Opened 5 years ago

Closed 5 years ago

#15073 closed defect (not a bug)

issue with establishing tor connection in linux

Reported by: hsafe Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version: Tor: 0.2.5.10
Severity: Keywords: tor iran linux
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hello
I am a user in Iran, running tor on a linux. Recently- more than a week- tor failed to establish connection to the tor network, messages as such:
Feb 28 09:40:46.000 [notice] Bootstrapped 0%: Starting
Feb 28 09:40:47.000 [notice] Bootstrapped 5%: Connecting to directory server
Feb 28 09:41:50.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Feb 28 09:41:51.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
Feb 28 09:41:51.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
Feb 28 09:41:51.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Feb 28 09:47:20.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.

I know that your first advise must be using the tor-browser but for the technical reason and ease of use and also torrifying everything outo f my linux I much prepfer to use tor as a daemon built in app in linux.

I tried to troubleshoot all the possible ways including a new kvm and setting tor in it to observe the connection establishment and if that is suppressed by the Iran regime. I should say that there I received pretty funny messages as:

Feb 28 09:57:48.000 [warn] 10 connections died in state connect()ing with SSL state (No SSL object)
Feb 28 09:59:05.000 [warn] Problem bootstrapping. Stuck at 50%: Loading relay descriptors. (Connection timed out; TIMEOUT; count 12; recommendation warn)
Feb 28 09:59:05.000 [warn] 11 connections have failed:
Feb 28 09:59:05.000 [warn] 11 connections died in state connect()ing with SSL state (No SSL object)

or
Feb 28 10:06:14.000 [notice] Bootstrapped 100%: Done
Feb 28 10:06:32.000 [warn] Received http status code 404 ("Not found") from server '85.14.240.188:443' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
Feb 28 10:08:45.000 [warn] parse error: Malformed object: missing object end line
Feb 28 10:08:45.000 [warn] Unparseable microdescripto

or

Feb 25 11:51:53.000 [warn] I'm about to ask a node for a connection that I am telling it to fulfil with neither IPv4 nor IPv6. That's not going to work. Did you perhaps ask for an IPv6 address on an IPv4Only port, or vice versa?
Feb 25 11:51:53.000 [warn] I'm about to ask a node for a connection that I am telling it to fulfil with neither IPv4 nor IPv6. That's not going to work. Did you perhaps ask for an IPv6 address on an IPv4Only port, or vice versa?
Feb 25 11:52:05.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0~destiny at 94.242.246.23. Retrying on a new circuit.
Feb 25 11:52:05.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0~destiny at 94.242.246.23. Retrying on a new circuit.

pretty much seems to my eyes a tampered ssl. My tor config is straight forward and includes a default 9050 port socks 5 on the 127.0.0.1.
Here is the signature and version info:
-Linux localhost 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
-tor-0.2.5.10-1.el6.x86_64
-torsocks-2.0.0-2.el6.x86_64

Child Tickets

Change History (6)

comment:1 in reply to:  description Changed 5 years ago by mrphs

Replying to hsafe:

I am a user in Iran, running tor on a linux. Recently- more than a week- tor failed to establish connection to the tor network, messages as such:
Feb 28 09:41:51.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Feb 28 09:47:20.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.

Have you tried (obfs) bridges?

I know that your first advise must be using the tor-browser but for the technical reason and ease of use and also torrifying everything outo f my linux I much prepfer to use tor as a daemon built in app in linux.

Do you know about Tails? That's exactly what you're looking for, plus some more hardening and configs that you might not have even thought about.

I tried to troubleshoot all the possible ways including a new kvm and setting tor in it to observe the connection establishment and if that is suppressed by the Iran regime. I should say that there I received pretty funny messages as:

Feb 28 09:57:48.000 [warn]  10 connections died in state connect()ing with SSL state (No SSL object)
Feb 28 09:59:05.000 [warn] Problem bootstrapping. Stuck at 50%: Loading relay descriptors. (Connection timed out; TIMEOUT; count 12; recommendation warn)
Feb 28 09:59:05.000 [warn] 11 connections have failed:
Feb 28 09:59:05.000 [warn]  11 connections died in state connect()ing with SSL state (No SSL object)

or

Feb 28 10:06:14.000 [notice] Bootstrapped 100%: Done
Feb 28 10:06:32.000 [warn] Received http status code 404 ("Not found") from server '85.14.240.188:443' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
Feb 28 10:08:45.000 [warn] parse error: Malformed object: missing object end line
Feb 28 10:08:45.000 [warn] Unparseable microdescripto

I wonder what changes did you make to manage to get the errors mentioned above.

pretty much seems to my eyes a tampered ssl. My tor config is straight forward and includes a default 9050 port socks 5 on the 127.0.0.1.
Here is the signature and version info:
-Linux localhost 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
-tor-0.2.5.10-1.el6.x86_64
-torsocks-2.0.0-2.el6.x86_64

How did you download your Tor? Did you verify the signature?

comment:2 Changed 5 years ago by hsafe

well it is the distro source ,i.e the epel which in that case is not that outdated. I quite did not get your point related to the changes I did,however suppose that I did a two identical OS(Centos 6.5), one as KVM sitting behind the same Internet and all sorts of the possible scenarios I could think of. However the setting and config- I assure you-are no different from the defaults and while I did play around but eventually got myself the identical routine method of installation.

comment:3 Changed 5 years ago by mrphs

Well, I suggest you download the latest Tor Browser and see how it goes. You can connect other apps to 127.0.0.1:9150 while the browser is open.

And if you're insisting on running Tor as a daemon, try adding obfs bridges. I strongly encourage you to look into Tails.

Last edited 5 years ago by mrphs (previous) (diff)

comment:4 Changed 5 years ago by hsafe

how do I add the obfs birdges ? can you guide me ? Thanks

comment:5 Changed 5 years ago by hsafe

Hi
I guess I found it out, seems that I only need to get a list through mailing tor and then modify the parameters in the /etc/tor/torrc file...something like :
Usage

In my torrc:

UseBridges 1
Bridge obfs2 ip:port fingerprint
Bridge obfs3 ip:port fingerprint

But is that it? does it end there and I need no client side installation?

comment:6 Changed 5 years ago by mrphs

Resolution: not a bug
Status: newclosed

Please email helpdesk: help at rt.torproject.org or see online documentations.

Note: See TracTickets for help on using tickets.