Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Trouble-Shooting Retroshare Tor Hidden Node network connectivity issues
- In nearly all cases of Tor related issues and problems with a Retroshare user setting up and running a Retroshare Tor Hidden node, the culprit found is not Retroshare. Its often the result of the user running multiple concurrent applications over the tor network with one or more of them conflicting in the data receiving and outgoing process. Another issue that crops up now and then is a misbehaving install altering the users tor configuration torrc file.
- 1) The easiest method in the past has been to open a terminal window and run the same tor binary they are using to provide the RetroShare Tor Hidden Node service networking. $ ./tor and reading the output in real-time or setting the logging flags to a text file for them to submit to tor users to glance at and determine what their issue is.
- If there is no tor log file command in the tor torrc file, you can add this to the torrc file using your text editor in the upper section of torrc commands. Check to see if your torrc file is in the hidden primary .retroshare folder in folder named tor.
- With your text editor open the torrc file. On my linux system this is located in the hidden folder .retroshare/tor/torrc
- which normally contains a single torrc command line
- ControlPort auto
- To add the log file command the Retroshare Tor Hidden node must be Shut-Down in order for your addition to the Retroshare torrc file to be saved. With your text editor (Pluma, Notepad etc.) add the single additional log command to your torrc file resulting in the following
- ControlPort auto
- Log notice file retroshare-torlog.txt
- Save and then run your Retroshare Tor Hidden Node and after 1-2 minutes when the circuit network has created the new network OR has completely failed to do so then quit or kill the RetroShare instance using the quit or system monitor kill option and review the retroshare-torlog.txt file using your text editor (Pluma, Notepad etc.) if conflicts or error messages are not enough for you to work out your tor connectivity alone then provide your short log to more experienced tor users to help you discern what your connection issues are. The newly created retroshare-torlog.txt file should be found in your users home folder.
- Often the log file quickly shows what the problem and issues are preventing a Tor Network to be 100% generated.
- Note, when logging of your tor connection is no longer needed, using your text editor application delete the torrc log notice command out. Otherwise your notices.log file would continuously get larger and larger.
- ControlPort auto
- Log notice file retroshare-torlog.txt <-- delete this single added torrc command line when you do not need active logging
- torrc command syntax and examples references
- https://github.com/torproject/tor/blob/main/src/config/torrc.sample.in
- https://helpmanual.io/man5/torrc/
- Remember in the new tor binary's, all old v2 short .onion urls are no longer being used nor connected to, only the new v3 long .onion links of users and websites are routed, connected to and sharing data now.
- Tor Binary and Source to compile download reference https://www.torproject.org/download/tor/
- Example old no longer used v2 tor short .onion link e34ylf2agbxzrw42.onion
- Example new currently used v3 tor long secure onion link tastors5pmf7odh3mj5exziunehbbx6v4mlhdthod7dejzjcwvkh5rid.onion
- 2) Another troubleshooting method which is very valid for users running multiple tor networked applications concurrently is to isolate their Retroshare Tor circuit connectivity solely to the Retroshare application. Turn-off each and every tor networked application on the system. If available, use a system monitor to kill all instances of the tor binarys running in the background also. Start the Retroshare Tor Hidden Node to see if Retroshare connects with your friends and the Preference -- Network settings indicate the Tor incoming, outgoing connectivity is Okay, Green.
- 3) Some nations are making it very difficult to sustain a Tor Network Circuit normally. China, Russia, Australia come to mind. There's likely others also that interfere with tor users, tor servers and the tor network in the Middle East and elsewhere. Setting up a stand-alone custom torrc for obfuscation abilities and its tor plugins for fooling the Great firewall state sponsored clamping down on Tor users is touched on in another pastebin where I explored, tested and set that up for a Chinese student deep behind the Chinese Firewall. However using Relays and Tor Obfuscation Plugins obtained from the Tor Browser is possible for an advanced tor user and in a manual Retroshare Tor Hidden node setup, they can include relays and or obfuscation plugins commands in a normal tor torrc file to use.
- Tip: If you can directly connect to tor using the Tor Browser to the tor network, its likely your nation and ISP provider is not blocking all tor network ability. If on the other hand you need to use a plugin obfuscation mode to connect to the tor network or a relay bridge then its entirely likely that your Nation or ISP provider is hampering or blocking the use of the tor network but it is still possible to manually setup a Retroshare Tor hidden node in advanced mode and add the binary plugins (borrowing them from the tor browser to your system files) then call them into use in the tor torrc file.
- .
- Reference Linux Ubuntu tor v3 hidden node torrc file example
- https://pastebin.com/7tSrkDwJ
- .
- FAQ: Do you need in series of troubleshooting exercises to Forward your Tor Ports? The Tor Network often doesn't need to have its ports forwarded to function. Obviously if the Tor Browser is operating correctly you know Port 9150 and likely 9160 are open use.
- Do you need to expressly generate and use a Tor V3 .onion url? Yes, the previous two Tor binary stables refuse to connect to the older short .onion url and flat-out ignores them. Many experienced tor users and operators running the tor binarys in terminal windows have seen those expressions and immediately switched all of their websites, coding and gear over to fully embrace the more secure Tor v3 upgrade.
- Do you just increment the tor ports to use by 1 such as 9050, 9051 ? No, they should be at least 2 and I would urge at least 10 from one tor port in use to the next. Port 9050, 9060, 9150, 9160, 9170 etc. Retroshare's automatic tor configuration coding determines unused, available ports to use, its useful to write those down in the context they are used.
- Sep 24 21:32:02.992 [notice] Tor 0.4.6.7 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, Libzstd N/A and Glibc 2.31 as libc.
- I believe the stable releases of Tor v3 0.4.6.6 and now Tor v3 0.4.6.7 onward will totally ignore all v2 Onion urls and v2 hidden service websites.
- Example Upgrade your tor router to v0.4.6.6
- https://pastebin.com/GZ6CxM9Q
- .
- Download Tor
- Torproject Downloads
- https://www.torproject.org/download/tor/
- .
- linux build tor-0.4.6.7 configure, compile, installed into your system files from its source.
- $ ./configure
- $ make
- $ sudo make install
- .
- Unstable Alpha 0.4.7.1-alpha released Sept 17th. 2021
- Why there is so much interest in this latest alpha unstable release of Tor?
- At long last the developers have added teeth to protecting the tor network layer-2 guard relays from discovery attacks.
- .
- Changes in version 0.4.7.1-alpha - 2021-09-17
- This version is the first alpha release of the 0.4.7.x series. One
- major feature is Vanguards Lite, from proposal 333, to help mitigate
- guard discovery attacks against onion services. It also includes
- numerous bug fixes.
- o Major features (Proposal 332, onion services, guard selection algorithm):
- - Clients and onion services now choose four long-lived "layer 2"
- guard relays for use as the middle hop in all onion circuits.
- These relays are kept in place for a randomized duration averaging
- 1 week. This mitigates guard discovery attacks against clients and
- short-lived onion services such as OnionShare. Long-lived onion
- services that need high security should still use the Vanguards
- addon (https://github.com/mikeperry-tor/vanguards). Closes ticket
- 40363; implements proposal 333.
- o Minor features (bridge testing support):
- - Let external bridge reachability testing tools discard cached
- bridge descriptors when setting new bridges, so they can be sure
- to get a clean reachability test. Implements ticket 40209.
- o Minor features (fuzzing):
- - When building with --enable-libfuzzer, use a set of compiler flags
- that works with more recent versions of the library. Previously we
- were using a set of flags from 2017. Closes ticket 40407.
- o Minor features (testing configuration):
- - When TestingTorNetwork is enabled, skip the permissions check on
- hidden service directories. Closes ticket 40338.
- - On a testing network, relays can now use the
- TestingMinTimeToReportBandwidth option to change the smallest
- amount of time over which they're willing to report their observed
- maximum bandwidth. Previously, this was fixed at 1 day. For
- safety, values under 2 hours are only supported on testing
- networks. Part of a fix for ticket 40337.
- - Relays on testing networks no longer rate-limit how frequently
- they are willing to report new bandwidth measurements. Part of a
- fix for ticket 40337.
- - Relays on testing networks now report their observed bandwidths
- immediately from startup. Previously, they waited until they had
- been running for a full day. Closes ticket 40337.
- o Minor bugfixes (circuit padding):
- - Don't send STOP circuit padding cells when the other side has
- already shut down the corresponding padding machine. Fixes bug
- 40435; bugfix on 0.4.0.1-alpha.
- o Minor bugfixes (compatibility):
- - Fix compatibility with the most recent Libevent versions, which no
- longer have an evdns_set_random_bytes() function. Because this
- function has been a no-op since Libevent 2.0.4-alpha, it is safe
- for us to just stop calling it. Fixes bug 40371; bugfix
- on 0.2.1.7-alpha.
- o Minor bugfixes (control, sandbox):
- - Allows the control command SAVECONF to succeed when the seccomp
- sandbox is enabled. Makes SAVECONF keep only one backup file, to
- simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha.
- Patch by Daniel Pinto.
- o Minor bugfixes (heartbeat):
- - Adjust the heartbeat log message about distinct clients to
- consider the HeartbeatPeriod rather than a flat 6-hour delay.
- Fixes bug 40330; bugfix on 0.2.6.3-alpha.
- o Minor bugfixes (logging, relay):
- - Add spaces between the "and" when logging the "Your server has not
- managed to confirm reachability for its" on dual-stack relays.
- Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan.
- o Minor bugfixes (onion service):
- - Do not flag an HSDir as non-running in case the descriptor upload
- or fetch fails. An onion service closes pending directory
- connections before uploading a new descriptor which leads to
- wrongly flagging many relays and thus affecting circuit path
- selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
- o Minor bugfixes (statistics):
- - Fix a fencepost issue when we check stability_last_downrated where
- we called rep_hist_downrate_old_runs() twice. Fixes bug 40394;
- bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan.
- o Minor bugfixes (tests):
- - Fix a bug that prevented some tests from running with the correct
- names. Fixes bug 40365; bugfix on 0.4.3.1-alpha.
- o Documentation:
- - Add links to original tor design paper and anonbib to
- docs/HACKING/README.1st.md. Closes ticket 33742. Patch from
- Emily Bones.
- - Describe the "fingerprint-ed25519" file in the tor.1 man page.
- Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan.
- ================================================================================
- Sample retroshare-torlog.txt output file on a successful Retroshare Tor Hidden Node tor circuit start-up
- Sep 26 14:54:09.000 [notice] Tor 0.4.7.1-alpha opening new log file.
- Sep 26 14:54:09.442 [notice] We compiled with OpenSSL 1010106f: OpenSSL 1.1.1f 31 Mar 2020 and we are running with OpenSSL 1010106f: 1.1.1f. These two versions should be binary compatible.
- Sep 26 14:54:09.443 [notice] Tor 0.4.7.1-alpha running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, Libzstd N/A and Glibc 2.31 as libc.
- Sep 26 14:54:09.443 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
- Sep 26 14:54:09.443 [notice] This version is not a stable Tor release. Expect more bugs than usual.
- Sep 26 14:54:09.443 [notice] Read configuration file "/home/name/.retroshare/tor/default_torrc".
- Sep 26 14:54:09.443 [notice] Read configuration file "/home/name/.retroshare/tor//torrc".
- Sep 26 14:54:09.445 [notice] Opening Socks listener on 127.0.0.1:0
- Sep 26 14:54:09.445 [notice] Socks listener listening on port 40249.
- Sep 26 14:54:09.445 [notice] Opened Socks listener connection (ready) on 127.0.0.1:40249
- Sep 26 14:54:09.445 [notice] Opening Control listener on 127.0.0.1:0
- Sep 26 14:54:09.445 [notice] Control listener listening on port 39565.
- Sep 26 14:54:09.445 [notice] Opened Control listener connection (ready) on 127.0.0.1:39565
- Sep 26 14:54:09.000 [notice] Parsing GEOIP IPv4 file /usr/local/share/tor/geoip.
- Sep 26 14:54:09.000 [notice] Parsing GEOIP IPv6 file /usr/local/share/tor/geoip6.
- Sep 26 14:54:09.000 [notice] Bootstrapped 0% (starting): Starting
- Sep 26 14:54:09.000 [notice] Starting with guard context "default"
- Sep 26 14:54:10.000 [notice] New control connection opened from 127.0.0.1.
- Sep 26 14:54:10.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
- Sep 26 14:54:11.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
- Sep 26 14:54:11.000 [notice] Tor 0.4.7.1-alpha opening log file.
- Sep 26 14:54:11.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
- Sep 26 14:54:12.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
- Sep 26 14:54:12.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
- Sep 26 14:54:12.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
- Sep 26 14:54:12.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
- Sep 26 14:54:13.000 [notice] Bootstrapped 100% (done): Done
- Sep 26 14:54:50.000 [notice] Owning controller connection has closed -- exiting now.
- Sep 26 14:54:50.000 [notice] Catching signal TERM, exiting cleanly.
- Exited, quit the Retroshare Tor Hidden Node which also shut down this tor binary usage.
- Note, I'm running the newest alpha-test tor binary router for this test. Tor 0.4.7.1-alpha
- Note the Retroshare coding is using the user systems file installed Tor binary and geoip, geoip6 files.
Add Comment
Please, Sign In to add comment