Re: Problems with setting up a private Tor network and setting up your own Tor relay(s)

[Roger Dingledine <arma@xxxxxxx>]

On Mon, Dec 07, 2009 at 05:53:42PM -0500, Sambuddho Chakravarty wrote:
>  I have two issues with the setting up a private Tor network and with
> setting up my own Tor relay
> 
> Problem with setting up a private Tor network
> ----------------------------------------------------------------------------------------------------------
> 
> 1.I have successfully (seems like) been able to set up a private Tor network
> but am not able to relay traffic through it. The network consists of  three
> onion relays and two authoritative directory services.

Should work. I just set one up with two directory authorities and 5
relays, to test. Worked fine.

> 2.Once the onion proxy and the onion relays seems to have successfully
> created circuit(s) , I determined if the circuit(s) had successfully been
> created.

By "onion proxy" I think you mean "Tor client"? My, that terminology
takes me back. :)

> 3.For doing so I used the sample TorControllerExample.py (sample tor control
> client distributed with the TorFlow packages). I am able to lists the
> circuits.
> 
> 4.However , when I try to set up an http connection through the onion proxy
> , it fails with http 503  error:
> 
> Connecting to 127.0.0.1:8118... connected.
> Proxy request sent, awaiting response... 503 Forwarding failure
> 17:38:25 ERROR 503: Forwarding failure.
> 
> I checked the logs for privoxy and found the following
[snip]
> Dec 07 17:26:01.418 Privoxy(b7d08b90) Connect: socks4_connect: SOCKS4
> negotiatio
> n write failed.

Where is your privoxy forwarding to?

I notice in the torrc that you pasted you don't say "SocksPort 0" on
your relays. Are they all on separate IP addresses, so each of them can
bind to the default socksport (9050)?

What do the logs for your Tor client say?

What does the torrc for your Tor client look like? Perhaps you have
'SocksPolicy' or some similar option set?

> Problem with setting up a Tor relay
[snip]
> I am trying to use this relay as entry or exit node and hence specify the
> following in the client (OP) torrc
> 
> EntryNodes {entry node name}
> StrictEntryNodes 1
> 
> The rest of the torrc configuration is the same as the default torrc
> configuration which can be obtained with the default torrc source
> distribution. However, the OP fails to accept the our relay both as an entry
> or as and an exit node and returns the following error messages :

Ah ha. Yes, Tor won't let you use the same node as both the beginning
and the end of a circuit. More generally, Tor will fight back pretty hard
about putting the same node in more than one position in a circuit. You'll
have to use the control protocol to manually 'EXTENDCIRCUIT' and specify
them both. Even in that case, you'll want to have two nodes in between,
since 0.2.0.31 introduced
  - Relays now reject risky extend cells: if the extend cell includes
    a digest of all zeroes, or asks to extend back to the relay that
    sent the extend cell, tear down the circuit. Ideas suggested
    by rovv.

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/