LINUX.ORG.RU

Не запускается tor со snowflake

 ,


1

1

Запускаю руками, всё ок:

$tor -f /etc/tor/torrc --RunAsDaemon 0
Feb 16 20:38:24.539 [notice] Tor 0.4.2.7 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.4.
Feb 16 20:38:24.539 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Feb 16 20:38:24.539 [notice] Read configuration file "/etc/tor/torrc".
Feb 16 20:38:24.542 [notice] Opening Socks listener on 127.0.0.1:22050
Feb 16 20:38:24.542 [notice] Opened Socks listener on 127.0.0.1:22050
Feb 16 20:38:24.542 [notice] Opening Control listener on 127.0.0.1:22051
Feb 16 20:38:24.542 [notice] Opened Control listener on 127.0.0.1:22051
Feb 16 20:38:24.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Feb 16 20:38:24.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Feb 16 20:38:24.000 [notice] Bootstrapped 0% (starting): Starting
Feb 16 20:38:24.000 [notice] Starting with guard context "bridges"
Feb 16 20:38:24.000 [notice] Delaying directory fetches: No running bridges
Feb 16 20:38:25.000 [notice] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
Feb 16 20:38:25.000 [notice] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
Feb 16 20:38:25.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Feb 16 20:38:30.000 [notice] Managed proxy "/opt/snowflake/client/client": offer created
Feb 16 20:38:31.000 [notice] Managed proxy "/opt/snowflake/client/client": broker rendezvous peer received
Feb 16 20:38:32.000 [notice] Managed proxy "/opt/snowflake/client/client": connected
Feb 16 20:38:33.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Feb 16 20:38:47.000 [notice] Learned fingerprint 2B280B23E1107BB62ABFC40DDCC8824814F80A72 for bridge 192.0.2.3:1 (with transport 'snowflake').
Feb 16 20:38:47.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Feb 16 20:38:47.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Feb 16 20:39:16.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Feb 16 20:39:18.000 [notice] new bridge descriptor 'flakey1' (fresh): $2B280B23E1107BB62ABFC40DDCC8824814F80A72~flakey1 at 192.0.2.3
Feb 16 20:39:56.000 [notice] Delaying directory fetches: No running bridges
Feb 16 20:41:40.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Feb 16 20:42:06.000 [notice] Delaying directory fetches: No running bridges
Feb 16 20:42:13.000 [notice] Bootstrapped 30% (loading_status): Loading networkstatus consensus
Feb 16 20:42:36.000 [notice] I learned some more directory information, but not enough to build a circuit: No running bridges
Feb 16 20:43:07.000 [notice] Bootstrapped 40% (loading_keys): Loading authority key certs
Feb 16 20:43:07.000 [notice] The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services.
Feb 16 20:43:07.000 [notice] Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
Feb 16 20:43:07.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6807, and can only build 0% of likely paths. (We have 100% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.)
Feb 16 20:44:14.000 [notice] Bootstrapped 50% (loading_descriptors): Loading relay descriptors
Feb 16 20:44:19.000 [notice] The current consensus contains exit nodes. Tor can build exit and internal paths.
Feb 16 20:45:11.000 [notice] Delaying directory fetches: No running bridges
Feb 16 20:46:47.000 [notice] Bootstrapped 56% (loading_descriptors): Loading relay descriptors
Feb 16 20:46:56.000 [notice] Bootstrapped 62% (loading_descriptors): Loading relay descriptors
Feb 16 20:47:19.000 [notice] Delaying directory fetches: No running bridges
Feb 16 20:47:31.000 [notice] Bootstrapped 70% (loading_descriptors): Loading relay descriptors
Feb 16 20:47:44.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Feb 16 20:47:44.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Feb 16 20:47:44.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Feb 16 20:48:01.000 [notice] Bootstrapped 100% (done): Done

systemctl restart tor

фев 16 20:54:40 Erfea-RedmiBook tor[72431]: Feb 16 20:54:40.146 [notice] Tor 0.4.2.7 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.4.
фев 16 20:54:40 Erfea-RedmiBook tor[72431]: Feb 16 20:54:40.146 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
фев 16 20:54:40 Erfea-RedmiBook tor[72431]: Feb 16 20:54:40.146 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
фев 16 20:54:40 Erfea-RedmiBook tor[72431]: Feb 16 20:54:40.146 [notice] Read configuration file "/etc/tor/torrc".
фев 16 20:54:40 Erfea-RedmiBook tor[72431]: Configuration was valid
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.163 [notice] Tor 0.4.2.7 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.4.
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.163 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.163 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.163 [notice] Read configuration file "/etc/tor/torrc".
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.164 [notice] Opening Socks listener on 127.0.0.1:22050
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.164 [notice] Opened Socks listener on 127.0.0.1:22050
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.164 [notice] Opening Control listener on 127.0.0.1:22051
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.164 [notice] Opened Control listener on 127.0.0.1:22051
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.000 [notice] Bootstrapped 0% (starting): Starting
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.000 [notice] Starting with guard context "bridges"
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.000 [notice] Delaying directory fetches: No running bridges
фев 16 20:54:40 Erfea-RedmiBook tor[72432]: Feb 16 20:54:40.000 [notice] Signaled readiness to systemd
фев 16 20:55:53 Erfea-RedmiBook tor[72432]: Feb 16 20:55:53.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.

/usr/share/tor/tor-service-defaults-torrc

DataDirectory /var/lib/tor
User debian-tor

/etc/tor/torrc

UseBridges 1

ClientTransportPlugin snowflake exec /opt/snowflake/client/client

Bridge snowflake 192.0.2.3:1 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478

SocksPort 22050
ControlPort 22051
HashedControlPassword 16:*******

Итоговый рецепт для бубунты tor + snowflake:

apt install golang
git clone https://git.torproject.org/pluggable-transports/snowflake.git
cd snowflake/client/
go get
go build

/etc/tor/torrc

UseBridges 1
ClientTransportPlugin snowflake exec <path/to/snowflake/client/client>
Bridge snowflake 192.0.2.3:1 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478
/etc/apparmor.d/abstractions/tor
<path/to/snowflake/client/client> Pix,
sudo rm -rf /var/lib/tor/
sudo mkdir /var/lib/tor/
sudo chown debian-tor:debian-tor /var/lib/tor/

Может кому пригодится. Зачем собственно нужно? Да чтобы не переписывать всё время obfs4 бриджи, которые у меня, например, сегодня опять все поотваливались.

★★★★★

Последнее исправление: erfea (всего исправлений: 6)
Ответ на: комментарий от Anoxemian

/lib/systemd/system/tor.service

# This service is actually a systemd target,
# but we are using a service since targets cannot be reloaded.

[Unit]
Description=Anonymizing overlay network for TCP (multi-instance-master)

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecReload=/bin/true

[Install]
WantedBy=multi-user.target
/lib/systemd/system/tor@.service
[Unit]
Description=Anonymizing overlay network for TCP (instance %i)
After=network.target nss-lookup.target
PartOf=tor.service
ReloadPropagatedFrom=tor.service

[Service]
Type=notify
NotifyAccess=all
PIDFile=/run/tor-instances/%i/tor.pid
PermissionsStartOnly=yes
ExecStartPre=/usr/bin/install -Z -m 02755 -o _tor-%i -g _tor-%i -d /run/tor-instances/%i
ExecStartPre=/bin/sed -e 's/@@NAME@@/%i/g; w /run/tor-instances/%i.defaults' /usr/share/tor/tor-service-defaults-torrc-instances
ExecStartPre=/usr/bin/tor --defaults-torrc /run/tor-instances/%i.defaults -f /etc/tor/instances/%i/torrc --verify-config
ExecStart=/usr/bin/tor --defaults-torrc /run/tor-instances/%i.defaults -f /etc/tor/instances/%i/torrc
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutStartSec=300
TimeoutStopSec=60
Restart=on-failure
LimitNOFILE=65536

# Hardening
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
# We would really like to restrict the next item to [..]/%i but we can't,
# as systemd does not support that yet.  See also #781730.
ReadWriteDirectories=-/var/lib/tor-instances
ReadWriteDirectories=-/run
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH

[Install]
WantedBy=multi-user.target

[Unit]
Description=Anonymizing overlay network for TCP
After=network.target nss-lookup.target
PartOf=tor.service
ReloadPropagatedFrom=tor.service
/lib/systemd/system/tor@default.service
[Service]
Type=notify
NotifyAccess=all
PIDFile=/run/tor/tor.pid
PermissionsStartOnly=yes
ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor
ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config
ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutStartSec=300
TimeoutStopSec=60
Restart=on-failure
LimitNOFILE=65536

# Hardening
AppArmorProfile=-system_tor
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
ReadWriteDirectories=-/run
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH

Собственно бубунта 20.04, файлы из пакета.

erfea ★★★★★
() автор топика
Последнее исправление: erfea (всего исправлений: 1)
Ответ на: комментарий от MaZy

Ага, ещё за 5 минут до Вашего ответа )))

erfea ★★★★★
() автор топика
Ответ на: удаленный комментарий

пиздишь

Не хамите, пожалуйста! Строка запуска полностью:
erfea@Erfea-RedmiBook:/tmp/tor$ tor -f /etc/tor/torrc --RunAsDaemon 0

sudo -u debian-tor tor -f /etc/tor/torrc --RunAsDaemon 0

erfea@Erfea-RedmiBook:/tmp/tor$ sudo -u debian-tor bash
debian-tor@Erfea-RedmiBook:/tmp/tor$ tor -f /etc/tor/torrc --RunAsDaemon 0
Feb 16 22:29:05.730 [notice] Tor 0.4.2.7 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.4.
Feb 16 22:29:05.730 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Feb 16 22:29:05.731 [notice] Read configuration file "/etc/tor/torrc".
Feb 16 22:29:05.732 [notice] Opening Socks listener on 127.0.0.1:22050
Feb 16 22:29:05.733 [notice] Opened Socks listener on 127.0.0.1:22050
Feb 16 22:29:05.733 [notice] Opening Control listener on 127.0.0.1:22051
Feb 16 22:29:05.733 [notice] Opened Control listener on 127.0.0.1:22051
Feb 16 22:29:05.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Feb 16 22:29:05.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Feb 16 22:29:05.000 [notice] Bootstrapped 0% (starting): Starting
Feb 16 22:29:05.000 [notice] Starting with guard context "bridges"
Feb 16 22:29:05.000 [notice] Delaying directory fetches: No running bridges
Feb 16 22:29:06.000 [notice] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
Feb 16 22:29:06.000 [notice] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
Feb 16 22:29:06.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Feb 16 22:29:12.000 [notice] Managed proxy "/opt/snowflake/client/client": offer created
Feb 16 22:29:12.000 [notice] Managed proxy "/opt/snowflake/client/client": broker rendezvous peer received
Feb 16 22:29:27.000 [notice] Managed proxy "/opt/snowflake/client/client": offer created
Feb 16 22:29:27.000 [notice] Managed proxy "/opt/snowflake/client/client": broker rendezvous peer received
Feb 16 22:29:42.000 [notice] Managed proxy "/opt/snowflake/client/client": offer created
Feb 16 22:29:48.000 [notice] Managed proxy "/opt/snowflake/client/client": broker rendezvous peer received
Feb 16 22:30:03.000 [notice] Managed proxy "/opt/snowflake/client/client": offer created
Feb 16 22:30:09.000 [notice] Managed proxy "/opt/snowflake/client/client": broker rendezvous peer received
Feb 16 22:30:24.000 [notice] Managed proxy "/opt/snowflake/client/client": offer created
Feb 16 22:30:24.000 [notice] Managed proxy "/opt/snowflake/client/client": broker rendezvous peer received
Feb 16 22:30:25.000 [notice] Managed proxy "/opt/snowflake/client/client": connected
Feb 16 22:30:30.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Feb 16 22:30:32.000 [notice] Learned fingerprint 2B280B23E1107BB62ABFC40DDCC8824814F80A72 for bridge 192.0.2.3:1 (with transport 'snowflake').
Feb 16 22:30:32.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Feb 16 22:30:32.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Feb 16 22:30:32.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Feb 16 22:30:32.000 [notice] new bridge descriptor 'flakey1' (fresh): $2B280B23E1107BB62ABFC40DDCC8824814F80A72~flakey1 at 192.0.2.3
Feb 16 22:30:33.000 [notice] Bootstrapped 30% (loading_status): Loading networkstatus consensus
Feb 16 22:30:42.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Feb 16 22:31:02.000 [notice] Bootstrapped 40% (loading_keys): Loading authority key certs
Feb 16 22:31:02.000 [notice] The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services.
Feb 16 22:31:02.000 [notice] Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
Feb 16 22:31:02.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6798, and can only build 0% of likely paths. (We have 100% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.)
Feb 16 22:31:35.000 [notice] Bootstrapped 50% (loading_descriptors): Loading relay descriptors
Feb 16 22:31:36.000 [notice] The current consensus contains exit nodes. Tor can build exit and internal paths.
Feb 16 22:32:32.000 [notice] Bootstrapped 56% (loading_descriptors): Loading relay descriptors
Feb 16 22:32:33.000 [notice] Bootstrapped 62% (loading_descriptors): Loading relay descriptors
Feb 16 22:32:33.000 [notice] Bootstrapped 69% (loading_descriptors): Loading relay descriptors
Feb 16 22:32:33.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Feb 16 22:32:34.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Feb 16 22:32:34.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Feb 16 22:33:00.000 [notice] Bootstrapped 100% (done): Done
erfea ★★★★★
() автор топика
Ответ на: удаленный комментарий

С таким конфигом (User, убран дабы не матерился при попытке запуска из под этого юзера)
/usr/share/tor/tor-service-defaults-torrc

DataDirectory /var/lib/tor
PidFile /run/tor/tor.pid
#RunAsDaemon 1
#User debian-tor

ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck
ControlSocketsGroupWritable 1

CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /run/tor/control.authcookie

Log notice syslog
/etc/tor/torrc
UseBridges 1
ClientTransportPlugin snowflake exec /opt/snowflake/client/client
Bridge snowflake 192.0.2.3:1 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478

SocksPort 22050
ControlPort 22051
HashedControlPassword 16:*******
debian-tor@Erfea-RedmiBook:/tmp/tor$ tor --defaults-torrc /tmp/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
Feb 16 22:37:04.627 [notice] Tor 0.4.2.7 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.4.
Feb 16 22:37:04.627 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Feb 16 22:37:04.627 [notice] Read configuration file "/tmp/tor-service-defaults-torrc".
Feb 16 22:37:04.627 [notice] Read configuration file "/etc/tor/torrc".
Feb 16 22:37:04.629 [notice] Opening Socks listener on 127.0.0.1:22050
Feb 16 22:37:04.629 [notice] Opened Socks listener on 127.0.0.1:22050
Feb 16 22:37:04.629 [notice] Opening Control listener on 127.0.0.1:22051
Feb 16 22:37:04.629 [notice] Opened Control listener on 127.0.0.1:22051
Feb 16 22:37:04.629 [notice] Opening Control listener on /tmp/tor/control
Feb 16 22:37:04.629 [notice] Opened Control listener on /tmp/tor/control
Feb 16 22:37:04.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Feb 16 22:37:04.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Feb 16 22:37:04.000 [notice] Bootstrapped 0% (starting): Starting
Feb 16 22:37:04.000 [notice] Starting with guard context "bridges"
Feb 16 22:37:04.000 [notice] Delaying directory fetches: No running bridges
Feb 16 22:37:05.000 [notice] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
Feb 16 22:37:05.000 [notice] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
Feb 16 22:37:05.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Feb 16 22:37:10.000 [notice] Managed proxy "/opt/snowflake/client/client": offer created
Feb 16 22:37:11.000 [notice] Managed proxy "/opt/snowflake/client/client": broker rendezvous peer received
Feb 16 22:37:26.000 [notice] Managed proxy "/opt/snowflake/client/client": offer created
Feb 16 22:37:26.000 [notice] Managed proxy "/opt/snowflake/client/client": broker rendezvous peer received
Feb 16 22:37:28.000 [notice] Managed proxy "/opt/snowflake/client/client": connected
Feb 16 22:37:33.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Feb 16 22:37:33.000 [notice] Learned fingerprint 2B280B23E1107BB62ABFC40DDCC8824814F80A72 for bridge 192.0.2.3:1 (with transport 'snowflake').
Feb 16 22:37:33.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Feb 16 22:37:33.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Feb 16 22:37:36.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Feb 16 22:37:37.000 [notice] new bridge descriptor 'flakey2' (fresh): $2B280B23E1107BB62ABFC40DDCC8824814F80A72~flakey2 at 192.0.2.3
Feb 16 22:37:50.000 [notice] Delaying directory fetches: No running bridges
Feb 16 22:38:32.000 [notice] Bootstrapped 30% (loading_status): Loading networkstatus consensus
Feb 16 22:38:47.000 [notice] I learned some more directory information, but not enough to build a circuit: No running bridges
Feb 16 22:38:48.000 [notice] Bootstrapped 40% (loading_keys): Loading authority key certs
Feb 16 22:38:48.000 [notice] The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services.
Feb 16 22:38:48.000 [notice] Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
Feb 16 22:38:48.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6798, and can only build 0% of likely paths. (We have 100% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.)
Feb 16 22:39:30.000 [notice] Bootstrapped 50% (loading_descriptors): Loading relay descriptors
Feb 16 22:39:40.000 [notice] The current consensus contains exit nodes. Tor can build exit and internal paths.
Feb 16 22:40:49.000 [notice] Delaying directory fetches: No running bridges
Feb 16 22:42:57.000 [notice] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Feb 16 22:44:33.000 [notice] Bootstrapped 57% (loading_descriptors): Loading relay descriptors
Feb 16 22:44:35.000 [notice] Bootstrapped 62% (loading_descriptors): Loading relay descriptors
Feb 16 22:44:57.000 [notice] Bootstrapped 70% (loading_descriptors): Loading relay descriptors
Feb 16 22:44:57.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Feb 16 22:44:58.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Feb 16 22:44:58.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Feb 16 22:45:55.000 [notice] Bootstrapped 100% (done): Done
Возвращаем «User debian-tor», запускаем через systemd, тоже самое.

erfea ★★★★★
() автор топика
Ответ на: комментарий от Anoxemian

debian-tor@Erfea-RedmiBook:/tmp/tor$ tor --defaults-torrc /tmp/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
запуск руками из баша, же

erfea ★★★★★
() автор топика
Ответ на: комментарий от erfea

я в том сообщении про конфиг наврал немного, запутался где у меня что в результате экспериментов
/tmp/tor-service-defaults-torrc_

DataDirectory /var/lib/tor/
PidFile /tmp/tor/tor.pid
#RunAsDaemon 1
#User debian-tor

ControlSocket /tmp/tor/control GroupWritable RelaxDirModeCheck
ControlSocketsGroupWritable 1

CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /tmp/tor/control.authcookie

Log notice syslog
debian-tor@Erfea-RedmiBook:~$ tor --defaults-torrc /tmp/tor-service-defaults-torrc_ -f /etc/tor/torrc --RunAsDaemon 0
Feb 16 22:59:54.064 [notice] Tor 0.4.2.7 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.4.
Feb 16 22:59:54.064 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Feb 16 22:59:54.064 [notice] Read configuration file "/tmp/tor-service-defaults-torrc_".
Feb 16 22:59:54.064 [notice] Read configuration file "/etc/tor/torrc".
Feb 16 22:59:54.065 [notice] Opening Socks listener on 127.0.0.1:22050
Feb 16 22:59:54.065 [notice] Opened Socks listener on 127.0.0.1:22050
Feb 16 22:59:54.065 [notice] Opening Control listener on 127.0.0.1:22051
Feb 16 22:59:54.065 [notice] Opened Control listener on 127.0.0.1:22051
Feb 16 22:59:54.065 [notice] Opening Control listener on /tmp/tor/control
Feb 16 22:59:54.065 [notice] Opened Control listener on /tmp/tor/control

erfea ★★★★★
() автор топика
Последнее исправление: erfea (всего исправлений: 1)
Ответ на: комментарий от erfea

Ну так попробуй через systemd. теперь вся разница только в огороженности от сети выходит.

CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH

вот эта вот вся шляпа

Anoxemian ★★★★★
()
Ответ на: комментарий от Anoxemian

systemd запускает с двумя конфигами. «/usr/share/tor/tor-service-defaults-torrc» и «/etc/tor/torrc». Вот пытаюсь понять что не так. Сделал копию tor-service-defaults-torrc и развлекаюсь. С ним не запускается и из под юзера в шеле, содержание конфига выше выложил...

erfea ★★★★★
() автор топика
Ответ на: комментарий от Anoxemian

убрал «Log notice syslog» из /tmp/tor-service-defaults-torrc_ «debian-tor@Erfea-RedmiBook:~$ tor --defaults-torrc /tmp/tor-service-defaults-torrc_ -f /etc/tor/torrc --RunAsDaemon 0» запускается. Убрал из «/usr/share/tor/tor-service-defaults-torrc», systemd не запускает...

Оставил только «DataDirectory /var/lib/tor» (без него не запустится «Error creating directory /var/tor: Read-only file system») и «User debian-tor» в «/usr/share/tor/tor-service-defaults-torrc»

Запуск systemd:

фев 16 23:13:51 Erfea-RedmiBook tor[76463]: Feb 16 23:13:51.755 [notice] Tor 0.4.2.7 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.4.
фев 16 23:13:51 Erfea-RedmiBook tor[76463]: Feb 16 23:13:51.755 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
фев 16 23:13:51 Erfea-RedmiBook tor[76463]: Feb 16 23:13:51.755 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
фев 16 23:13:51 Erfea-RedmiBook tor[76463]: Feb 16 23:13:51.755 [notice] Read configuration file "/etc/tor/torrc".
фев 16 23:13:51 Erfea-RedmiBook tor[76463]: Configuration was valid
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.779 [notice] Tor 0.4.2.7 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.4.
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.779 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.779 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.779 [notice] Read configuration file "/etc/tor/torrc".
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.780 [notice] Opening Socks listener on 127.0.0.1:22050
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.780 [notice] Opened Socks listener on 127.0.0.1:22050
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.780 [notice] Opening Control listener on 127.0.0.1:22051
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.780 [notice] Opened Control listener on 127.0.0.1:22051
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
фев 16 23:13:51 Erfea-RedmiBook tor[76464]: Feb 16 23:13:51.000 [notice] Bootstrapped 0% (starting): Starting
фев 16 23:13:52 Erfea-RedmiBook tor[76464]: Feb 16 23:13:52.000 [notice] Starting with guard context "bridges"
фев 16 23:13:52 Erfea-RedmiBook tor[76464]: Feb 16 23:13:52.000 [notice] Delaying directory fetches: No running bridges
фев 16 23:13:52 Erfea-RedmiBook tor[76464]: Feb 16 23:13:52.000 [notice] Signaled readiness to systemd

erfea ★★★★★
() автор топика
Ответ на: комментарий от Anoxemian

Причём с конфигом где прописаны Bridge obfs4 запускает и systemd и вручную. Не хочет заспукать только с Bridge snowflake и именно из под systemd... Бред какой-то.

erfea ★★★★★
() автор топика
Ответ на: комментарий от erfea

яннп, DataDirectory /var/lib/tor» (без него не запустится «Error creating directory /var/tor

выпили его из системд вообще. пользователь тама явно задан не переживай

Anoxemian ★★★★★
()
Ответ на: комментарий от Anoxemian

Проверял. Более того без systemd из под debian-tor всё работает...

erfea ★★★★★
() автор топика
Ответ на: комментарий от Anoxemian

Нет, если ему некуда писать валится с ошибкой и явной. А там нужна директория с правильными правами.

erfea ★★★★★
() автор топика
Ответ на: комментарий от erfea

только что проверил. сделай netstat -tunlp

все работает же

Anoxemian ★★★★★
()
Ответ на: комментарий от Anoxemian

Спасибо! Это правильное направление. Очевидно сраный apparmor. Позже напишу окончательное решение, поаккуратнее.

erfea ★★★★★
() автор топика

Итог добавил в стартовый пост.

erfea ★★★★★
() автор топика
23 апреля 2022 г.

Никогда не думал, что придётся пакеты в linux через tor ставить... Спасибо РКН и причастным, за нашу «безопасность» от СПО.

DarkAmateur ★★★★
()
Последнее исправление: DarkAmateur (всего исправлений: 1)
13 февраля 2023 г.

Спасибо за инструкцию, а то задолбался получать новые бриджи. Комментарий: с golang устанавливается версия go1.13, для компиляции нужна минимум 1.17. Ссылка на инструкцию по обновлению https://ilso.ru/how-to-upgrade-go-golang-version/

Proud
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.