Hi,
I'm running a relay on debian jessie using packages from deb.torproject.org.
I want to share the problems I had so others are aware of them when upgrading their relays.
While upgrading from 0.2.7.6 to 0.2.8.6 via apt-get, I did a
tail -f syslog
to make sure I notice problems during the upgrade. (I expected a simple restart of all running tor instances)
I use debian's multi instance systemd service file.
When upgrading, all running tor instances are stopped (not restarted, as expected)
syslog shows:
Interrupt: we have stopped accepting new connections, and will shut down in 30 seconds. Interrupt again to exit now.
Clean shutdown finished. Exiting.
(problem is reproducible)
Side note (unrelated to the upgrade but also relevant for the debian tor package from deb.torproject.org repo):
Stopping the default instance stops all instances due to
/lib/systemd/system/tor@.service:
[...]
PartOf=tor.service ReloadPropagatedFrom=tor.service
How about using the same way as the RPM maintainer does - so one can enable the default instance without affecting all others?
PartOf=tor-master.service ReloadPropagatedFrom=tor-master.service
When upgrading, all running tor instances are stopped (not restarted, as
expected)
syslog shows:
Interrupt: we have stopped accepting new connections, and will shut down
in 30 seconds. Interrupt again to exit now.
Clean shutdown finished. Exiting.
(problem is reproducible)
I just had the same experience upgrading my relays, but I think this is to be expected? New connections are blocked and there's 30 seconds to give existing connections a chance to gracefully complete. The daemon is then stopped while the packages upgrade, then it's restarted. I think it's been handled like that for a while, although my memory is a little fuzzy since I hadn't upgraded in the last 6 months.
On August 3, 2016 at 11:04 PM Green Dream greendream848@gmail.com wrote:
> When upgrading, all running tor instances are stopped (not restarted, as expected) > syslog shows: > Interrupt: we have stopped accepting new connections, and will shut down in 30 seconds. Interrupt again to exit now. > Clean shutdown finished. Exiting. > (problem is reproducible) I just had the same experience upgrading my relays, but I think this is to be expected? New connections are blocked and there's 30 seconds to give existing connections a chance to gracefully complete. The daemon is then stopped while the packages upgrade, then it's restarted. I think it's been handled like that for a while, although my memory is a little fuzzy since I hadn't upgraded in the last 6 months.
Well if your tor instance started again automatically after the upgrade then you didn't experience the same problem as I did, because it did NOT restart it simply stopped without starting again at all.
I expected it to restart (as it did during previous updates).
Sorry, I didn't understand that your daemon didn't restart after the upgrade. I ran through the upgrade on 2 relays, and apt started the service post-upgrade on both.
On August 3, 2016 at 11:51 PM Green Dream greendream848@gmail.com wrote:
Sorry, I didn't understand that your daemon didn't restart after the upgrade. I ran through the upgrade on 2 relays, and apt started the service post-upgrade on both.
Since it is reproducible in my case as well I assume you do _not_ have the following constellation:
tor.service is disabled and stopped (I don't use the default instance)
tor@1 mailto:tor@1 .service is enabled and running
tor@2.service mailto:tor@2.service is enabled and running
On Thu, 04 Aug 2016, tor relay wrote:
On August 3, 2016 at 11:51 PM Green Dream greendream848@gmail.com wrote:
Sorry, I didn't understand that your daemon didn't restart after the upgrade. I ran through the upgrade on 2 relays, and apt started the service post-upgrade on both.Since it is reproducible in my case as well I assume you do _not_ have the following constellation:
tor.service is disabled and stopped (I don't use the default instance)
You should not disable tor.service.
tor.service is what controls all tor instances. The default service is tor@default.service. If you don't want it to start, one option is to move away /etc/tor/torrc.
On August 4, 2016 at 10:23 AM Peter Palfrader <weasel@torproject.org> wrote: On Thu, 04 Aug 2016, tor relay wrote: > >> > >On August 3, 2016 at 11:51 PM Green Dream <greendream848@gmail.com> wrote: Sorry, I didn't understand that your daemon didn't restart after the upgrade. I ran through the upgrade on 2 relays, and apt started the service post-upgrade on both. > >Since it is reproducible in my case as well I assume you do _not_ have the following constellation: tor.service is disabled and stopped (I don't use the default instance) >You should not disable tor.service. tor.service is what controls all tor instances. The default service is tor@default.service. If you don't want it to start, one option is to move away /etc/tor/torrc.
It is even more uncomfortable than I thought since logrotate daily reload causes all tor instances to stop if tor.service is disabled, this has certainly not been the case with 0.2.7.6.
Why this hack (disable a service by moving away its config) and not the more clean approach like the one take by the RPM maintainer?
Why this hack (disable a service by moving away its config) and not the more clean approach like the one take by the RPM maintainer?
..that allows one to manage (start/stop/enable/disable) each service separately using standard tools and methodologies (and not service specific ways like "if you want to disable it you have to move away its configuration file).
Simply moving away its configuration file will cause unnecessary logs since systemd will attempt to start tor.service every time:
Unable to open configuration file "/etc/tor/torrc".
[err] Reading config failed--see warnings above.
tor@default.service: control process exited, code=exited status=1 Failed to start Anonymizing overlay network for TCP. Unit tor@default.service entered failed state. tor@default.service start request repeated too quickly, refusing to start. Failed to start Anonymizing overlay network for TCP. Unit tor@default.service entered failed state.
If one monitors log for [err] log level events this isn't nice.
Also: you can not start/stop/restart tor.service separately without leaving all other tor instances untouched.
Please consider the RPM maintainer's approach, thank you!
On Fri, 05 Aug 2016, tor relay wrote:
Also: you can not start/stop/restart tor.service separately without leaving all other tor instances untouched.
tor.service is *not* the default service. tor.service is the collection of all service instances.
HAND.
On August 5, 2016 at 1:24 PM Peter Palfrader weasel@torproject.org wrote:
On Fri, 05 Aug 2016, tor relay wrote:
Also: you can not start/stop/restart tor.service separately without leaving all other tor instances untouched.
tor.service is *not* the default service. tor.service is the collection of all service instances.
Gosh, you are right there is tor@default.service, so you are actually already doing what is being done in RPMs and there is no need to move away /etc/tor/torrc at all :) (why didn't you mention that ;).
On Fri, 05 Aug 2016, tor relay wrote:
On August 5, 2016 at 1:24 PM Peter Palfrader weasel@torproject.org wrote:
On Fri, 05 Aug 2016, tor relay wrote:
Also: you can not start/stop/restart tor.service separately without leaving all other tor instances untouched.
tor.service is *not* the default service. tor.service is the collection of all service instances.
Gosh, you are right there is tor@default.service, so you are actually already doing what is being done in RPMs and there is no need to move away /etc/tor/torrc at all :) (why didn't you mention that ;).
I said moving it away is *one* option.
The generator will then not cause tor.service to start the default instance, so after a daemon-reload, systemd should not even attempt to start the default instance.
Also: you can not start/stop/restart tor.service separately without leaving all other tor instances untouched.
tor.service is *not* the default service. tor.service is the collection of all service instances.
Gosh, you are right there is tor@default.service, so you are actually already doing what is being done in RPMs and there is no need to move away /etc/tor/torrc at all :) (why didn't you mention that ;).
Ok, I wrote that before actually trying to disable the default instance via systemctl disable tor@default
This does not work. I fail to disable tor@default without disabling tor.service. After a reboot it is back and running.
I noticed that this service is special since it says "static" instead of "enabled" or "disabled" on other services:
systemctl status tor@default ● tor@default.service - Anonymizing overlay network for TCP Loaded: loaded (/lib/systemd/system/tor@default.service; static)
So there is no way to disable the default instance using systemctl after all?
Am 05.08.2016 um 18:27 schrieb tor relay:
Also: you can not start/stop/restart tor.service separately without leaving all other tor instances untouched.
tor.service is *not* the default service. tor.service is the collection of all service instances.
Gosh, you are right there is tor@default.service, so you are actually already doing what is being done in RPMs and there is no need to move away /etc/tor/torrc at all :) (why didn't you mention that ;).
Ok, I wrote that before actually trying to disable the default instance via systemctl disable tor@default
This does not work. I fail to disable tor@default without disabling tor.service. After a reboot it is back and running.
I noticed that this service is special since it says "static" instead of "enabled" or "disabled" on other services:
systemctl status tor@default ● tor@default.service - Anonymizing overlay network for TCP Loaded: loaded (/lib/systemd/system/tor@default.service; static)
So there is no way to disable the default instance using systemctl after all? _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I really don't understand the problem here... Why don't you just move one of your multi-instances to the default instance? Then you have the tor@default.service and the tor@whatever.service and you are good to go with whatever you wanted to achieve.
Best, Michael
So there is no way to disable the default instance using systemctl after all?
To answer my own question: systemctl mask tor@default disables the default instance for real.
..but I'm still curious why tor@default is a static unit (without [Install] section) https://bbs.archlinux.org/viewtopic.php?id=147964
made a ticket: https://trac.torproject.org/projects/tor/ticket/19847
I am inexperienced an have probably the same problem after upgrading to 0.2.8.6.
Even after reboot my second instance Tor-tor2 is running while the default service is exiting - syslog looks like this:
Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.744 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/etc/tor/torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.747 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Bad number of mask bits (80) on address range; rejecting. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Couldn't parse line "x.x.x.x/80". Dropping Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Malformed policy 'reject x.x.x.x/80'. Discarding entire policy list. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [warn] Failed to parse/validate config: Error in ExitPolicy entry. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [err] Reading config failed--see warnings above. Aug 6 12:11:33 systemd[1]: tor@default.service: control process exited, code=exited status=1 Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:33 systemd[1]: tor@default.service start request repeated too quickly, refusing to start. Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:38 Tor-tor2[492]: Bootstrapped 80%: Connecting to the Tor network Aug 6 12:11:38 Tor-tor2[492]: Signaled readiness to systemd Aug 6 12:11:38 Tor-tor2[492]: Opening Control listener on /var/run/tor-instances/tor2/control Aug 6 12:11:38 Tor-tor2[492]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 85%: Finishing handshake with first hop Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 90%: Establishing a Tor circuit Aug 6 12:11:40 Tor-tor2[492]: Tor has successfully opened a circuit. Looks like client functionality is working. Aug 6 12:11:40 Tor-tor2[492]: Bootstrapped 100%: Done
Could somebody please give me a detailed hint what to do please?
Thanks Paul
Am 05.08.2016 um 20:27 schrieb tor relay:
So there is no way to disable the default instance using systemctl after all?
To answer my own question: systemctl mask tor@default disables the default instance for real.
..but I'm still curious why tor@default is a static unit (without [Install] section) https://bbs.archlinux.org/viewtopic.php?id=147964 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi Paul,
You have applied a wrong ExitPolicy entry somewhere in your torrc for the default instance.
You wrote
"ExitPolicy reject x.x.x.x/80"
though most probably you wanted to block the port 80 on a specific address, so you have to provide
"ExitPolicy reject x.x.x.x:80"
instead, with a colon, not a slash. The slash is there to block a specific address *range*. You can read more about subnets and the calculation for a bitmask here: https://en.wikipedia.org/wiki/Subnetwork
Best, Michael
On 2016-08-06 at 13:30, pa011 wrote:
I am inexperienced an have probably the same problem after upgrading to 0.2.8.6.
Even after reboot my second instance Tor-tor2 is running while the default service is exiting - syslog looks like this:
Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.744 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/etc/tor/torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.747 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Bad number of mask bits (80) on address range; rejecting. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Couldn't parse line "x.x.x.x/80". Dropping Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Malformed policy 'reject x.x.x.x/80'. Discarding entire policy list. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [warn] Failed to parse/validate config: Error in ExitPolicy entry. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [err] Reading config failed--see warnings above. Aug 6 12:11:33 systemd[1]: tor@default.service: control process exited, code=exited status=1 Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:33 systemd[1]: tor@default.service start request repeated too quickly, refusing to start. Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:38 Tor-tor2[492]: Bootstrapped 80%: Connecting to the Tor network Aug 6 12:11:38 Tor-tor2[492]: Signaled readiness to systemd Aug 6 12:11:38 Tor-tor2[492]: Opening Control listener on /var/run/tor-instances/tor2/control Aug 6 12:11:38 Tor-tor2[492]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 85%: Finishing handshake with first hop Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 90%: Establishing a Tor circuit Aug 6 12:11:40 Tor-tor2[492]: Tor has successfully opened a circuit. Looks like client functionality is working. Aug 6 12:11:40 Tor-tor2[492]: Bootstrapped 100%: Done
Could somebody please give me a detailed hint what to do please?
Thanks Paul
Am 05.08.2016 um 20:27 schrieb tor relay:
So there is no way to disable the default instance using systemctl after all?
To answer my own question: systemctl mask tor@default disables the default instance for real.
..but I'm still curious why tor@default is a static unit (without [Install] section) https://bbs.archlinux.org/viewtopic.php?id=147964 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thank you Michael for your hint - corrected that, but still having that problem with main instance not running:
Aug 6 14:30:02 systemd-sysctl[142]: Failed to write '10 # to reboot after kernel panic' to '/proc/sys/kernel/panic': Invalid argument Aug 6 14:30:02 systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE Aug 6 14:30:02 systemd[1]: Failed to start Apply Kernel Variables. Aug 6 14:30:02 systemd[1]: Unit systemd-sysctl.service entered failed state. Aug 6 14:30:02 kbd[135]: Setting console screen modes. Aug 6 14:30:02 kbd[135]: setterm: $TERM ist nicht festgelegt. Aug 6 14:30:02 keyboard-setup[158]: Setting preliminary keymap...done. Aug 6 14:30:02 netfilter-persistent[277]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start Aug 6 14:30:02 netfilter-persistent[277]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start Aug 6 14:30:02 console-setup[220]: Setting up console font and keymap...done. Aug 6 14:30:02 networking[297]: Configuring network interfaces...done. Aug 6 14:30:02 rpcbind[399]: Starting rpcbind daemon.... Aug 6 14:30:02 rpc.statd[416]: Version 1.2.8 starting Aug 6 14:30:02 sm-notify[417]: Version 1.2.8 starting Aug 6 14:30:02 nfs-common[411]: Starting NFS common utilities: statd idmapd. Aug 6 14:30:02 atd[433]: Cannot change to /var/spool/cron/atjobs: No such file or directory Aug 6 14:30:02 install[431]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:02 sysstat[445]: Starting the system activity data collector: sadc.Aug 6 14:30:02 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:02 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:02 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:02 systemd[1]: atd.service: main process exited, code=exited, status=1/FAILURE Aug 6 14:30:02 systemd[1]: Unit atd.service entered failed state. Aug 6 14:30:02 sed[481]: DataDirectory /var/lib/tor-instances/tor2 Aug 6 14:30:02 sed[481]: PidFile /var/run/tor-instances/tor2/tor.pid Aug 6 14:30:02 sed[481]: RunAsDaemon 0 Aug 6 14:30:02 sed[481]: User _tor-tor2 Aug 6 14:30:02 sed[481]: SyslogIdentityTag tor2 Aug 6 14:30:02 sed[481]: ControlSocket /var/run/tor-instances/tor2/control GroupWritable RelaxDirModeCheck Aug 6 14:30:02 sed[481]: SocksPort unix:/var/run/tor-instances/tor2/socks WorldWritable Aug 6 14:30:02 sed[481]: CookieAuthentication 1 Aug 6 14:30:02 sed[481]: CookieAuthFileGroupReadable 1 Aug 6 14:30:02 sed[481]: CookieAuthFile /var/run/tor-instances/tor2/control.authcookie Aug 6 14:30:02 sed[481]: Log notice syslog Aug 6 14:30:03 acpid: starting up with netlink and the input layer Aug 6 14:30:03 acpid: 1 rule loaded Aug 6 14:30:03 acpid: waiting for events: event logging is off Aug 6 14:30:03 install[491]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.109 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.110 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.112 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.114 [notice] Read configuration file "/etc/tor/torrc". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.116 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.117 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.117 [notice] Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.118 [notice] Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.120 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.120 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.122 [notice] Not disabling debugger attaching for unprivileged users. Aug 6 14:30:03 tor[482]: Configuration was valid Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.126 [notice] Not disabling debugger attaching for unprivileged users. Aug 6 14:30:03 tor[489]: Configuration was validAug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.222 [notice] Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening Control listener on 127.0.0.1:9051 Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening OR listener on 0.0.0.0:443 Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening Directory listener on 0.0.0.0:80 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.230 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.235 [notice] Opening Socks listener on 127.0.0.1:0 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.236 [notice] Socks listener listening on port 38400. Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening Control listener on 127.0.0.1:9052 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening OR listener on 0.0.0.0:444 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening Directory listener on 0.0.0.0:81 Aug 6 14:30:03 Tor-tor2[500]: Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8. Aug 6 14:30:03 Tor-tor2[500]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Aug 6 14:30:03 Tor-tor2[500]: Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 Tor-tor2[500]: Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 Tor-tor2[500]: Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMemInQueues by hand. Aug 6 14:30:03 Tor-tor2[500]: Opening Socks listener on 127.0.0.1:0 Aug 6 14:30:03 Tor-tor2[500]: Socks listener listening on port 38400. Aug 6 14:30:03 Tor-tor2[500]: Opening Control listener on 127.0.0.1:9052 Aug 6 14:30:03 Tor-tor2[500]: Opening OR listener on 0.0.0.0:444 Aug 6 14:30:03 Tor-tor2[500]: Opening Directory listener on 0.0.0.0:81 Aug 6 14:30:03 Tor-tor2[500]: Not disabling debugger attaching for unprivileged users.Aug 6 14:30:03 install[503]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 Tor-tor2[500]: Parsing GEOIP IPv4 file /usr/share/tor/geoip. Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 Tor-tor2[500]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Aug 6 14:30:03 install[510]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 Tor-tor2[500]: Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from no$ Aug 6 14:30:03 Tor-tor2[500]: Your Tor server's identity key fingerprint is ' Aug 6 14:30:03 Tor-tor2[500]: Bootstrapped 0%: Starting Aug 6 14:30:03 install[517]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:04 systemd[1]: tor@tor.service start request repeated too quickly, refusing to start. Aug 6 14:30:04 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor).
Rgds
Paul
Am 06.08.2016 um 14:06 schrieb Michael Armbruster:
Hi Paul,
You have applied a wrong ExitPolicy entry somewhere in your torrc for the default instance.
You wrote
"ExitPolicy reject x.x.x.x/80"
though most probably you wanted to block the port 80 on a specific address, so you have to provide
"ExitPolicy reject x.x.x.x:80"
instead, with a colon, not a slash. The slash is there to block a specific address *range*. You can read more about subnets and the calculation for a bitmask here: https://en.wikipedia.org/wiki/Subnetwork
Best, Michael
On 2016-08-06 at 13:30, pa011 wrote:
I am inexperienced an have probably the same problem after upgrading to 0.2.8.6.
Even after reboot my second instance Tor-tor2 is running while the default service is exiting - syslog looks like this:
Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.744 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/etc/tor/torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.747 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Bad number of mask bits (80) on address range; rejecting. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Couldn't parse line "x.x.x.x/80". Dropping Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Malformed policy 'reject x.x.x.x/80'. Discarding entire policy list. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [warn] Failed to parse/validate config: Error in ExitPolicy entry. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [err] Reading config failed--see warnings above. Aug 6 12:11:33 systemd[1]: tor@default.service: control process exited, code=exited status=1 Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:33 systemd[1]: tor@default.service start request repeated too quickly, refusing to start. Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:38 Tor-tor2[492]: Bootstrapped 80%: Connecting to the Tor network Aug 6 12:11:38 Tor-tor2[492]: Signaled readiness to systemd Aug 6 12:11:38 Tor-tor2[492]: Opening Control listener on /var/run/tor-instances/tor2/control Aug 6 12:11:38 Tor-tor2[492]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 85%: Finishing handshake with first hop Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 90%: Establishing a Tor circuit Aug 6 12:11:40 Tor-tor2[492]: Tor has successfully opened a circuit. Looks like client functionality is working. Aug 6 12:11:40 Tor-tor2[492]: Bootstrapped 100%: Done
Could somebody please give me a detailed hint what to do please?
Thanks Paul
Am 05.08.2016 um 20:27 schrieb tor relay:
So there is no way to disable the default instance using systemctl after all?
To answer my own question: systemctl mask tor@default disables the default instance for real.
..but I'm still curious why tor@default is a static unit (without [Install] section) https://bbs.archlinux.org/viewtopic.php?id=147964 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
The error message "Ungültiger Anwender „_tor-tor“" appears several times in your log, while there are no error messages about user "_tor-tor2". Does the first user exist?
Best regards, Alexander --- PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
On 2016-08-06 14:56, pa011 wrote:
Thank you Michael for your hint - corrected that, but still having that problem with main instance not running:
Aug 6 14:30:02 systemd-sysctl[142]: Failed to write '10 # to reboot after kernel panic' to '/proc/sys/kernel/panic': Invalid argument Aug 6 14:30:02 systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE Aug 6 14:30:02 systemd[1]: Failed to start Apply Kernel Variables. Aug 6 14:30:02 systemd[1]: Unit systemd-sysctl.service entered failed state. Aug 6 14:30:02 kbd[135]: Setting console screen modes. Aug 6 14:30:02 kbd[135]: setterm: $TERM ist nicht festgelegt. Aug 6 14:30:02 keyboard-setup[158]: Setting preliminary keymap...done. Aug 6 14:30:02 netfilter-persistent[277]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start Aug 6 14:30:02 netfilter-persistent[277]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start Aug 6 14:30:02 console-setup[220]: Setting up console font and keymap...done. Aug 6 14:30:02 networking[297]: Configuring network interfaces...done. Aug 6 14:30:02 rpcbind[399]: Starting rpcbind daemon.... Aug 6 14:30:02 rpc.statd[416]: Version 1.2.8 starting Aug 6 14:30:02 sm-notify[417]: Version 1.2.8 starting Aug 6 14:30:02 nfs-common[411]: Starting NFS common utilities: statd idmapd. Aug 6 14:30:02 atd[433]: Cannot change to /var/spool/cron/atjobs: No such file or directory Aug 6 14:30:02 install[431]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:02 sysstat[445]: Starting the system activity data collector: sadc.Aug 6 14:30:02 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:02 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:02 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:02 systemd[1]: atd.service: main process exited, code=exited, status=1/FAILURE Aug 6 14:30:02 systemd[1]: Unit atd.service entered failed state. Aug 6 14:30:02 sed[481]: DataDirectory /var/lib/tor-instances/tor2 Aug 6 14:30:02 sed[481]: PidFile /var/run/tor-instances/tor2/tor.pid Aug 6 14:30:02 sed[481]: RunAsDaemon 0 Aug 6 14:30:02 sed[481]: User _tor-tor2 Aug 6 14:30:02 sed[481]: SyslogIdentityTag tor2 Aug 6 14:30:02 sed[481]: ControlSocket /var/run/tor-instances/tor2/control GroupWritable RelaxDirModeCheck Aug 6 14:30:02 sed[481]: SocksPort unix:/var/run/tor-instances/tor2/socks WorldWritable Aug 6 14:30:02 sed[481]: CookieAuthentication 1 Aug 6 14:30:02 sed[481]: CookieAuthFileGroupReadable 1 Aug 6 14:30:02 sed[481]: CookieAuthFile /var/run/tor-instances/tor2/control.authcookie Aug 6 14:30:02 sed[481]: Log notice syslog Aug 6 14:30:03 acpid: starting up with netlink and the input layer Aug 6 14:30:03 acpid: 1 rule loaded Aug 6 14:30:03 acpid: waiting for events: event logging is off Aug 6 14:30:03 install[491]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.109 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.110 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.112 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.114 [notice] Read configuration file "/etc/tor/torrc". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.116 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.117 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.117 [notice] Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.118 [notice] Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.120 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.120 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.122 [notice] Not disabling debugger attaching for unprivileged users. Aug 6 14:30:03 tor[482]: Configuration was valid Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.126 [notice] Not disabling debugger attaching for unprivileged users. Aug 6 14:30:03 tor[489]: Configuration was validAug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.222 [notice] Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening Control listener on 127.0.0.1:9051 Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening OR listener on 0.0.0.0:443 Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening Directory listener on 0.0.0.0:80 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.230 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.235 [notice] Opening Socks listener on 127.0.0.1:0 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.236 [notice] Socks listener listening on port 38400. Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening Control listener on 127.0.0.1:9052 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening OR listener on 0.0.0.0:444 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening Directory listener on 0.0.0.0:81 Aug 6 14:30:03 Tor-tor2[500]: Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8. Aug 6 14:30:03 Tor-tor2[500]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Aug 6 14:30:03 Tor-tor2[500]: Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 Tor-tor2[500]: Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 Tor-tor2[500]: Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMemInQueues by hand. Aug 6 14:30:03 Tor-tor2[500]: Opening Socks listener on 127.0.0.1:0 Aug 6 14:30:03 Tor-tor2[500]: Socks listener listening on port 38400. Aug 6 14:30:03 Tor-tor2[500]: Opening Control listener on 127.0.0.1:9052 Aug 6 14:30:03 Tor-tor2[500]: Opening OR listener on 0.0.0.0:444 Aug 6 14:30:03 Tor-tor2[500]: Opening Directory listener on 0.0.0.0:81 Aug 6 14:30:03 Tor-tor2[500]: Not disabling debugger attaching for unprivileged users.Aug 6 14:30:03 install[503]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 Tor-tor2[500]: Parsing GEOIP IPv4 file /usr/share/tor/geoip. Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 Tor-tor2[500]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Aug 6 14:30:03 install[510]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 Tor-tor2[500]: Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from no$ Aug 6 14:30:03 Tor-tor2[500]: Your Tor server's identity key fingerprint is ' Aug 6 14:30:03 Tor-tor2[500]: Bootstrapped 0%: Starting Aug 6 14:30:03 install[517]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:04 systemd[1]: tor@tor.service start request repeated too quickly, refusing to start. Aug 6 14:30:04 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor).
Rgds
Paul
Am 06.08.2016 um 14:06 schrieb Michael Armbruster:
Hi Paul,
You have applied a wrong ExitPolicy entry somewhere in your torrc for the default instance.
You wrote
"ExitPolicy reject x.x.x.x/80"
though most probably you wanted to block the port 80 on a specific address, so you have to provide
"ExitPolicy reject x.x.x.x:80"
instead, with a colon, not a slash. The slash is there to block a specific address *range*. You can read more about subnets and the calculation for a bitmask here: https://en.wikipedia.org/wiki/Subnetwork
Best, Michael
On 2016-08-06 at 13:30, pa011 wrote:
I am inexperienced an have probably the same problem after upgrading to 0.2.8.6.
Even after reboot my second instance Tor-tor2 is running while the default service is exiting - syslog looks like this:
Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.744 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/etc/tor/torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.747 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Bad number of mask bits (80) on address range; rejecting. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Couldn't parse line "x.x.x.x/80". Dropping Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Malformed policy 'reject x.x.x.x/80'. Discarding entire policy list. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [warn] Failed to parse/validate config: Error in ExitPolicy entry. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [err] Reading config failed--see warnings above. Aug 6 12:11:33 systemd[1]: tor@default.service: control process exited, code=exited status=1 Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:33 systemd[1]: tor@default.service start request repeated too quickly, refusing to start. Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:38 Tor-tor2[492]: Bootstrapped 80%: Connecting to the Tor network Aug 6 12:11:38 Tor-tor2[492]: Signaled readiness to systemd Aug 6 12:11:38 Tor-tor2[492]: Opening Control listener on /var/run/tor-instances/tor2/control Aug 6 12:11:38 Tor-tor2[492]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 85%: Finishing handshake with first hop Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 90%: Establishing a Tor circuit Aug 6 12:11:40 Tor-tor2[492]: Tor has successfully opened a circuit. Looks like client functionality is working. Aug 6 12:11:40 Tor-tor2[492]: Bootstrapped 100%: Done
Could somebody please give me a detailed hint what to do please?
Thanks Paul
Am 05.08.2016 um 20:27 schrieb tor relay:
So there is no way to disable the default instance using systemctl after all?
To answer my own question: systemctl mask tor@default disables the default instance for real.
..but I'm still curious why tor@default is a static unit (without [Install] section) https://bbs.archlinux.org/viewtopic.php?id=147964 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Actually not - you are right Alexander! But then the question are:
- why do I need a user "_tor-tor" since the last update, when I didn’t need that before - why is it not self creating - what do I have to do - really creating "_tor-tor" with the same privileges as "_tor-tor2"?
Thanks
Paul
Am 06.08.2016 um 15:49 schrieb Alexander Dietrich:
The error message "Ungültiger Anwender „_tor-tor“" appears several times in your log, while there are no error messages about user "_tor-tor2". Does the first user exist?
Best regards, Alexander
PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
On 2016-08-06 14:56, pa011 wrote:
Thank you Michael for your hint - corrected that, but still having that problem with main instance not running:
Aug 6 14:30:02 systemd-sysctl[142]: Failed to write '10 # to reboot after kernel panic' to '/proc/sys/kernel/panic': Invalid argument Aug 6 14:30:02 systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE Aug 6 14:30:02 systemd[1]: Failed to start Apply Kernel Variables. Aug 6 14:30:02 systemd[1]: Unit systemd-sysctl.service entered failed state. Aug 6 14:30:02 kbd[135]: Setting console screen modes. Aug 6 14:30:02 kbd[135]: setterm: $TERM ist nicht festgelegt. Aug 6 14:30:02 keyboard-setup[158]: Setting preliminary keymap...done. Aug 6 14:30:02 netfilter-persistent[277]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start Aug 6 14:30:02 netfilter-persistent[277]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start Aug 6 14:30:02 console-setup[220]: Setting up console font and keymap...done. Aug 6 14:30:02 networking[297]: Configuring network interfaces...done. Aug 6 14:30:02 rpcbind[399]: Starting rpcbind daemon.... Aug 6 14:30:02 rpc.statd[416]: Version 1.2.8 starting Aug 6 14:30:02 sm-notify[417]: Version 1.2.8 starting Aug 6 14:30:02 nfs-common[411]: Starting NFS common utilities: statd idmapd. Aug 6 14:30:02 atd[433]: Cannot change to /var/spool/cron/atjobs: No such file or directory Aug 6 14:30:02 install[431]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:02 sysstat[445]: Starting the system activity data collector: sadc.Aug 6 14:30:02 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:02 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:02 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:02 systemd[1]: atd.service: main process exited, code=exited, status=1/FAILURE Aug 6 14:30:02 systemd[1]: Unit atd.service entered failed state. Aug 6 14:30:02 sed[481]: DataDirectory /var/lib/tor-instances/tor2 Aug 6 14:30:02 sed[481]: PidFile /var/run/tor-instances/tor2/tor.pid Aug 6 14:30:02 sed[481]: RunAsDaemon 0 Aug 6 14:30:02 sed[481]: User _tor-tor2 Aug 6 14:30:02 sed[481]: SyslogIdentityTag tor2 Aug 6 14:30:02 sed[481]: ControlSocket /var/run/tor-instances/tor2/control GroupWritable RelaxDirModeCheck Aug 6 14:30:02 sed[481]: SocksPort unix:/var/run/tor-instances/tor2/socks WorldWritable Aug 6 14:30:02 sed[481]: CookieAuthentication 1 Aug 6 14:30:02 sed[481]: CookieAuthFileGroupReadable 1 Aug 6 14:30:02 sed[481]: CookieAuthFile /var/run/tor-instances/tor2/control.authcookie Aug 6 14:30:02 sed[481]: Log notice syslog Aug 6 14:30:03 acpid: starting up with netlink and the input layer Aug 6 14:30:03 acpid: 1 rule loaded Aug 6 14:30:03 acpid: waiting for events: event logging is off Aug 6 14:30:03 install[491]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.109 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.110 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.112 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.114 [notice] Read configuration file "/etc/tor/torrc". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.116 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.117 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.117 [notice] Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.118 [notice] Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.120 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.120 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.122 [notice] Not disabling debugger attaching for unprivileged users. Aug 6 14:30:03 tor[482]: Configuration was valid Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.126 [notice] Not disabling debugger attaching for unprivileged users. Aug 6 14:30:03 tor[489]: Configuration was validAug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.222 [notice] Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening Control listener on 127.0.0.1:9051 Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening OR listener on 0.0.0.0:443 Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening Directory listener on 0.0.0.0:80 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.230 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.235 [notice] Opening Socks listener on 127.0.0.1:0 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.236 [notice] Socks listener listening on port 38400. Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening Control listener on 127.0.0.1:9052 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening OR listener on 0.0.0.0:444 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening Directory listener on 0.0.0.0:81 Aug 6 14:30:03 Tor-tor2[500]: Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8. Aug 6 14:30:03 Tor-tor2[500]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Aug 6 14:30:03 Tor-tor2[500]: Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 Tor-tor2[500]: Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 Tor-tor2[500]: Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMemInQueues by hand. Aug 6 14:30:03 Tor-tor2[500]: Opening Socks listener on 127.0.0.1:0 Aug 6 14:30:03 Tor-tor2[500]: Socks listener listening on port 38400. Aug 6 14:30:03 Tor-tor2[500]: Opening Control listener on 127.0.0.1:9052 Aug 6 14:30:03 Tor-tor2[500]: Opening OR listener on 0.0.0.0:444 Aug 6 14:30:03 Tor-tor2[500]: Opening Directory listener on 0.0.0.0:81 Aug 6 14:30:03 Tor-tor2[500]: Not disabling debugger attaching for unprivileged users.Aug 6 14:30:03 install[503]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 Tor-tor2[500]: Parsing GEOIP IPv4 file /usr/share/tor/geoip. Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 Tor-tor2[500]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Aug 6 14:30:03 install[510]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 Tor-tor2[500]: Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from no$ Aug 6 14:30:03 Tor-tor2[500]: Your Tor server's identity key fingerprint is ' Aug 6 14:30:03 Tor-tor2[500]: Bootstrapped 0%: Starting Aug 6 14:30:03 install[517]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:04 systemd[1]: tor@tor.service start request repeated too quickly, refusing to start. Aug 6 14:30:04 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor).
Rgds
Paul
Am 06.08.2016 um 14:06 schrieb Michael Armbruster:
Hi Paul,
You have applied a wrong ExitPolicy entry somewhere in your torrc for the default instance.
You wrote
"ExitPolicy reject x.x.x.x/80"
though most probably you wanted to block the port 80 on a specific address, so you have to provide
"ExitPolicy reject x.x.x.x:80"
instead, with a colon, not a slash. The slash is there to block a specific address *range*. You can read more about subnets and the calculation for a bitmask here: https://en.wikipedia.org/wiki/Subnetwork
Best, Michael
On 2016-08-06 at 13:30, pa011 wrote:
I am inexperienced an have probably the same problem after upgrading to 0.2.8.6.
Even after reboot my second instance Tor-tor2 is running while the default service is exiting - syslog looks like this:
Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.744 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/etc/tor/torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.747 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Bad number of mask bits (80) on address range; rejecting. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Couldn't parse line "x.x.x.x/80". Dropping Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Malformed policy 'reject x.x.x.x/80'. Discarding entire policy list. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [warn] Failed to parse/validate config: Error in ExitPolicy entry. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [err] Reading config failed--see warnings above. Aug 6 12:11:33 systemd[1]: tor@default.service: control process exited, code=exited status=1 Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:33 systemd[1]: tor@default.service start request repeated too quickly, refusing to start. Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:38 Tor-tor2[492]: Bootstrapped 80%: Connecting to the Tor network Aug 6 12:11:38 Tor-tor2[492]: Signaled readiness to systemd Aug 6 12:11:38 Tor-tor2[492]: Opening Control listener on /var/run/tor-instances/tor2/control Aug 6 12:11:38 Tor-tor2[492]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 85%: Finishing handshake with first hop Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 90%: Establishing a Tor circuit Aug 6 12:11:40 Tor-tor2[492]: Tor has successfully opened a circuit. Looks like client functionality is working. Aug 6 12:11:40 Tor-tor2[492]: Bootstrapped 100%: Done
Could somebody please give me a detailed hint what to do please?
Thanks Paul
Am 05.08.2016 um 20:27 schrieb tor relay:
So there is no way to disable the default instance using systemctl after all?
To answer my own question: systemctl mask tor@default disables the default instance for real.
..but I'm still curious why tor@default is a static unit (without [Install] section) https://bbs.archlinux.org/viewtopic.php?id=147964 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I haven't used tor-instance-create yet, but looking at "man tor-instance-create", it sounds like the user should have been created automatically when creating the instance named "tor", like it did for "tor2".
You could backup the "tor" instance's configuration and data files, create it again and restore the relevant files.
Or maybe someone familiar with tor-instance-create has a better idea for fixing this.
Best regards, Alexander --- PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
On 2016-08-06 16:49, pa011 wrote:
Actually not - you are right Alexander! But then the question are:
- why do I need a user "_tor-tor" since the last update, when I didn’t
need that before
- why is it not self creating
- what do I have to do - really creating "_tor-tor" with the same
privileges as "_tor-tor2"?
Thanks
Paul
Am 06.08.2016 um 15:49 schrieb Alexander Dietrich:
The error message "Ungültiger Anwender „_tor-tor“" appears several times in your log, while there are no error messages about user "_tor-tor2". Does the first user exist?
Best regards, Alexander
PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
On 2016-08-06 14:56, pa011 wrote:
Thank you Michael for your hint - corrected that, but still having that problem with main instance not running:
Aug 6 14:30:02 systemd-sysctl[142]: Failed to write '10 # to reboot after kernel panic' to '/proc/sys/kernel/panic': Invalid argument Aug 6 14:30:02 systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE Aug 6 14:30:02 systemd[1]: Failed to start Apply Kernel Variables. Aug 6 14:30:02 systemd[1]: Unit systemd-sysctl.service entered failed state. Aug 6 14:30:02 kbd[135]: Setting console screen modes. Aug 6 14:30:02 kbd[135]: setterm: $TERM ist nicht festgelegt. Aug 6 14:30:02 keyboard-setup[158]: Setting preliminary keymap...done. Aug 6 14:30:02 netfilter-persistent[277]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start Aug 6 14:30:02 netfilter-persistent[277]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start Aug 6 14:30:02 console-setup[220]: Setting up console font and keymap...done. Aug 6 14:30:02 networking[297]: Configuring network interfaces...done. Aug 6 14:30:02 rpcbind[399]: Starting rpcbind daemon.... Aug 6 14:30:02 rpc.statd[416]: Version 1.2.8 starting Aug 6 14:30:02 sm-notify[417]: Version 1.2.8 starting Aug 6 14:30:02 nfs-common[411]: Starting NFS common utilities: statd idmapd. Aug 6 14:30:02 atd[433]: Cannot change to /var/spool/cron/atjobs: No such file or directory Aug 6 14:30:02 install[431]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:02 sysstat[445]: Starting the system activity data collector: sadc.Aug 6 14:30:02 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:02 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:02 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:02 systemd[1]: atd.service: main process exited, code=exited, status=1/FAILURE Aug 6 14:30:02 systemd[1]: Unit atd.service entered failed state. Aug 6 14:30:02 sed[481]: DataDirectory /var/lib/tor-instances/tor2 Aug 6 14:30:02 sed[481]: PidFile /var/run/tor-instances/tor2/tor.pid Aug 6 14:30:02 sed[481]: RunAsDaemon 0 Aug 6 14:30:02 sed[481]: User _tor-tor2 Aug 6 14:30:02 sed[481]: SyslogIdentityTag tor2 Aug 6 14:30:02 sed[481]: ControlSocket /var/run/tor-instances/tor2/control GroupWritable RelaxDirModeCheck Aug 6 14:30:02 sed[481]: SocksPort unix:/var/run/tor-instances/tor2/socks WorldWritable Aug 6 14:30:02 sed[481]: CookieAuthentication 1 Aug 6 14:30:02 sed[481]: CookieAuthFileGroupReadable 1 Aug 6 14:30:02 sed[481]: CookieAuthFile /var/run/tor-instances/tor2/control.authcookie Aug 6 14:30:02 sed[481]: Log notice syslog Aug 6 14:30:03 acpid: starting up with netlink and the input layer Aug 6 14:30:03 acpid: 1 rule loaded Aug 6 14:30:03 acpid: waiting for events: event logging is off Aug 6 14:30:03 install[491]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.109 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.110 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.112 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.114 [notice] Read configuration file "/etc/tor/torrc". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.116 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.117 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.117 [notice] Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.118 [notice] Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.120 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.120 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[482]: Aug 06 14:30:03.122 [notice] Not disabling debugger attaching for unprivileged users. Aug 6 14:30:03 tor[482]: Configuration was valid Aug 6 14:30:03 tor[489]: Aug 06 14:30:03.126 [notice] Not disabling debugger attaching for unprivileged users. Aug 6 14:30:03 tor[489]: Configuration was validAug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.221 [notice] Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.222 [notice] Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening Control listener on 127.0.0.1:9051 Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening OR listener on 0.0.0.0:443 Aug 6 14:30:03 tor[497]: Aug 06 14:30:03.228 [notice] Opening Directory listener on 0.0.0.0:80 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.230 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.235 [notice] Opening Socks listener on 127.0.0.1:0 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.236 [notice] Socks listener listening on port 38400. Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening Control listener on 127.0.0.1:9052 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening OR listener on 0.0.0.0:444 Aug 6 14:30:03 tor[500]: Aug 06 14:30:03.237 [notice] Opening Directory listener on 0.0.0.0:81 Aug 6 14:30:03 Tor-tor2[500]: Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8. Aug 6 14:30:03 Tor-tor2[500]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Aug 6 14:30:03 Tor-tor2[500]: Read configuration file "/var/run/tor-instances/tor2.defaults". Aug 6 14:30:03 Tor-tor2[500]: Read configuration file "/etc/tor/instances/tor2/torrc". Aug 6 14:30:03 Tor-tor2[500]: Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMemInQueues by hand. Aug 6 14:30:03 Tor-tor2[500]: Opening Socks listener on 127.0.0.1:0 Aug 6 14:30:03 Tor-tor2[500]: Socks listener listening on port 38400. Aug 6 14:30:03 Tor-tor2[500]: Opening Control listener on 127.0.0.1:9052 Aug 6 14:30:03 Tor-tor2[500]: Opening OR listener on 0.0.0.0:444 Aug 6 14:30:03 Tor-tor2[500]: Opening Directory listener on 0.0.0.0:81 Aug 6 14:30:03 Tor-tor2[500]: Not disabling debugger attaching for unprivileged users.Aug 6 14:30:03 install[503]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 Tor-tor2[500]: Parsing GEOIP IPv4 file /usr/share/tor/geoip. Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 Tor-tor2[500]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Aug 6 14:30:03 install[510]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:03 Tor-tor2[500]: Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from no$ Aug 6 14:30:03 Tor-tor2[500]: Your Tor server's identity key fingerprint is ' Aug 6 14:30:03 Tor-tor2[500]: Bootstrapped 0%: Starting Aug 6 14:30:03 install[517]: /usr/bin/install: Ungültiger Anwender „_tor-tor“ Aug 6 14:30:03 systemd[1]: tor@tor.service: control process exited, code=exited status=1 Aug 6 14:30:03 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor). Aug 6 14:30:03 systemd[1]: Unit tor@tor.service entered failed state. Aug 6 14:30:04 systemd[1]: tor@tor.service start request repeated too quickly, refusing to start. Aug 6 14:30:04 systemd[1]: Failed to start Anonymizing overlay network for TCP (instance tor).
Rgds
Paul
Am 06.08.2016 um 14:06 schrieb Michael Armbruster:
Hi Paul,
You have applied a wrong ExitPolicy entry somewhere in your torrc for the default instance.
You wrote
"ExitPolicy reject x.x.x.x/80"
though most probably you wanted to block the port 80 on a specific address, so you have to provide
"ExitPolicy reject x.x.x.x:80"
instead, with a colon, not a slash. The slash is there to block a specific address *range*. You can read more about subnets and the calculation for a bitmask here: https://en.wikipedia.org/wiki/Subnetwork
Best, Michael
On 2016-08-06 at 13:30, pa011 wrote:
I am inexperienced an have probably the same problem after upgrading to 0.2.8.6.
Even after reboot my second instance Tor-tor2 is running while the default service is exiting - syslog looks like this:
Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.744 [notice] Tor v0.2.8.6 (git-b88847615faea7c8) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/downl$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.745 [notice] Read configuration file "/etc/tor/torrc". Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.747 [notice] Based on detected system memory, MaxMemInQueues is set to 370 MB. You can override this by setting MaxMem$ Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Bad number of mask bits (80) on address range; rejecting. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Couldn't parse line "x.x.x.x/80". Dropping Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.751 [warn] Malformed policy 'reject x.x.x.x/80'. Discarding entire policy list. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [warn] Failed to parse/validate config: Error in ExitPolicy entry. Aug 6 12:11:33 tor[542]: Aug 06 12:11:33.752 [err] Reading config failed--see warnings above. Aug 6 12:11:33 systemd[1]: tor@default.service: control process exited, code=exited status=1 Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:33 systemd[1]: tor@default.service start request repeated too quickly, refusing to start. Aug 6 12:11:33 systemd[1]: Failed to start Anonymizing overlay network for TCP. Aug 6 12:11:33 systemd[1]: Unit tor@default.service entered failed state. Aug 6 12:11:38 Tor-tor2[492]: Bootstrapped 80%: Connecting to the Tor network Aug 6 12:11:38 Tor-tor2[492]: Signaled readiness to systemd Aug 6 12:11:38 Tor-tor2[492]: Opening Control listener on /var/run/tor-instances/tor2/control Aug 6 12:11:38 Tor-tor2[492]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 85%: Finishing handshake with first hop Aug 6 12:11:39 Tor-tor2[492]: Bootstrapped 90%: Establishing a Tor circuit Aug 6 12:11:40 Tor-tor2[492]: Tor has successfully opened a circuit. Looks like client functionality is working. Aug 6 12:11:40 Tor-tor2[492]: Bootstrapped 100%: Done
Could somebody please give me a detailed hint what to do please?
Thanks Paul
Am 05.08.2016 um 20:27 schrieb tor relay:
> So there is no way to disable the default instance using > systemctl after all?
To answer my own question: systemctl mask tor@default disables the default instance for real.
..but I'm still curious why tor@default is a static unit (without [Install] section) https://bbs.archlinux.org/viewtopic.php?id=147964 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sat, 06 Aug 2016, pa011 wrote:
Actually not - you are right Alexander! But then the question are:
- why do I need a user "_tor-tor" since the last update, when I didn’t need that before
- why is it not self creating
- what do I have to do - really creating "_tor-tor" with the same privileges as "_tor-tor2"?
My guess is you manually created an /etc/tor/instances/tor next to your tor2. That's not the default instance that's failing here.
From your logs, you don't appear to have a default service. Do you not have a /etc/tor/torrc?
The only instance in /etc/tor/instances/ is tor2 There is no tor and nothing else in that directory
And I do have a torrc file in /etc/tor/
Best Regards
Paul
Am 06.08.2016 um 22:30 schrieb Peter Palfrader:
On Sat, 06 Aug 2016, pa011 wrote:
Actually not - you are right Alexander! But then the question are:
- why do I need a user "_tor-tor" since the last update, when I didn’t need that before
- why is it not self creating
- what do I have to do - really creating "_tor-tor" with the same privileges as "_tor-tor2"?
My guess is you manually created an /etc/tor/instances/tor next to your tor2. That's not the default instance that's failing here.
From your logs, you don't appear to have a default service. Do you not have a /etc/tor/torrc?
On Sat, 06 Aug 2016, pa011 wrote:
The only instance in /etc/tor/instances/ is tor2 There is no tor and nothing else in that directory
And I do have a torrc file in /etc/tor/
What does find /run/systemd -name 'tor@*' list? What do those files look like?
Hi Peter,
sorry was off a week and couldn’t answer:
/run/systemd/generator/tor.service.wants/tor@tor2.service /run/systemd/generator/tor.service.wants/tor@default.service
Anyway with "steady hand" the system seems to have repaired itself in between. I updated my other multi-instance exits today without any problems to 0.2.8.6.
Thank you !
Paul
Am 07.08.2016 um 00:58 schrieb Peter Palfrader:
find /run/systemd -name 'tor@*'
On Fri, 05 Aug 2016, tor relay wrote:
this has certainly not been the case with 0.2.7.6.
You are mistaken. Nothing in that regard has changed for 0.2.8.x
When upgrading, all running tor instances are stopped (not restarted, as expected)
This might be your root-cause as well?
https://github.com/nusenu/ansible-relayor/issues/72
I'm generating instance names based on IP addresses_ORport (so they contain "." and "_") and are therefore filtered by the generator.
Is it acceptable to add "." and "_" to the whitelist?
(patches attached)
When upgrading, all running tor instances are stopped (not restarted, as expected)
This might be your root-cause as well?
https://github.com/nusenu/ansible-relayor/issues/72
I'm generating instance names based on IP addresses_ORport (so they contain "." and "_") and are therefore filtered by the generator.
Is it acceptable to add "." and "_" to the whitelist?
(patches attached)
Based on the output of 'systemd-escape' (a tool that escapes strings for use in unit names) it is safe to use "." and "_" in unit names.
On Mon, 08 Aug 2016, nusenu wrote:
When upgrading, all running tor instances are stopped (not restarted, as expected)
This might be your root-cause as well?
https://github.com/nusenu/ansible-relayor/issues/72
I'm generating instance names based on IP addresses_ORport (so they contain "." and "_") and are therefore filtered by the generator.
Is it acceptable to add "." and "_" to the whitelist?
(patches attached)
Based on the output of 'systemd-escape' (a tool that escapes strings for use in unit names) it is safe to use "." and "_" in unit names.
I am always wary of allowing dots in anything. Allowing dots and thereby also allowing ".." is the origin of many vectors. This doesn't necessarily mean that it's a problem here, but it's the reason I usually exclude periods from.
Another is that I want to be able to move foo to foo.disabled or foo.bak, and have it not get picked up.
I could see adding underscores and hyphens, to match run-parts.
I'm generating instance names based on IP addresses_ORport (so they contain "." and "_") and are therefore filtered by the generator.
Is it acceptable to add "." and "_" to the whitelist?
(patches attached)
Based on the output of 'systemd-escape' (a tool that escapes strings for use in unit names) it is safe to use "." and "_" in unit names.
I am always wary of allowing dots in anything. Allowing dots and thereby also allowing ".." is the origin of many vectors. This doesn't necessarily mean that it's a problem here, but it's the reason I usually exclude periods from.
Since systemd devs deem it safe to use "." (and also "..") in unit files would you share their opinion or will "." stay excluded?
You are tending towards not adding it? Either way it would be nice to have a decision so I could move forward (either by simply waiting for an package update or if rejected, by finding a not-to-ugly work around for that limitation).
Another is that I want to be able to move foo to foo.disabled or foo.bak, and have it not get picked up.
That does not conflict with the idea to allow dots, yes?
thanks, nusenu
nusenu:
I'm generating instance names based on IP addresses_ORport (so they contain "." and "_") and are therefore filtered by the generator.
Is it acceptable to add "." and "_" to the whitelist?
(patches attached)
Based on the output of 'systemd-escape' (a tool that escapes strings for use in unit names) it is safe to use "." and "_" in unit names.
I am always wary of allowing dots in anything. Allowing dots and thereby also allowing ".." is the origin of many vectors. This doesn't necessarily mean that it's a problem here, but it's the reason I usually exclude periods from.
Since systemd devs deem it safe to use "." (and also "..") in unit files would you share their opinion or will "." stay excluded?
You are tending towards not adding it? Either way it would be nice to have a decision so I could move forward (either by simply waiting for an package update or if rejected, by finding a not-to-ugly work around for that limitation).
Another is that I want to be able to move foo to foo.disabled or foo.bak, and have it not get picked up.
That does not conflict with the idea to allow dots, yes?
For the record: I "solved" this problem by replacing the generator shipped by the debian package. (I added "_" and "." to the list of allowed characters.)
On systemd v219 this is rather easy, since replacing package generators is a build in feature of systemd, on debian stable (systemd v215) a dpkg-statoverride "hack" has been used, thanks to Martin Pitt (debian/ubuntu dev) for this hint.
https://github.com/nusenu/ansible-relayor/blob/0406395a8758f12abd57914532cc0...
tor-relays@lists.torproject.org
-
Alexander Dietrich -
Green Dream -
Michael Armbruster -
nusenu -
pa011 -
Peter Palfrader -
tor relay