Just wanted to run Tor @ my RPI4. However if I start the service it directly stops afterwards. I can’t find any log for Tor. How do I identify the problem?
Just to let you know:
Did you check the log files in /var/log/messages?
Hm I just checked the webif for a hint. I will have a look @ shell.
I’m getting this:
Dec 7 17:54:42 MM-FW-003 Tor[20740]: We compiled with OpenSSL 101010cf: OpenSSL 1.1.1l 24 Aug 2021 and we are running with OpenSSL 101010cf: 1.1.1l. These two versions should be binary compatible.
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Tor 0.4.6.7 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1l, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.5.0 and Glibc 2.33 as libc.
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Read configuration file "/usr/share/tor/defaults-torrc".
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Read configuration file "/etc/tor/torrc".
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Based on detected system memory, MaxMemInQueues is set to 2882 MB. You can override this by setting MaxMemInQueues by hand.
Dec 7 17:54:42 MM-FW-003 Tor[20740]: ControlPort is open, but no authentication method has been configured. This means that any program on your computer can reconfigure your Tor. That's bad! You should upgrade your Tor controller as soon as possible.
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Opening Socks listener on 127.0.0.1:9050
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Opened Socks listener connection (ready) on 127.0.0.1:9050
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Opening Control listener on 127.0.0.1:9051
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Opened Control listener connection (ready) on 127.0.0.1:9051
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Opening OR listener on 0.0.0.0:9001
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Opened OR listener connection (ready) on 0.0.0.0:9001
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Dec 7 17:54:42 MM-FW-003 Tor[20740]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Dec 7 17:54:43 MM-FW-003 Tor[20740]: Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Dec 7 17:54:43 MM-FW-003 Tor[20740]: install_syscall_filter(): Bug: (Sandbox) failed to load: -125 (Operation canceled)! Are you sure that your kernel has seccomp2 support? The sandbox won't work without it. (on Tor 0.4.6.7 )
Dec 7 17:54:43 MM-FW-003 Tor[20740]: tor_run_main(): Bug: Failed to create syscall sandbox filter (on Tor 0.4.6.7 )
Hi,
Dec 7 17:54:43 MM-FW-003 Tor[20740]: install_syscall_filter(): Bug: (Sandbox) failed to load: -125 (Operation canceled)! Are you sure that your kernel has seccomp2 support? The sandbox won't work without it. (on Tor 0.4.6.7 )
Dec 7 17:54:43 MM-FW-003 Tor[20740]: tor_run_main(): Bug: Failed to create syscall sandbox filter (on Tor 0.4.6.7 )
this is caused by this commit, which configures Tor to use seccomp as a syscall sandbox for improved security. Not having ARM64 hardware at hand, I admit I haven’t tested whether this works on that architecture. 
You can either…
try upgrading to Core Update 162 (testing), since it will come with an updated libseccomp (see this commit for details) and check whether it makes a difference
comment out the Sandbox 1 line in your Tor configuration. Please be aware this setting will be overridden each time you hit the “save” button in the WUI page for Tor.
Sorry to disappoint, and best regards,
Peter Müller
I updated to 162 but still the same error. Too bad.
So I had to comment out the first line in the config. However not using a sandbox is a security risk, but it works.
Terry, could you please raise a ticket for this that we don’t forget to fix this?
Hi,
looks like the Tor developers are already aware of this:
Therefore, I don’t think it is necessary to file a bug at IPFire, we just have to wait for this to get merged into the Tor upstream…
Thanks, and best regards,
Peter Müller
It runs now for longer than one week and I had a look at the statistic. For some reason it’s not working. I put in valid contact information, set it up as a relay and disabled geoblock and IPS (just in case to see if it works), but fialed. There is only a little up- and download traffic and I’m not connected to a single relay. Also if i click at the relay-fingerprint link it doesn’t find any profil fot the id.
Hi,
hm, did you observe a Tor log message such as this one?
Dec 16 x:x:x firewall Tor[5171]: Self-testing indicates your ORPort x:x is reachable from the outside. Excellent. Publishing server descriptor.
If so, your relay should have made it into the Tor consensus. If not, something else went wrong, and I would be interested in the content of these files:
/var/ipfire/tor/torrc/var/ipfire/tor/settingsas well as the Tor logs in /var/log/messages. Feel free to DM them to me if you don’t want to publish the contents here.
Thanks, and best regards,
Peter Müller
No I’m getting
Dec 16 17:42:13 MM-FW-003 Tor[3906]: Your server has not managed to confirm reachability for its ORPort(s) at X.Y.Z:9001. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
How is the way to connect to the network. Do I establish a connection to somewhere and keep it alive or try external clients to connect to my relay? The second way will never work because of dual stack lite and the vodafone router in front of ipfire.
It has only a IPv6 WAN IP and only the opportinuty of IPv6 host exposure .
Hi,
no, other Tor relays (and eventually Tor clients if your relay gets the Guard flag) will connect to the port and IP address they know about your relay from the consensus. DSLite really hampers things here, as Tor does not support IPv6 only relays, yet:
Thanks, and best regards,
Peter Müller
Wow this topic is already >9 years old. Thank’s for that info. Looks like I can’t support tor.