I get this warning in the logs and also get no connections to any ExitNode
Tor[13270]: We tried for 15 seconds to connect to ‘[scrubbed]’ using exit $CDC93EE3C0DD5193B6539035D079CDC9FE060448~NTH7R4 [sCPfVxDdRrdcTGXv2JXLkvuASMypEs5gb9VnKFerDjo] at 192.42.116.197. Retrying on a new circuit.
Can this be related to the first warning?
Hi Mum Pitz,
i think the first one is the exit and the other the entry point. Did you try to delete the state file to force a new set selection ? For possible regulations may a search for TCP transmission errors can help… For the later case, since obfs bridges are currently not official available the third idea may stucks 
…
Best,
Erik
Hi Erik,
sorry, but where can i find this state file?
As info :
I use a modified torrc where many ExitNodes and almost all countries are entered for an EntryNode and the other countries are excluded.
These entries are almost all entered by the ipfire GUI.
When I then start tor, the error message from the title appears
and later the others. In the meantime the node is running again, but these entries are still sometimes found in the log.
Could it be that the connections are all busy and it jumps to the next one?
Good day Mum Pitz,
checked it on my side and it seems that your torrc have a semantic problem. This message
The abbreviation ‘ExitNode’ is deprecated . Please use ‘ExitNodes’ instead
comes up if i modify
ExitNodes {cl},{cm},{dm},{dz}
to
ExitNode {cl},{cm},{dm},{dz}
(remove the ‘s’) →
Nov 16 10:58:05 ipfire Tor[32401]: Read configuration file "/etc/tor/torrc".
Nov 16 10:58:05 ipfire Tor[32401]: The abbreviation 'ExitNode' is deprecated. Please use 'ExitNodes' instead
but this warning disappears if the ‘ExitNode’ ends with an ‘s’ .
According to the scrubbed circuits, if there are some scrubbed but Tor works in general i would say that those are misconfigured or off so Tor does use others instead.
May this helps.
Best,
Erik
EDIT: But in general → Can I pick which country I'm exiting from? | Tor Project | Support but i think you know what you are doing …
Thank you very much will be corrected immediately.
Yes, I know this statement, if I were the Tor network operator I would not admit that there are some if not many more exit and guard nodes that are under the control of a few powerful people. They have an interest in monitoring certain data flows in order to gain a strategic advantage for themselves.
In order not to expose myself unnecessarily to these dangers, I have devised a trust model so that I can be sure not to catch a bad exit, but with a few exceptions I have the widest choice of guards.
And this usually only applies to the client and the Tor proxy, but not to the relay, or am I wrong?
plz correct me if i am wrong.
not really but i give my best to do so and not to look quite so stupid 
Good morning,
Your welcome.
The relay configuration does not support this so you are right.
Best,
Erik
P.S.: (forgot to mention) The state file can be found under /var/lib/tor not meant by changing it but for interest may.
@ummeegge so I check my torrc file and I use the file which is created from the ipfire gui and there are no “,” to separate the nodes, like my torrc file on PC or like you mentioned.
In the ipfire torrc file it says:
ExitNode a
ExitNode b
ExitNode c
…
or
EntryNode a
EntryNode b
EntryNode c
…
but I found also my edits after the creation of the file from the ipfire gui
ExecludeExitNodes A
ExecludeExitNodes B
so here I remove the “s” or did you mean it in the exact opposite, that I have to add the “s” to all other nodes?
But in this case the fault is to search in the ipfire gui witch create the torrc file at first without the “s” endings and without separate alle node with a “,”
Good morning,
as i tried it, the tor.cgi printed it like shown above e.g.
ExitNodes {cl},{cm},{dm},{dz}
therefore no warnings according deprection on my side. May you have an a backup problem from an older tor.cgi version ? Did you checked (e.g. diff) the current tor.cgi → https://git.ipfire.org/?p=ipfire-2.x.git;a=blob_plain;f=html/cgi-bin/tor.cgi;h=75fdf0d5db47434a7bd13bf41702022adf3e4376;hb=refs/heads/core181 with yours ?
i meant the exact opposite but for “ExitNodes” like your posted warning from Tor indicates. But as mentioned i would check if your tor.cgi is the same then the actual one…
Best,
Erik
I had replace my /srv/web/ipfire/cgi-bin/tor.cgi with tor.cgi that you mentioned, reload the tor gui page and saved again, but with the same result, my torrc looks like I mentioned before and not like it should be…I don’t know why, any other suggestions?
Hello Mum Pitz,
as ever a little less information from your side. My step by step is,
Sandbox 1
HardwareAccel 1
ClientUseIPv6 0
ControlPort 9051
SocksPort 0.0.0.0:9050
SocksPolicy accept 192.168.xxx.xxx/255.255.255.0
SocksPolicy accept 192.168.xxx.xxx/255.255.255.0
SocksPolicy reject *
ExitNodes {ad},{ae}
StrictNodes 1
If i select only one Exit Node e.g. →
my torrc looks like this →
Sandbox 1
HardwareAccel 1
ClientUseIPv6 0
ControlPort 9051
SocksPort 0.0.0.0:9050
SocksPolicy accept 192.168.xxx.xxx/255.255.255.0
SocksPolicy accept 192.168.xxx.xxx/255.255.255.0
SocksPolicy reject *
ExitNodes {ad}
StrictNodes 1
both configs produced by tor.cgi uses the directive ‘ExitNodes’ with ‘s’ at the end but also uses curly braces for the country code so no problem with deprecated semantics here.
From my side, no other suggestions since i can not reproduce your problem and your description of how you did your modifications or in general the whole configuration lacks with details.
Best,
Erik
@ummeegge
Sorry for that!
I don’t use country codes for Exit Nodes, I use selected fingerprints and copy the list into the right field. One line for each node.
Then it saves this with Exit Node nicely one below the other in the torrc.
I also use the country code, but I copy the list into the right-hand field, with curly brackets and each code in a line.
Also in the torrc each code one line with EntryNode. Both without “s”
I think this was the only way I was able to take over these lists without an error message in the tor.gui.
@mumpitz
No problem, now i get what you meant and i can also confirm the problem.
By adding this patch →
--- /srv/web/ipfire/cgi-bin/tor.cgi_orig 2023-11-27 12:09:46.373295547 +0100
+++ /srv/web/ipfire/cgi-bin/tor.cgi 2023-11-27 12:10:58.356547911 +0100
@@ -790,7 +790,7 @@
my @nodes = split(",", $settings{'TOR_USE_EXIT_NODES'});
foreach (@nodes) {
- print FILE "ExitNode $_\n";
+ print FILE "ExitNodes $_\n";
}
}
does the deprecation warning disappear ? P.S.: And more important does it works ?
Best,
Erik
P.S.: The third EDIT → on the right side i used only the fingerprint without curly brackets but each fingerprint in one line as you did-
Yes only the country codes I used with curly brackets.
yes the massage is gone and my relay is starting normally.
thank you very much for provide me this little peace of code!
But I would like to mention here that for you it may only be four simple words but for me a task that once again cost me hours But at least I pretend to be particularly clever, so I won’t tell you everything I tried to make this information usable for me.
With enough ambition, three cans of Radler and an ordered pizza, I finally managed to eradicate this error from my log. If I carry on like this, I’ll program my own operating system before I can no longer use the keyboard due to arthritis. You shouldn’t take me too seriously, but you can’t imagine how proud I am to have solved this problem on my own by counting 790 lines in tor.cgi with nano
great and good to hear that it works. Sorry for did not know what a big task i took on your shoulder… May the fight against arthritis command
vim +793 /srv/web/ipfire/cgi-bin/tor.cgi
with a little wrapping around had saved you but four Radler and a Pizza are also not that bad 
.
Will prepare a Bugzilla entry and send the patch to the mailinglist → good catch and thank you too.
Best,
Erik
Oh no, I’m glad to know how to use nano to open, edit and save files. When I open vim, I have to restart the machine because I don’t know how to exit this piece of software that comes from hell with the evil as author.
My trick was to type exactly the right term into the search box and the first hit brought me to this command…
patch < torcgi.patch
which was probably the correct one, because after my tests it worked. Even a rarely stupid and blind hen will eventually find a grain of corn at the first pecking.
This has now been proven.