[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: My tor exit node is gone from the node list?

Hash: SHA1

On 05/10/2009 10:01 AM, Alexandru Cezar wrote:
>> How odd. It is still publishing descriptors, and the directory 
>> authorities are still testing its reachability. In particular, here
>> are the six votes from the six directory authorities: [...] So
>> that's why it's missing. But, why is it not considered reachable
>> from three of them? I'm not sure.
> I am still trying to solve this. Since my last mail, I also let TOR
> regenerate the keys, so kyirong's fingerprint now is 849D 45A3 2335
> 5EB3 4F73 2EF5 DB43 0B90 6A21 DAAE (, DirPort 80,
> ORPort 8010; uptime 24/7). It is still not listed. The node is
> reachable from multiple locations (judging from my limited way of
> testing). If someone can give me hints towards unreachable routes, I
> can ask my ISP about that.

We discussed this problem on IRC today and found out that your node is
not reachable from multiple locations. To be more precise, your node
does not present an SSL certificate when accessed from these locations.
You can test this from different machines using the following command:

% openssl s_client -connect

You should see a certificate then. If the output consists only of the
following line, something's wrong:


This problem seems to be related to your port 8010. From some locations
your node presents an SSL certificate on port 443 but not on 8010. You
might want to ask your ISP why that is the case. (A workaround might be
to switch your OR port from 8010 to 443, but let's try to figure out the
reason for the original problem first.)

While looking at your problem we found that many relays have similar
reachability problems. This is a list of relays that are missing the
Running flag by at least one authority:


If someone else on this list finds her/his node in this list and can
help us figure out what's going on, that would be grand. Single events
of missing Running flags are nothing to worry about, but if there is a
pattern we should have a look at it.

- --Karsten

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org