logs archiveIRC Archive / Oftc / #tor / 2015 / October / 30 / 1
comar
hello tor people. I have a weird thing going on. Using tor-browser, I see that it always uses the same point of entry, the same node. whatever I do it uses it. ask for another route, restart the browser. Restart the computer. Re-download the software and verify keys. same.node.entry. what do you think ?
ncl
the first node is intended to be used long term
junglefowl
comar: https://www.torproject.org/docs/faq.html.en#EntryGuards
comar
yeah... ok... but frankly I don't really like this node :P
junglefowl
hah, personal objections? ;)
comar
it is not like Ukraine was very trustable these days...
anyways. thanks for the answers :)
junglefowl
i would take that one, actually. sometimes it happens that all my nodes are in the same country
comar
thanks junglefowl
fnord23
are there specific docs how to migrate an existing relay to a new server/reinstalling but keeping the history. my plan so far is just backup the entire /var/lib/tor and then copy it back over. anything else to it?
eh, and would i have to stop the service before making the backup
         

srg
fnord23: Just backup the private key.
and the config file, I suppose. But really the private key of the relay is what's important.
fnord23: https://www.torproject.org/docs/faq.html.en#UpgradeOrMove
fnord23
yea, the key was the first though. all of /var/lib/tor was more like "just in case"
ok, thank you
srg
I've done this before myself. Had a relay on a VPS. Backed up config file and key, wiped VPS, reinstalled OS, put key and config back, and it worked fine
fnord23
can it hurt though to copy all?
srg: great, thank you too
srg
I'm not sure. If I had to guess, it wouldn't hurt
fnord23
wonders about all the cached-* stuff, ok
dusty
hello
spikebike
I've got a linux desktop, no egress firewall rules, and trying the new tor anonymous chat. It gets about 20% there in the progress bar and has been stuck for 10 minutes. Any ideas?
https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
that one
boklm
is your computer clock correctly set ?
spikebike
yeah, ntp synced
just checked and it's synced to a local stratum 2 and very close to 4 other ntp peers it's tracking
boklm
hmm, so that's something else
spikebike
good thought though
boklm
do you have the same problem with tor browser ?
spikebike
oh, hrm, maybe IPv6 breaks it
haven't tried the browser, but I bitmessage, ipfs, browsing, skype, hangouts, etc. work. Fairly open firewall, 100% open for egress.
http://ipfsbin.xyz/#Qmbf7jvBFP2Q54kRjaXnA83eBAVhASeWSftBK9eivH3y9B
that's the tor log
cacahuatl
the "no route" error suggests something is b0rked
can you do `openssl s_client -connect 154.35.175.225:443`?
spikebike
from the same machine I'm trying to get the client going I get "CONNECTED(00000003)
"
cacahuatl
and nothing else?
spikebike
correct
it's still waiting
odd, trying it from somewhere else and I get a full hangshake
a second time from the same node and it won't even conenct
cacahuatl
And if you similarly try like `openssl s_client -connect torproject.org:443` or another site, do you get connected? If yes then someone may be trying to censor tor.
spikebike
openssl s_client -connect torproject.org:443 works fine
full handshake, tls session ticket, etc.
         

cacahuatl
But Tor Browser works fine, right?
spikebike
haven't tried the browser, just the chat
(ubuntu 14.04 LTS btw)
ah, 154.35.175.225 is blocked at the campus border
torproejct.org works on ipv4 (18 hops) and ipv6 (13 hops)
junglefowl
does ssh to any host on the internet work?
spikebike
yeah, use ssh heavily to various offsite hosts
junglefowl
with openssh, i assume
spikebike
yes
cacahuatl
heh, nice of them. You probably want to setup tor to use a bridge then, I dunno if messenger has any helps for that yet?
junglefowl
okay. i had a weird issue years ago where a router of mine blocked specific TOS packets
spikebike
yeah it supports a bridge or local proxy
Kinda surprised campus would block it, they are fairly open typically
junglefowl
hear that? who's knocking? :D
spikebike
I'll try a bridge
cacahuatl
Yeah, Tor Browser has helper prompts to simplify setting up, not sure if messenger has anything equivalent yet
boklm
Tor Messenger uses the same tor launcher as Tor Browser
spikebike
it's got the "does your ISP block" and "Do you need a local proxy" helper
trying a bridge, but no remote proxy, strange the bridge line doesn't seem to want the key/fingerprint after the ip:port
oh, hrm, put in 3 bridges with ip:port fingerprint or whatever the 3rd one is, seems to be blocked 8-(
hrm, should the openssl s_client -connect work to the tor bridges?
cacahuatl
If they're straight bridges, yes.
(e.g. it's not using a pluggable transport)
spikebike
cacahuatl
then, yes if you've not picked a specific pluggable transport then openssl should work
dusty
hello
i can't figure out a good tor setup would anyone be able to give me some advice?
first i just run arm and then use firefox set to use tor as a proxy
but i thought it might be better to contain it somehow like inside a lxc container
but making the container do transparent proxying needs difficult bridging and iptables setup
booting off a TAILS CD is too inconvenient
so what sort of setup do you think would be good?
cacahuatl
I think this is a question about operating systems and not Tor
spikebike
the threat from tor itself seems quite a bit smaller than from a browser.
if you trust running firefox as a user I'd just do the same with tor
dusty
I shouldn't ask this here? where would be good to ask this?
spikebike
it's firefox that's the threat.
(especially the ability to run plugins and javascript)
ncl
sounds like you want tor browser bundle?
stangeland
hi, are there tor irc channels which are "secret" ?
spikebike
define secret
dusty
"not known or seen or not meant to be known or seen by others."
srg
I'm sure there are.
Like, IRC servers run on .onions ?
spikebike
well there's secret from your sister and secret from a sophisticated attacker
ncl
if an irc channel isn't seen or known by anyone, does it really exist?
whitanne_
to the people who have never heard of it, it doesn't exist
spikebike
some irc networks allow a flag to hide the channel from the channel listing
some have irc channels can have channel keys
and some irc networks themselves are hidden
Sweet
quick question. how come my in the tor browser in the place where they show the chain of relays there is
Country -> country 2 -> country 3 -> (relay) -> (relay) -> (relay) -> internet
what are the 3 relays for?
« prev 1 2 3 4 5 next »