logs archiveIRC Archive / Oftc / #tor / 2010 / January / 1 / 1
SwissTorExit
HAPPY NEW YEAR FROM SWITZERLAND MY DEAR FRIENDS OF Tor PROJECT AND SUPPORTER :P
DEARS
It is someone from Tor Project who come for the opening and basic conference for the swissprivacyfoundation fin Swiss the 23.01 ?
Sebastian
I don't know. I'd be happy to come if you speak a reasonable language ;P
SwissTorExit
sorry
i will make a translation , hang on ;=)
Sebastian: i hope that the translation are not too bad
I asked if he will have someone Tor Project for the conference on the opening of the "SwissPrivacyFoundation" GPF known in Germany. The conference will take place in Switzerland near Zurich on 23.01.09 Tor pure present etc .... The goal is to help the Tor network and to protect oneself while allowing Tor awareness in our country.
Sebastian
SwissTorExit: erm, do you have a link to more information?
Also, what I meant is, if the conference is held in English or German, I would be happy to come.
SwissTorExit
i have the mail from a member of GPF and sure you know it, or it's shan
go PV
nike
504 Connect to 7vmoox7hjkihn.onion:80 failed: SOCKS error: connection refused
I'mnot configuring my hidden service correctly
marlowe
nike: it might be that Tor can't reach your service at the moment. Give it a few and try again
DrVince
Hi
New year and such
SwissTorExit
NEY YEAR DrVince ;;=)
         

DrVince
I stopped the "New Year" thing since 2000. No point, the world ended then.
Is there a troubleshooting guide? I'm kinda lost as to howcome it doesn't work
SwissTorExit
well on torproject site yes, there plenty of answer and exemple
or you can ask here and someone will answer if he can
DrVince
Am I suppose to suid Vidalia? I don't see what it can do as the user that runs my X session.
SwissTorExit
you can use Arm
you can use it in ssh
DrVince
Anyway, it doesn't work. I guess that, when I start Vidalia, it's trying to start a Tor process and fails because there's already one running
SwissTorExit
yeah if you are on debian or linux and the repo pack, it's start automatic
so you need to desactivate it at start of system or delete the rc. exe
not exe , but i hope you see what i mean while the linux term are unknow for me yet lol
you must delete the link in rc. about tor and it willnot start auto , look about tuto or wait a few here, someone will help you better
DrVince
Yeah, it's a rc.d, but vidalia doesn't interest me that much
SwissTorExit
well i have understand, that's why i told you to try ARM if you want only work with command
to see about your relay
DrVince
I know tor and polipo are running. I went to check.torproject.org and it's green. Yet, torbutton's test says that HTTP proxy isn't reachable.
when I 'telnet 127.0.0.1 8118' it says connection refused
SwissTorExit
no idea sorry
dr|z3d
try http://config.privoxy.org or http://127.0.0.1:8118
DrVince
http://127.0.0.1:8118 says: This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection.
That's with torbutton off
config.privoxy.org says that I've reached the page without using privoxy
dr|z3d
DrVince: Are you meant to be running privoxy? Or Polipo?
I mean, which do you think you should be running there?
DrVince
Torbutton looks to be meant for Polipo, so that's what I chose to use.
dr|z3d
That's fine. So, http://127.0.0.1:8118 ?
ps -e |grep polipo ?
nike
504 Connect to 7vmhjkihn.onion:80 failed: SOCKS error: connection refused
DrVince
dr|z3d: http://127.0.0.1:8118 says: This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection.
nike
SOCKS error when trying to access my hidden service
DrVince
So, I started Vidalia, which started Tor then I've setup a Relay, port 9001. Yet, tor button still doesn't work.
phobos
nike: your hidden service name is too short
         

nike
phobos: I know, I tuncated it
That's not the issue
I keep getting SOCKS errors
I'm pretty sure I set up lighttpd to listen on 127.0.0.1 port 443
phobos
can you connect on localhost:443?
nike
HiddenServicePort 80 127.0.0.1:433
phobos
umm
443 or 433?
nike
ohhhh
xtoaster
tor is already encrypted, 443 seems not necessary
nike
443
it's not another layer of encryption
just using the HTTPS port
Meliboeus
really not necessary with hidden services
the onion router encrypts all traffic
nike
I'm not using additional SSL
Meliboeus
ah, I see. So what is port 443 then for in your case?
nike
I've just got the service running on port 443 TCP
Meliboeus
ah, I see
sorry about that.
nike
my web server is listening on 127.0.0.1 on port 443 TCP
xtoaster
oh nice. and better trun on gzip support :)
nike
I'm not sure what that means!
Meliboeus
you can set up many webservers so that they use gzip encryption
nike
But I went with lightttpd instead of Apache beacause I figure it would be more lightweight = better
Meliboeus
that has nothing to do with it
gzip encryption is used in both webservers
to deliver websites
nike
I see
Meliboeus
the browser will then uncompress the site again
you need less bandwidth
xtoaster
gzip is compression on textbased content
Meliboeus
regarding "lightweight" there are much lighter webservers around: hiawatha, nginx, etc.
xtoaster
nginx runs well on windows :)
Meliboeus
does it? Personally, I love hiawatha, especially for its great anti-DOS rules
almost impossible to bring the server down.
xtoaster
support gzp/uri rewrite/reverse proxy
ddos over tor ?
Meliboeus
sure, that is not an issue with tor :-)
no need for these features...
xtoaster
the reason i love nginx most is its small size :)
Meliboeus
I think nginx is a great webserver.
although, I don't know it very well myself
grey-
nginx is basically apache++
xtoaster
:-D another nginx fan
grey-
;)
xtoaster
i know people use nginx as reverse proxy for certain sites. they ask the users to point sites like wiki.org to their ip in the HOST file. that looks cool. :)
but i never use them. i doubt if they are safe.
grey-
hmm
nike
When I try an access my hidden service I now get an error 403 Forbidden port and I see that the address bar rewrites blah.onion to blah.onion:443
So it looks like I messed up hosting the web site at the hidden port of 443 and having only thie hidden service available at 80?
But how can I fix this?
I have Debian lenny and Lightttpd
xtoaster
any port would be ok. can you visit your httpd locally?
nike
HiddenServiceDir /home/hidserv/
HiddenServiceport 80 127.0.0.1:443
xtoaster
i mean can you open 127.0.0.1:443 with your browser
nike
xtoaster: I tried apt-get install elinks but it is taking ages
it's just:
Unpacking elinks (from .../elinks_0.11.4-3_i386.deb) ...
Processing triggers for man-db ...
And I'm doing all of the SSHing sysadmining over Tor as well
so that's slow as well
BarkerJr
I bet :)
xtoaster
oh :) i am on windoz. i only tried it in cygwin before .
nike
Well is it a flaw with Tor or my web server config if when I go to the onion addy it redirects me to the hidden port?
Like in the example it shows 5222 so it shows blah.onion:5222
xtoaster
which port?
nike
Yeah the webserver is running on localhost on port 5222 but that's the way it should be
why when I access the .onion address it is redirecting it to port 5222 without my consent
xtoaster
check your webserver confihuration
config*
nike
dshfoiusfohu
2010
ack
So I have a tor hidden service on lighttpd
The web server listens on port 443 on 127.0.0.1 and Tor takes the 443 and makes a .onion at :80 with it
But lighttpd is seemingly trying to append :443 to anything I click on
This is incorrecnt, because it should be blah.onion:80 no blah.onion:443
xtoaster
443 is special try another port
nike
xtoaster: Hmm, so I changed it to 9999 and it seemed to be working after I restarted tor and lighttpd
but I tried to do something on the forum and again the address bar was edited to add :9999
which made the .onion unresolvable
jr_
has coderman been on recently?
xtoaster
there should be a port setting in httpd
at least we have one in nginx
gouki
nike, yeah, you need to change it on lighttpd configuration file, make that same change on your torrc
mib_oynmb2
hi! I just wanna know if I can help someone when my relay is just running around 4 hours a day. Or is that too less?
Sebastian
just 4 hours is not helpful, sorry :(
it should be at least 6 or more
mib_oynmb2
ok, thx. Is it the same with bridges?
Sebastian
for bridges it is not as bad, but still not great
but running a bridge for just a few hours a day can work.
mib_oynmb2
ok, thx again.
I think 6 hours a day should be possible.
OFFShare
What is the country code for Norway {nw} ? I am updating my geoip datafile to fill in the {??} gaps.
dr|z3d
No.
OFFShare
thnaks, simple but hmm...brain still a bit out of work..
waltman
In setting a value like AccountingMax in torrc, is there a difference between "500 MB" and "500 MBytes"?
It's a bit confusing because the manpage says "KB", "MB", etc., but the examples values all are "KBytes", e.g. "RelayBandwidthRate 100 KBytes"
Sebastian
you can use either one
waltman
cool, thanks
Sebastian
we should fix that in the manpage.
we're thinking about how we can make the manpage easier to understand for the average use. Hopefully we'll find something.
waltman
I'm asking because even though I have "AccountingMax 500 MB" in torrc, I'm getting much less usage than that.
Sebastian
would you mind if I copy/paste some of your sentences here into a bug report to remind me later?
waltman
no, go right ahead
avar
Sebastian: Adding an EXAMPLES section always helps
waltman
A related issue is that it's very difficult to tell if I've set up my bridge node correctly. The default log level (notice) logs practically nothing, but the next level (info) logs perhaps too much.
Sebastian
waltman: https://bugs.torproject.org/flyspray/index.php?do=details&id=1195 there, feel free to sign up to the bugtracker and enable notifications for you if you want
avar: yes
waltman
I can tell by looking at AccountingBytesReadInInterval in /var/lib/tor/state that it's getting some traffic, but maybe that's just handshaking with other relays.
Sebastian
waltman: the idea is that if it doesn't log anything, it works. For bridges, there are many issues.
Maybe your bridge works, but the censors block it, so it never gets traffic; or the bridge works, but we haven't given it out to anyone yet, to have a reserve of bridge addresses in case someone learns all the ones we've given out (like happened with china a while back)
avar
how did they learn about them all?
Sebastian
we also don't want to add an interface to the bridge database to ask if you're a bridge, else someone could just use that to query all IP addresses, etc.
If you have a suggestion how we can improve the situation, please do open a bugreport
waltman
Originally I was using "RelayBandwidthRate 20KBytes" on port 443, and was getting lots of traffic. Maybe too much, in fact. So I thought that I'd switch to AccountingMax and maybe I'd get most of the traffic while I was asleep.
But that gave me warnings about switching from 443 to 9001.
Sebastian
waltman: What operating system do you use?
waltman
linux
Sebastian
ok
do you know the difference between using a privileged port and an unprivileged one?
waltman
sort of...
Sebastian
ok
so port 443 is a privileged port. That means that only root can open it. When you start Tor, you start it as root, but as soon as Tor has opened the port, it drops its privileges unless you haven't configured it to do so (and that would be really stupid).
waltman
ok.
Sebastian
Then when your Tor reaches the traffic that makes it hibernate, it closes the port so it cannot overflow the bandwidth limit that you set.
But when it wants to stop hibernating, it cannot open the port again
waltman
ah.
Sebastian
because it isn't root anymore
So I implemented that warning to tell you that if you run Tor on linux, and try to open a privileged port (anything below 1024), it warns you that you *might* not be able to recover from hibernating.
waltman
so then you can't hibernate if you're using privileged ports on linux?
Sebastian
well, you still can.
waltman
how do you get around the problem?
Sebastian
There are some *nixes that have privilege systems, that would allow your tor user to still open that port
but that's non-default
waltman
ah
Sebastian
and not supported everywhere
waltman
but otherwise I can see how 443's a better port for bridges
Sebastian
so currently, it either is hibernation turned off, or running as root (don't do that), or choose a high port number, or restart your Tor after a hibernation interval.
right
avar
(Action) is prompted to tweak bandidth settings again by this discussion: <a rel="nofollow" href="http://github.com/avar/linode-etc/commit/fbf0d5caca10cad0991e895450792a49c90e5b99">http://github.com/avar/linode-etc/commit/fbf0d5caca10cad0991e895450792a49c90e5b99</a>
Sebastian
avar: btw, didn't forget your question, will answer in a minute
avar
That's neat because I forgot :)
waltman
Well, it's getting *some* traffic (around 6MB read and written so far today). So I guess it's working.
Sebastian
avar: We would prefer a three-day spike than a relay that doesn't push much for an entire month and goes down every day. But if that doesn't work for you, ok
waltman: yes, it might be in the category of the bridges that we haven't given out
waltman
could be
even on 443 it took a day or two before it started getting any traffic
« prev 1 2 next »