There were some talks about network diversity recently, so I made up my mind and started a freeBSD server.
On advice from here https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431 I placed a line in the torrc file "Log notice file /var/log/tor/log"
Following these instructions from the TDP:
"touch /var/log tor && chown _tor:_tor /var/log/tor && chmod 600 /var/log/tor"
found here: https://torbsd.github.io/fbsd-relays.html I ended up getting this warning:
"[warn] Couldn't open file for 'Log notice file /var/log/tor/log': Permission denied"
Maybe I am to tired today to find the mistake - what is wrong please?
Is there a good instruction elsewhere?
Is it possible to install arm on freeBSD and if so could somebody help me with the implementation please?
Thanks
Paul
It appears you have a space in "touch /var/log tor" that should not be there. Try "touch /var/log/tor" instead.
On Thu, Dec 1, 2016 at 3:54 PM, pa011 pa011@web.de wrote:
There were some talks about network diversity recently, so I made up my mind and started a freeBSD server.
On advice from here https://gist.github.com/teor2345/ c6e2890c44097fd6aaceeedec08c6431 I placed a line in the torrc file "Log notice file /var/log/tor/log"
Following these instructions from the TDP:
"touch /var/log tor && chown _tor:_tor /var/log/tor && chmod 600 /var/log/tor"
found here: https://torbsd.github.io/fbsd-relays.html I ended up getting this warning:
"[warn] Couldn't open file for 'Log notice file /var/log/tor/log': Permission denied"
Maybe I am to tired today to find the mistake - what is wrong please?
Is there a good instruction elsewhere?
Is it possible to install arm on freeBSD and if so could somebody help me with the implementation please?
Thanks
Paul
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I saw that and tried "touch /var/log/tor" - didn’t help ..
Am 01.12.2016 um 23:57 schrieb Marcel Krzystek:
It appears you have a space in "touch /var/log tor" that should not be there. Try "touch /var/log/tor" instead.
On Thu, Dec 1, 2016 at 3:54 PM, pa011 <pa011@web.de mailto:pa011@web.de> wrote:
There were some talks about network diversity recently, so I made up my mind and started a freeBSD server. On advice from here https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431 <https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431> I placed a line in the torrc file "Log notice file /var/log/tor/log" Following these instructions from the TDP: "touch /var/log tor && chown _tor:_tor /var/log/tor && chmod 600 /var/log/tor" found here: https://torbsd.github.io/fbsd-relays.html <https://torbsd.github.io/fbsd-relays.html> I ended up getting this warning: "[warn] Couldn't open file for 'Log notice file /var/log/tor/log': Permission denied" Maybe I am to tired today to find the mistake - what is wrong please? Is there a good instruction elsewhere? Is it possible to install arm on freeBSD and if so could somebody help me with the implementation please? Thanks Paul _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Then it's likely a permission issue. Have you tried running the command with sudo? (Or in FreeBSD, you may need to run it as su).
On Thu, Dec 1, 2016 at 4:01 PM, pa011 pa011@web.de wrote:
I saw that and tried "touch /var/log/tor" - didn’t help ..
Am 01.12.2016 um 23:57 schrieb Marcel Krzystek:
It appears you have a space in "touch /var/log tor" that should not be
there. Try "touch /var/log/tor" instead.
On Thu, Dec 1, 2016 at 3:54 PM, pa011 <pa011@web.de mailto:pa011@web.de>
wrote:
There were some talks about network diversity recently, so I made upmy mind and started a freeBSD server.
On advice from here https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431 https://gist.github.com/teor2345/ c6e2890c44097fd6aaceeedec08c6431 I placed a line in the torrc file "Log notice file /var/log/tor/log"
Following these instructions from the TDP: "touch /var/log tor && chown _tor:_tor /var/log/tor && chmod 600/var/log/tor"
found here: https://torbsd.github.io/fbsd-relays.html <https://torbsd.github.io/fbsd-relays.html%3E I ended up getting this warning:
"[warn] Couldn't open file for 'Log notice file /var/log/tor/log':Permission denied"
Maybe I am to tired today to find the mistake - what is wrong please? Is there a good instruction elsewhere? Is it possible to install arm on freeBSD and if so could somebodyhelp me with the implementation please?
Thanks Paul _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org>
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays%3E
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I did it with sudo, because it wasn’t privileged otherwise - this is the result using sudo
Am 02.12.2016 um 00:03 schrieb Marcel Krzystek:
Then it's likely a permission issue. Have you tried running the command with sudo? (Or in FreeBSD, you may need to run it as su).
On Thu, Dec 1, 2016 at 4:01 PM, pa011 <pa011@web.de mailto:pa011@web.de> wrote:
I saw that and tried "touch /var/log/tor" - didn’t help .. Am 01.12.2016 um 23:57 schrieb Marcel Krzystek: > It appears you have a space in "touch /var/log tor" that should not be there. Try "touch /var/log/tor" instead. > > On Thu, Dec 1, 2016 at 3:54 PM, pa011 <pa011@web.de <mailto:pa011@web.de> <mailto:pa011@web.de <mailto:pa011@web.de>>> wrote: > > There were some talks about network diversity recently, so I made up my mind and started a freeBSD server. > > On advice from here https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431 <https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431> <https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431 <https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431>> I placed a line in the torrc file "Log notice file /var/log/tor/log" > > Following these instructions from the TDP: > > "touch /var/log tor && chown _tor:_tor /var/log/tor && chmod 600 /var/log/tor" > > found here: https://torbsd.github.io/fbsd-relays.html <https://torbsd.github.io/fbsd-relays.html> <https://torbsd.github.io/fbsd-relays.html <https://torbsd.github.io/fbsd-relays.html>> I ended up getting this warning: > > "[warn] Couldn't open file for 'Log notice file /var/log/tor/log': Permission denied" > > Maybe I am to tired today to find the mistake - what is wrong please? > > Is there a good instruction elsewhere? > > Is it possible to install arm on freeBSD and if so could somebody help me with the implementation please? > > Thanks > > Paul > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> <mailto:tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>> > > > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> > _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 12/01/16 17:54, pa011 wrote:
There were some talks about network diversity recently, so I made up my mind and started a freeBSD server.
Great.
Quick note: posting to multiple lists at once is poor etiquette. Either list would be fine, but tor-bsd might be the preferred one for this question.
On advice from here https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431 I placed a line in the torrc file "Log notice file /var/log/tor/log"
Good idea.
Following these instructions from the TDP:
"touch /var/log tor && chown _tor:_tor /var/log/tor && chmod 600 /var/log/tor"
I see a space in the first command with touch(1)
I can fix if the error is on the TDP www.
found here: https://torbsd.github.io/fbsd-relays.html I ended up getting this warning:
"[warn] Couldn't open file for 'Log notice file /var/log/tor/log': Permission denied"
Maybe I am to tired today to find the mistake - what is wrong please?
Is there a good instruction elsewhere?
Those instructions were not meant to be circulated and have a warning. They are going to get attention from us in the near future.
Is it possible to install arm on freeBSD and if so could somebody help me with the implementation please?
Installing security/arm is simple enough.
pkg install arm
g
Am 02.12.2016 um 00:19 schrieb diffusae:
Hi!
On 02.12.2016 00:04, George wrote:
Installing security/arm is simple enough.
pkg install arm
Yes, that normally should solve your problem.
I've recognized that the dependencies are on Tor v0.2.8.9. You can't install it with security/tor-devel?
After an update I got - Tor 0.2.9.4-alpha (git-8b0755c9bb296ae2)
So you say I should better install tor instead of tor-devel?
Regards Paul
On 12/01/16 18:25, pa011 wrote:
Am 02.12.2016 um 00:19 schrieb diffusae:
Hi!
On 02.12.2016 00:04, George wrote:
Installing security/arm is simple enough.
pkg install arm
Yes, that normally should solve your problem.
I've recognized that the dependencies are on Tor v0.2.8.9. You can't install it with security/tor-devel?
After an update I got - Tor 0.2.9.4-alpha (git-8b0755c9bb296ae2)
So you say I should better install tor instead of tor-devel?
What did you update? I'm confused... were you running tor-0.2.8.9 (stable in security/tor) and upgraded via pkg(8) and got tor-0.2.9.4 which is security/tor-devel?
I tend to recommend security/tor-devel over security/tor, unless you can't regularly keep the package updated. The alpha/devel branch will generally include the latest security fixes and counter-measures to surveillance.
And on a side note, OpenBSD is likely removing lsof from their ports tree (see ports@ from today), which is a dependency for the arm port, but will have it use fstat(1) instead IIRC.
g
Am 02.12.2016 um 00:32 schrieb George:
On 12/01/16 18:25, pa011 wrote:
Am 02.12.2016 um 00:19 schrieb diffusae:
Hi!
On 02.12.2016 00:04, George wrote:
Installing security/arm is simple enough.
pkg install arm
Yes, that normally should solve your problem.
I've recognized that the dependencies are on Tor v0.2.8.9. You can't install it with security/tor-devel?
After an update I got - Tor 0.2.9.4-alpha (git-8b0755c9bb296ae2)
So you say I should better install tor instead of tor-devel?
What did you update? I'm confused... were you running tor-0.2.8.9 (stable in security/tor) and upgraded via pkg(8) and got tor-0.2.9.4 which is security/tor-devel?
I tend to recommend security/tor-devel over security/tor, unless you can't regularly keep the package updated. The alpha/devel branch will generally include the latest security fixes and counter-measures to surveillance.
And on a side note, OpenBSD is likely removing lsof from their ports tree (see ports@ from today), which is a dependency for the arm port, but will have it use fstat(1) instead IIRC.
I started with tor-devel: 0.2.7.6 did sudo pkg update && sudo pkg upgrade -y and ended so at 0.2.9.4.a
But "sudo pkg install security/arm" now made:
py27-arm: 1.4.5.0_1 python27: 2.7.12 libffi: 3.2.1 py27-setuptools27: 23.1.0 tor: 0.2.8.9
Tor can be started now when putting #Log notice file /var/log/tor/log
Starting arm by just "arm" brings up "/usr/local/bin/arm: python: not found"
Rgds Paul
See you ...
:-)
On 02.12.2016 00:57, pa011 wrote:
solved, as far as I can see now - maybe more tomorrow..
Thank you very much gentlemen for your help :-) !!!
Am 02.12.2016 um 00:51 schrieb diffusae:
ln -s /usr/local/bin/python2.7 /usr/local/bin/python
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Ok, as I am new to freeBSD some more questions please:
[WARN] Your server (x.x.x.x.:4443) has not managed to confirm that its ORPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable.
What do I have to do - how to best set-up a decent strong firewall on a freeBSD Exit? Is there any further helpful documentation around apart from the freeBSD handbook to get my learning curve up more quickly?
The more detailed the better :-) - Thanks in advance Paul
Am 02.12.2016 um 01:00 schrieb diffusae:
See you ...
:-)
On 02.12.2016 00:57, pa011 wrote:
solved, as far as I can see now - maybe more tomorrow..
Thank you very much gentlemen for your help :-) !!!
On Sat, Dec 3, 2016 at 10:14 AM, pa011 pa011@web.de wrote:
[WARN] Your server (x.x.x.x.:4443) has not managed to confirm that its ORPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable.
https://www.freebsd.org/releases/11.0R/announce.html does not ship with any packet filter enabled. So above message is unrelated.
What do I have to do - how to best set-up a decent strong firewall on a freeBSD Exit?
FreeBSD above doesn't ship with a bunch of junk enabled and attached to the net like most Linux distros do. And relays minimally only have a caching resolver client (exits only, non listening), sshd server, and tor running. Packet filters are not necessary there. The only reason to run a filter there is if you believe one of those services, or the kernel network stack itself, will be cracked somehow resulting in apps that do not already have uid zero access being run and bound to the net, and you want to impede that a while until uid zero is gained. That's usually rather pointless, so just run an [auditible] disposable unfiltered system and protect your management core. Though one might be useful in logging mode to collect different network utilization stats than netstat -ss or netflow can do.
If the stupid sshd messages bother you, filter them and/or change the port [a reasonable practice anyways].
You need to understand what a firewall is/not and can/not do before just dropping some random one in place. That takes time, lots of time, and unfortunately isn't a function of this mailing list.
Is there any further helpful documentation around apart from the freeBSD handbook to get my learning curve up more quickly?
First, read the man pages ipfw(4), pf(4), and all 'see alsos' therein. Then search: freebsd ipfw / pf, 'understanding firewalls', etc.
On 12/05/16 02:40, grarpamp wrote:
On Sat, Dec 3, 2016 at 10:14 AM, pa011 pa011@web.de wrote:
[WARN] Your server (x.x.x.x.:4443) has not managed to confirm that its ORPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable.
https://www.freebsd.org/releases/11.0R/announce.html does not ship with any packet filter enabled. So above message is unrelated.
Yes, and as I mentioned before, if you're trying to troubleshoot, start with the minimal torrc configuration as it will be easier to isolate the issue.
You might also want to try setting the "Address" knob.
What do I have to do - how to best set-up a decent strong firewall on a freeBSD Exit?
FreeBSD above doesn't ship with a bunch of junk enabled and attached to the net like most Linux distros do. And relays minimally only have a caching resolver client (exits only, non listening), sshd server, and tor running. Packet filters are not necessary there. The only reason to run a filter there is if you believe one of those services, or the kernel network stack itself, will be cracked somehow resulting in apps that do not already have uid zero access being run and bound to the net, and you want to impede that a while until uid zero is gained. That's usually rather pointless, so just run an [auditible] disposable unfiltered system and protect your management core. Though one might be useful in logging mode to collect different network utilization stats than netstat -ss or netflow can do.
Yes. And look at sshd(8) configuration. Blacklistd(8) is now in the FreeBSD 11.x branch, and a great mitigation tool for noisy sshd zombie attacks. The normal SSHD setup configuration is also recommended such as using public/private keypairs that are passwd protected.
Like all Tor relays, don't treat it as a multi-purpose system. There's no need for more than security/tor (or security/tor-devel) which has the dependency devel/libevent2.
If the stupid sshd messages bother you, filter them and/or change the port [a reasonable practice anyways].
Yes. Noisy logs tends to mean dailies/weeklies/monthlies go unread. Do make sure you configure a recipient for those.
You need to understand what a firewall is/not and can/not do before just dropping some random one in place. That takes time, lots of time, and unfortunately isn't a function of this mailing list.
True, and that's another reason why blacklistd(8) is also worth taking time to review.
Is there any further helpful documentation around apart from the freeBSD handbook to get my learning curve up more quickly?
First, read the man pages ipfw(4), pf(4), and all 'see alsos' therein. Then search: freebsd ipfw / pf, 'understanding firewalls', etc.
Ditto, but it seems getting the ORPort to reply is a higher priority and futzing around with host-based firewalling will only clutter that goal.
g
Working :-)
It looks like it was missing the Address in torrc. I added up some RAM before- that didn’t help.
Ok, now I have time to follow up all your other recommendations in the coming days.
Thank you all very much for your help!
Best Regards Paul
p.s. as it is finally that easy to get BSD running, hopefully more will follow in diversifying the tor world.
You might also want to try setting the "Address" knob.
Hi!
That's nice to hear.
RAM is also very good for tor relays. :-)
Maybe you want to change your version to tor-devel-0.2.9.5.a, if you don't done this already (e. g. portsnap fetch update && portmaster security/tor-devel).
Regards,
On 05.12.2016 18:32, pa011 wrote:
Working :-)
It looks like it was missing the Address in torrc. I added up some RAM before- that didn’t help.
Ok, now I have time to follow up all your other recommendations in the coming days.
Thank you all very much for your help!
Best Regards Paul
p.s. as it is finally that easy to get BSD running, hopefully more will follow in diversifying the tor world.
You might also want to try setting the "Address" knob.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
its working currently on Tor 0.2.8.9 (recommended) otherwise it might conflict with arm?
$ sudo pkg update && sudo pkg upgrade -y Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date.
Any quick idea how to solve that one:
Resolving svn.torproject.org (svn.torproject.org)... 2a01:4f8:172:1b46:0:abba:14:1, 138.201.14.206 Connecting to svn.torproject.org (svn.torproject.org)|2a01:4f8:172:1b46:0:abba:14:1|:443... connected. ERROR: cannot verify svn.torproject.org's certificate, issued by 'CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US': Unable to locally verify the issuer's authority. To connect to svn.torproject.org insecurely, use `--no-check-certificate'.
Rgds
Paul
Am 05.12.2016 um 18:42 schrieb diffusae:
Hi!
That's nice to hear.
RAM is also very good for tor relays. :-)
Maybe you want to change your version to tor-devel-0.2.9.5.a, if you don't done this already (e. g. portsnap fetch update && portmaster security/tor-devel).
Regards,
On 05.12.2016 18:32, pa011 wrote:
Working :-)
It looks like it was missing the Address in torrc. I added up some RAM before- that didn’t help.
Ok, now I have time to follow up all your other recommendations in the coming days.
Thank you all very much for your help!
Best Regards Paul
p.s. as it is finally that easy to get BSD running, hopefully more will follow in diversifying the tor world.
You might also want to try setting the "Address" knob.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi!
On 05.12.2016 21:32, pa011 wrote:
its working currently on Tor 0.2.8.9 (recommended) otherwise it might conflict with arm?
Yes I know this, you could solve this with a jail. So if you run tor-devel inside a jail and use a cloned loopback interface for the control port.
Any quick idea how to solve that one:
To connect to svn.torproject.org insecurely, use `--no-check-certificate'.
pkg install ca_root_nss should help. With curl I can connect to svn.
<H1>Welcome to svn.torproject.org!</H1>
Regards, Reiner
Am 05.12.2016 um 18:42 schrieb diffusae:
Hi!
That's nice to hear.
RAM is also very good for tor relays. :-)
Maybe you want to change your version to tor-devel-0.2.9.5.a, if you don't done this already (e. g. portsnap fetch update && portmaster security/tor-devel).
Regards,
On 05.12.2016 18:32, pa011 wrote:
Working :-)
It looks like it was missing the Address in torrc. I added up some RAM before- that didn’t help.
Ok, now I have time to follow up all your other recommendations in the coming days.
Thank you all very much for your help!
Best Regards Paul
p.s. as it is finally that easy to get BSD running, hopefully more will follow in diversifying the tor world.
You might also want to try setting the "Address" knob.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 6 Dec. 2016, at 08:32, diffusae punasipuli@t-online.de wrote:
Hi!
On 05.12.2016 21:32, pa011 wrote:
its working currently on Tor 0.2.8.9 (recommended) otherwise it might conflict with arm?
Yes I know this, you could solve this with a jail. So if you run tor-devel inside a jail and use a cloned loopback interface for the control port.
It's much better to use a unix socket for the control connection.
ControlPort unix:/path/no/spaces
(There's a bug in parsing control socket paths with spaces that's fixed in 0.2.9.4-alpha, but not 0.2.8.)
Loopback interfaces and jails have a tendency to leave your control port open on a public IP address if configured incorrectly. Some jail setups default to this insecure mode.
https://trac.torproject.org/projects/tor/ticket/17901
T
Any quick idea how to solve that one:
To connect to svn.torproject.org insecurely, use `--no-check-certificate'.
pkg install ca_root_nss should help. With curl I can connect to svn.
<H1>Welcome to svn.torproject.org!</H1>
Regards, Reiner
Am 05.12.2016 um 18:42 schrieb diffusae:
Hi!
That's nice to hear.
RAM is also very good for tor relays. :-)
Maybe you want to change your version to tor-devel-0.2.9.5.a, if you don't done this already (e. g. portsnap fetch update && portmaster security/tor-devel).
Regards,
On 05.12.2016 18:32, pa011 wrote:
Working :-)
It looks like it was missing the Address in torrc. I added up some RAM before- that didn’t help.
Ok, now I have time to follow up all your other recommendations in the coming days.
Thank you all very much for your help!
Best Regards Paul
p.s. as it is finally that easy to get BSD running, hopefully more will follow in diversifying the tor world.
You might also want to try setting the "Address" knob.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T
Hi Tim!
Thanks a lot for your hint.
I've changed it. I'd recognized the public IPs with arm, but didn't know the circumstances. Now it should be in a more secure mode, than before.
Regards,
On 05.12.2016 23:49, teor wrote:
On 6 Dec. 2016, at 08:32, diffusae punasipuli@t-online.de wrote:
Hi!
On 05.12.2016 21:32, pa011 wrote:
its working currently on Tor 0.2.8.9 (recommended) otherwise it might conflict with arm?
Yes I know this, you could solve this with a jail. So if you run tor-devel inside a jail and use a cloned loopback interface for the control port.
It's much better to use a unix socket for the control connection.
ControlPort unix:/path/no/spaces
(There's a bug in parsing control socket paths with spaces that's fixed in 0.2.9.4-alpha, but not 0.2.8.)
Loopback interfaces and jails have a tendency to leave your control port open on a public IP address if configured incorrectly. Some jail setups default to this insecure mode.
https://trac.torproject.org/projects/tor/ticket/17901
T
Any quick idea how to solve that one:
To connect to svn.torproject.org insecurely, use `--no-check-certificate'.
pkg install ca_root_nss should help. With curl I can connect to svn.
<H1>Welcome to svn.torproject.org!</H1>
Regards, Reiner
Am 05.12.2016 um 18:42 schrieb diffusae:
Hi!
That's nice to hear.
RAM is also very good for tor relays. :-)
Maybe you want to change your version to tor-devel-0.2.9.5.a, if you don't done this already (e. g. portsnap fetch update && portmaster security/tor-devel).
Regards,
On 05.12.2016 18:32, pa011 wrote:
Working :-)
It looks like it was missing the Address in torrc. I added up some RAM before- that didn’t help.
Ok, now I have time to follow up all your other recommendations in the coming days.
Thank you all very much for your help!
Best Regards Paul
p.s. as it is finally that easy to get BSD running, hopefully more will follow in diversifying the tor world.
You might also want to try setting the "Address" knob.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T
Doesn't deinstall py27-arm-1.4.5.0?
I not sure. If you still have arm in your package list, than it's ok.
On 02.12.2016 00:25, pa011 wrote:
Am 02.12.2016 um 00:19 schrieb diffusae:
Hi!
On 02.12.2016 00:04, George wrote:
Installing security/arm is simple enough.
pkg install arm
Yes, that normally should solve your problem.
I've recognized that the dependencies are on Tor v0.2.8.9. You can't install it with security/tor-devel?
After an update I got - Tor 0.2.9.4-alpha (git-8b0755c9bb296ae2)
So you say I should better install tor instead of tor-devel?
Regards Paul
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 2016-12-01 at 23:54, pa011 wrote:
There were some talks about network diversity recently, so I made up my mind and started a freeBSD server.
On advice from here https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431 I placed a line in the torrc file "Log notice file /var/log/tor/log"
Following these instructions from the TDP:
"touch /var/log tor && chown _tor:_tor /var/log/tor && chmod 600 /var/log/tor"
As others already said, it should be "/var/log/tor" without a space and with a slash.
But for me, it looks like you are trying to store the logs in a file "/var/log/tor/log", so in a directory named "/var/log/tor". You should delete the file you created with the touch command and instead use "mkdir /var/log/tor", then change ownership and modify access rights via chmod.
found here: https://torbsd.github.io/fbsd-relays.html I ended up getting this warning:
"[warn] Couldn't open file for 'Log notice file /var/log/tor/log': Permission denied"
Maybe I am to tired today to find the mistake - what is wrong please?
Is there a good instruction elsewhere?
Is it possible to install arm on freeBSD and if so could somebody help me with the implementation please?
Thanks
Paul
Best, Michael
Am 02.12.2016 um 00:21 schrieb Michael Armbruster:
On 2016-12-01 at 23:54, pa011 wrote:
There were some talks about network diversity recently, so I made up my mind and started a freeBSD server.
On advice from here https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431 I placed a line in the torrc file "Log notice file /var/log/tor/log"
Following these instructions from the TDP:
"touch /var/log tor && chown _tor:_tor /var/log/tor && chmod 600 /var/log/tor"
As others already said, it should be "/var/log/tor" without a space and with a slash.
But for me, it looks like you are trying to store the logs in a file "/var/log/tor/log", so in a directory named "/var/log/tor". You should delete the file you created with the touch command and instead use "mkdir /var/log/tor", then change ownership and modify access rights via chmod.
I thought it is similar to "Log notice file /var/log/tor/notices.log" in debian where you specify a single file. So you Michael say in in freeBSD the torrc file is looking for a folder entry - I will try that tomorrow.. so it will be "sudo mkdir /var/log/tor" "sudo chown _tor:_tor /var/log/tor" "sudo chmod 600 /var/log/tor"
Rgds Paul
On 12/01/16 18:33, pa011 wrote:
Am 02.12.2016 um 00:21 schrieb Michael Armbruster:
On 2016-12-01 at 23:54, pa011 wrote:
There were some talks about network diversity recently, so I made up my mind and started a freeBSD server.
On advice from here https://gist.github.com/teor2345/c6e2890c44097fd6aaceeedec08c6431 I placed a line in the torrc file "Log notice file /var/log/tor/log"
Following these instructions from the TDP:
"touch /var/log tor && chown _tor:_tor /var/log/tor && chmod 600 /var/log/tor"
As others already said, it should be "/var/log/tor" without a space and with a slash.
But for me, it looks like you are trying to store the logs in a file "/var/log/tor/log", so in a directory named "/var/log/tor". You should delete the file you created with the touch command and instead use "mkdir /var/log/tor", then change ownership and modify access rights via chmod.
I thought it is similar to "Log notice file /var/log/tor/notices.log" in debian where you specify a single file. So you Michael say in in freeBSD the torrc file is looking for a folder entry - I will try that tomorrow.. so it will be "sudo mkdir /var/log/tor" "sudo chown _tor:_tor /var/log/tor" "sudo chmod 600 /var/log/tor"
You are making a directory that even root can't cd into.
By default, FreeBSD's tor and tor-devel port want to store logs inside /var/log/tor/ regardless of what you put in the /usr/local/etc/tor/torrc file last I looked.
This is step-by-step just to illustrate what you're actually doing.
mkdir /var/log/tor;
chown _tor:_tor /var/log/tor;
mkdir chmod 700 /var/log/tor;
touch /var/log/tor/tor.log;
chmod 600 /var/log/tor/tor.log;
g
By default, FreeBSD's tor and tor-devel port want to store logs inside /var/log/tor/ regardless of what you put in the /usr/local/etc/tor/torrc file last I looked.
Are you sure? What security/tor package version was this? This never happened to me.
Am 03.12.2016 um 17:13 schrieb nusenu:
By default, FreeBSD's tor and tor-devel port want to store logs inside /var/log/tor/ regardless of what you put in the /usr/local/etc/tor/torrc file last I looked.
Are you sure? What security/tor package version was this? This never happened to me.
it was on tor-devel 0.2.7.6 :
Dec 01 20:15:11.099 [notice] Tor v0.2.7.6 (with bufferevents) running on FreeBSD with Libevent 2.0.22-stable, OpenSSL 1.0.1s-freebsd and Zlib 1.2.8. Dec 01 20:15:11.099 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Dec 01 20:15:11.100 [notice] Read configuration file "/usr/local/etc/tor/torrc". Dec 01 20:15:11.108 [notice] Opening Control listener on 127.0.0.1:9051 Dec 01 20:15:11.109 [notice] Opening OR listener on 0.0.0.0:1443 Dec 01 20:15:11.109 [notice] Opening Directory listener on 0.0.0.0:1080 Dec 01 20:15:11.000 [warn] Couldn't open file for 'Log notice file /var/log/tor/notices.log': Not a directory Dec 01 20:15:11.000 [notice] Closing partially-constructed Control listener on 127.0.0.1:9051 Dec 01 20:15:11.000 [notice] Closing partially-constructed OR listener on 0.0.0.0:1443 Dec 01 20:15:11.000 [notice] Closing partially-constructed Directory listener on 0.0.0.0:1080
and the same on tor 0.2.8.9:
if you put "Log notice file /var/log/tor/" in torrc you get [warn] Couldn't open file for 'Log notice file /var/log/tor/': Is a directory
if you change torrc to "Log notice file /var/log/tor/log" it runs trough
pa011:
if you put "Log notice file /var/log/tor/" in torrc you get [warn] Couldn't open file for 'Log notice file /var/log/tor/': Is a directory
Depending on your torrc this is expected, but George was implying another thing:
By default, FreeBSD's tor and tor-devel port want to store logs inside /var/log/tor/ **regardless** of what you put in the /usr/local/etc/tor/torrc
If my torrc says: Log notice syslog
it will not write to /var/log/tor/ so I can not confirm George's observation and was wondering what version he did observe the mentioned behavior.
Same as me ...
AFAIK it depends on your settings in torrc.
On 03.12.2016 18:02, nusenu wrote:
it will not write to /var/log/tor/ so I can not confirm George's observation and was wondering what version he did observe the mentioned behavior.
On 12/03/16 12:13, diffusae wrote:
Same as me ...
AFAIK it depends on your settings in torrc.
On 03.12.2016 18:02, nusenu wrote:
it will not write to /var/log/tor/ so I can not confirm George's observation and was wondering what version he did observe the mentioned behavior.
Hey.
It seems to not be happening anymore when restarting the tor daemon, but in the past, when setting in the torrc:
Log notice file /var/log/tor.log
... you will find that a /var/log/tor *directory* will also be created after a tor daemon restart.
g
tor-relays@lists.torproject.org
-
diffusae -
George -
grarpamp -
Marcel Krzystek -
Michael Armbruster -
nusenu -
pa011 -
teor