[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Call for setting up new obfs4 bridges



Thanks :) It appears to still be running happily this morning. Low activity, but that's ok.

Interestingly, the fingerprint is now showing the previous relay one. As in I originally named my relay:
MelbTORbox - 9F19251CEE17B1E05084898D164F0544CCB095DD then when I switched to a bridge,
MelbTORbridge - E4AF099DA5946A6D6EA65DC55B517D3F9B12D0ED

However, now nyx is showing MelbTORbridge, but with the DD fingerprint. Should I do anything about this?

On a side note, has the TOR Project team ever released a full GUI interface to cover everything? It would be great to be able to download an "app" from the Ubuntu Software app that covers everything. Runs the TOR browser, but also has the relay options in it that would allow you to tick and flick relay options and in the background, it did everything that needed to be done. Would probably result in a big jump in the number of relays.

Even being able to select exit node options (with different levels), Bridge options with several ports already selected (or random) and have the software do everything that it needs to open ports/firewalls etc. Obviously, people would still need to be port forward their router, but a warning screen to indicate that when selected would suffice. Your novice user would probably know how to port forward a router, but novice unix users (like myself) have no idea how the ports work in Ubuntu. I would have thought that when we selected a port in the torrc file, it would also ask(?) the firewall to open that port. I'm assuming there are technical challenges or a variety of potential base configurations that one app couldn't do it all?

Not complaining, just spitballing idea's :)

On Sat, Jul 20, 2019 at 2:10 AM <dmz21@xxxxxxxx> wrote:

> On July 19, 2019 at 1:44 PM Ben Riley <blades1000@xxxxxxxxx> wrote:
>
>
> To follow up my previous email, I found the "Firewall" app and I've
> manually opened 9051 & 8531 in that, and when I tested those via the online
> port checking tools, they are now open.
>
> Restarted TOR (sudo systemctl restart tor) and the logs show it
> bootstrapped to 100% and stated the ORPort 9051 is now reachable.
> TOR did its bandwidth self-test.....done.
>
> Should that now be working ok?

Yes, the logs look good. I think the ORPort indeed needs to be reachable for a bridge.
You could try testing your own bridge using Tor Browser [1] or a Tails DVD [2].
Or wait a few hours (or weeks for the graphs) and look up your bridge on Tor Relay Search [3].

[1] https://www.torproject.org/download/
[2] https://tails.boum.org/
[3] https://metrics.torproject.org/rs.html#

> Log now reads:
>
> Jul 19 21:31:43 ben-OptiPlex-755 Tor[8779]: Bootstrapped 10% (conn_done):
> > Connected to a relay
> > Jul 19 21:31:44 ben-OptiPlex-755 Tor[8779]: Bootstrapped 14% (handshake):
> > Handshaking with a relay
> > Jul 19 21:31:44 ben-OptiPlex-755 Tor[8779]: Bootstrapped 15%
> > (handshake_done): Handshake with a relay done
> > Jul 19 21:31:44 ben-OptiPlex-755 Tor[8779]: Bootstrapped 75%
> > (enough_dirinfo): Loaded enough directory info to build circuits
> > Jul 19 21:31:44 ben-OptiPlex-755 Tor[8779]: Bootstrapped 90%
> > (ap_handshake_done): Handshake finished with a relay to build circuits
> > Jul 19 21:31:44 ben-OptiPlex-755 Tor[8779]: Bootstrapped 95%
> > (circuit_create): Establishing a Tor circuit
> > Jul 19 21:31:45 ben-OptiPlex-755 Tor[8779]: Guessed our IP address as
> > 158.140.206.75 (source: 217.182.196.67).
> > Jul 19 21:31:46 ben-OptiPlex-755 Tor[8779]: Bootstrapped 100% (done): Done
> > Jul 19 21:31:46 ben-OptiPlex-755 Tor[8779]: Now checking whether ORPort
> > 158.140.206.75:9051 is reachable... (this may take up to 20 minutes --
> > look for log messages indicating success)
> > Jul 19 21:31:49 ben-OptiPlex-755 Tor[8779]: Self-testing indicates your
> > ORPort is reachable from the outside. Excellent. Publishing server
> > descriptor.
> > Jul 19 21:32:14 ben-OptiPlex-755 Tor[8779]: New control connection opened.
> > Jul 19 21:33:05 ben-OptiPlex-755 Tor[8779]: Your network connection speed
> > appears to have changed. Resetting timeout to 60s after 18 timeouts and 129
> > buildtimes.
> > Jul 19 21:33:07 ben-OptiPlex-755 Tor[8779]: Performing bandwidth
> > self-test...done.
> >
>
> On Fri, Jul 19, 2019 at 8:41 PM Ben Riley <blades1000@xxxxxxxxx> wrote:
>
> > Thanks for that. So I tried as you suggested and edited (gedit) the torrc
> > file, replacing the obfs4 from 443 to 8531.
> > I also added a port forward for that port on my router.
> > Restarted TOR and the log file shows that it made a circuit (Bootstrapped
> > 100%).
> > I can now run nyx and see that TOR is trying to make connections.
> > As per the log below, it seems that ORPort 9051 is unreachable (which is
> > true according to a port checker)
> > Though I've got the following ports forwarded on the router 9050, 9051,
> > 443 & 8531 - 9001 is NOT forwarded though.
> >
> > Now the log says this:
> >
> >> Jul 19 19:53:58 ben-OptiPlex-755 tor[15447]: Jul 19 19:53:58.969 [notice]
> >> Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1,
> >> Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3.
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15447]: Jul 19 19:53:58.970 [notice]
> >> Tor can't help you if you use it wrong! Learn how to be safe at
> >> https://www.torproject.org/download/download#warning
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15447]: Jul 19 19:53:58.990 [notice]
> >> Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15447]: Jul 19 19:53:58.990 [notice]
> >> Read configuration file "/etc/tor/torrc".
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15447]: Jul 19 19:53:58.997 [notice]
> >> Based on detected system memory, MaxMemInQueues is set to 2862 MB. You can
> >> override this by setting MaxMemInQueues by hand.
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15447]: Configuration was valid
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.210 [notice]
> >> Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1,
> >> Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3.
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.210 [notice]
> >> Tor can't help you if you use it wrong! Learn how to be safe at
> >> https://www.torproject.org/download/download#warning
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.210 [notice]
> >> Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.210 [notice]
> >> Read configuration file "/etc/tor/torrc".
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.214 [notice]
> >> Based on detected system memory, MaxMemInQueues is set to 2862 MB. You can
> >> override this by setting MaxMemInQueues by hand.
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.215 [notice]
> >> Opening Socks listener on 127.0.0.1:9050
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.215 [notice]
> >> Opened Socks listener on 127.0.0.1:9050
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.215 [notice]
> >> Opening OR listener on 0.0.0.0:9051
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.215 [notice]
> >> Opened OR listener on 0.0.0.0:9051
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.215 [notice]
> >> Opening Extended OR listener on 127.0.0.1:0
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.215 [notice]
> >> Extended OR listener listening on port 36399.
> >> Jul 19 19:53:59 ben-OptiPlex-755 tor[15449]: Jul 19 19:53:59.215 [notice]
> >> Opened Extended OR listener on 127.0.0.1:36399
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Tor 0.4.0.5 running on Linux
> >> with Libevent 2.1.8-stable, OpenSSL 1.1.1, Zlib 1.2.11, Liblzma 5.2.2, and
> >> Libzstd 1.3.3.
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Tor can't help you if you
> >> use it wrong! Learn how to be safe at
> >> https://www.torproject.org/download/download#warning
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Read configuration file
> >> "/usr/share/tor/tor-service-defaults-torrc".
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Read configuration file
> >> "/etc/tor/torrc".
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Based on detected system
> >> memory, MaxMemInQueues is set to 2862 MB. You can override this by setting
> >> MaxMemInQueues by hand.
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Opening Socks listener on
> >> 127.0.0.1:9050
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Opened Socks listener on
> >> 127.0.0.1:9050
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Opening OR listener on
> >> 0.0.0.0:9051
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Opened OR listener on
> >> 0.0.0.0:9051
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Opening Extended OR listener
> >> on 127.0.0.1:0
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Extended OR listener
> >> listening on port 36399.
> >> Jul 19 19:53:59 ben-OptiPlex-755 Tor[15449]: Opened Extended OR listener
> >> on 127.0.0.1:36399
> >> Jul 19 19:54:04 ben-OptiPlex-755 Tor[15449]: Parsing GEOIP IPv4 file
> >> /usr/share/tor/geoip.
> >> Jul 19 19:54:04 ben-OptiPlex-755 Tor[15449]: Parsing GEOIP IPv6 file
> >> /usr/share/tor/geoip6.
> >> Jul 19 19:54:04 ben-OptiPlex-755 Tor[15449]: Configured to measure
> >> statistics. Look for the *-stats files that will first be written to the
> >> data directory in 24 hours from now.
> >> Jul 19 19:54:04 ben-OptiPlex-755 Tor[15449]: Your Tor server's identity
> >> key fingerprint is 'MelbTORbridge 9F19251CEE17B1E05084898D164F0544CCB095DD'
> >> Jul 19 19:54:04 ben-OptiPlex-755 Tor[15449]: Your Tor bridge's hashed
> >> identity key fingerprint is 'MelbTORbridge
> >> E4AF099DA5946A6D6EA65DC55B517D3F9B12D0ED'
> >> Jul 19 19:54:04 ben-OptiPlex-755 Tor[15449]: Bootstrapped 0% (starting):
> >> Starting
> >> Jul 19 19:54:16 ben-OptiPlex-755 Tor[15449]: Starting with guard context
> >> "default"
> >> Jul 19 19:54:16 ben-OptiPlex-755 Tor[15449]: Signaled readiness to systemd
> >> Jul 19 19:54:16 ben-OptiPlex-755 Tor[15449]: Bootstrapped 5% (conn):
> >> Connecting to a relay
> >> Jul 19 19:54:16 ben-OptiPlex-755 Tor[15449]: Registered server transport
> >> 'obfs4' at '[::]:8531'
> >> Jul 19 19:54:16 ben-OptiPlex-755 Tor[15449]: Opening Socks listener on
> >> /run/tor/socks
> >> Jul 19 19:54:16 ben-OptiPlex-755 Tor[15449]: Opened Socks listener on
> >> /run/tor/socks
> >> Jul 19 19:54:16 ben-OptiPlex-755 Tor[15449]: Opening Control listener on
> >> /run/tor/control
> >> Jul 19 19:54:16 ben-OptiPlex-755 Tor[15449]: Opened Control listener on
> >> /run/tor/control
> >> Jul 19 19:54:17 ben-OptiPlex-755 Tor[15449]: Bootstrapped 10%
> >> (conn_done): Connected to a relay
> >> Jul 19 19:54:17 ben-OptiPlex-755 Tor[15449]: Bootstrapped 14%
> >> (handshake): Handshaking with a relay
> >> Jul 19 19:54:18 ben-OptiPlex-755 Tor[15449]: Bootstrapped 15%
> >> (handshake_done): Handshake with a relay done
> >> Jul 19 19:54:18 ben-OptiPlex-755 Tor[15449]: Bootstrapped 20%
> >> (onehop_create): Establishing an encrypted directory connection
> >> Jul 19 19:54:18 ben-OptiPlex-755 Tor[15449]: Bootstrapped 25%
> >> (requesting_status): Asking for networkstatus consensus
> >> Jul 19 19:54:18 ben-OptiPlex-755 Tor[15449]: Bootstrapped 50%
> >> (loading_descriptors): Loading relay descriptors
> >> Jul 19 19:54:18 ben-OptiPlex-755 Tor[15449]: Guessed our IP address as
> >> 158.140.206.75 (source: 185.103.110.144).
> >> Jul 19 19:54:20 ben-OptiPlex-755 Tor[15449]: I learned some more
> >> directory information, but not enough to build a circuit: We have no recent
> >> usable consensus.
> >> Jul 19 19:54:21 ben-OptiPlex-755 Tor[15449]: I learned some more
> >> directory information, but not enough to build a circuit: We're missing
> >> descriptors for 1/2 of our primary entry guards (total microdescriptors:
> >> 5382/6384).
> >> Jul 19 19:54:25 ben-OptiPlex-755 Tor[15449]: Bootstrapped 75%
> >> (enough_dirinfo): Loaded enough directory info to build circuits
> >> Jul 19 19:54:25 ben-OptiPlex-755 Tor[15449]: Bootstrapped 90%
> >> (ap_handshake_done): Handshake finished with a relay to build circuits
> >> Jul 19 19:54:25 ben-OptiPlex-755 Tor[15449]: Bootstrapped 95%
> >> (circuit_create): Establishing a Tor circuit
> >> Jul 19 19:54:27 ben-OptiPlex-755 Tor[15449]: Bootstrapped 100% (done):
> >> Done
> >> Jul 19 19:54:27 ben-OptiPlex-755 Tor[15449]: Now checking whether ORPort
> >> 158.140.206.75:9051 is reachable... (this may take up to 20 minutes --
> >> look for log messages indicating success)
> >> Jul 19 19:55:35 ben-OptiPlex-755 dbus-daemon[3325]: [session uid=1000
> >> pid=3325] Activating service name='org.gnome.Calculator.SearchProvider'
> >> requested by ':1.262' (uid=1000 pid=8482 comm="/usr/bin/gnome-shell "
> >> label="unconfined")
> >> Jul 19 19:55:36 ben-OptiPlex-755 dbus-daemon[3325]: [session uid=1000
> >> pid=3325] Successfully activated service
> >> 'org.gnome.Calculator.SearchProvider'
> >> Jul 19 19:55:42 ben-OptiPlex-755 nautilus[15604]: Could not get mtime for
> >> 'file:///home/ben/.cache/tracker/meta.db': Error when getting information
> >> for file “/home/ben/.cache/tracker/meta.db”: No such file or directory
> >> Jul 19 19:55:43 ben-OptiPlex-755 bijiben-shell-s[15603]: Could not get
> >> mtime for 'file:///home/ben/.cache/tracker/meta.db': Error when getting
> >> information for file “/home/ben/.cache/tracker/meta.db”: No such file or
> >> directory
> >> Jul 19 19:55:44 ben-OptiPlex-755 tracker-store[3751]: Error opening
> >> database: Could not open sqlite3
> >> database:'/home/ben/.cache/tracker/meta.db': unable to open database file
> >> Jul 19 19:55:44 ben-OptiPlex-755 tracker-store[3751]:
> >> tracker_sparql_query_exec_sql_cursor: assertion 'iface != NULL' failed
> >> Jul 19 19:55:44 ben-OptiPlex-755 tracker-store[3751]: ___lambda11_:
> >> assertion 'cursor != NULL' failed
> >> Jul 19 19:55:49 ben-OptiPlex-755 Tor[15449]: New control connection
> >> opened.
> >> Jul 19 19:55:56 ben-OptiPlex-755 org.gnome.bijiben.SearchProvider[3325]:
> >> Unable to load location /home/ben/.local/share/bijiben: Error opening
> >> directory '/home/ben/.local/share/bijiben': No such file or directory
> >> Jul 19 20:03:43 ben-OptiPlex-755 org.gnome.Shell.desktop[8482]: Window
> >> manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a
> >> timestamp of 0 for 0x6e00084 (torrc (/et)
> >> Jul 19 20:14:38 ben-OptiPlex-755 Tor[15449]: Your server (
> >> 158.140.206.75:9051) has not managed to confirm that its ORPort is
> >> reachable. Relays do not publish descriptors until their ORPort and DirPort
> >> are reachable. Please check your firewalls, ports, address, /etc/hosts
> >> file, etc.
> >>
> >
> >
> > On Fri, Jul 19, 2019 at 6:34 PM  <
> > dmz121@xxxxxxxx> wrote:
> >
> >>
> >> > On July 19, 2019 at 6:36 AM Ben Riley <blades1000@xxxxxxxxx> wrote:
> >> >
> >> >
> >> > Hi,
> >> >
> >> > Thanks for the reply. Yes, I ran that command way back at the start. I'm
> >> > assuming I don't have to run it every time the machine reboots or
> >> updates?
> >> > I ran it again this morning and it made no difference.
> >> >
> >> > Ah logs, you say that like I know where those are :P
> >> > When I run sudo tail /var/log/tor/log - I get nothing.
> >> > I found the Logs app and run that to get all the system logs - way too
> >> much
> >> > stuff and I couldn't move it to here, so I found this command (Google)
> >> cat
> >> > /var/log/syslog | grep tor -i and got the following (I think I've
> >> included
> >> > 2 set of attempts to boot up):
> >> >
> >> > Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Starting with guard context
> >> > > "default"
> >> > > Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Signaled readiness to
> >> systemd
> >> > > Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bootstrapped 5% (conn):
> >> > > Connecting to a relay
> >> > > Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Server managed proxy
> >> > > encountered a method error. (obfs4 listen tcp 0.0.0.0:443: bind:
> >> > > permission denied)
> >>
> >> I ran (and keep running) into the same problem (but on Debian), even
> >> after the fix suggested below.
> >> Could you please try an unused port above 1024, like 8531? That resolved
> >> this issue for me.
> >>
> >> hope this helps and kind regards.
> >>
> >> > > Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Managed proxy at
> >> > > '/usr/bin/obfs4proxy' failed the configuration protocol and will be
> >> > > destroyed.
> >> > > Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: tor_assertion_failed_():
> >> Bug:
> >> > > ../src/feature/client/transports.c:1836:
> >> managed_proxy_stdout_callback:
> >> > > Assertion mp->conf_state == PT_PROTO_COMPLETED failed; aborting. (on
> >> Tor
> >> > > 0.4.0.5 )
> >> > > Jul 19 14:32:23 ben-OptiPlex-755 Tor[28002]: Bug: Assertion
> >> mp->conf_state
> >> > > == PT_PROTO_COMPLETED failed in managed_proxy_stdout_callback at
> >> > > ../src/feature/client/transports.c:1836. Stack trace: (on Tor 0.4.0.5
> >> )
> >>
> >> (removed rest of log)
> >>
> >> >
> >> >
> >> >
> >> > On Fri, Jul 19, 2019 at 1:12 AM Philipp Winter <phw@xxxxxxxxxxxxxx>
> >> wrote:
> >> >
> >> > > On Thu, Jul 18, 2019 at 12:50:34PM +1000, Ben Riley wrote:
> >> > > > Then I saw the above email about being a bridge and thought, fine,
> >> I'll
> >> > > > configure it to be a bridge and help out someone.
> >> > > > Tried to do it via the docker/script method, but soon realised that
> >> was
> >> > > > outside my skill level (hey stop laughing! :P)
> >> > >
> >> > > Did you run into any specific issues?  If you had troubles following
> >> the
> >> > > guide, I'm gonna blame the guide.
> >> > >
> >> > > > Setting ORPort to 443 as suggested.  I forwarded that port on the
> >> > > > router and then tested it, but it said it was closed. So I thought
> >> my
> >> > > > router was playing up.  I checked a few other ports using online
> >> tools
> >> > > > and a few of them were closed.  I forwarded a new another port to
> >> some
> >> > > > other software on another machine and that worked?!  So I realised
> >> the
> >> > > > ports are open on the router but closed on the ubuntu machine.  I've
> >> > > > played around with all the settings, changed by torrc file to a
> >> really
> >> > > > basic one of:
> >> > >
> >> > > To run obfs4 on port 443, you will have to run the following command,
> >> to
> >> > > allow obfs4proxy to bind to port 443:
> >> > >
> >> > >   sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
> >> > >
> >> > > If you did that already, it would be helpful to see your logs.
> >> > >
> >> > > Cheers,
> >> > > Philipp
> >> > > _______________________________________________
> >> > > tor-relays mailing list
> >> > > tor-relays@xxxxxxxxxxxxxxxxxxxx
> >> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >> > >
> >> > _______________________________________________
> >> > tor-relays mailing list
> >> > tor-relays@xxxxxxxxxxxxxxxxxxxx
> >> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >>
> >
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays