OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • [CALL FOR TESTING] Tor
« previous next »
  • Print
Pages: [1] 2

Author Topic: [CALL FOR TESTING] Tor  (Read 9274 times)

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
[CALL FOR TESTING] Tor
« on: September 19, 2017, 02:25:25 pm »
Just if anyone likes to test:

Log in via SSH, and run this in the shell:

Code: [Select]
pkg install os-tor-devel
Docs may be available soon (URL will probably be https://docs.opnsense.org/manual/how-tos/tor.html)
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13704
  • Karma: 1178
    • View Profile
Re: [CALL FOR TESTING] Tor
« Reply #1 on: September 19, 2017, 03:27:01 pm »
Docs are online now. 8)


Cheers,
Franco
Logged

zitlo

  • Jr. Member
  • **
  • Posts: 58
  • Karma: 5
    • View Profile
Re: [CALL FOR TESTING] Tor
« Reply #2 on: September 21, 2017, 08:36:00 pm »
Great! Thank You!

ipv6 for the relay would be nice.
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: [CALL FOR TESTING] Tor
« Reply #3 on: September 21, 2017, 11:13:49 pm »
for which field?
Logged

MAGIC

  • Newbie
  • *
  • Posts: 11
  • Karma: 0
    • View Profile
Re: [CALL FOR TESTING] Tor
« Reply #4 on: September 24, 2017, 01:50:25 am »
Hi I installed it on my testing OPNSense, but the relay option is not working (cant start the deamon) or I am doing something wrong.

I will add some images, maybe you see some mistake.

Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: [CALL FOR TESTING] Tor
« Reply #5 on: September 24, 2017, 09:50:07 am »
Can you post the output of tor when you start it via the command line - it should - also you cannot be a relay and host hidden services at the same time.
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: [CALL FOR TESTING] Tor
« Reply #6 on: September 24, 2017, 09:52:40 am »
for your information, tor runs as the user "_tor" so starting it manually is running
Code: [Select]
sudo -u _tor tor
Logged

MAGIC

  • Newbie
  • *
  • Posts: 11
  • Karma: 0
    • View Profile
Re: [CALL FOR TESTING] Tor
« Reply #7 on: September 24, 2017, 01:59:34 pm »
Yes that seems to work. Atleast Tor has started
Code: [Select]
magic@opnsense:~ % sudo -u _tor tor
Sep 24 13:56:30.129 [notice] Tor 0.3.0.10 (git-c33db290a9d8d0f9) running on FreeBSD with Libevent 2.1.8-stable, OpenSSL 1.0.2l and Zlib 1.2.8.
Sep 24 13:56:30.129 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Sep 24 13:56:30.129 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Sep 24 13:56:30.132 [notice] Opening Socks listener on 127.0.0.1:9050
Sep 24 13:56:30.000 [notice] Parsing GEOIP IPv4 file /usr/local/share/tor/geoip.
Sep 24 13:56:30.000 [notice] Parsing GEOIP IPv6 file /usr/local/share/tor/geoip6.
Sep 24 13:56:30.000 [notice] Bootstrapped 0%: Starting
Sep 24 13:56:31.000 [notice] Starting with guard context "default"
Sep 24 13:56:31.000 [notice] Bootstrapped 5%: Connecting to directory server
Sep 24 13:56:31.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Sep 24 13:56:31.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
Sep 24 13:56:31.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
Sep 24 13:56:31.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Sep 24 13:56:31.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Sep 24 13:56:31.000 [notice] Bootstrapped 40%: Loading authority key certs
Sep 24 13:56:31.000 [notice] Bootstrapped 45%: Asking for relay descriptors
Sep 24 13:56:31.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6775, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw = 0% of path bw.)
Sep 24 13:56:31.000 [notice] Bootstrapped 50%: Loading relay descriptors
Sep 24 13:56:32.000 [notice] Bootstrapped 56%: Loading relay descriptors
Sep 24 13:56:32.000 [notice] Bootstrapped 64%: Loading relay descriptors
Sep 24 13:56:34.000 [notice] Bootstrapped 71%: Loading relay descriptors
Sep 24 13:56:34.000 [notice] Bootstrapped 78%: Loading relay descriptors
Sep 24 13:56:35.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Sep 24 13:56:35.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Sep 24 13:56:35.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Sep 24 13:56:35.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Sep 24 13:56:35.000 [notice] Bootstrapped 100%: Done
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: [CALL FOR TESTING] Tor
« Reply #8 on: September 24, 2017, 03:33:14 pm »
can you try this command:

configctl tor start

this is what is executed by the web GUI.

this is just a wrapper for

service tor start
Logged

MAGIC

  • Newbie
  • *
  • Posts: 11
  • Karma: 0
    • View Profile
Re: [CALL FOR TESTING] Tor
« Reply #9 on: September 24, 2017, 03:41:03 pm »
Yes

Code: [Select]
magic@opnsense:~ % configctl tor start
OK
magic@opnsense:~ % service tor start
Cannot 'start' tor. Set tor_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
magic@opnsense:~ % service tor onestart
/usr/local/etc/rc.d/tor: WARNING: /var/db/tor is not a directory.
/usr/local/etc/rc.d/tor: WARNING: failed precmd routine for tor
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: [CALL FOR TESTING] Tor
« Reply #10 on: September 24, 2017, 03:50:36 pm »
there is something wrong as the command should generate this directory and a template should allow start if it is enabled.
https://github.com/opnsense/plugins/blob/master/security/tor/src/opnsense/service/conf/actions.d/actions_tor.conf#L2

can you try to reload the templates: configctl template reload OPNsense/Tor

If the service is enabled, "service tor start" should work.
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: [CALL FOR TESTING] Tor
« Reply #11 on: September 24, 2017, 03:56:27 pm »
BTW: There will be a patch soon for a template reloading issue:
https://github.com/opnsense/plugins/commit/5f877635d1834d139bdcdbc5d5b6ec005629f2a1

It should be possible to install the patch here using the command: opnsense-patch -c plugins 5f877635d1834d139bdcdbc5d5b6ec005629f2a1
Logged

MAGIC

  • Newbie
  • *
  • Posts: 11
  • Karma: 0
    • View Profile
Re: [CALL FOR TESTING] Tor
« Reply #12 on: September 24, 2017, 05:10:04 pm »
So, after I saw how I can switch to the develop version of OPNSense, I did it.
Then I pulled the patch and reloaded the templated. After invoking service tor start I'll get following output:
Code: [Select]
magic@opnsense:~ % sudo service tor start
Starting tor.
Sep 24 17:07:35.002 [notice] Tor 0.3.0.10 (git-c33db290a9d8d0f9) running on FreeBSD with Libevent 2.1.8-stable, OpenSSL 1.0.2l and Zlib 1.2.8.
Sep 24 17:07:35.002 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Sep 24 17:07:35.002 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Sep 24 17:07:35.006 [warn] You specified a public address 'xxx.xxx.191.150:9050' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Sep 24 17:07:35.006 [notice] Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is misconfigured or something else goes wrong.
Sep 24 17:07:35.006 [notice] Based on detected system memory, MaxMemInQueues is set to 1281 MB. You can override this by setting MaxMemInQueues by hand.
Sep 24 17:07:35.007 [warn] You specified a public address 'xxx.xxx.191.150:9050' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Sep 24 17:07:35.007 [notice] Opening Socks listener on 127.0.0.1:9050
Sep 24 17:07:35.007 [notice] Opening Socks listener on [::1]:9050
Sep 24 17:07:35.007 [notice] Opening Socks listener on xxx.xxx.191.150:9050
Sep 24 17:07:35.007 [notice] Opening Control listener on 127.0.0.1:9051
Sep 24 17:07:35.007 [notice] Opening OR listener on xxx.xxx.191.150:9001
Sep 24 17:07:35.000 [warn] Couldn't open file for 'Log debug file /var/log/tor.log': Permission denied
Sep 24 17:07:35.000 [notice] Closing partially-constructed Socks listener on 127.0.0.1:9050
Sep 24 17:07:35.000 [notice] Closing partially-constructed Socks listener on ::1:9050
Sep 24 17:07:35.000 [notice] Closing partially-constructed Socks listener on xxx.xxx.191.150:9050
Sep 24 17:07:35.000 [notice] Closing partially-constructed Control listener on 127.0.0.1:9051
Sep 24 17:07:35.000 [notice] Closing partially-constructed OR listener on xxx.xxx.191.150:9001
Sep 24 17:07:35.000 [warn] Failed to parse/validate config: Failed to init Log options. See logs for details.
Sep 24 17:07:35.000 [err] Reading config failed--see warnings above.
/usr/local/etc/rc.d/tor: WARNING: failed to start tor
« Last Edit: September 24, 2017, 05:14:58 pm by MAGIC »
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: [CALL FOR TESTING] Tor
« Reply #13 on: September 24, 2017, 05:26:17 pm »
Ok that helps more - the output says that the "Log" directives are broken. In this case the log file seems to be not writeable:

Code: [Select]
Sep 24 17:07:35.000 [warn] Couldn't open file for 'Log debug file /var/log/tor.log': Permission denied

Should be possible to fix before the next release.
Logged

NilsS

  • Full Member
  • ***
  • Posts: 174
  • Karma: 18
    • View Profile
Re: [CALL FOR TESTING] Tor
« Reply #14 on: September 24, 2017, 05:27:15 pm »
you startet tor as root once.
you have to remove /var/log/tor.log to start it as user _tor again
@fabian
tor with gui checkboxes for facist mode should write logs to /dev/null ;-)
Logged

  • Print
Pages: [1] 2
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • [CALL FOR TESTING] Tor
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2