logs archiveIRC Archive / Oftc / #tor / 2010 / April / 15 / 1
beggaboo
Hi :) Hhow can I connect to freenode with tor and xchat?
Sebastian
not, I think
katmagic
You have to already have an account. (!)
http://sleepyirc.net/wiki/SASL
Sebastian: not what?
Sebastian
you can't, I think
but I am wrong, apparently
because that link you provided has an x-chat plugin for sasl :)
BarkerJr
do you know if I permanently lost my Guard flag?
Sebastian
You cannot permanently lose it
if you now start running reliably again, it will come back
of course, all our testing was a bit bad for your reliability history.
BarkerJr
hmm, think that's a matter of hours or weeks?
ah well, doesn't really matter
Sebastian
weeks
or months
BarkerJr
ok, I'm gonna cut my bandwidth then
         

Sebastian
why's that?
BarkerJr
it's only using like 25% of what I have
Sebastian
Well, that should increase
I do agree it's a little sad
BarkerJr
it never used to take days to get up to full speed
Sebastian
But I guess you can see why the authorities treat your node as unreliable now, yes?
BarkerJr
right, I restarted it like 20 times in a week :)
it'll take a while to average that away
Sebastian
Well, as long as you add the bw back one the flag back is back, everyone will be very happy :)
BarkerJr
next time we should test with the smaller node :)
Sebastian
yeah ;)
another idea
just set up another node for now
one that you shut down once the other one has the guard flag back :)
(/me sees BarkerJRTemp appearing on the horizon) ;p
beggaboo
katmagic: thanx :)
BarkerJr
:)
maybe I would keep it cause my real limit is cpu
Sebastian
Sure, if you have a dualcore that's a good idea
BarkerJr
seems like I get log entries about my server being too slow if I get much more than 20mbit
maxigas
When I use Tor, the DNS queries should go through Tor as well, right?
murb
yes
Sebastian
maxigas: hopefully yes, otherwise your setup is insecure
murb
if not you're leaking.
maxigas
Sebastian: that's exactly why I am worried. :)
Sebastian
well, it really depends on your applications. Some leak DNS, others don't. If you use the preconfigured tor browser bundle, for example, then you're safe.
maxigas
I just checked with Wireshark and the DNS query is to localhost but the answer is coming from the DNS server in my /etc/resolv.conf file. So this setup described here is still fu*ked: https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy
I tried it with Wget in the afternoon, and I was looking at the loopback interface with Wireshark in the meantime (as somebody from this channel advised).
         

Sebastian
possible. It's a wiki, anyone can collect tips there. Maybe you want to edit it to warn others about your findings.
maxigas
Sebastian: yes, I updated the config there because it was not working. I did that last week and now I did some more testing and it is still fishy. :)
But the idea is great: to be able to run any application through Tor.
So basically I am sure now that the DNS query is really redirected to Tor.
BUT Tor somehow doesn't make the right DNS query after that.
So it's not my iptables rules but your software which is buggy! :P
That's in Torrc: "DNSPort 53"
And Tor gets the query.
So it's supposed to route it through the Tor network, no?
Sebastian
yes
maxigas
This is a kind of bug that I think I cannot debug without some help from some people with more understanding of Tor.
BarkerJr
I'd like to run a dnsexit
maxigas
What is a dnsexit?
BarkerJr
something I think tor should add :)
dr|z3d
BarkerJr: DNS overlay?
Sebastian
I think he means exit nodes that are only useful to do dns resolution
dr|z3d
Ah, right.. a fine role for conscripted clients.
BarkerJr
right now, dns queries just put more load on the relays that allow port 80 or 443, right?
Sebastian
well, the problem is that it doesn't really make sense to use other relays for it
because then you need to make two circuits
and circuit building is slow
BarkerJr
you assume that all requests come with a TCP connection
but with dnsport, they don't need to
Sebastian
true
but most will
I'm not sure it's worth the added complexity.
BarkerJr
but the client can tell which are dns-only
ah whatever :)
so, to run a second relay, I just duplicate my etc and var directories
Sebastian
yup
BarkerJr
cool
mikeperry
Runa, et al: FoxyProxy is not a safe addon to use in the vast majority of cases. It certainly is not safe to use without torbutton. https://www.torproject.org/torbutton/faq.html.en#extensionconflicts
https://www.torproject.org/torbutton/design/#attacks
if you see Neeraj, please tell him/her to stop recommending it
the foxyproxy author is NOT honest about the risks of using his addon with Tor
this has been the case for years, despite many requests for him to address this
he refuses to do so, and instead continues to advertise FoxyProxy as a more feature-rich version of Torbutton
maxigas
Sorry I fu*ked up my Emacs and got disconnected. :(
Sebastian
didn't miss a thing
(at least not related to dns)
maxigas
So dnsexit is www.dnsexit.com
?
Sebastian
well then you did miss something. Let me pm you backlog.
maxigas
Aha I got your backlog, but I still have no clue about what is dnsexit.
So with "DNSPort 53" in my torrc it should be enough to forward outgoing DNS queries to localhost:53, where Tor would directly process them, without using a Proxy (I mean I am trying to use iptables instead of a proxy).
xiando
DNSPort 53 is enough to make tor listen for DNS connections on that port, yes.
the rest is obviously not up to tor
maxigas
<xiando> the rest is obviously not up to tor --> could you elaborate on that?
xiando
I just mean that DNSPort 53 just makes Tor answer DNS queries. If you setup iptables correctly and send everything there then it's all good. :-) if your're doing it wrong or something then it doesn't help much
maxigas
Hmm but "netstat -lpt | grep 53" should show Tor listening on port 53, no?
xiando: I am trying to do exactly what you describe and I understand what are you saying now, thanks for the clarification.
xiando: but with Wireshark I was looking at my loopback interface and I see that the queries are forwarded to Tor BUT the replies are coming from the DNS server in my /etc/resolv.conf, which is bad.
dandon
mikeperry: mhm.. i missed that FAQ.. who's Runa?
maxigas
xiando: if you know iptables you might want to check out https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy section 2.1
dandon
^> thanks
maxigas
xiando: That's the thing I am working on now.
nsa
or: [ernie/master] 2010-04-14 21:44:14 Karsten Loesing <karsten.loesing@gmx.net>: Fix typo in log message.
or: [ernie/master] 2010-04-14 22:13:12 Karsten Loesing <karsten.loesing@gmx.net>: Don't log wrong statistics about imported server descriptors.
or: [ernie/master] 2010-04-14 22:12:38 Karsten Loesing <karsten.loesing@gmx.net>: Set minimum log level we care about from INFO to FINER.
BarkerJr
is 0.2.2.11 coming out soon? :)
xiando
changelog indicates this month, "Changes in version 0.2.2.11-alpha - 2010-04-??" is Changelog story
git pull
Sebastian
the changelog is known to have lied before
xiando
Yes. But the asciidoc requirement is not lie. I had to install it on my boxen since Tor suddenly REFUSED to make without it. No asciidoc no Tor for you!!!
Sebastian
not true
--disable-asciidoc configure option exists
building from a clean tarball also doesn't require it
(the error message tells you about --disable-asciidoc)
xiando
probably.. I believe I only noticed it wanted some binary, I did consider ./configure --help but I decided to just submit to the asciidoc
Sebastian
I'm pretty sure my description is accurate, I wrote the code ;p
karsten
yep, Sebastian is the one to blame here.
;)
nsa
or: [ernie/master] 2010-04-14 22:22:56 Karsten Loesing <karsten.loesing@gmx.net>: Don't write logs on FINE or below to website.
Sebastian
there's no blame in it
xiando
You probably did a great job. I admit I didn't even read all of it or read the new configure help, just noticed No A2X FAIL GET ASCIIDOC and I did
Sebastian
good enough :)
NO ASCIIDOC NO LOVE FOR YOU SIR
narr
Sebastian: i've contacted my ISP again and they say my connectivity problems "must be server related" and that they are not aware of any network issues
i really have no idea what to do about it
it's been several months now and we still pay more than 100 eur every month
Sebastian
narr: yeah. hm. I'm really saddened to hear all this money is going to waste. But you are the only one to report such problems. It was clear that your server was unreachable from my and phobos's location, and then becave available again without anyone changing anything.
I have no idea how to debug this more. I think the debug logs you have provided are pretty useless, too
Maybe it would help to run Tor on debug for a longer period of time
but I'm unsure about that.
I mean, I run a tor relay using standard packages on standard debian lenny, and so do many people. your problems are really unique.
narr
yeah i do run two other relays on debian lenny without problems as well
it's just the one high bandwidth machine
btw it is listed at the moment
with a 10 hour uptime for some reason
Sebastian
the uptime is what your client reports, I believe
wasn't it about 10 hours ago that you restarted it last?
narr
yes that's probably it, i didn't know it was just my node reporting its uptime
maxigas
I found a workaround: 'echo "nameserver 127.0.0.1" > /etc/resolv.conf' --> and then DNS queries are not leaked any more. The disadvantage of this solution is that not only the "anonymous" user's applications will query DNS through Tor, but everything.
So now I go and edit the wiki.
dr|z3d
maxigas: Yup, DNSPort 53 is your man!
You will find DNS less than responsive on occasion, mind.
Price you pay.
nsa
or: [wiki] cypherpunks updated TheOnionRouter/TransparentProxy - http://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy
maxigas
dr|z3d: I now, sometimes I don't get any answer through Tor's DNS. :/
Francis
Perspectives is receiving no notary replies for scroogle. Is this normal?
nsa
or: [wiki] cypherpunks updated TheOnionRouter/TransparentProxy - http://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy
Francis
Hello@
katmagic
Hi.
Francis
hi katmagic
katmagic, would you be able to answer a question about perspectives?
katmagic
If it's basic enough.
Francis
Perspectives is receiving no notary replies for scroogle. Is this normal?
kat
katmagic
I wouldn't think so, though I can't consider myself anything close to an expert vis-a-vis Perspectives.
dr|z3d
scroogle has a valid cert, so it should be confirmed by the notaries.
Francis: What response is Perspectives giving you?
Francis
dr|z3d, it said it was "receiving no notary replies," but it has since changed
now it's saying it has had a working key for 247 days
dr|z3d
Francis: aha. temporary glitch, then!
atagar
Neeraj: If you'd like help then it's best to ask in the channel (in case I'm not available). What exactly do you mean by "not able to figure out what to write in implementation details"?
SwissTorExit
morning Sebastian :P i have right now installed the fiber ^^ and i see that Nick have fix the bug for buffervent, it is already fixed in Tor too or it's too early ?
Sebastian_
what bug?
SwissTorExit
with the bufferevents enabled on config
[ levent-Bugs-2981787 ] Build errors on branch evbuffer_last_with_data_fi
Sebastian_
ah
yeah
Sebastian
If you just use latest libevent from git (branch master) and nick's bufferevent3 branch it should work
SwissTorExit
i will give a try on my VM and if work, test it with full traffic, i will observe how work my new network too
thanks for your answer Seb :P
oh a question, if i have a ethernet card with 2 entry, can i set 2 differents ips ? i.e for VM seprately ?
Sebastian
erm, I think the answer is yes, but I don't really understand the question ;)
SwissTorExit
well if i run a VM and Tor, it's impossible to be reacheble on Or port, so i think that's why it's already used by Tor on the non VM
my idea are to connect 2 cables from the router with 2 diff ips and use eth0 for system and eth1 for VM
Runa
SwissTorExit: I believe it is possible, but I haven't done it myself
SwissTorExit
hi Runa, thanks, i will test soon :D
oh il y a la tv gratuit en live cool
oups wrong chan
karsten
you could at least translate it then. "oh, they have free tv's on (live). cool"?
Sebastian
hah, karsten learned something useful in school. I'm so proud
SwissTorExit
hey karsten , morning , yep you right ^^
karsten
well, still waiting for the answer
woah
SwissTorExit
;)
nsa
or: [ernie/master] 2010-04-15 08:17:08 Karsten Loesing <karsten.loesing@gmx.net>: Don't break while logging without having imported any data yet.
SwissTorExit
Sebastian: look to work as Bridge, i don't get the crash any more with --buffervent
but i dunno if you mean good to test it on true environnement
Sebastian
sure
I think it should be fine
if it isn't, we should learn
*about that asap
SwissTorExit
ok, i will add your branch in my true environnement and keep in touch if any problem happen :D
but look like it still not corectly close Tor when quit
Sebastian
what happens?
SwissTorExit
so i suspect that hup signal crash the Tor instaed close slowly the connectins
Sebastian
hup shouldn't close connections?
Maybe you can explain in detail what you are doing, and what is happening, and what you think that means?
SwissTorExit
or not up but when you choose in vidalia close Tor
it must slowly shutdown but it crash instaed
no core are create or any warn :/
« prev 1 2 next »