From owner-freebsd-questions@FreeBSD.ORG Sat Sep 27 18:14:47 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1023FD3F for ; Sat, 27 Sep 2014 18:14:47 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CC60ED38 for ; Sat, 27 Sep 2014 18:14:46 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-76.adsl.hiwaay.net [216.180.19.76]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id s8RIEj4J018288 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Sat, 27 Sep 2014 13:14:45 -0500 Message-ID: <5427000C.4040002@hiwaay.net> Date: Sat, 27 Sep 2014 13:21:00 -0500 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 MIME-Version: 1.0 CC: freebsd-questions@freebsd.org Subject: Re: Problems starting tor service .... References: <20140928004052.C49907@sola.nimnet.asn.au> <5426FA18.1080209@hiwaay.net> <5426FDEA.2070803@hiwaay.net> In-Reply-To: <5426FDEA.2070803@hiwaay.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Sep 2014 18:14:47 -0000 On 09/27/14 13:11, William A. Mahaffey III wrote: > On 09/27/14 12:55, William A. Mahaffey III wrote: >> On 09/27/14 10:20, Ian Smith wrote: >>> In freebsd-questions Digest, Vol 538, Issue 11, Message: 6 >>> On Sat, 27 Sep 2014 06:43:16 +0200 Polytropon wrote: >>> >>> > The important information is this: >>> > >>> > On Fri, 26 Sep 2014 22:19:07 -0500, William A. Mahaffey III wrote: >>> > > # tor_enable (bool): Set it to "YES" to enable tor. >>> Default: NO >>> > > # tor_conf (str): Points to your torrc file. >>> > > # Default: /usr/local/etc/tor/torrc >>> > > # tor_user (str): Tor daemon user. Default: _tor >>> > > # tor_datadir (str): Tor datadir. Default: /var/db/tor >>> > > # tor_logfile (str): Tor log file. Default: /var/log/tor >>> > > # tor_loglevel (str): Tor log severity level. Default: notice >>> > >>> > Here, /var/db/tor has to be a directory accessible by the tor >>> > user, and /var/log/tor has to be a file. Probably those have >>> > to be present (as the following lines list them as required). >>> >>> Likely. I wonder why the installation didn't - or couldn't? - touch >>> its >>> logfile? syslogd needs files to preexist, assuming it's using syslog? >>> >>> > Check /usr/local/etc/tor/torrc if it makes any changes to the >>> > default settings (shouldn't be, but have a look). >>> > >>> > >>> > >>> > > Sep 26 22:17:54.000 [warn] Couldn't open file for 'Log notice >>> file >>> > > /var/log/tor': Permission denied >>> > >>> > This seems to indicate that the file is present, but not >>> > accessible. Check permissions and owner (should be "_tor" >>> > with an underscore). >>> >>> Not necessarily; it could indicate permission denied to create a new >>> file in /var/log (needing root)? presumably tor is running as _tor? >>> Or it may have tried to open it for append? Just guessing around .. >>> >>> William, have you tried just ? # touch /var/log/tor >>> >>> If tor wants to write to that file directly, as _tor:_tor and not root, >>> you'd likely need to # chown _tor:_tor /var/log/tor as well. >> >> *Boooooyah* !!!! We have a winner !!!! >> >> [root@kabini1, /etc, 12:50:24pm] 458 % touch /var/log/tor >> [root@kabini1, /etc, 12:50:29pm] 459 % chown _tor:_tor /var/log/tor >> [root@kabini1, /etc, 12:50:39pm] 460 % ( lltr10 /var/log/ ; date ) >> -rw-r----- 1 root wheel 815 Sep 27 00:00 maillog.0.bz2 >> -rw------- 1 root wheel 580 Sep 27 03:02 mount.today >> -rw------- 1 root wheel 757 Sep 27 03:02 ipfw.today >> -rw------- 1 root wheel 5254 Sep 27 04:00 cron.0.bz2 >> -rw-r----- 1 root wheel 4267 Sep 27 04:55 maillog >> -rw------- 1 root wheel 43802 Sep 27 05:34 auth.log >> -rw-r----- 1 root wheel 1448 Sep 27 07:00 sendmail.st.0 >> -rw-r----- 1 root wheel 0 Sep 27 07:00 sendmail.st >> -rw------- 1 root wheel 14287 Sep 27 12:50 cron >> -rw-r--r-- 1 _tor _tor 0 Sep 27 12:50 tor >> Sat Sep 27 12:50:44 CDT 2014 >> [root@kabini1, /etc, 12:50:44pm] 461 % service tor start >> Starting tor. >> Sep 27 12:50:55.845 [notice] Tor v0.2.4.23 (git-598c61362f1b3d3e) >> running on FreeBSD with Libevent 2.0.21-stable and OpenSSL >> 0.9.8za-freebsd. >> Sep 27 12:50:55.845 [notice] Tor can't help you if you use it wrong! >> Learn how to be safe at >> https://www.torproject.org/download/download#warning >> Sep 27 12:50:55.846 [notice] Read configuration file >> "/usr/local/etc/tor/torrc". >> Sep 27 12:50:55.862 [notice] Opening Socks listener on 127.0.0.1:9050 >> [root@kabini1, /etc, 12:50:55pm] 462 % lsof -n | grep 'tor ' >> lsof: WARNING: compiled for FreeBSD release 9.1-RELEASE-p17; this is >> 9.3-RELEASE. >> tor 96609 _tor cwd VDIR 0,102 512 1444677 /var/db/tor >> tor 96609 _tor rtd VDIR 0,102 1024 2 / >> tor 96609 _tor txt VREG 0,166 1843232 807031 >> /usr/local/bin/tor >> tor 96609 _tor 0u VCHR 0,17 0t0 17 /dev/null >> tor 96609 _tor 1u VCHR 0,17 0t0 17 /dev/null >> tor 96609 _tor 2u VCHR 0,17 0t0 17 /dev/null >> tor 96609 _tor 3u KQUEUE >> 0xfffffe0162ec6000 count=1659658296, >> state=0x937e7200 >> tor 96609 _tor 4u IPv4 >> 0xfffffe018622b000 0t0 TCP >> 192.168.0.27:35653->154.35.32.5:https (ESTABLISHED) >> tor 96609 _tor 5u IPv4 >> 0xfffffe0179838b70 0t0 TCP 127.0.0.1:9050 (LISTEN) >> tor 96609 _tor 6w VREG 0,102 3714 1284867 /var/log/tor >> tor 96609 _tor 7u VREG 0,102 0 1444680 / (/dev/ada0p3) >> tor 96609 _tor 8u IPv4 >> 0xfffffe01869843d0 0t0 TCP >> 192.168.0.27:17723->188.95.247.140:https (ESTABLISHED) >> tor 96609 _tor 9u IPv4 >> 0xfffffe01a69f5000 0t0 TCP >> 192.168.0.27:24371->72.76.188.254:https (ESTABLISHED) >> tor 96609 _tor 10u IPv4 >> 0xfffffe0175a017a0 0t0 TCP >> 192.168.0.27:31120->195.154.123.82:9001 (ESTABLISHED) >> [root@kabini1, /etc, 12:51:42pm] 464 % service tor status >> tor is not running. >> [root@kabini1, /etc, 12:51:59pm] 465 % >> >> That last detail is a bit odd .... >> >>> Again, it seems odd - well, broken - if the install didn't arrange >>> that. >>> >>> cheers, Ian >>> >> >> That's mostly what I was getting at, installer problem ..... >> > > FWIW, /var/run/tor/ doesn't get created either, needed for > /var/run/tor/tor.pid :-/ .... > Furthermore, it doesn't seem to find the right version of OpenSSL to run w/. I hadn't explicitly installed OpenSSL, & the 1st time I got tor to start, it groused about my 'old' version: [root@kabini1, /etc, 1:12:30pm] 505 % tail -50 /var/log/tor Sep 27 12:50:56.000 [notice] Parsing GEOIP IPv6 file /usr/local/share/tor/geoip6. Sep 27 12:50:56.000 [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 90819f: OpenSSL 0.9.8y 5 Feb 2013; running with 9081af: OpenSSL 0.9.8za-freebsd 5 Jun 2014). Sep 27 12:50:56.000 [notice] Your OpenSSL version seems to be 0.9.8za-freebsd. We recommend 1.0.0 or later. Sep 27 12:50:57.000 [notice] Bootstrapped 5%: Connecting to directory server. Sep 27 12:50:57.000 [notice] Bootstrapped 10%: Finishing handshake with directory server. Sep 27 12:50:57.000 [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block. Sep 27 12:50:57.000 [notice] To correct this, use a more recent OpenSSL, built without disabling any secure ciphers or features. Sep 27 12:50:57.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection. Sep 27 12:50:57.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus. Sep 27 12:50:57.000 [notice] Bootstrapped 25%: Loading networkstatus consensus. Sep 27 12:50:59.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. Sep 27 12:50:59.000 [notice] Bootstrapped 40%: Loading authority key certs. Sep 27 12:51:00.000 [notice] Bootstrapped 45%: Asking for relay descriptors. Sep 27 12:51:00.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6239, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw.) Sep 27 12:51:00.000 [notice] Bootstrapped 50%: Loading relay descriptors. Sep 27 12:51:04.000 [notice] Bootstrapped 51%: Loading relay descriptors. Sep 27 12:51:05.000 [notice] Bootstrapped 53%: Loading relay descriptors. Sep 27 12:51:08.000 [notice] Bootstrapped 55%: Loading relay descriptors. Sep 27 12:51:08.000 [notice] Bootstrapped 56%: Loading relay descriptors. Sep 27 12:51:08.000 [notice] Bootstrapped 58%: Loading relay descriptors. Sep 27 12:51:09.000 [notice] Bootstrapped 60%: Loading relay descriptors. Sep 27 12:51:10.000 [notice] Bootstrapped 61%: Loading relay descriptors. Sep 27 12:51:10.000 [notice] Bootstrapped 63%: Loading relay descriptors. Sep 27 12:51:10.000 [notice] Bootstrapped 65%: Loading relay descriptors. Sep 27 12:51:10.000 [notice] Bootstrapped 67%: Loading relay descriptors. Sep 27 12:51:10.000 [notice] Bootstrapped 68%: Loading relay descriptors. Sep 27 12:51:10.000 [notice] Bootstrapped 70%: Loading relay descriptors. Sep 27 12:51:10.000 [notice] Bootstrapped 72%: Loading relay descriptors. Sep 27 12:51:10.000 [notice] Bootstrapped 73%: Loading relay descriptors. Sep 27 12:51:11.000 [notice] Bootstrapped 75%: Loading relay descriptors. Sep 27 12:51:14.000 [notice] Bootstrapped 77%: Loading relay descriptors. Sep 27 12:51:16.000 [notice] We now have enough directory information to build circuits. Sep 27 12:51:16.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Sep 27 12:51:16.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Sep 27 12:51:16.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Sep 27 12:51:16.000 [notice] Bootstrapped 100%: Done. ... but obviously got done starting. I installed OpenSSL & after a couple of abortive attempts at restarting (related to no /var/run/tor dir, posted earlier): Sep 25 09:10:20 kabini1 wam: /usr/local/etc/rc.d/tor: WARNING: failed to start tor Sep 25 09:18:41 kabini1 wam: /usr/local/etc/rc.d/tor: WARNING: failed to start tor Sep 26 17:15:01 kabini1 wam: /usr/local/etc/rc.d/tor: WARNING: failed to start tor Sep 26 17:20:24 kabini1 wam: /usr/local/etc/rc.d/tor: WARNING: failed to start tor Sep 26 22:07:40 kabini1 wam: /usr/local/etc/rc.d/tor: WARNING: failed to start tor Sep 26 22:17:54 kabini1 last message repeated 2 times Sep 27 13:04:56 kabini1 pkg: openssl-1.0.1_15 installed Sep 27 13:05:20 kabini1 wam: /usr/local/etc/rc.d/tor: WARNING: failed to start tor Sep 27 13:05:55 kabini1 wam: /usr/local/etc/rc.d/tor: WARNING: failed to start tor I got this upon restart (from /var/log/tor): Sep 27 12:51:16.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Sep 27 12:51:16.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Sep 27 12:51:16.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Sep 27 12:51:16.000 [notice] Bootstrapped 100%: Done. Sep 27 13:10:50.000 [notice] Catching signal TERM, exiting cleanly. Sep 27 13:10:51.000 [notice] Tor 0.2.4.23 (git-598c61362f1b3d3e) opening log file. Sep 27 13:10:51.000 [notice] Parsing GEOIP IPv4 file /usr/local/share/tor/geoip. Sep 27 13:10:51.000 [notice] Parsing GEOIP IPv6 file /usr/local/share/tor/geoip6. Sep 27 13:10:51.000 [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 90819f: OpenSSL 0.9.8y 5 Feb 2013; running with 9081af: OpenSSL 0.9.8za-freebsd 5 Jun 2014). Sep 27 13:10:51.000 [notice] Your OpenSSL version seems to be 0.9.8za-freebsd. We recommend 1.0.0 or later. Sep 27 13:10:52.000 [notice] We now have enough directory information to build circuits. Sep 27 13:10:52.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Sep 27 13:10:53.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. Sep 27 13:10:53.000 [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block. Sep 27 13:10:53.000 [notice] To correct this, use a more recent OpenSSL, built without disabling any secure ciphers or features. Sep 27 13:10:54.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Sep 27 13:10:55.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Sep 27 13:10:55.000 [notice] Bootstrapped 100%: Done. i.e. it is still using the old OpenSSL .... No biggie (& possibly pilot error), but seems a bit off .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr.