Re: Very low performance in CriptolabTORRelays*
Thus spake Daniel Franganillo (dani...@dilmun.ls.fi.upm.es): Our ISP wont say nothing about their filters (It seems to be a Top Secret issue :P). As I said before there's no problem reported at debug.log except for the frequent: [debug] TLS error: unexpected close while reading (SSL_ST_OK) Another way to do this is to try to use Tor as a client. Does that work? Nope. How about using a client with bridges. Do they work? https://www.sesawe.net/Using-Tor-with-Bridges.html Nope. Transfer rates are equally ridiculous. Tried in windows, same. Great! Now we're getting somewhere. Now, your question isn't How do I run a relay at a censored ISP it's Please help me use Tor at a censored ISP. That is a question we are prepared to at least *try* to answer :) Can you access the following page: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/BlockingDiagnostics If it too is blocked, blocked, it is also available via the ssl-encrypted proxy link on ixquick: https://us2.ixquick.com/do/metasearch.pl?q=TheOnionRouter+BlockingDiagnostics Similarly it is in the Google Cache, which is now available over SSL. https://webcache.googleusercontent.com/search?q=cache:wDewL-f-g9gJ:https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/BlockingDiagnostics+cd=1hl=enct=clnkgl=us If you feel you can follow those instructions, can we meet on IRC? Can you access #tor-dev on irc.oftc.net? Port 6697 is SSL, if you suspect keyword filtering too. Specify a time and we can give you a private bridge IP and try to diagnose exactly how your ISP is blocking access to Tor. P.S. The above goes for anyone who knows anyone having trouble *accessing* the Tor network from anywhere else. Please contact me or show up on #tor-dev. We are in desperate need of people inside China to help us with this. So far we have zero people there who can help us diagnose what is going on. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpasY5OZXx1e.pgp Description: PGP signature
Re: Very low performance in CriptolabTORRelays*
On 03.12.2010 08:40, Daniel Franganillo wrote: Well, im not asking for help to run a Tor relay, I did it for more than a year without problems. Im asking for help to gather intel so I can make an statement to our ISP (I work at a Dept. in a univeristy) to unblock Tor. why don't you ask them? Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Help me diagnose my Tor blocked/censored ISP!
Actually, let's break this thread off into a new one with new subject, too. Sorry about the double-post. Just want to make sure this hits the search engines. Thus spake Daniel Franganillo (dani...@dilmun.ls.fi.upm.es): Our ISP wont say nothing about their filters (It seems to be a Top Secret issue :P). As I said before there's no problem reported at debug.log except for the frequent: [debug] TLS error: unexpected close while reading (SSL_ST_OK) Another way to do this is to try to use Tor as a client. Does that work? Nope. How about using a client with bridges. Do they work? https://www.sesawe.net/Using-Tor-with-Bridges.html Nope. Transfer rates are equally ridiculous. Tried in windows, same. Great! Now we're getting somewhere. Now, your question isn't How do I run a relay at a censored ISP it's Please help me use Tor at a censored ISP. That is a question we are prepared to at least *try* to answer :) Can you access the following page: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/BlockingDiagnostics If it too is blocked, blocked, it is also available via the ssl-encrypted proxy link on ixquick: https://us2.ixquick.com/do/metasearch.pl?q=TheOnionRouter+BlockingDiagnostics Similarly it is in the Google Cache, which is now available over SSL. https://webcache.googleusercontent.com/search?q=cache:wDewL-f-g9gJ:https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/BlockingDiagnostics+cd=1hl=enct=clnkgl=us If you feel you can follow those instructions, can we meet on IRC? Can you access #tor-dev on irc.oftc.net? Port 6697 is SSL, if you suspect keyword filtering too. Specify a time and we can give you a private bridge IP and try to diagnose exactly how your ISP is blocking access to Tor. P.S. The above goes for anyone who knows anyone having trouble *accessing* the Tor network from anywhere else. Please contact me or show up on #tor-dev. We are in desperate need of people inside China to help us with this. So far we have zero people there who can help us diagnose what is going on. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgp5os6zu7PZD.pgp Description: PGP signature
strange messages
Hey again: i am getting this new message in forefox: Torbutton Sandbox evaluation failed. Date hooks not applied! Any clues?
Re: Very low performance in CriptolabTORRelays*
El 03/12/10 09:18, Olaf Selke escribió: On 03.12.2010 08:40, Daniel Franganillo wrote: Well, im not asking for help to run a Tor relay, I did it for more than a year without problems. Im asking for help to gather intel so I can make an statement to our ISP (I work at a Dept. in a univeristy) to unblock Tor. why don't you ask them? Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Well, you know, network administrators are one species by themself. My University spent almost 1M€ (yeah, one million) in a network filtering infrastructure and we're still waiting to know *What* they are filtering and *why* (here we make network research and we need to know if something fails and why); that was one year ago... So no, I've not asked for an answer on Do you block TOR?. But I know for certain what they will answer, nothing. Thanks. -- --- Daniel Franganillo Corrales --- e-mail: dani...@dilmun.ls.fi.upm.es --- CriptoLab. Despacho 6305. Facultad de Informática. Campus de Montegancedo S/N Universidad Politécnica de Madrid. Boadilla del Monte. Madrid (Spain) Teléfono - 91 336 (3673) --- smime.p7s Description: S/MIME Cryptographic Signature
Re: Very low performance in CriptolabTORRelays*
Hi, On 03.12.2010 13:12, Olaf Selke wrote: At least my relay holds a couple of connections to Cryptolab. We (torservers) do, too. About the same amount of connections. Moritz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor Portable
I have tried Tor Portable on both Windows XP and Ubuntu. On both platform, the included extension HTTPS-Everywhere does not work at all, ie. no rules for any site like Facebook. Is this behavior expected? Thanks for any answer to my query! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Very low performance in CriptolabTORRelays*
On Dec 3, 2010, at 3:14 AM, Mike Perry wrote: [snip] Nope. Transfer rates are equally ridiculous. Tried in windows, same. [/snip] Out of curiosity, how long are you letting these tests run for? My nodes generally take a full 2 or 3 days to get up to full capacity, and even then, traffic through them has its sporadic highs and lows. But then, I also run nodes on the lower end of the bandwidth scale, so I'm not sure how things compare... ~Justin Aplin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Portable
On Dec 3, 2010, at 8:22 AM, Koh Choon Lin wrote: I have tried Tor Portable on both Windows XP and Ubuntu. On both platform, the included extension HTTPS-Everywhere does not work at all, ie. no rules for any site like Facebook. Is this behavior expected? I see this as well in the 1.3.13 Browser Bundle on Windows XP. Odd. I had wondered if the rulesets were simply hidden so that they couldn't be disabled, but after some testing it was obvious that no rulesets were being applied. The add-on as supplied in the package is completely nonfunctional for me at this point. ~Justin Aplin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Arm Release 1.4.0
Damian Johnson atag...@gmail.com wrote: The lsof command issued by arm [1] is: lsof -nPi | grep process\s*pid.*(ESTABLISHED) I'd be happy to work with you to provide a fix, if you'd like. Once upon a time I tried to use VMs to troubleshoot FreeBSD and Gentoo issues (thus far they're the only platforms to give arm any trouble). However, either VirtualBox, those OSes, or the combination of the two made this a colossal pain in the ass. Trying to wrangle even the most basic functionality out of those systems chewed up dozens of hours so that's definitely *not* a road I'm going down again. What I'll need from you is the following: - A command that, when executed as the tor user, produces connection results filtered to tor's connections. - Example output. tor-jail# uname -or FreeBSD 9.0-CURRENT tor-jail# su -m _tor -c /bin/csh tor-jail# id uid=256(_tor) gid=256(_tor) groups=256(_tor) tor-jail# procstat -f `pgrep tor` | egrep 'TCP|UDP|PID' PID COMM FD T V FLAGSREF OFFSET PRO NAME 3561 tor 4 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:22370 3561 tor 5 s - rw---n-- 2 0 TCP 10.0.0.2:9050 0.0.0.0:0 3561 tor 6 s - rw---n-- 2 0 TCP 10.0.0.2:9040 0.0.0.0:0 3561 tor 7 s - rw---n-- 2 0 UDP 10.0.0.2:53 0.0.0.0:0 3561 tor 8 s - rw---n-- 2 0 TCP 10.0.0.2:9051 0.0.0.0:0 3561 tor14 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:44381 3561 tor15 s - rw---n-- 2 0 TCP 10.0.0.2:33734 [scrubbed]:443 3561 tor16 s - rw---n-- 2 0 TCP 10.0.0.2:47704 [scrubbed]:9001 3561 tor17 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:46343 3561 tor18 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:64196 3561 tor19 s - rw---n-- 2 0 TCP 10.0.0.2:18856 [scrubbed]:443 3561 tor20 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:20385 3561 tor22 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:27541 3561 tor23 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:21877 (Public IP addresses scrubbed) - Be available to test a potential fix. If you're up for that then I'm glad to have the help! Lets take further discussion of this off the list. I don't think this is generally of interest to the rest of the tor community. -Damian It's at least interesting to a part of the rest of the tor community. I intent to try Arm in the future. Are you aware of anyone working on a port? Fabian signature.asc Description: PGP signature
Re: Arm Release 1.4.0
On Fri, 3 Dec 2010, Fabian Keil wrote: - Be available to test a potential fix. If you're up for that then I'm glad to have the help! Lets take further discussion of this off the list. I don't think this is generally of interest to the rest of the tor community. -Damian It's at least interesting to a part of the rest of the tor community. I intent to try Arm in the future. Are you aware of anyone working on a port? I have neither seen a port, nor seen discussion of one... *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Arm Release 1.4.0
Perfect! I'll try to provide a fix for you to test later today or tomorrow. I intent to try Arm in the future. Are you aware of anyone working on a port? Nope. Jesse just finished an ebuild for Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=341731 and I'm working with Peter on a deb. But thus far no one has volunteered to do a bsd port. On Fri, Dec 3, 2010 at 11:34 AM, Fabian Keil freebsd-lis...@fabiankeil.de wrote: Damian Johnson atag...@gmail.com wrote: The lsof command issued by arm [1] is: lsof -nPi | grep process\s*pid.*(ESTABLISHED) I'd be happy to work with you to provide a fix, if you'd like. Once upon a time I tried to use VMs to troubleshoot FreeBSD and Gentoo issues (thus far they're the only platforms to give arm any trouble). However, either VirtualBox, those OSes, or the combination of the two made this a colossal pain in the ass. Trying to wrangle even the most basic functionality out of those systems chewed up dozens of hours so that's definitely *not* a road I'm going down again. What I'll need from you is the following: - A command that, when executed as the tor user, produces connection results filtered to tor's connections. - Example output. tor-jail# uname -or FreeBSD 9.0-CURRENT tor-jail# su -m _tor -c /bin/csh tor-jail# id uid=256(_tor) gid=256(_tor) groups=256(_tor) tor-jail# procstat -f `pgrep tor` | egrep 'TCP|UDP|PID' PID COMM FD T V FLAGS REF OFFSET PRO NAME 3561 tor 4 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:22370 3561 tor 5 s - rw---n-- 2 0 TCP 10.0.0.2:9050 0.0.0.0:0 3561 tor 6 s - rw---n-- 2 0 TCP 10.0.0.2:9040 0.0.0.0:0 3561 tor 7 s - rw---n-- 2 0 UDP 10.0.0.2:53 0.0.0.0:0 3561 tor 8 s - rw---n-- 2 0 TCP 10.0.0.2:9051 0.0.0.0:0 3561 tor 14 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:44381 3561 tor 15 s - rw---n-- 2 0 TCP 10.0.0.2:33734 [scrubbed]:443 3561 tor 16 s - rw---n-- 2 0 TCP 10.0.0.2:47704 [scrubbed]:9001 3561 tor 17 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:46343 3561 tor 18 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:64196 3561 tor 19 s - rw---n-- 2 0 TCP 10.0.0.2:18856 [scrubbed]:443 3561 tor 20 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:20385 3561 tor 22 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:27541 3561 tor 23 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:21877 (Public IP addresses scrubbed) - Be available to test a potential fix. If you're up for that then I'm glad to have the help! Lets take further discussion of this off the list. I don't think this is generally of interest to the rest of the tor community. -Damian It's at least interesting to a part of the rest of the tor community. I intent to try Arm in the future. Are you aware of anyone working on a port? Fabian *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Arm Release 1.4.0
On Fri, Dec 03, 2010 at 08:34:46PM +0100, Fabian Keil wrote: Damian Johnson atag...@gmail.com wrote: The lsof command issued by arm [1] is: lsof -nPi | grep process\s*pid.*(ESTABLISHED) What I'll need from you is the following: - A command that, when executed as the tor user, produces connection results filtered to tor's connections. - Example output. tor-jail# uname -or FreeBSD 9.0-CURRENT tor-jail# su -m _tor -c /bin/csh tor-jail# id uid=256(_tor) gid=256(_tor) groups=256(_tor) tor-jail# procstat -f `pgrep tor` | egrep 'TCP|UDP|PID' PID COMM FD T V FLAGSREF OFFSET PRO NAME 3561 tor 4 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:22370 3561 tor 5 s - rw---n-- 2 0 TCP 10.0.0.2:9050 0.0.0.0:0 3561 tor 6 s - rw---n-- 2 0 TCP 10.0.0.2:9040 0.0.0.0:0 3561 tor 7 s - rw---n-- 2 0 UDP 10.0.0.2:53 0.0.0.0:0 3561 tor 8 s - rw---n-- 2 0 TCP 10.0.0.2:9051 0.0.0.0:0 3561 tor14 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:44381 3561 tor15 s - rw---n-- 2 0 TCP 10.0.0.2:33734 [scrubbed]:443 3561 tor16 s - rw---n-- 2 0 TCP 10.0.0.2:47704 [scrubbed]:9001 3561 tor17 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:46343 3561 tor18 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:64196 3561 tor19 s - rw---n-- 2 0 TCP 10.0.0.2:18856 [scrubbed]:443 3561 tor20 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:20385 3561 tor22 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:27541 3561 tor23 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:21877 (Public IP addresses scrubbed) Sorry for jumping in , but please notice the above command might not not work on all versions of FBSD, at least it doesn't on a 7-Stable jail. Maybe the following just produces a similar sufficient output: _...@ato# id uid=256(_tor) gid=256(_tor) groups=256(_tor) _...@ato# sockstat -4 | grep tor _tor tor4397 7 tcp4 172.27.72.202:9050*:* _tor tor4397 8 udp4 172.27.72.202:53 *:* _tor tor4397 9 tcp4 172.27.72.202:9051*:* _tor tor4397 12 tcp4 172.27.72.202:54011 [scrubbed]:9001 _tor tor4397 15 tcp4 172.27.72.202:59374 [scrubbed]:9001 _tor tor4397 19 tcp4 172.27.72.202:59673 [scrubbed]:9001 _tor tor4397 20 tcp4 172.27.72.202:51946 [scrubbed]:443 _tor tor4397 22 tcp4 172.27.72.202:60344 [scrubbed]:9001 for *not* displaying listening ports just use _...@ato# sockstat -4 | grep tor| sed '/\*/d' _tor tor4397 4 tcp4 172.27.72.202:52420 [scrubbed]:443 _tor tor4397 12 tcp4 172.27.72.202:54011 [scrubbed]:9001 _tor tor4397 13 tcp4 172.27.72.202:51736 [scrubbed]:443 - Be available to test a potential fix. If you're up for that then I'm glad to have the help! Lets take further discussion of this off the list. I don't think this is generally of interest to the rest of the tor community. -Damian It's at least interesting to a part of the rest of the tor community. It certainly is ! Fabian *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Arm Release 1.4.0
On Fri, 3 Dec 2010, Hans Schnehl wrote: Sorry for jumping in , but please notice the above command might not not work on all versions of FBSD, at least it doesn't on a 7-Stable jail. Maybe the following just produces a similar sufficient output: _...@ato# id uid=256(_tor) gid=256(_tor) groups=256(_tor) _...@ato# sockstat -4 | grep tor _tor tor4397 7 tcp4 172.27.72.202:9050*:* _tor tor4397 8 udp4 172.27.72.202:53 *:* _tor tor4397 9 tcp4 172.27.72.202:9051*:* _tor tor4397 12 tcp4 172.27.72.202:54011 [scrubbed]:9001 _tor tor4397 15 tcp4 172.27.72.202:59374 [scrubbed]:9001 _tor tor4397 19 tcp4 172.27.72.202:59673 [scrubbed]:9001 _tor tor4397 20 tcp4 172.27.72.202:51946 [scrubbed]:443 _tor tor4397 22 tcp4 172.27.72.202:60344 [scrubbed]:9001 for *not* displaying listening ports just use _...@ato# sockstat -4 | grep tor| sed '/\*/d' _tor tor4397 4 tcp4 172.27.72.202:52420 [scrubbed]:443 _tor tor4397 12 tcp4 172.27.72.202:54011 [scrubbed]:9001 _tor tor4397 13 tcp4 172.27.72.202:51736 [scrubbed]:443 Wait, so the method detailed here: http://lists.freebsd.org/pipermail/freebsd-questions/2007-November/162970.html specifically: ps -Al after polling for lsof and a foreach loop, doesn't work ? I know it's not elegant, but it appeared to me that: lsof + ps -Al would work ... especially if the system in question is doing little (or nothing) other than Tor ... *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Arm Release 1.4.0
On Fri, Dec 03, 2010 at 09:35:39PM +, John Case wrote: On Fri, 3 Dec 2010, Hans Schnehl wrote: Sorry for jumping in , but please notice the above command might not not work on all versions of FBSD, at least it doesn't on a 7-Stable jail. Not working refers to Fabian's use of procstat. Maybe the following just produces a similar sufficient output: _...@ato# id uid=256(_tor) gid=256(_tor) groups=256(_tor) _...@ato# sockstat -4 | grep tor _tor tor4397 7 tcp4 172.27.72.202:9050*:* _tor tor4397 8 udp4 172.27.72.202:53 *:* _tor tor4397 9 tcp4 172.27.72.202:9051*:* _tor tor4397 12 tcp4 172.27.72.202:54011 [scrubbed]:9001 _tor tor4397 15 tcp4 172.27.72.202:59374 [scrubbed]:9001 _tor tor4397 19 tcp4 172.27.72.202:59673 [scrubbed]:9001 _tor tor4397 20 tcp4 172.27.72.202:51946 [scrubbed]:443 _tor tor4397 22 tcp4 172.27.72.202:60344 [scrubbed]:9001 for *not* displaying listening ports just use _...@ato# sockstat -4 | grep tor| sed '/\*/d' _tor tor4397 4 tcp4 172.27.72.202:52420 [scrubbed]:443 _tor tor4397 12 tcp4 172.27.72.202:54011 [scrubbed]:9001 _tor tor4397 13 tcp4 172.27.72.202:51736 [scrubbed]:443 Wait, so the method detailed here: http://lists.freebsd.org/pipermail/freebsd-questions/2007-November/162970.html specifically: ps -Al after polling for lsof and a foreach loop, doesn't work ? I know it's not elegant, but it appeared to me that: lsof + ps -Al would work ... especially if the system in question is doing little (or nothing) other than Tor ... I suppose it would, but some (like me) tend to run tor in rather minimal jails. lsof isn't exactly a small application, so it might just make sense using the base system's sockstat. At least that was the idea. Up to the one porting arm to FBSD, I guess. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Arm Release 1.4.0
On Fri, 3 Dec 2010, Hans Schnehl wrote: specifically: ps -Al after polling for lsof and a foreach loop, doesn't work ? I know it's not elegant, but it appeared to me that: lsof + ps -Al would work ... especially if the system in question is doing little (or nothing) other than Tor ... I suppose it would, but some (like me) tend to run tor in rather minimal jails. lsof isn't exactly a small application, so it might just make sense using the base system's sockstat. At least that was the idea. Ok, I agree with that sentiment - I always run Tor in a jail and would like to not be required to install lsof. However if lsof is the only way to do it right, I will accept that in order to run Arm... Thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
[notice] Circuit build measurement period of 218915ms is more than twice the maximum build time we have ever observed. Capping it to 152350ms.
I have the above record in '/var/tor/log' on my exit-node. What it can mean?! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/