 08:14:30.966 [warn] X509_verify on cert and pkey returned = 0
Oct 05 08:14:30.966 [warn] TLS error while verifying certificate with
[scrubbed]: block type is not 01 (in rsa
routines:RSA_padding_check_PKCS1_type_1:SSL_ST_OK)
Oct 05 08:14:30.966 [warn] TLS error while verifying certificate with
[scrubbed]: padding check failed (in rsa
routines:RSA_EAY_PUBLIC_DECRYPT:SSL_ST_OK)
Oct 05 08:14:30.966 [warn] TLS error while verifying certificate with
[scrubbed]: EVP lib (in asn1 encoding routines:ASN1_item_verify:SSL_ST_OK)
Oct 05 08:14:30.966 [warn] Tried connecting to router at
38.101.126.131:443: It has a cert but it's invalid. Closing.

Any idea?
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

... identity key was not as expected:

[Gitano]

Today I found these two entries in the logfile of my relay (Picolino):

Oct 03 20:20:46.513 [warn] Tried connecting to router at
78.53.207.239:443, but identity key was not as expected: wanted
8557B4AA9D3E5784E013F15C310DBFF593687D84 but got
C221743B643DE6178AC034370E324A0B232E75DA.

Oct 04 00:13:43.178 [warn] Tried connecting to router at
207.112.0.40:443, but identity key was not as expected: wanted
A807A1253B9550B79F0E32D0B4B3D253A09F9335 but got
FDAC6132936C45D6E2EE855F9ABAE7769968CCE7.

What does it mean?
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: BetterPrivacy - necessary?

[Gitano]

On 2010-09-29 20:19, Matthew wrote:

  I currently use Tor + Polipo + Torbutton + NoScript.
 
 Obviously there are other add-ons for Firefox out there such as
 BetterPrivacy.

I think 'BetterPrivacy' is a must! [1]

 Are any other add-ons necessary or would people suggest I am now fully
 protected?

IMHO its important to suppress active content (Flash, ActiveX,
Silverlight, JavaScript etc.) and other junk and therefor I prefer
'Privoxy' [1] instead of Polipo.

[1] http://en.wikipedia.org/wiki/Local_Shared_Object
[2] http://www.privoxy.org/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Privoxy doesn't start on booting

[Gitano]

On 2010-09-21 07:03, James Brown wrote:

 I have changed them for belonging to privoxy but it did not resolve my
 problem:
 ls -l
 -rw-r--r-- 1 privoxy root 50341 2010-09-18 13:00 config
 -rw-r--r-- 1 privoxy root 66849 2009-07-06 22:50 default.action
 -rw-r--r-- 1 privoxy root 37588 2009-07-06 22:50 default.filter
 -rw-r--r-- 1 privoxy root   734 2009-07-06 22:50 match-all.action
 drwxr-xr-x 2 privoxy root  4096 2010-09-19 08:35 templates
 -rw-r--r-- 1 privoxy root  3697 2009-07-06 22:50 trust
 -rw-r--r-- 1 privoxy root  6372 2009-07-06 22:50 user.action

Ok, have you checked the symbolic links in '/etc/rc2.d'..'/etc/rc.d' as
Jim wrote:

ls -l /etc/rc?.d/*privoxy*
lrwxrwxrwx 1 root root 17 2010-06-13 11:27 /etc/rc0.d/K20privoxy -
../init.d/privoxy
lrwxrwxrwx 1 root root 17 2010-06-13 11:27 /etc/rc1.d/K20privoxy -
../init.d/privoxy
lrwxrwxrwx 1 root root 17 2010-06-13 11:27 /etc/rc2.d/S20privoxy -
../init.d/privoxy
lrwxrwxrwx 1 root root 17 2010-06-13 11:27 /etc/rc3.d/S20privoxy -
../init.d/privoxy
lrwxrwxrwx 1 root root 17 2010-06-13 11:27 /etc/rc4.d/S20privoxy -
../init.d/privoxy
lrwxrwxrwx 1 root root 17 2010-06-13 11:27 /etc/rc5.d/S20privoxy -
../init.d/privoxy
lrwxrwxrwx 1 root root 17 2010-06-13 11:27 /etc/rc6.d/K20privoxy -
../init.d/privoxy

 And what are the templates?

I think it doesn't matter. Here the owner of *templates/*' is root and
privoxy works perfect for me.

 /etc/privoxy/config attached

Thanks - please, can you activate logging and check the entries:

   logfile  logfile
   debug4096 # Startup banner and warnings.
   debug8192 # Non-fatal errors

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Privoxy doesn't start on booting

[Gitano]

On 2010-09-20 19:39, James Brown wrote:

 OS - Ubuntu 9.10 on a laptop
 Privoxy version 3.0.13
 Tor version 0.2.1.26
 
 I have installed tor and privoxy and now I have the next problem.
 When I boot my system privoxy does not start as daemon and I need to
 start it manually (/etc/init.d/privoxy start).

Who is the owner of '/etc/privoxy/*'? It should be 'privoxy'!

'ls -l /etc/privoxy':
-rw-r--r-- 1 privoxy root  2850 2010-09-15 09:37 config
-rw-r--r-- 1 privoxy root 71178 2010-01-18 08:09 default.action
-rw-r--r-- 1 privoxy root 37843 2010-01-18 08:09 default.filter
-rw-r--r-- 1 privoxy root   734 2010-01-18 08:09 match-all.action
-rw-r--r-- 1 privoxy root  3697 2010-01-18 08:09 trust
-rw-r--r-- 1 privoxy root  3644 2010-09-15 08:13 user.action
-rw-r--r-- 1 privoxy root   515 2010-06-13 11:34 user.filter
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Cannot retrieve apt key from keyserver

[Gitano]

On 2010-08-16 15:33, via@free.fr wrote:

 When I type in the terminal the following line:
 ---
 gpg --keyserver keys.gnupg.net --recv 886DDD89
 ---
 
 I get an error telling me the key hasn't been found. I tried to retrieve the 
 key
 from http://keys.gnupg.net/. The key isn't found.

Please try:

http://minsky.surfnet.nl:11371/pks/lookup?op=indexsearch=0x886DDD89
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Problem with the TB automatically usage of an alternative search engine

[Gitano]

On 2010-07-30 08:27, James Brown wrote:

 TB 1.2.5
 Today I have the next problem when the TB automatically use the
 ixquick.com-engine instead the Google:

'https://ssl.scroogle.org/' works well for me since years.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: HTTPS Everywhere Firefox addon

[Gitano]

On 28.05.2010 06:22, Erik de Castro Lopo wrote:

 DuckDuckGo and Startpage.com are two alternative (specifically to google)
 search engines which promise not to record your IP address :

My favorite since many years is: https://ssl.scroogle.org/ (over Tor)
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Torbutton 1.2.5 Released

[Gitano]

Mike Perry wrote:

 I've written a bit more on the reasoning behind these two changes at:
  
 https://blog.torproject.org/blog/torbutton-release-125-google-captchas-and-addonsmozillaorg

   Access denied
   You are not authorized to access this page. 

Oops!?
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: vps

[Gitano]

DC wrote:

 to start learning and trying it myself i will get a cheap vps to start with.
 what's the os version specifically that works best with Tor?

I prefer Ubuntu-server, but Debian is as simple.
Please have a look at: https://www.torproject.org/docs/debian

But beware - on a vps you should reduce the BandwidthRate/BandwidthBurst
to an appropriate value!
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Full bandwidth is not used.

[Gitano]

Paul Menzel wrote:

 It is a virtual machine ...

 Is it safe to say, that it is a client problem that they do not use my
 server?

1. On vservers there are many resource limits. Please check: 'cat
/proc/user_beancounters'.

2. Have you read 'http://www.webtropia.com/home/faq.html?article=366'? I
don't believe that you have reached the traffic limit, but this could be
another reason.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: can i ask questions about privoxy here...?

[Gitano]

emigrant wrote:

 is that possible?

Which question(s) beside 'http://www.privoxy.org/faq/index.html'?

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Privoxy and Polipo

[Gitano]

arshad wrote:

 but now i want to disable that deanaimate gif thing. but there isn't a
 place in config file to do that :(

The place for personal configuration in privoxy is 'user.action'.
You can append these two lines:

{-deanimate-gifs}
/ # Match all URLs

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: TOR is for anonymization; so how to add encryption as well?

[Gitano]

basile wrote:

 If you repeat the above, but go to https://www.google.com (note the
 http+s), then the above changes in that the clear http is replaced by
 encrypted https.  Then even the tor exit node admin can't see your traffic.

It depends on the location of the exit node. I saw changing the above
url to 'http://www.google.fr/' or 'http://www.google.ca/'.

No encryption anymore!

Only 'https://www.google.com/intl/xx/' ('xx' = country code) seems to be
constant regardless of the location of the exit node.

So for me 'https://ssl.scroogle.org/' is the better choice.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor: Scroogle blocked, Google not ? (November 2009)

[Gitano]

Jim wrote:

 The past few days I've noticed that all http requests to
 https://ssl.scroogle.org have invariably failed. This appeared as a
 DNS failure. After switching over to the regular http (non-ssl)
 version of scroogle, I found that was generally working for another
 couple of days then that went away too with the same can't resolve
 host / No such domain. Anyone else also experienced this?
 
 About a year ago I stopped being able access to Scroogle via Tor.  After
 half a day or so of such failure I sent the operator an email about it.
  I never received a reply, but it started working again.
 
 I just sent the operator another email some hours ago.  I'm hoping for
 the best ...

Thanks - now 'ssl.scroogle.org' is reachable over Tor again!
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Reliable relay status check

[Gitano]

Brian Mearns wrote:

 Is there a way to test that my relay is working? My logs indicate that
 ORPort and DirPort are both reachable from the outside, but several
 different websites (such as https://torstat.xenobite.eu/) can't find
 my relay (nicknamed shallot).

Your relay was working:
http://torstatus.blutmagie.de/router_detail.php?FP=674d9f085e219fefc0f132cdf5e12212c57436d9

Re: Annoying loop situation

[Gitano]

Bob Williams wrote:

 The uncommented lines in my privoxy config file are:

 forward 192.168.*.*/ .  
 
 forward-socks4a   /   127.0.0.1:9050  .
 forward-socks5/   127.0.0.1:9050  .

To use privoxy without Tor you can add the following line BELOW the
'forward-socks*' lines:

forward/.

Last match wins, see also:
http://www.privoxy.org/user-manual/config.html#FORWARDING

Re: Annoying loop situation

[Gitano]

Bob Williams wrote:

 To use privoxy without Tor you can add the following line BELOW the
 'forward-socks*' lines:

 forward/.

 Last match wins, see also:
 http://www.privoxy.org/user-manual/config.html#FORWARDING
 
 The effect of this would be the same as NOT having the forward-socks* lines, 
 wouldn't it? i.e. leaving forwarding unset?

Yes, but this additional line leaves the remaining settings of
Privoxy/TorButton unchanged. I don't know the behavior of TorButton
without the 'forward-socks*' lines in privoxy.conf.

Re: Two different hidden service on the same tor client

[Gitano]

Roger Dingledine wrote:

 Hidden services aren't exactly robust these days though, so the fact
 that you couldn't reach the second service is not a huge surprise.
 
 Upgrade to 0.2.1.19 and try again is the best advice I can offer.

Well done! Thank you for that version.

After several days of unsuccessful trials with 'SmallMail' [1]
connecting to my own server, today after installing Tor v0.2.1.19 it
works perfect, fast and reliable.

[1] http://smallsister.org/

Re: Two different hidden service on the same tor client

[Gitano]

leandro noferini wrote:

 Now comes  the question: is possibile  to run the two  hidden service on
 port 80 together? If I change the above lines in 
 
 HiddenServiceDir /var/lib/tor/server-1/
 HiddenServicePort 80 127.0.0.1:8183
 
 HiddenServiceDir /var/lib/tor/server-2/
 HiddenServicePort 80 127.0.0.1:8184
   ^^
 
 I could not reach the second service.
 
 Is this correct?

Yes, the portnumber must be unique for the service.

Re: Two different hidden service on the same tor client

[Gitano]

Roger Dingledine wrote:

 Yes, the portnumber must be unique for the service.
 
 No, it ought to work fine. The 80 is the virtual port, and it only
 has to be unique per hidden service.

Typo - sorry. 'Yes' should be 'No'!

Re: warning message question

[Gitano]

Scott Bennett wrote:

  Saturday morning, I got the following message.
 
 Jul 25 09:33:57.004 [warn] Received http status code 502 (Proxy
Error) from server '80.190.246.100:80' while fetching consensus directory.

I've got similar messages too, always in conjunction with 'Got a bad
signature on a networkstatus vote' (Tor v0.2.1.17):

Jul 25 01:33:13.917 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:33:13.917 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:33:13.917 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:33:13.917 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:33:13.917 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:33:13.918 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:33:13.918 [warn] 0 unknown, 0 missing key, 0 good, 6 bad, 0 no
signature, 4 required
Jul 25 01:33:13.918 [warn] Not enough good signatures on networkstatus
consensus
Jul 25 01:33:13.918 [warn] Unable to load consensus directory downloaded
from server '137.56.75.117:11375'. I'll try again soon.
Jul 25 01:34:16.791 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:34:16.791 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:34:16.791 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:34:16.791 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:34:16.792 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:34:16.792 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:34:16.792 [warn] 0 unknown, 0 missing key, 0 good, 6 bad, 0 no
signature, 4 required
Jul 25 01:34:16.792 [warn] Not enough good signatures on networkstatus
consensus
Jul 25 01:34:16.792 [warn] Unable to load consensus directory downloaded
from server '216.146.46.30:9001'. I'll try again soon.
Jul 25 01:44:24.800 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:44:24.800 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:44:24.801 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:44:24.801 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:44:24.801 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:44:24.801 [warn] Got a bad signature on a networkstatus vote
Jul 25 01:44:24.801 [warn] 0 unknown, 0 missing key, 0 good, 6 bad, 0 no
signature, 4 required
Jul 25 01:44:24.801 [warn] Not enough good signatures on networkstatus
consensus
Jul 25 01:44:24.801 [warn] Unable to load consensus directory downloaded
from server '91.143.93.213:9002'. I'll try again soon.
Jul 25 02:18:58.903 [warn] Got a bad signature on a networkstatus vote
Jul 25 02:18:58.903 [warn] Got a bad signature on a networkstatus vote
Jul 25 02:18:58.903 [warn] Got a bad signature on a networkstatus vote
Jul 25 02:18:58.903 [warn] Got a bad signature on a networkstatus vote
Jul 25 02:18:58.903 [warn] Got a bad signature on a networkstatus vote
Jul 25 02:18:58.903 [warn] Got a bad signature on a networkstatus vote
Jul 25 02:18:58.903 [warn] 0 unknown, 0 missing key, 0 good, 6 bad, 0 no
signature, 4 required
Jul 25 02:18:58.903 [warn] Not enough good signatures on networkstatus
consensus
Jul 25 02:18:58.904 [warn] Unable to load consensus directory downloaded
from server '88.159.81.251:110'. I'll try again soon.

Re: VoIP telephony building like Tor

[Gitano]

James Brown wrote:

 There is a very strong control over telephony in many countries. Many
 counties intend to make this control more and more stronger.
 In the Russia, when I live, for example the Putin's and Medvedev's
 bloody dictatorial regim now intend to ban VoIP telephony:
 http://www.point.ru/news/stories/20598/
 Besides, there is no effective open source system of VoIP telepony which
 let people freely talk and connect by chat and sending-receiving files
 between each other without any control from Governments, companies etc.,
 maintaining anonimity and encryption of communication at the same time.

For chat and files exchange there exists a nice small program 'TorChat'.

-- http://code.google.com/p/torchat/

Re: VoIP telephony building like Tor

[Gitano]

James Brown wrote:

 And what about phone calls, including call to ordinaty telephones?

I use 'ihu' as an alternate for skype, but its a peer-to-peer
application and for Linux only. AFAIK there is no SIP-based VoIP
Software using Tor.

Re: VoIP telephony building like Tor

[Gitano]

James Brown wrote:

 I use 'ihu' as an alternate for skype, but its a peer-to-peer
 application and for Linux only. AFAIK there is no SIP-based VoIP
 Software using Tor.
   
 Is it possible to call from it to ordinary telephones (insluding mobiles)?

Sorry - no, see also: http://ihu.sourceforge.net/

Re: another bad exit

[Gitano]

Scott Bennett wrote:

  So I tried it again, appending .spacecowboy.exit, and can now confirm
 that node spacecowboy is indeed returning the error page, rather than
 simply returning the SOCKS failure, only this time it said that the name
 server said that the domain name doesn't exist, which is false:  tor-resolve
 returns 204.152.186.46 as the address for the target web site.  (Most of
 the page is in German, but some of it is close enough to English for me
 to understand it, and the message about squid is in English.)
  The above described behavior clearly meets the criteria for flagging
 spacecowboy at 87.152.109.208 as a BadExit.

http://torstatus.blutmagie.de/router_detail.php?FP=6de93ee8597daa086d5f23c2f32bfd4dcf64ed11

It looks like this node has reached its physical bandwidth limit.

Re: Tor bridge not generating any traffic

[Gitano]

Johannes Nitsche wrote:

 I am trying to operate a tor bridge on my VPS. The system is an Ubuntu
 hardy the tor version is 0.2.0.34 (r18423). I have attached my
 configuration file so you can see if there is any error in that one.
 Regarding the log files I only see one error reported in them:

 Jun 10 08:02:51.040 [warn] Your server (207.210.117.7:200) has not
 managed to confirm that its DirPort is reachable. Please check your
 firewalls, ports, address, /etc/hosts file, etc.

Here is the answer from Roger (I got the same warn message):

### http://www.mail-archive.com/or-talk@freehaven.net/msg09417.html
It's a bug. It's been on my todo list for many months now. It's a
harmless bug, so I haven't gotten around to it.

For now, you can solve it by turning your DirPort off (bridges don't
use dirports). Else continue being patient. :)
###

ExitNodes for encrypted connects only are not possible. Why?

[Gitano]

In 'git.torproject.org/checkout/tor/master/doc/spec/dir-spec.txt'
ExitNodes are defined as:

   Exit -- A router is called an 'Exit' iff it allows exits to at
least two of the ports 80, 443, and 6667 and allows exits to at
least one /8 address space.

I would like to setup my ExitNode for ports 443, 465, 563, 993, 995
(https, ssmtp, nntps, imaps, pop3s) only, but this is not possible.

What's the reason behind this? Is there any chance to loose this
restriction in one of the next releases?

Re: ExitNodes for encrypted connects only are not possible. Why?

[Gitano]

Karsten Loesing wrote:

 Feel free to configure your node to exit to those 5 ports only. That
 makes your node an exit node for connections to those ports.
 
 Your node won't get the Exit flag, though, but that's not required for
 being an exit node. The Exit flag is used by clients for path selection.
 Relays with the Exit flag are selected less often for non-exit
 positions, so that their bandwidth is saved for exiting connections.
 That means that your node will be selected more often as middle node and
 less often as exit node compared to relays that have the Exit flag.

Thank you for illuminating this. I will do so.

 It's unlikely that the criteria you pasted above will be changed. There
 need to be some criteria, and if almost every node matches them, the
 flag would be useless.

Ok, but adding one more 'secure' port beside 443 would be enough in this
case.

Re: Privoxy change?

[Gitano]

Praedor Atrebates wrote:

 I just upgraded my linux system to Mandriva 2009.1 and installed tor and tork 
 as usual.  I have tried to configure privoxy as in the past with a forward-
 socks4a/localhost:9050 . added at the end of the config file.  When privoxy 
 starts, it produces:  Starting privoxy: May 08 11:52:50.191 b7d2a6c0 Error: 
 Ignoring unrecognized directive 'forward-socks4a/localhost:9050 .'
 
 What exactly is the format of this line supposed to be?  Has privoxy changed 
 recently to render this nonfunctional?

forward-socks4a / localhost:9050 .
   ^ ^
Notice the two whitespaces!

Re: Tor 0.2.1.9-alpha STILL BROKEN

[Gitano]

Roger Dingledine wrote:

 I have not been able to continuously run tor since 0.2.0.31.  EVERY version 
 since fails to run continuously (0.2.1.7, 0.2.1.8, and now 0.2.1.9).  It 
 starts fine, it runs for a while, then simply stops running without any 
 error 
 messages, nothing.  It just stops.
 
 You might find
 https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ReportBug
 to be useful for tracking down the issue.
 
 Next step, see if it's producing a core. Look at dmesg to see if it's
 killing it for out-of-memory reasons.

I am running Tor v0.2.1.9-alpha (r1) on kernel 2.6.24-22-generic
(Ubuntu 8.04) and I noticed too that Tor stops suddenly (sporadic):

###
Jan  3 06:49:45 orion kernel: [  107.349090] process `skype' is using
obsolete setsockopt SO_BSDCOMPAT
Jan  3 07:10:00 orion kernel: [ 1320.602621] tor[4887]: segfault at
7473696c eip 080baf24 esp bfcaa9c0 error 4

Jan  5 17:48:37 orion kernel: [  127.876674] process `skype' is using
obsolete setsockopt SO_BSDCOMPAT
Jan  5 18:48:48 orion kernel: [ 3734.894317] tor[4897]: segfault at
0077656a eip b7ce74ac esp bf933ab8 error 4
###

Please notice the entry just before the 'segfault' in the kern.log -
maybe its relevant ...?

Tor-Bridge: DirPort unreachable

[Gitano]

Hi,

starting my Tor-Server as a bridge (with a clean /var/lib/tor/) I get:

Dec 28 20:06:03.406 [notice] Tor 0.2.1.9-alpha (r1) opening log file.
Dec 28 20:26:07.562 [warn] Your server (87.122.2.241:9030) has not
managed to confirm that its DirPort is reachable. Please check your
firewalls, ports, address, /etc/hosts file, etc.

The debug.log shows:
###
Dec 28 19:43:23.953 [notice] Now checking whether ORPort
87.122.2.241:443 and DirPort 87.122.2.241:9030 are reachable... (this
may take up to 20 minutes -- look for log messages indicating success)
Dec 28 19:43:23.960 [info] connection_ap_make_link(): Making internal
anonymized tunnel to 87.122.2.241:9030 ...
Dec 28 19:43:43.534 [debug] connection_dir_client_reached_eof():
Received response from directory server '87.122.2.241:9030': 404 Not found
Dec 28 19:43:43.534 [info] connection_dir_client_reached_eof(): Received
server info (size 0) from server '87.122.2.241:9030'
Dec 28 19:43:43.534 [info] connection_dir_client_reached_eof(): Received
http status code 404 (Not found) from server '87.122.2.241:9030' while
fetching /tor/server/authority.z. I'll try again soon.
###

Starting my Tor-Server as a relay (# BridgeRelay 1), all works well:
###
Dec 28 19:33:32.091 [notice] Now checking whether ORPort
87.122.2.241:443 and DirPort 87.122.2.241:9030 are reachable... (this
may take up to 20 minutes -- look for log messages indicating success)
Dec 28 19:33:32.098 [info] connection_ap_make_link(): Making internal
anonymized tunnel to 87.122.2.241:9030 ...
Dec 28 19:33:53.771 [debug] connection_dir_client_reached_eof():
Received response from directory server '87.122.2.241:9030': 200 OK
Dec 28 19:33:53.771 [info] connection_dir_client_reached_eof(): Received
server info (size 1177) from server '87.122.2.241:9030'
###

Nothing else has been changed except 'BridgeRelay 1' and cleaning up
'/var/lib/tor/'!

Is it a bug? Can anyone confirm this behavior?

OS is Ubuntu 8.04 server.

Re: Tor-Bridge: DirPort unreachable

[Gitano]

Roger Dingledine wrote:

 It's a bug. It's been on my todo list for many months now. It's a
 harmless bug, so I haven't gotten around to it.
 
 For now, you can solve it by turning your DirPort off (bridges don't
 use dirports). Else continue being patient. :)

Thank you, I will do so.

Re: invitation to directory server operators

[Gitano]

Scott Bennett wrote:

 This entry doesn't work on my server (Picolo) even though the flag
 'Directory (v2)' is set.
 
  Why do you believe it doesn't work?

My server is not listed as a HSDir server.

 There is, however, the requirement that your
 server be up for at least 24 hours before the authorities will list a new
 HSDir server with the HSDir flag set in the consensus and status documents.
 If it hasn't been that long yet, please give it enough time.

Ok - so a server, getting a new IP every 24 hours (ADSL), will never
become a HSDir server?

Re: invitation to directory server operators

[Gitano]

Scott Bennett wrote:

 ## The following line enables hidden service directory mirroring.
 HidServDirectoryV2 1
 
 (Or skip the comment line, and just add the second line, as you please.)
 Then tell your tor server to reload its torrc file.  Within 24 - 25 hours
 your server will begin operating as a tor hidden services directory server.
 You probably won't even notice the difference in traffic loads on your tor
 server.

This entry doesn't work on my server (Picolo) even though the flag
'Directory (v2)' is set. Are there any dependencies, for example minimum
bandwidth?

Unable to load consensus directory ...

[Gitano]

Any idea what has happened?

--- log of picolo ---
Aug 27 00:31:56.953 [notice] Tor 0.2.1.4-alpha (r16409) opening new log
file.
Aug 27 02:38:35.348 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:38:35.352 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:38:35.356 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:38:35.360 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:38:35.364 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:38:35.364 [warn] 0 unknown, 0 missing key, 0 good, 5 bad, 1 no
signature, 4 required
Aug 27 02:38:35.365 [warn] Not enough good signatures on networkstatus
consensus
Aug 27 02:38:35.368 [warn] Unable to load consensus directory downloaded
from server '82.94.251.204:443'. I'll try again soon.
Aug 27 02:40:41.798 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:40:41.803 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:40:41.806 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:40:41.810 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:40:41.814 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:40:41.815 [warn] 0 unknown, 0 missing key, 0 good, 5 bad, 1 no
signature, 4 required
Aug 27 02:40:41.815 [warn] Not enough good signatures on networkstatus
consensus
Aug 27 02:40:41.818 [warn] Unable to load consensus directory downloaded
from server '206.248.135.169:443'. I'll try again soon.
Aug 27 02:50:47.001 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:50:47.005 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:50:47.009 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:50:47.013 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:50:47.017 [warn] Got a bad signature on a networkstatus vote
Aug 27 02:50:47.017 [warn] 0 unknown, 0 missing key, 0 good, 5 bad, 1 no
signature, 4 required
Aug 27 02:50:47.018 [warn] Not enough good signatures on networkstatus
consensus
Aug 27 02:50:47.020 [warn] Unable to load consensus directory downloaded
from server '85.214.73.63:9001'. I'll try again soon.
Aug 27 03:15:22.468 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:15:22.472 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:15:22.476 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:15:22.480 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:15:22.484 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:15:22.484 [warn] 0 unknown, 0 missing key, 0 good, 5 bad, 1 no
signature, 4 required
Aug 27 03:15:22.485 [warn] Not enough good signatures on networkstatus
consensus
Aug 27 03:15:22.488 [warn] Unable to load consensus directory downloaded
from server '159.149.71.27:9001'. I'll try again soon.
Aug 27 03:17:15.531 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:17:15.535 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:17:15.539 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:17:15.543 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:17:15.547 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:17:15.547 [warn] 0 unknown, 0 missing key, 0 good, 5 bad, 1 no
signature, 4 required
Aug 27 03:17:15.548 [warn] Not enough good signatures on networkstatus
consensus
Aug 27 03:17:15.551 [warn] Unable to load consensus directory downloaded
from server '82.94.251.199:9001'. I'll try again soon.
Aug 27 03:27:32.984 [warn] Error parsing router address in
network-status 618:5.113.141
Aug 27 03:27:33.132 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:27:33.136 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:27:33.140 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:27:33.144 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:27:33.148 [warn] Got a bad signature on a networkstatus vote
Aug 27 03:27:33.148 [warn] 0 unknown, 0 missing key, 0 good, 5 bad, 1 no
signature, 4 required
Aug 27 03:27:33.149 [warn] Not enough good signatures on networkstatus
consensus
Aug 27 03:27:33.152 [warn] Unable to load consensus directory downloaded
from server '85.214.104.216:9001'. I'll try again soon.
Aug 27 04:15:25.079 [warn] Got a bad signature on a networkstatus vote
Aug 27 04:15:25.084 [warn] Got a bad signature on a networkstatus vote
Aug 27 04:15:25.088 [warn] Got a bad signature on a networkstatus vote
Aug 27 04:15:25.091 [warn] Got a bad signature on a networkstatus vote
Aug 27 04:15:25.096 [warn] Got a bad signature on a networkstatus vote
Aug 27 04:15:25.096 [warn] 0 unknown, 0 missing key, 0 good, 5 bad, 1 no
signature, 4 required
Aug 27 04:15:25.097 [warn] Not enough good signatures on networkstatus
consensus
Aug 27 04:15:25.101 [warn] Unable to load consensus directory downloaded
from server '85.31.187.245:9001'. I'll try again soon.
Aug 27 04:17:15.024 [warn] Got a bad signature on a networkstatus vote
Aug 27 04:17:15.028 [warn] Got a bad signature on a networkstatus vote
Aug 27 04:17:15.032 [warn] 

Middleman node 'Gypsy' has been shut down by hoster 'ovh.de'.

[Gitano]

On 2008-08-05 my Tor-Server 'Gypsy' has been shut down by 'ovh.de' -
supposed due to massive violation of their standard form contracts.

No chance to get it back.

Sorry folks.

bridge relay with dirport enabled - it does not work!

[Gitano]

When I set up my Tor server as a normal relay all works fine:
###
Jun 07 18:16:18.673 [notice] Now checking whether ORPort *.*.*.*:443 and
DirPort *.*.*.*:9030 are reachable... (this may take up to 20 minutes --
look for log messages indicating success)
Jun 07 18:16:24.684 [notice] Self-testing indicates your DirPort is
reachable from the outside. Excellent.
Jun 07 18:16:28.033 [notice] Self-testing indicates your ORPort is
reachable from the outside. Excellent. Publishing server descriptor.
Jun 07 18:16:54.674 [notice] Performing bandwidth self-test...done.
###

But when I set it up as a bridge relay

  BridgeRelay 1
  PublishServerDescriptor bridge

the DirPort is no longer reachable:
###
Jun 07 18:34:24.486 [notice] Now checking whether ORPort *.*.*.*:443 and
DirPort *.*.*.*:9030 are reachable... (this may take up to 20 minutes --
look for log messages indicating success)
Jun 07 18:34:28.792 [notice] Self-testing indicates your ORPort is
reachable from the outside. Excellent. Publishing server descriptor.
Jun 07 18:35:27.691 [notice] Performing bandwidth self-test...done.
Jun 07 18:54:19.312 [warn] Your server (*.*.*.*:9030) has not managed to
confirm that its DirPort is reachable. Please check your firewalls,
ports, address, /etc/hosts file, etc.
###

In the (debug-)logfile I found this:
###
Jun  7 18:34:25 server Tor[19309]: directory_handle_command_get():
rewritten url as '/tor/server/authority.z'.
Jun  7 18:34:26 server Tor[19309]: connection_dir_client_reached_eof():
Received response from directory server '*.*.*.*:9030': 404 Not found
Jun  7 18:34:26 server Tor[19309]: connection_dir_client_reached_eof():
Received server info (size 0) from server '*.*.*.*:9030'
Jun  7 18:34:26 server Tor[19309]: connection_dir_client_reached_eof():
Received http status code 404 (Not found) from server '*.*.*.*:9030'
while fetching /tor/server/authority.z. I'll try again soon.
###

Nothing else has been changed except the two lines in '/etc/tor/torrc'!

What am I missing? Thanks in advance.

Re: bridge relay: DirPort unreachable

[Gitano]

Roger Dingledine wrote:

 ---8
 May 31 11:53:23.284 [debug] connection_dir_client_reached_eof():
 Received response from directory server '*.*.*.*:80': 404 Not found
 May 31 11:53:23.285 [info] connection_dir_client_reached_eof(): Received
 server info (size 0) from server '*.*.*.*:80'
 May 31 11:53:23.285 [info] connection_dir_client_reached_eof(): Received
 http status code 404 (Not found) from server '*.*.*.*:80' while
 fetching /tor/server/authority.z. I'll try again soon.
 ---8

 What does this mean?
 
 It means your Tor client tried to do a self-test on its advertised DirPort
 (port 80 of whatever Address you're advertising), and it didn't get an
 answer it expected. Perhaps something else is listening there instead?

In the meantime I set up a new bridge relay on another computer with the
same configuration except 'DirPort 9030'! No other application is
listening on that port but the result is the same:

---8
Jun 01 22:06:46.798 [info] connection_dir_client_reached_eof(): Received
server info (size 0) from server '*.*.*.*:9030'
Jun 01 22:06:46.798 [info] connection_dir_client_reached_eof(): Received
http status code 404 (Not found) from server '*.*.*.*:9030' while
fetching /tor/server/authority.z. I'll try again soon.
Jun 01 22:06:46.798 [info] _connection_free(): Freeing linked Directory
connection [client finished] with 0 bytes on inbuf, 0 on outbuf.
Jun 01 22:07:27.325 [warn] Your server (*.*.*.*:9030) has not managed to
confirm that its DirPort is reachable. Please check your firewalls,
ports, address, /etc/hosts file, etc.
---8

Any other hint? What about the missing file /tor/server/authority.z?

bridge relay: DirPort unreachable

[Gitano]

When I start my bridge relay on a dedicated server at home, I get this:

---8
May 31 11:34:28.207 [notice] Self-testing indicates your ORPort is
reachable from the outside. Excellent. Publishing server descriptor.
May 31 11:35:37.485 [notice] Performing bandwidth self-test...done.
---8

But after a while:

---8
May 31 11:53:47.477 [warn] Your server (*.*.*.*:80) has not managed to
confirm that its DirPort is reachable. Please check your firewalls,
ports, address, /etc/hosts file, etc.
---8

So I started debugging:

---8
May 31 11:53:23.284 [debug] connection_dir_client_reached_eof():
Received response from directory server '*.*.*.*:80': 404 Not found
May 31 11:53:23.285 [info] connection_dir_client_reached_eof(): Received
server info (size 0) from server '*.*.*.*:80'
May 31 11:53:23.285 [info] connection_dir_client_reached_eof(): Received
http status code 404 (Not found) from server '*.*.*.*:80' while
fetching /tor/server/authority.z. I'll try again soon.
---8

What does this mean?

I'm familiar with NAT and my m0n0wall firewall shows up the
connections to port 9001/9030 of the tor-server.

Here comes my '/etc/tor/torrc':

---8
SocksPort 0
SocksListenAddress 127.0.0.1
Log notice file /var/log/tor/notices.log
DataDirectory /var/lib/tor
Nickname ***
Address ***
HiddenServiceDir /var/lib/tor/hidden_service_www/
HiddenServicePort 80 127.0.0.1:80
ORPort 443
ORListenAddress 0.0.0.0:9001
DirPort 80
DirListenAddress 0.0.0.0:9030
BridgeRelay 1
PublishServerDescriptor bridge
RelayBandwidthRate 100 KB
RelayBandwidthBurst 100 KB
ExitPolicy reject *:*
TunnelDirConns 1
PreferTunneledDirConns 1
Log debug file /var/log/tor/debug.log
---8

Re: bridge relay: DirPort unreachable

[Gitano]

Roger Dingledine wrote:

 ---8
 May 31 11:53:47.477 [warn] Your server (*.*.*.*:80) has not managed to
 confirm that its DirPort is reachable. Please check your firewalls,
 ports, address, /etc/hosts file, etc.
 ---8
 
 Are you running something else on port 80? Like, say, a webserver?

Yes, a small webserver is installed as a hidden service, but is
listening on address 127.0.0.1 only. Connect to the hidden service over
Tor is working perfect.

 ---8
 May 31 11:53:23.284 [debug] connection_dir_client_reached_eof():
 Received response from directory server '*.*.*.*:80': 404 Not found
 May 31 11:53:23.285 [info] connection_dir_client_reached_eof(): Received
 server info (size 0) from server '*.*.*.*:80'
 May 31 11:53:23.285 [info] connection_dir_client_reached_eof(): Received
 http status code 404 (Not found) from server '*.*.*.*:80' while
 fetching  . I'll try again soon.
 ---8

 What does this mean?
 
 It means your Tor client tried to do a self-test on its advertised DirPort
 (port 80 of whatever Address you're advertising), and it didn't get an
 answer it expected. Perhaps something else is listening there instead?

No - port 80 ist 'NATed' to port 9030 and port 443 to 9001 in my
DSL-Router. The advertised DirPort ist 80 but bound to 0.0.0.0:9030 as
you can see in my origin posting ('/etc/tor/torrc').

   WAN [DSL-Router][m0n0wall][Tor/Web server]
  443/80   (NAT)9001/9030  9001/9030

In the m0n0wall-log I can see the request from e.g. 64.34.166.71 to port
9030 of my Tor bridge. But there is no /tor/server/authority.z on the
box and the answer '404' seems to be plausible.

Now, I stopped the webserver for a while, but no change:

May 31 22:53:47.378 [warn] Your server (*.*.*.*:80) has not managed to
confirm that its DirPort is reachable.

This warning comes every 20 minutes.

Re: A root-server for about 30€ for an exitnod e?

[Gitano]

Karsten N. wrote:

 http://www.ovh.de/produkte/isgenug.xml

 This server has only 256MB RAM. It seems very less for a tor server.

That's true, but traffic is unlimited! :)

 My tor servers take 400 - 450MB RAM.

Since I restart Tor on my server (Gypsy2) every midnight, it works fine
with a 'BandwidthRate 1500 KB':

top - 17:59:02 up 37 days, 22:17, 1 user, load average: 0.66, 0.56, 0.55
Mem:245104k total,   241076k used, 4028k free,  492k buffers
Swap:   522104k total,   262492k used,   259612k free,16656k cached
  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND


 3873 debian-t  15   0  377m 194m 8672 S 22.0 81.3 301:48.24 tor

Before it runs out of memory within 48 hours.

Re: A root-server for about 30EUR for an exitnode?

[Gitano]

Olaf Selke wrote:

 http://www.ovh.de/produkte/isgenug.xml

 This server has only 256MB RAM. It seems very less for a tor server.

 That's true, but traffic is unlimited! :)
 
 100 Mbit/s SLA mit 1000 GB Traffic (anschliessend 5 Mbit/s, sobald der
 Grenzwert überschritten wurde)

ODER 100 Mbit/s ohne SLA mit unbegrenztem Traffic (my choice).

Re: Two little questions: Whats to preferr socks4, 4a or 5? And how to setup Tor in a Lan?

[Gitano]

kazaam wrote:

 And can I setup my Tor-Client that every pc in the lan no matter what IP it 
 has, can use it?

Remember:
 https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#CentralAccessServer

It's a better idea, setting up an independent Tor client on every pc for
increasing privacy - IMHO.

Re: Please run a bridge relay!

[Gitano]

Andrew Del Vecchio wrote:

 Gitano, you rock. It finally works without any error messages! Now one
 final thing: It seems that iptables configs are lost when the computer
 is shut down. Can I just add this to /etc/rc.d/rc.local, or should it be
 initiated earlier in the boot sequence given that iptables is kernel
 related?

It depends on the distribution you have installed. Under Debian I put my
script in '/etc/init.d/' and made a softlink in '/etc/rcS.d/' starting
iptables just after 'S40networking'.

Re: Google becomes usefull for us again

[Gitano]

kazaam wrote:

 Normally I'm using ixquick or seekz but I didn't found something I was 
 looking for so I went on to google. Of course there came this message telling 
 me that my question looks like an automated request blabla.., you know what I 
 mean. But what's new to me was the captcha box which was shown and didn't 
 need js or cookies or anything bad. And after typing in the captcha I could 
 proceed.
 
 So I don't know since when google offers this feature, but finally it becomes 
 usefull for privers again :)

Since I use 'http://www.scroogle.org/scraper.html' in front of Google,
I've never seen their CAPTCHAs anymore. :)

Re: Please run a bridge relay!

[Gitano]

Andrew Del Vecchio wrote:

 I got nothing:
 
 Chain PREROUTING (policy ACCEPT)
 target prot opt source   destination

This works well for me:
---
iptables -t nat -F PREROUTING
iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 443 -j REDIRECT
--to-ports 9001
---
iptables -L -nv -t nat
Chain PREROUTING (policy ACCEPT 5080K packets, 266M bytes)
 pkts bytes target prot opt in out source destination
 6543  585K REDIRECT   tcp  --  eth0   *   0.0.0.0/0  0.0.0.0/0
  tcp dpt:443 redir ports 9001

Re: Provider 1blu closed exit node torpaulianer

[Gitano]

marcel wrote:

 AFAIK Strato refused to extend a contract with the CCC, who
 operated a TOR-Exitnode there. they also refused to close a
 new contract with the CCC.

On 2007-12-11 my contract with Strato was extended for another three months.

Re: Provider 1blu closed exit node torpaulianer

[Gitano]

Michael Scheinost wrote:

 I just want to inform you that the german provider 1blu Ag in Berlin
 closed down my tor exit node torpaulianer for violating the contract by
 running malicious software.

Same her on 2007-09-10 (Gypsy).

 So far I didn't had time to answer them on that, but it looks like I
 have to look for another provider.

I got no answer per email.

Strato ist ok, but 'ovh' works better (Gypsy2). :)