Re: [tor-talk] Can't perform self-tests for this relay: we have listed ourself in ExcludeNodes, and StrictNodes is set. We cannot learn whether we are usable, and will not be able to advertise ourself

[Udo van den Heuvel]

Hello,

On 28-06-2021 19:31, Udo van den Heuvel wrote:

What is the issue here? (not blatant misconfiguration I guess)


Even when commenting the single ExcludeNodes line out, the message stays 
the same after a restart.


Kind regards,
Udo
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Can't perform self-tests for this relay: we have listed ourself in ExcludeNodes, and StrictNodes is set. We cannot learn whether we are usable, and will not be able to advertise ourself.

[Udo van den Heuvel]

Hello,

I guess since updating to tor-0.4.6.5-0.fc34.x86_64 I get a load of 
messages like in the subject, even though my IP is not in ExcludeNodes 
and even though I did not change the config for a few weeks at least.


What is the issue here? (not blatant misconfiguration I guess)


Kind regards,
Udo


SocksPort 127.0.0.1:9050 # Default: Bind to localhost:9050 for local 
connections.


Log notice file /var/log/tor/notices.log

RunAsDaemon 1

DataDirectory /var/lib/tor

ControlPort 9051
HashedControlPassword 16:1234

Address p1ndarots.xs4all.nl

Nickname 1d1dntedith3conf1g

ContactInfo Random Person b...@bloep.krom

ORPort 9001 IPv4Only

DirPort 9030 IPv4Only # what port to advertise for directory connections


GeoIPExcludeUnknown 1

ExcludeNodes 
default,Unnamed,{ae},{af},{ag},{ao},{az},{ba},{bb},{bd},{bh},{bi},{bn},{bt},{bw},{by},{cd},{cf},{cg},{ci},{ck},{cm},{cn},{cu},{cy},{dj},{dm},{dz},{eg},{er},{et},{fj},{ga},{gd},{gh},{gm},{gn},{gq},{gy},{hr},{ht},{id},{in},{iq},{ir},{jm},{jo},{ke},{kg},{kh},{ki},{km},{kn},{kp},{kw},{kz},{la},{lb},{lc},{lk},{lr},{ly},{ma},{me},{mk},{ml},{mm},{mr},{mu},{mv},{mw},{my},{na},{ng},{om},{pg},{ph},{pk},{ps},{qa},{rs},{ru},{rw},{sa},{sb},{sd},{sg},{si},{sl},{sn},{so},{st},{sy},{sz},{td},{tg},{th},{tj},{tm},{tn},{to},{tr},{tt},{tv},{tz},{ug},{uz},{vc},{ve},{vn},{ws},{ye},{zm},{zw},{??}


ExcludeExitNodes 
default,Unnamed,{ae},{af},{ag},{ao},{az},{ba},{bb},{bd},{bh},{bi},{bn},{bt},{bw},{by},{cd},{cf},{cg},{ci},{ck},{cm},{cn},{cu},{cy},{dj},{dm},{dz},{eg},{er},{et},{fj},{ga},{gd},{gh},{gm},{gn},{gq},{gy},{hr},{ht},{id},{in},{iq},{ir},{jm},{jo},{ke},{kg},{kh},{ki},{km},{kn},{kp},{kw},{kz},{la},{lb},{lc},{lk},{lr},{ly},{ma},{me},{mk},{ml},{mm},{mr},{mu},{mv},{mw},{my},{na},{ng},{om},{pg},{ph},{pk},{ps},{qa},{rs},{ru},{rw},{sa},{sb},{sd},{sg},{si},{sl},{sn},{so},{st},{sy},{sz},{td},{tg},{th},{tj},{tm},{tn},{to},{tr},{tt},{tv},{tz},{ug},{uz},{vc},{ve},{vn},{ws},{ye},{zm},{zw},{??}


LongLivedPorts 
21,22,80,110,143,443,706,993,1863,5050,5190,5222,5223,6523,6667,6697,8080,8300,8443,9001,9030


MaxMemInQueues 1024 MB

BandwidthRate 1132 KB
BandwidthBurst 1536 KB
MaxAdvertisedBandwidth 999 KB


AccountingStart day 12:21
AccountingMax 99 GB

DisableAllSwap 1

User _tor

ServerDNSResolvConfFile /etc/tor/resolv.conf


ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed
ServerTransportListenAddr obfs4 82.161.210.87:1494
ExtORPort auto

Strictnodes 1

PidFile /run/tor/tor.pid

(ExitPolicy Reject list omitted)
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] 0.4.0.5

[Udo van den Heuvel]

On 04-05-19 16:22, Iain Learmonth wrote:
>> How to find that source code via the 'new' website? (some time has
>> passed but did anybody take action after the feedback posted here?)
> 
> The source code can be downloaded from:
> 
> https://www.torproject.org/download/tor/

Yes, it is on the website.
But how to find it, when we start at https://www.torproject.org/ ?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] 0.4.0.5

[Udo van den Heuvel]

Hello,

At https://2019.www.torproject.org/download/download.html.en I found
that tor (not the browser) 0.4.0.5 is available...
How to find that source code via the 'new' website? (some time has
passed but did anybody take action after the feedback posted here?)

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Nice to meet you! / WhatsApp by Tor?

[Udo van den Heuvel]

On 16-04-19 17:48, GTI .H wrote:
> I want to use Tor to hide the origin IP in WhatsApp. I already have a

Whatsap is aowned by/affiliated with Mark Zuckerberg's Fakebook.
I'd avoid it.

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] tor project website change

[Udo van den Heuvel]

On 06-04-19 11:10, Anders Andersson wrote:
> Today every website looks like an advertisement meant to be viewed in
> the couch on your iPad, carefully planned so that you have to scroll
> through the content. 

A bit of time has passed since the feedback on the 'new' torproject website.
It appears nothing has changed there

What is the plan here?
Should we accept changes as this one as 'normal'?


Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] tor project website change

[Udo van den Heuvel]

On 27-03-19 18:46, Mirimir wrote:
> Yes, the Tor Project site has increasingly focused on Tor browser.

I see.
Is that helping tor?
It looks like the website maintainers do not understand tor well enough.

Udo

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] tor project website change

[Udo van den Heuvel]

On 27-03-19 18:23, Udo van den Heuvel wrote:
> Via the FAQ link I got to (in order) these and finally found a tor
> download link:
> 
> https://2019.www.torproject.org/docs/trademark-faq
> https://2019.www.torproject.org/projects/projects.html.en
> https://2019.www.torproject.org/docs/documentation.html.en
> https://2019.www.torproject.org/download/download-easy.html.en

at

https://2019.www.torproject.org/download/download.html.en

Udo

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] tor project website change

[Udo van den Heuvel]

Via the FAQ link I got to (in order) these and finally found a tor
download link:

https://2019.www.torproject.org/docs/trademark-faq
https://2019.www.torproject.org/projects/projects.html.en
https://2019.www.torproject.org/docs/documentation.html.en
https://2019.www.torproject.org/download/download-easy.html.en


Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] tor project website change

[Udo van den Heuvel]

Check the text at https://support.torproject.org/#gettor

 How do I download Tor if the torproject.org is blocked?

If you can't download Tor through our website, you can get a copy of Tor
delivered to you via GetTor. GetTor is a service that automatically
responds to messages with links to the latest version of Tor Browser,
hosted at a variety of locations that are less likely to be censored,
such as Dropbox, Google Drive, and GitHub.


Tor != tor browser.

Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] tor project website change

[Udo van den Heuvel]

On 27-03-19 17:46, Matthew Finkel wrote:
> The website design started at least 6 years ago, if not longer. Multiple
> people worked on it and made it possible. The new website provides a
> more welcoming interface, in particular for new users. Now the page is
> concise and provides links for exactly the version a user likely needs.
> If the user needs/wants another version (in another language or if they
> want the Alpha version), then they are contained on a subsequent page.
> People don't want too many options, they simply want the correct/best
> option. This new design provides this for them.

The new design does provide nothing for me:
As I described I used to find tor source code on there.
Now there is a 'new' interface that only tries to `sell` tor-browser to me.
There is no other choice there than tor-browser.
There is no link there to the tor source code.
There is no reference anywhere on the https://www.torproject.org site to
that source code that I could find after being confronted with this
'new' interface.
Not even tor.torproject.org (which would be logical, looking at websites
for other software on torproject.org) exists.
So can you please understand the frustration that you have started to
cause with this `new` interface?

I am a user, but do NOT think the new website (that particular page
especially) is more welcoming, nor concise and it does not provide links
for exactly the version this user needs.
The old interface on that page was small, simple and direct.
Why was there no difference made between the tor binary/source and the
tor browser binaries?
I do think this is a huge error.

Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] tor project website change

[Udo van den Heuvel]

Hello,

Who changed the web content at https://www.torproject.org/download/ ?
Previously I could relatively easily check for the latest tor version
but now I get only a number of tor browser options in a page that is way
too big for what it offers. (and I use a 4K screen)
Why was this done? What purpose does it serve for tor? (not the browser)
And where is one supposed to find the tor download page from that (now)
tor browser page?

Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] bug in tor 0.3.4.8?

[Udo van den Heuvel]

On 06-10-18 01:43, Nick Mathewson wrote:

What can I do to help fix the issue?


If this is easily reproducible, and you can build from source, using
"git bisect" to find the first version that caused it would be very
helpful.  Do you want more info on how to do that?


0.3.5.3-alpha has an issue very much like the original issue I reported 
here, despite being patched for that.
The OoM situations appear to have been fixed but I need more time to be 
sure.


Udo


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] bug in tor 0.3.4.8?

[Udo van den Heuvel]

On 17/09/2018 17:46, David Goulet wrote:

Quickly like that, I can't tell you why this is happening or any workaround
you could do so keep an eye on the ticket. If this is an 0.3.4.x regression,
we'll find it quickly.


Issue is still happening, with just port 22 and 53 open.
What can I do to help fix the issue?

Udo

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] bug in tor 0.3.4.8?

[Udo van den Heuvel]

On 15/09/2018 18:14, Udo van den Heuvel wrote:

I find a load of these bug mentions in the notices log.


It happened again.
Any devs reading here?

Kind regards,
Udo
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] bug in tor 0.3.4.8?

[Udo van den Heuvel]

Hello,

I find a load of these bug mentions in the notices log.
I run tor-0.3.4.8-0.fc28.x86_64.
What now?


Sep 15 16:05:03.000 [notice] New control connection opened from 127.0.0.1.
Sep 15 16:06:26.000 [warn] tor_bug_occurred_(): Bug: src/or/main.c:1044: 
conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn)) 
failed. (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: Non-fatal assertion 
!(connection_is_writing(conn)) failed in conn_close_if_marked at 
src/or/main.c:1044. Stack trace: (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(log_backtrace+0x47) 
[0x55727ae152e7] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(tor_bug_occurred_+0xbd) 
[0x55727ae307ad] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(+0x51b18) 
[0x55727acdbb18] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /lib64/libevent-2.1.so.6(+0x235b1) 
[0x7fb01de555b1] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: 
/lib64/libevent-2.1.so.6(event_base_loop+0x537) [0x7fb01de55d47] (on Tor 
0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(do_main_loop+0x209) 
[0x55727acde149] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(tor_run_main+0x1015) 
[0x55727ace0835] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(tor_main+0x3e) 
[0x55727acd868e] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(main+0x1d) 
[0x55727acd841d] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: 
/lib64/libc.so.6(__libc_start_main+0xeb) [0x7fb01c3d611b] (on Tor 
0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(_start+0x2a) 
[0x55727acd847a] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] tor_bug_occurred_(): Bug: src/or/main.c:1044: 
conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn)) 
failed. (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: Non-fatal assertion 
!(connection_is_writing(conn)) failed in conn_close_if_marked at 
src/or/main.c:1044. Stack trace: (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(log_backtrace+0x47) 
[0x55727ae152e7] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(tor_bug_occurred_+0xbd) 
[0x55727ae307ad] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(+0x51b18) 
[0x55727acdbb18] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /lib64/libevent-2.1.so.6(+0x235b1) 
[0x7fb01de555b1] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: 
/lib64/libevent-2.1.so.6(event_base_loop+0x537) [0x7fb01de55d47] (on Tor 
0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(do_main_loop+0x209) 
[0x55727acde149] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(tor_run_main+0x1015) 
[0x55727ace0835] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(tor_main+0x3e) 
[0x55727acd868e] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(main+0x1d) 
[0x55727acd841d] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: 
/lib64/libc.so.6(__libc_start_main+0xeb) [0x7fb01c3d611b] (on Tor 
0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(_start+0x2a) 
[0x55727acd847a] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] tor_bug_occurred_(): Bug: src/or/main.c:1044: 
conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn)) 
failed. (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: Non-fatal assertion 
!(connection_is_writing(conn)) failed in conn_close_if_marked at 
src/or/main.c:1044. Stack trace: (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(log_backtrace+0x47) 
[0x55727ae152e7] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(tor_bug_occurred_+0xbd) 
[0x55727ae307ad] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(+0x51b18) 
[0x55727acdbb18] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /lib64/libevent-2.1.so.6(+0x235b1) 
[0x7fb01de555b1] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: 
/lib64/libevent-2.1.so.6(event_base_loop+0x537) [0x7fb01de55d47] (on Tor 
0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(do_main_loop+0x209) 
[0x55727acde149] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(tor_run_main+0x1015) 
[0x55727ace0835] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(tor_main+0x3e) 
[0x55727acd868e] (on Tor 0.3.4.8 da95b91355248ad8)
Sep 15 16:06:26.000 [warn] Bug: /usr/bin/tor(main+0x1d) 

Re: [tor-talk] exit ports to open in relay *without* issue...

[Udo van den Heuvel]

On 07-09-18 15:17, Nathaniel Suchy wrote:
This is something you need to talk to your ISP about. Communicate with 
them and see if they can work something out.


The ISP whitelisted my IP in their quarantine system to avoid this issue 
next time.

This solves only the local part of the issue, though.

Udo
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] exit ports to open in relay *without* issue...

[Udo van den Heuvel]

On 07-09-18 15:10, Nathaniel Suchy wrote:

Talk to your ISP about what Tor is and ask them to disable the virus filter
on your account.


Thanks..
But local ISP is only one side.
The virus stuff goes somewhere and will also be detected elsewhere.
Then mail will be blacklisted (because a virus does not send mail!?), etc.

This will impact the usability of my internet connection.

How to avoid this *and* still allow some exit?

Udo
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] exit ports to open in relay *without* issue...

[Udo van den Heuvel]

Hello,

In the past I opened up some 'innocent' exit ports and after a while my 
ISP detected a Windows virus of some sorts from my IP('s).

So I went to relay only and that problem was fixed.

Then I thought I was `smart` and opened just a few ports that (normally) 
carry SSL-protected connections.
Same thing happened, the ISP detected some (other) virus activity after 
a while.


As I do not run Windows at all, these virus detections must come via the 
tor exit ports.


Is there a 'safe' choice in this that will not trigger virus activity?
Of course the normal SSL-protected traffic does not mean the virus will 
do the same...

So what can I do besides run non-exit?

Udo
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] torjail - run programs in tor network namespace

[Udo van den Heuvel]

On 27-07-18 16:17, Mirimir wrote:

But can we use a network namespace to separate it a bit more?



Well, you could run tor inside "vpnjail" ;)


Thanks for the tip, looks very usable.
To integrate with systemd I found the discussion at 
https://github.com/systemd/systemd/issues/2741
But that one does not show where or how to setup the actual networking 
in the namespace. Or am I missing something here?
The vpnjail commands work fine but they need to run -too- in systemd 
setting up the namespace.


Udo


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] torjail - run programs in tor network namespace

[Udo van den Heuvel]

On 24-07-18 16:58, lesion wrote:

On Tue, Jul 24, 2018 at 02:51:36PM +0200, Udo van den Heuvel wrote:

On 23-07-18 09:51, bic wrote:

I want to share a project made in _to hacklab.

https://github.com/torjail/torjail


Very interesting!!
Would it make sense to run tor itself also in such an environment?
If so: any examples?


You cannot run tor inside torjail.


Sure!
But can we use a network namespace to separate it a bit more?

Kind regards,
Udo
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] torjail - run programs in tor network namespace

[Udo van den Heuvel]

On 23-07-18 09:51, bic wrote:

I want to share a project made in _to hacklab.

https://github.com/torjail/torjail


Very interesting!!
Would it make sense to run tor itself also in such an environment?
If so: any examples?

Kind regards,
Udo
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] starting tor using systemd, readiness issue

[Udo van den Heuvel]

On 10-05-18 11:34, Udo van den Heuvel wrote:
> Of course without systemd things work better: I can start tor from the
> commandline without problems.

That issue was fixed but the same box shows stuff like this in the messages:

systemd[1]: tor-master.service: Unit cannot be reloaded because it is
inactive.

About every 24 hours.

Why is systemd reloading service files? (units?) (normally, after edits,
one has to manually do a daemon-reload (!) (not just a re-read of one
service)
Why is it doing something with a disabled service?
Why does it have to complain about that?

Or should I simply remove all references to tor-master.service from
tor.service?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] starting tor using systemd, readiness issue

[Udo van den Heuvel]

On 10-05-18 11:34, Udo van den Heuvel wrote:
> May 10 11:20:56.000 [notice] Bootstrapped 0%: Starting
> May 10 11:21:25.000 [notice] Starting with guard context "default"
> May 10 11:21:25.000 [notice] Bootstrapped 80%: Connecting to the Tor network
> May 10 11:21:25.000 [notice] Signaled readiness to systemd
> May 10 11:21:25.000 [notice] Interrupt: we have stopped accepting new
> connections, and will shut down in 30 seconds. Interrupt again to exit now.
> May 10 11:21:59.000 [notice] Tor 0.3.2.10 (git-31cc63deb69db819) opening
> log file.
> (etc)
> 
> So tor communicates readines to systemd but still they think tor is not
> starting OK.
> How can I fix this?

TimeoutStartSec=60 in tor.service helps; starting tor works again.
But is that the correct solution?
Can't tor signal readiness sooner?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] starting tor using systemd, readiness issue

[Udo van den Heuvel]

Hello,

As I moved the firewall box to a UPS, upon startup I noticed an issue
with tor: it was being started over and over again by systemd.
The log has stuff like:

May 10 11:20:53.000 [notice] Tor 0.3.2.10 (git-31cc63deb69db819) opening
log file.
May 10 11:20:53.869 [warn] OpenSSL version from headers does not match
the version we're running with. If you get weird crashes, that might be
why. (Compiled with 1010007f: OpenSSL 1.1.0g-fips  2 Nov 2017; r
unning with 1010008f: OpenSSL 1.1.0h-fips  27 Mar 2018).
May 10 11:20:53.945 [notice] Tor 0.3.2.10 (git-31cc63deb69db819) running
on Linux with Libevent 2.0.22-stable, OpenSSL 1.1.0h-fips, Zlib 1.2.11,
Liblzma 5.2.3, and Libzstd 1.3.4.
May 10 11:20:53.945 [notice] Tor can't help you if you use it wrong!
Learn how to be safe at https://www.torproject.org/download/download#warning
May 10 11:20:53.945 [notice] Read configuration file
"/usr/share/tor/defaults-torrc".
May 10 11:20:53.945 [notice] Read configuration file "/etc/tor/torrc".
May 10 11:20:53.954 [warn] You have asked to exclude certain relays from
all positions in your circuits. Expect hidden services and other Tor
features to be broken in unpredictable ways.
May 10 11:20:53.955 [notice] Scheduler type KIST has been enabled.
May 10 11:20:53.955 [notice] Opening Socks listener on 127.0.0.1:9050
May 10 11:20:53.955 [notice] Opening Control listener on 127.0.0.1:9051
May 10 11:20:53.955 [notice] Opening OR listener on 0.0.0.0:9001
May 10 11:20:53.955 [notice] Opening Extended OR listener on 127.0.0.1:0
May 10 11:20:53.955 [notice] Extended OR listener listening on port 44271.
May 10 11:20:53.955 [notice] Opening Directory listener on 0.0.0.0:9030
May 10 11:20:55.000 [notice] Your Tor server's identity key fingerprint
is 'x'
May 10 11:20:55.000 [notice] Configured hibernation.  This interval
began at 2018-05-09 12:21:00; the scheduled wake-up time was 2018-05-09
12:21:00; we expect to exhaust our quota for this interval around 2
018-05-10 12:21:00; the next interval begins at 2018-05-10 12:21:00 (all
times local)
May 10 11:20:55.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
May 10 11:20:56.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
May 10 11:20:56.000 [notice] Configured to measure statistics. Look for
the *-stats files that will first be written to the data directory in 24
hours from now.
May 10 11:20:56.000 [notice] Bootstrapped 0%: Starting
May 10 11:21:25.000 [notice] Starting with guard context "default"
May 10 11:21:25.000 [notice] Bootstrapped 80%: Connecting to the Tor network
May 10 11:21:25.000 [notice] Signaled readiness to systemd
May 10 11:21:25.000 [notice] Interrupt: we have stopped accepting new
connections, and will shut down in 30 seconds. Interrupt again to exit now.
May 10 11:21:59.000 [notice] Tor 0.3.2.10 (git-31cc63deb69db819) opening
log file.
(etc)

So tor communicates readines to systemd but still they think tor is not
starting OK.
How can I fix this?

Of course without systemd things work better: I can start tor from the
commandline without problems.


Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] starting tor with the default service file...

[Udo van den Heuvel]

On 12-03-18 17:41, nusenu wrote:
> your logs hint towards non-"basic" configuration items (i.e. extended OR).

SocksPort 127.0.0.1:9050
Log notice file /var/log/tor/notices.log
RunAsDaemon 1
DataDirectory /var/lib/tor
ControlPort 9051
HashedControlPassword
16:95A7D8C558E41A556QF4D65351CEAA8D959DQA73B295B1AA45EDE0A507
Address xxx
Nickname 1d1dnt2d1th3c1nf1g

ContactInfo Random Person 
ORPort 9001
DirPort 9030 # what port to advertise for directory connections

ExitPolicy reject *:* # middleman only -- no exits allowed

ExitRelay 1
MaxMemInQueues 1024 MB
BandwidthRate 1024 KB
BandwidthBurst 1536 KB
MaxAdvertisedBandwidth 999 KB

AccountingStart day 12:21
AccountingMax 99 GB

DisableAllSwap 1

User _tor

ServerDNSResolvConfFile /etc/tor/resolv.conf

ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed
ServerTransportListenAddr obfs4 1.2.3.4:1494
ExtORPort auto

ExcludeNodes {cn},{hk},{mo},{kp},{ir},{sy},{pk},{cu},{vn}
Strictnodes 1

> Maybe it is best to ask what you are trying to achieve.

Nothing special? I don't gather what is extended or here in the config?



Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] starting tor with the default service file...

[Udo van den Heuvel]

On 12-03-18 09:34, nusenu wrote:
>>> I recommend you use the service file shipped by fedora's tor package.
>>
>> That service file needs the same capabilities addition...
> 
> If you want, I can look into this but I will need some more information:
> * how do you install tor from what source (dnf install tor?)

I used the tor-0.3.2.10 source from the torproject site.
I sued the spec and assorted source files from the src.rpm.
I changed the user/group to _tor and built the rpm, then installed.

> * what version do you use

See above.

> * your torrc configuration file

Basic non-exit config, not even a hidden service.

> * how do you start tor

systemct start tor
Recently (due to teh Fedora src rpm) I also noticed there is a
tor-master service as well but I not yet understand the interaction.

> * how does it fail if you do not modify the service file 
> (you did include the logs in your first email)

Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.049 [notice] Tor
0.3.2.10 (git-31cc63deb69db819) running on Linux with Libevent
2.0.22-stable, OpenSSL 1.1.0g-fips, Zlib 1.2.11, Liblzma 5.2.3, and Libzst
d 1.3.3.
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.049 [notice] Tor can't
help you if you use it wrong! Learn how to be safe at
https://www.torproject.org/download/download#warning
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.049 [notice] Read
configuration file "/usr/share/tor/defaults-torrc".
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.049 [notice] Read
configuration file "/etc/tor/torrc".
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.059 [warn] You have
asked to exclude certain relays from all positions in your circuits.
Expect hidden services and other Tor features to be broken in unp
redictable ways.
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.060 [notice] Scheduler
type KIST has been enabled.
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.060 [notice] Opening
Socks listener on 127.0.0.1:9050
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.060 [notice] Opening
Control listener on 127.0.0.1:9051
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.060 [notice] Opening OR
listener on 0.0.0.0:9001
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.060 [notice] Opening
Extended OR listener on 127.0.0.1:0
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.060 [notice] Extended OR
listener listening on port 38367.
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.060 [notice] Opening
Directory listener on 0.0.0.0:9030
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.060 [warn] You appear to
lack permissions to change memory limits. Are you root?
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.060 [warn] Unable to
raise RLIMIT_MEMLOCK: Operation not permitted
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.060 [notice] Unable to
lock all current and future memory pages: Cannot allocate memory
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.061 [warn] Failed to
parse/validate config: DisableAllSwap failure. Do you have proper
permissions?
Mar 12 06:58:20 bla tor[28248]: Mar 12 06:58:20.061 [err] Reading config
failed--see warnings above.
Mar 12 06:58:20 bla systemd[1]: Failed to start Anonymizing overlay
network for TCP.
Mar 12 06:58:20 bla systemd[1]: tor.service: Failed with result 'protocol'.

> ..but you probably will not need anything from tor-master.service directly.
> Just use tor.service or in a mutli-instance case: tor@.service

OK, that helps!

Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] starting tor with the default service file...

[Udo van den Heuvel]

On 11-03-18 10:54, nusenu wrote:
>> When trying to start tor using the default service file
>> contrib/dist/tor.service on a Fedora 26 system with kernel.org kernel we
>> see a failure to start:
> 
> I recommend you use the service file shipped by fedora's tor package.

That service file needs the same capabilities addition...

How does the tor/tor-master service thing work?
It is not clear from the service file.

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4proxy and ports < 1024

[Udo van den Heuvel]

On 11-03-18 14:16, kact...@gnu.org wrote:
> 
> [2018-03-11 09:49] Udo van den Heuvel <udo...@xs4all.nl>
>> On a new x86_64 firewall I notice that a freshly built obfs4proxy does
>> not want to bind to a port below 1024 and becomes defunct.
>> A port > 1024 works OK.
>> How do I make things work for ports below 1024?
> 
> Wild guess. You are aware, that port < 1024 are so-called privilleged
> ports, and require root to open (at least with Linux), do not you?

I am aware of the difference.
Things did work on the old (firewall) box.
Things now appear different.
User root starts the thing but of course the tor user is used for normal
operation...

Udo


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] starting tor with the default service file...

[Udo van den Heuvel]

On 11-03-18 10:54, nusenu wrote:
>> When trying to start tor using the default service file
>> contrib/dist/tor.service on a Fedora 26 system with kernel.org kernel we
>> see a failure to start:
> 
> I recommend you use the service file shipped by fedora's tor package.

Thanks...

I found out that adding CAP_SYS_RESOURCE helps starting tor.

Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] starting tor with the default service file...

[Udo van den Heuvel]

Hello,

When trying to start tor using the default service file
contrib/dist/tor.service on a Fedora 26 system with kernel.org kernel we
see a failure to start:

Mar 11 10:40:16.297 [warn] You appear to lack permissions to change
memory limits. Are you root?
Mar 11 10:40:16.297 [warn] Unable to raise RLIMIT_MEMLOCK: Operation not
permitted
Mar 11 10:40:16.298 [notice] Unable to lock all current and future
memory pages: Cannot allocate memory
Mar 11 10:40:16.298 [warn] Failed to parse/validate config:
DisableAllSwap failure. Do you have proper permissions?
Mar 11 10:40:16.298 [err] Reading config failed--see warnings above.

This part of the service file might be relevant:

# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE

How to fix this issue? How do I add the permissions for RLIMIT_MEMLOCK?
Locking memory pages? Disabling swap?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] obfs4proxy and ports < 1024

[Udo van den Heuvel]

Hello,

On a new x86_64 firewall I notice that a freshly built obfs4proxy does
not want to bind to a port below 1024 and becomes defunct.
A port > 1024 works OK.
How do I make things work for ports below 1024?
(this works OK on the 32-bit old firewall)

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] notices.log does not appear anymore

[Udo van den Heuvel]

Hello,

After migration to a fresh new box, tor runs but does not create
/var/log/tor/notices.log anymore.
Config was unchanged.
Permissions on /var/log/tor appear OK.

How can I fix this?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] [warn] assign_to_cpuworker failed. Ignoring.

[Udo van den Heuvel]

Hello,

This is not the first occurrence of this warning.
Even shortly after restarting it reappeared.
What does `[warn] assign_to_cpuworker failed. Ignoring.` mean?
Why does this happen?
How can we avoid it?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] tor 0.3.0.9 release notes

[Udo van den Heuvel]

On 22-07-17 17:25, krishna e bera wrote:
> On 22/07/17 08:14 AM, Udo van den Heuvel wrote:
>> Where can I find the tor ReleaseNotes for 0.3.0.9 that actually mention
>> details about changes in 0.3.0.9?
> 
> These?
> 
> https://lists.torproject.org/pipermail/tor-announce/2017-June/000133.html

Thanks!
These details were not in the ReleaseNotes in my 0.3.0.9 source download.

Kind regards,
Udo


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] tor 0.3.0.9 release notes

[Udo van den Heuvel]

Hello,

Where can I find the tor ReleaseNotes for 0.3.0.9 that actually mention
details about changes in 0.3.0.9?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] 0.3.0.6 on fedora 24: systemd?

[Udo van den Heuvel]

On 04-05-17 18:14, Nick Mathewson wrote:
> you probably need to install systemd-devel.

Indeed, fixed.
Thanks!


Kind regards,
Udo

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] 0.3.0.6 on fedora 24: systemd?

[Udo van den Heuvel]

On 28-04-17 01:33, Charles T. Bell wrote:
> I asked the question online and got this suggestion:
> At the commandline type:
> command -v systemctl
> echo $?
> 
> If the response to "echo" is 0 then you have systemd working.
> If the response is 1 then you don't have systemd working.
> Then you can check the script and see what you need to change to
> have the script show systemd working.

This works as designed.
How to get this into the tor configure script? (if it is not yet there)

Kind regards,
Udo

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] 0.3.0.6 on fedora 24: systemd?

[Udo van den Heuvel]

Hello,

I noticed that 0.3.0.6 was out so I started a build.
I noticed this popping up:

checking pkg-config is at least version 0.9.0... yes
checking for SYSTEMD... no
configure: Okay, checking for systemd a different way...
checking for SYSTEMD... no


Fedora 24 /does/ use systemd, so what is wrong?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] exit probability 0.0000%

[Udo van den Heuvel]

On 12-03-17 00:27, scar wrote:
> My node also was used recently for dorkbot traffic, please see my
> message  on Fri, 10 Mar 2017 15:04:02
> -0500 for details and reply there if can so we can keep the information
> together. 

I got similar 'info' from my ISP as in that message.
Very vague despite me asking multiple times for technical details and
still they think they can act.
We can call their contacts https://www.anubisnetworks.com/contacts to
tell them they need to get their act together.
They earn money this way so quality should be higher.


Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [warn] assign_to_cpuworker failed. Ignoring.

[Udo van den Heuvel]

On 11-03-17 08:52, Petrusko wrote:
> Last time I had this on the log (stable release), it was because the
> system was swaping like hell...
> Some services unloaded, 1 of the 2 Tor instances stopped to eat less RAM...

This box has 1GB of RAM and is not swapping like hell as it runs headless.
Tor uses 600MB or so max. (MaxMemInQueues 612 MB)
But I will check again when the issue reoccurs.

Kind regards,
Udo

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] exit probability 0.0000%

[Udo van den Heuvel]

On 10-03-17 13:28, Ivan Markin wrote:
> On Fri, Mar 10, 2017 at 12:49:59PM +0100, Udo van den Heuvel wrote:
>> Or could seldomly some traffic exit here?
> 
> From dir-spec.txt [1]:
> 
> "A router is called an 'Exit' iff it allows exits to at
> least two of the ports 80, 443, and 6667 and allows exits to at
> least one /8 address space."
> 
> So that means that your relay gets Exit flag (and thus exit probability)
> only if it's able to exit as described above.

Thanks!
No exit flag and none of these ports are allowed.

> Though if your realy (OR)
> can exit (ExitPolicy is not set to `reject *:*`) and has no Exit flag
> there may be some non-standard actors that can use your relay to exit.

Aha...
Who could exit this way?
My system was used for Dorkbot traffic.
How could I block that?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] exit probability 0.0000%

[Udo van den Heuvel]

Hello,

If the graphs at atlas show that my exit probability is 0.%, does
that mean that zero traffic will use my box as exit node?
Or could seldomly some traffic exit here?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [warn] assign_to_cpuworker failed. Ignoring.

[Udo van den Heuvel]

Hello,

Also the pre-release 2.9.10 suffer from this issue.

Kind regards,
Udo



On 01-03-17 17:01, Udo van den Heuvel wrote:
> Hello,
> 
> The assign_to_cpuworker issue appeared again.
> See below for some logging from notices.log.
> What is causing this?
> I noticed a high CPU load coinciding with these messages.
> Please let me know how to fix this.
> 
> Udo
> 
> Feb 28 15:54:27.000 [notice] Heartbeat: Tor's uptime is 4 days 5:59
> hours, with 484 circuits open. I've sent 45.53 GB and received 45.21 GB.
> Feb 28 15:54:27.000 [notice] Heartbeat: Accounting enabled. Sent: 941.20
> MB, Received: 931.36 MB, Used: 957.53 MB / 99.00 GB, Rule: max. The
> current accounting interval ends on 2017-03-01 12:21:00, in 20:26
> hours.
> Feb 28 15:54:27.000 [notice] Circuit handshake stats since last time:
> 3643/3643 TAP, 36324/36324 NTor.
> Feb 28 15:54:27.000 [notice] Since startup, we have initiated 0 v1
> connections, 0 v2 connections, 1 v3 connections, and 70514 v4
> connections; and received 382 v1 connections, 4159 v2 connections, 5961
> v3 con
> nections, and 182525 v4 connections.
> Feb 28 15:55:06.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:00:04.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:05:05.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:10:05.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:15:04.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:20:05.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:25:08.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:30:07.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:35:05.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:40:05.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:45:05.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:50:11.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 16:55:05.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 17:00:05.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 17:05:08.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 17:10:10.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 17:15:17.000 [notice] New control connection opened from 127.0.0.1.
> Feb 28 17:15:17.000 [warn] assign_to_cpuworker failed. Ignoring.
> Feb 28 17:15:17.000 [warn] assign_to_cpuworker failed. Ignoring.
> Feb 28 17:15:17.000 [warn] assign_to_cpuworker failed. Ignoring.
> Feb 28 17:15:17.000 [warn] assign_to_cpuworker failed. Ignoring.
> Feb 28 17:15:18.000 [warn] assign_to_cpuworker failed. Ignoring.
> (etc, many many more)
> 

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] [warn] assign_to_cpuworker failed. Ignoring.

[Udo van den Heuvel]

Hello,

The assign_to_cpuworker issue appeared again.
See below for some logging from notices.log.
What is causing this?
I noticed a high CPU load coinciding with these messages.
Please let me know how to fix this.

Udo

Feb 28 15:54:27.000 [notice] Heartbeat: Tor's uptime is 4 days 5:59
hours, with 484 circuits open. I've sent 45.53 GB and received 45.21 GB.
Feb 28 15:54:27.000 [notice] Heartbeat: Accounting enabled. Sent: 941.20
MB, Received: 931.36 MB, Used: 957.53 MB / 99.00 GB, Rule: max. The
current accounting interval ends on 2017-03-01 12:21:00, in 20:26
hours.
Feb 28 15:54:27.000 [notice] Circuit handshake stats since last time:
3643/3643 TAP, 36324/36324 NTor.
Feb 28 15:54:27.000 [notice] Since startup, we have initiated 0 v1
connections, 0 v2 connections, 1 v3 connections, and 70514 v4
connections; and received 382 v1 connections, 4159 v2 connections, 5961
v3 con
nections, and 182525 v4 connections.
Feb 28 15:55:06.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:00:04.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:05:05.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:10:05.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:15:04.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:20:05.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:25:08.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:30:07.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:35:05.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:40:05.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:45:05.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:50:11.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 16:55:05.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 17:00:05.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 17:05:08.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 17:10:10.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 17:15:17.000 [notice] New control connection opened from 127.0.0.1.
Feb 28 17:15:17.000 [warn] assign_to_cpuworker failed. Ignoring.
Feb 28 17:15:17.000 [warn] assign_to_cpuworker failed. Ignoring.
Feb 28 17:15:17.000 [warn] assign_to_cpuworker failed. Ignoring.
Feb 28 17:15:17.000 [warn] assign_to_cpuworker failed. Ignoring.
Feb 28 17:15:18.000 [warn] assign_to_cpuworker failed. Ignoring.
(etc, many many more)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Guide on how to unblock Tor users on Cloudflare website

[Udo van den Heuvel]

On 04-02-17 16:02, Anton Nesterov wrote:
> I wrote a guide on topic https://on1on.cf

Thanks!
Forwarded it to one website's admin and got a positive reply.

Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] assign_to_cpuworker failed. Ignoring

[Udo van den Heuvel]

Hello,

I found my tor node consuming more CPU than normal since Oct 16
22:13:57.000 (CEST). Also the message form the subject line is logged
very often.
Memory consumption was higher too.
Restarting tor fixes the memory consumption as well as the logging issue
but the CPU load remains higher than usual.
What is happening?


Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] what to do when I have set up and obfs4proxy?

[Udo van den Heuvel]

Hello,

Where can I find the procedure to `give` an obfs4proxy to the right people?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] ports for obfs4proxy

[Udo van den Heuvel]

Hello,

Besides 80 and 443, what other tcp ports would be 'nice' for this proxy?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Browser and ARM Architecture Computers...

[Udo van den Heuvel]

On 19-08-16 05:34, MyZeus wrote:
> ARM Processors so I'm stuck with manual fingerprintable configuration
> or no Tor Browser at all. Any advice?

http://www.garethhunt.com/modifyheaders/help/?v=0.7.1.1 can modify some
headers to reduce the fingerprint to some more common info.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4 build howto on fedora

[Udo van den Heuvel]

On 18-08-16 15:18, Udo van den Heuvel wrote:
> Where can I find a somewhat simple howto to build obfs4 (e.g. from
> https://github.com/Yawning/obfs4) on Fedora 24?
> I know to help myself with git etc but go is unknown territory for me...

Meanwhile, I found
https://github.com/NSAKEY/tor-bridge-bootstrap/blob/master/obfs4proxy-build.sh

is this OK enough to use the result(s) with tor?

Kind regards,
Udo

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] LeMonde: France To Block Tor

[Udo van den Heuvel]

On 2015-12-08 04:56, grarpamp wrote:
> http://motherboard.vice.com/read/after-paris-attacks-proposed-french-law-would-block-tor-and-forbid-free-wi-fi
> French law enforcement wish to “Forbid free and shared wi-fi
> connections” and “to block or forbid communications of the Tor
> network.”

Based on what?
Any connections with the stories around Charlie or the Bataclan?

Or is this just using a crisis?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] observed bandwidth too low

[Udo van den Heuvel]

Hello!

Recently the speed of my vdsl line was upgraded so I allotted a higher
bandwidth to tor.
When I observe my node on atlas.torproject.org though, I see a
significantly lower observed bandwidth than the configured bandwidth
limits or even the actual available bandwidth.

I did adjust the traffic shaping to the new bandwidth situation and the
uplink is not nearly saturated.

How can I find the cause of this low bandwidth observation?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] hardware recommendations

[Udo van den Heuvel]

On 2015-08-29 11:46, Domenico Andreoli wrote:
 what about https://www.olimex.com/wiki/A20-OLinuXino-LIME2?

Have one running here, very stable.
Moreso than the pi.


Udo

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] simple stats from exit node

[Udo van den Heuvel]

Hello,

How could I gather info from an exit node I run to see:

how many percent of the sessions/connections or traffic (in bytes) is
used for what service? (i.e.: TCP port)

Anyone?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] http status 400 in notices.log

[Udo van den Heuvel]

Hello,

In my notices.log I find stuff like:
http status 400 (Fingerprint is marked rejected) response from
dirserver '1.2.3.4:80'. Please correct.

What is wrong?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] http status 400 in notices.log

[Udo van den Heuvel]

On 2014-04-21 11:50, Udo van den Heuvel wrote:
 In my notices.log I find stuff like:
 http status 400 (Fingerprint is marked rejected) response from
 dirserver '1.2.3.4:80'. Please correct.
 
 What is wrong?

`rm -f /var/lib/tor/keys/secret*` helps...



-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] traffic down

[Udo van den Heuvel]

On 12-03-14 22:17, Kostas Jakeliunas wrote:
 On Wed, Mar 12, 2014 at 10:40 PM, Roger Dingledine a...@mit.edu wrote:
 Udo, did you mean 1d1dnt3d1th3c0nf1g (one t less somewhere in the middle
 there..)
 (I just searched for 1d1dnt, which will cover 1d1dnt3d1th3c0nf1g)

Indeed.
Traffic appears to be here now, every now and then.

Udo



-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] traffic down

[Udo van den Heuvel]

On 11-03-14 18:36, Roger Dingledine wrote:
 The line got upgraded and I allowed more tor bandwidth. (over 100 KB/s)
 Still the traffic is absent.
 Why?
 
 Which relay is this?

1d1dnt3d1tth3c0nf1g

Other tor status sites list it as Fast, though...

Udo

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] traffic down

[Udo van den Heuvel]

On 12-03-14 10:58, Udo van den Heuvel wrote:
 On 11-03-14 18:36, Roger Dingledine wrote:
 The line got upgraded and I allowed more tor bandwidth. (over 100 KB/s)
 Still the traffic is absent.
 Why?

 Which relay is this?
 
 1d1dnt3d1th3c0nf1g
 
 Other tor status sites list it as Fast, though...

Hmm.
Since around 09:30 CET I see a slight increase in traffic.
So maybe give it a little time?

Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] traffic down

[Udo van den Heuvel]

On 15-12-12 17:53, Udo van den Heuvel wrote:
 First, thanks for running a relay. A 32KB relay is still plenty
 valid. ssh, irc, instant messenger, most web browsing, and the operate
 just fine within 32KB/s bandwidth.

 For those with a networking background, this is 256 Kbps. This is still
 faster than most home DSL connections around the world.
 
 Yes, but I do not see much of traffic, perhaps due to reasons explained
 earlier today.
 So what can I expect?

The line got upgraded and I allowed more tor bandwidth. (over 100 KB/s)
Still the traffic is absent.
Why?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] traffic down

[Udo van den Heuvel]

On 2012-08-15 15:16, Udo van den Heuvel wrote:
 So if you have less than 32KB/s of bandwidthrate, you won't get
 the Fast flag, and basically all the clients will ignore you.
 
 So there was a change in this mechanism?
 I'll see if I can adapt the config to that...

See http://pindarots.xs4all.nl/mrtg/tor.html
Traffic is down again.

I have 'BandwidthRate 32 KB' and that worked but not any longer?
What is wrong?

Udo

___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] traffic down

[Udo van den Heuvel]

On 2012-12-15 10:41, Roger Dingledine wrote:
 Traffic is down again.

 I have 'BandwidthRate 32 KB' and that worked but not any longer?
 What is wrong?
 
 The directory authorities assign the Fast flag to the top 7/8s of
 relays by bandwidth:
 https://gitweb.torproject.org/torspec.git/blob/HEAD:/dir-spec.txt#l1623
 
 Lately this cutoff has been around the 40KB mark.

Hmm.
My ADSL's uplink has been steady and did not increase in the past few
months, years.

 but I am increasingly suspecting that raising it to 100KB or even 500KB
 would produce an improvement.

Thanks, but that is not an option.
So I can switch off this node?

Udo

___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] traffic down

[Udo van den Heuvel]

On 2012-12-15 13:57, and...@torproject.is wrote:
 On Sat, Dec 15, 2012 at 12:29:35PM +0100, udo...@xs4all.nl wrote 0.8K bytes 
 in 0 lines about:
 : Thanks, but that is not an option.
 : So I can switch off this node?
 
 First, thanks for running a relay. A 32KB relay is still plenty
 valid. ssh, irc, instant messenger, most web browsing, and the operate
 just fine within 32KB/s bandwidth.
 
 For those with a networking background, this is 256 Kbps. This is still
 faster than most home DSL connections around the world.

Yes, but I do not see much of traffic, perhaps due to reasons explained
earlier today.
So what can I expect?

Kind regards,
Udo
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] traffic down

[Udo van den Heuvel]

On 2012-08-14 22:17, Roger Dingledine wrote:
 So if you have less than 32KB/s of bandwidthrate, you won't get
 the Fast flag, and basically all the clients will ignore you.

So there was a change in this mechanism?
I'll see if I can adapt the config to that...

Kind regards,
Udo

___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] traffic down

[Udo van den Heuvel]

Hello,

Why would traffic of my (non exit) tor node be as it is?
See http://pindarots.xs4all.nl/mrtg/tor.html
It has been better.
I run the 2.3 series and update regularly.
BandwidthRate is 20 KB.

Any ideas?

Kind regards,
Udo
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] ”How SOPA’s ‘circumvention’ ban could put a target on Tor”

[Udo van den Heuvel]

http://news.cnet.com/8301-31921_3-57346592-281/how-sopas-circumvention-ban-could-put-a-target-on-tor/
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] http://www.nu.nl/internet/2619537/computer-zedenverdachte-zwaar-versleuteld.html

[Udo van den Heuvel]

Hello,

Please see
http://www.nu.nl/internet/2619537/computer-zedenverdachte-zwaar-versleuteld.html
for mention, in dutch language - please do your own google translate, of
an example of typical tor mention.
How can we change this somewhat?

Luckily the article does not take a stance about the encryption...


Udo
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] sftp sites?

[Udo van den Heuvel]

Question, came across this info:
http://www.debian-administration.org/articles/590

Would torified untracable chrooted sftp things be of any use for valid
purposes?
E.g. allot some storage to some user so they can put/get stuff offsite.

Disk can be encrypted locally, tor network is encrypted, sftp encrypts
the rest. user can encrypt files as well.

What do you think?
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk