hello tor people. I have a weird thing going on. Using tor-browser, I see that it always uses the same point of entry, the same node. whatever I do it uses it. ask for another route, restart the browser. Restart the computer. Re-download the software and verify keys. same.node.entry. what do you think ?

the first node is intended to be used long term

comar: https://www.torproject.org/docs/faq.html.en#EntryGuards

yeah... ok... but frankly I don't really like this node :P

hah, personal objections? ;)

it is not like Ukraine was very trustable these days...
anyways. thanks for the answers :)

i would take that one, actually. sometimes it happens that all my nodes are in the same country

thanks junglefowl

are there specific docs how to migrate an existing relay to a new server/reinstalling but keeping the history. my plan so far is just backup the entire /var/lib/tor and then copy it back over. anything else to it?
eh, and would i have to stop the service before making the backup

fnord23: Just backup the private key.
and the config file, I suppose. But really the private key of the relay is what's important.
fnord23: https://www.torproject.org/docs/faq.html.en#UpgradeOrMove

yea, the key was the first though. all of /var/lib/tor was more like "just in case"
ok, thank you

I've done this before myself. Had a relay on a VPS. Backed up config file and key, wiped VPS, reinstalled OS, put key and config back, and it worked fine

can it hurt though to copy all?
srg: great, thank you too

I'm not sure. If I had to guess, it wouldn't hurt

wonders about all the cached-* stuff, ok

hello

I've got a linux desktop, no egress firewall rules, and trying the new tor anonymous chat. It gets about 20% there in the progress bar and has been stuck for 10 minutes. Any ideas?
https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
that one

is your computer clock correctly set ?

yeah, ntp synced
just checked and it's synced to a local stratum 2 and very close to 4 other ntp peers it's tracking

hmm, so that's something else

good thought though

do you have the same problem with tor browser ?

oh, hrm, maybe IPv6 breaks it
haven't tried the browser, but I bitmessage, ipfs, browsing, skype, hangouts, etc. work. Fairly open firewall, 100% open for egress.
http://ipfsbin.xyz/#Qmbf7jvBFP2Q54kRjaXnA83eBAVhASeWSftBK9eivH3y9B
that's the tor log

the "no route" error suggests something is b0rked
can you do `openssl s_client -connect 154.35.175.225:443`?

from the same machine I'm trying to get the client going I get "CONNECTED(00000003)
"

and nothing else?

correct
it's still waiting
odd, trying it from somewhere else and I get a full hangshake
a second time from the same node and it won't even conenct

And if you similarly try like `openssl s_client -connect torproject.org:443` or another site, do you get connected? If yes then someone may be trying to censor tor.

openssl s_client -connect torproject.org:443 works fine
full handshake, tls session ticket, etc.

But Tor Browser works fine, right?

haven't tried the browser, just the chat
(ubuntu 14.04 LTS btw)
ah, 154.35.175.225 is blocked at the campus border
torproejct.org works on ipv4 (18 hops) and ipv6 (13 hops)

does ssh to any host on the internet work?

yeah, use ssh heavily to various offsite hosts

with openssh, i assume

yes

heh, nice of them. You probably want to setup tor to use a bridge then, I dunno if messenger has any helps for that yet?

okay. i had a weird issue years ago where a router of mine blocked specific TOS packets

yeah it supports a bridge or local proxy
Kinda surprised campus would block it, they are fairly open typically

hear that? who's knocking? :D

I'll try a bridge

Yeah, Tor Browser has helper prompts to simplify setting up, not sure if messenger has anything equivalent yet

Tor Messenger uses the same tor launcher as Tor Browser

it's got the "does your ISP block" and "Do you need a local proxy" helper
trying a bridge, but no remote proxy, strange the bridge line doesn't seem to want the key/fingerprint after the ip:port
oh, hrm, put in 3 bridges with ip:port fingerprint or whatever the 3rd one is, seems to be blocked 8-(
hrm, should the openssl s_client -connect work to the tor bridges?

If they're straight bridges, yes.
(e.g. it's not using a pluggable transport)

bridges from https://bridges.torproject.org/bridges

then, yes if you've not picked a specific pluggable transport then openssl should work

hello
i can't figure out a good tor setup would anyone be able to give me some advice?
first i just run arm and then use firefox set to use tor as a proxy
but i thought it might be better to contain it somehow like inside a lxc container
but making the container do transparent proxying needs difficult bridging and iptables setup
booting off a TAILS CD is too inconvenient
so what sort of setup do you think would be good?

I think this is a question about operating systems and not Tor

the threat from tor itself seems quite a bit smaller than from a browser.
if you trust running firefox as a user I'd just do the same with tor

I shouldn't ask this here? where would be good to ask this?

it's firefox that's the threat.
(especially the ability to run plugins and javascript)

sounds like you want tor browser bundle?

hi, are there tor irc channels which are "secret" ?

define secret

"not known or seen or not meant to be known or seen by others."

I'm sure there are.
Like, IRC servers run on .onions ?

well there's secret from your sister and secret from a sophisticated attacker

if an irc channel isn't seen or known by anyone, does it really exist?

to the people who have never heard of it, it doesn't exist

some irc networks allow a flag to hide the channel from the channel listing
some have irc channels can have channel keys
and some irc networks themselves are hidden

quick question. how come my in the tor browser in the place where they show the chain of relays there is
Country -> country 2 -> country 3 -> (relay) -> (relay) -> (relay) -> internet
what are the 3 relays for?