[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor server on NSLU2: ORPort unreachable

To: Eugen <eugenrn@xxxxxxxxx>, or-talk@xxxxxxxxxxxxx
Subject: Re: Tor server on NSLU2: ORPort unreachable
From: Scott Bennett <bennett@xxxxxxxxxx>
Date: Sat, 7 Jun 2008 11:27:35 -0500 (CDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 07 Jun 2008 12:27:44 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

     On Sat, 07 Jun 2008 16:15:10 +0300 Eugen <eugenrn@xxxxxxxxx> wrote:
>Scott Bennett wrote:
>>      On Sat, 07 Jun 2008 14:00:05 +0300 Eugen <eugenrn@xxxxxxxxx> wrote:
>>   
>>> I want to run a Tor middle node on a NSLU2 device (266Mhz, 32 MB RAM).
>>> I installed Debian etch version on it for ARM platform, and it works great..
>>>
>>> [...]
>>> But reachability of the ORPort fails...
>>>
>>> In the following log lines, 86.122.58.89 is *currently* my router's IP, 
>>> and it is *dynamic* IP.
>>>     
>>
>>      That could be the problem right there.  Does the Address line in your
>> torrc currently match the actual IP address?
>Currently, I have no Address set in torrc. But Tor is guessing it quite 
>well.

     Okay.  I didn't assume that from what you had written before.  I tried
letting tor guess the IP address, but the address it guessed was the private
address given to my machine by the DHCP server in the router. :-(  Putting
the router's address on the Address line in torrc worked okay, but each time
my crappy ISP forced the router's PPPoE session to be logged out, the router
would log right back in and be assigned a different IP address about 95% of
the time.  Waiting for me to notice what had happened and to change the
Address line was not only very slow, but also a royal pain, so I installed
inadyn from ports and set up the name mars.thruhere.net at dyndns.org.  But
if your setup is somehow guessing the external IP address correctly, then
more power to it and no need to bother with further automation of the
address change process.  Clearly in your case, that's not the problem
after all.

>In a past test I did set it to what IP router had then, and it didn't help.
>>   If not, then it means that
>> the test is trying to connect to an address that is not the address of
>> your router.  Whatever it is trying to connect to is most likely not
>> listening on 9001, so the connection gets denied, and the test fails.
>>   
>As shown by netstat, connections are established on my port 9001 from remote
>tor servers...

     I saw that there were some connections, but it's not clear what they
were from.  If the reachability test had not yet succeeded, then your server
had not yet published its descriptor to the directory authorities, so it
seems that the only connections coming in ought to be from your own server
trying to do the reachability tests.  Perhaps the other poster in this
thread, who speculated that the SSL handshakes were failing due to the
speed of your device's processor, may be onto something.

>Also, using the same network configuration (router, dynamic IPs, etc..), 
>I tested Tor
>on my laptop, and it reported successful reachability for ORPort.
>>      If you're dealing with dynamically assigned IP addresses, then you
>> need to set up a phony host+domainname at one of the organizations that
>> offers such a service.
>Yes, my router supports dyndns.org, but since Tor guesses it's IP 
>correctly,
>I prefer not to use dyndns.org yet...
>
     Good enough.  If you ever run a tor server on a setup on which tor
does not guess the IP address correctly, it would be much better to install
a client application onto that system for updating a name server address
record (A RR) at someplace like dyndns.org than to use the builtin updater
in a router because the router version is like to be out of date or to go
out of date, whereas the applications get updated to match whatever changes
occur at the providing organization.  There's more information on that
available at those sites.
     Anyway, best of luck to you in getting it going.  Sorry I wasn't much
help.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

Prev by Author: Re: Tor server on NSLU2: ORPort unreachable
Next by Author: Re: How do we defeat exit node sniffing?
Previous by thread: Re: Tor server on NSLU2: ORPort unreachable
Next by thread: bridge relay with dirport enabled - it does not work!
Index(es):
- Author
- Thread