Tor-addon : "Problem bootstrapping. Stuck at 45%"

Hi all,

[and : H[oping]appy new year !]

got some problems (browsers, from LAN, cannot connect) with Tor-addon recently installed.
Too much messages from it :
grep -c Tor /var/log/messages
4007
Sorry, it publish this post before I finished (just typing SPACE bar) !?)
Editing the rest :

So, “interesting parts” seems to be :
[…]
Problem bootstrapping. Stuck at 45% (requesting_descriptors): Asking for relay descriptors. (Connection timed out; TIMEOUT; count 1301; recommendation warn; host 4055CDDFF7B3F9E6A50447609A3014753A82EB26 at 185.4.134.104:9201)
1300 connections have failed:
1300 connections died in state connect()ing with SSL state (No SSL object)
[…]
I’m using secure DNS (Strict TLS).
Core update 153.

Jeep.

You need to make sure that the time is correctly set on IPFire.

Hi,

I’m using secure DNS (Strict TLS).

DNS should not be related here, as Tor does not need DNS to establish a circuit.

host 4055CDDFF7B3F9E6A50447609A3014753A82EB26 at 185.4.134.104:9201

Hmmm, that is a Guard relay in Greece. Apparently, it was rebooted one day and seven hours
ago, perhaps this happened just when you were trying to connect to it.

https://metrics.torproject.org/rs.html#details/4055CDDFF7B3F9E6A50447609A3014753A82EB26

If a Guard relay fails completely for a sufficient amount of time, Tor will choose a
different one. From my experience, this might take a few minutes.

Is your Tor client working again by now? If not, do you have any special configuration
(Guard relays restricted to certain countries, outgoing firewall ruleset, etc.) in place?

Thanks, and best regards,
Peter Müller

You need to make sure that the time is correctly set on IPFire.

Urf… do you mean “date” ?
Yes, [I think] it is :
date
Wed Jan 6 04:20:44 PM CET 2021

[but locales aren’t ;)]

Thanx for replying … but I can’t see the link … ?

Hi, Peter

DNS should not be related here, as Tor does not need DNS to establish a circuit.

Okay, thanx ; it was just to be sure.

[…]
Is your Tor client working again by now?

No, as I was « into other things », I forgot to do anything except closing my SSH connection to IPFire (I always work from another [debian] machine) and the web-GUI .
But when I looked at it again, it was always stuck at 45% (after 20 hours !) … so I stop-and-restart it, just to see … and it IS stuck at … 5% (started since 3 hours) ! :confused:

[…]
If not, do you have any special configuration
(Guard relays restricted to certain countries, outgoing firewall ruleset, etc.) in place?

No, nothing special, just Tor client “out-of-the-box”, no relay, no outgoing node or guard specified
[see the [erf… very dark] screenshot]

.

Nor any outgoing rule :

Thanks for your reply, Peter … I’m puzzled 'cause I thunk it’s a very basic Tor configuration so I can’t imagine where could be the problem.

Arf… just to be sure : I run Tor on a machine here, on the LAN (green, then) do you think it has a link [for me no, but …] ?

Jeep.

Second answer, a little summary of the 2 sessions (from 5% to 50% in [“only”] 2 hours, but stuck at 50% since 16:37) :

Jan 5 17:39:12 Tor[9677]: Bootstrapped 0% (starting): Starting
Jan 5 17:39:13 Tor[9677]: Bootstrapped 5% (conn): Connecting to a relay
Jan 5 17:40:46 Tor[9677]: Bootstrapped 10% (conn_done): Connected to a relay
Jan 5 17:40:46 Tor[9677]: Bootstrapped 14% (handshake): Handshaking with a relay
Jan 5 17:40:47 Tor[9677]: Bootstrapped 15% (handshake_done): Handshake with a relay done
Jan 5 17:40:47 Tor[9677]: Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Jan 5 17:40:47 Tor[9677]: Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Jan 5 17:40:47 Tor[9677]: Bootstrapped 30% (loading_status): Loading networkstatus consensus
Jan 5 17:40:48 Tor[9677]: Bootstrapped 40% (loading_keys): Loading authority key certs
Jan 5 17:40:48 Tor[9677]: Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
[…]
Jan 6 13:39:07 Tor[9677]: 14992 connections have failed:
Jan 6 13:39:07 Tor[9677]: 14991 connections died in state connect()ing with SSL state (No SSL object)
Jan 6 13:39:07 Tor[9677]: 1 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
Jan 6 13:39:32 Tor[9677]: New control connection opened from 127.0.0.1.
Jan 6 13:39:55 Tor[9677]: New control connection opened from 127.0.0.1.
Jan 6 13:39:55 Tor[9677]: Catching signal TERM, exiting cleanly.

RESTARTING at 14:42

Jan 6 14:42:24 Tor[13864]: Tor 0.4.4.6 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1i, Zlib 1.2.11, Liblzma 5.2.5, and Libzstd 1.4.5.
[…]
Jan 6 14:42:24 Tor[13864]: Bootstrapped 0% (starting): Starting
Jan 6 14:42:24 Tor[13864]: Bootstrapped 5% (conn): Connecting to a relay
Jan 6 16:37:46 Tor[13864]: Bootstrapped 10% (conn_done): Connected to a relay
Jan 6 16:37:46 Tor[13864]: Bootstrapped 14% (handshake): Handshaking with a relay
Jan 6 16:37:46 Tor[13864]: Bootstrapped 15% (handshake_done): Handshake with a relay done
Jan 6 16:37:46 Tor[13864]: Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
Jan 6 16:37:47 Tor[13864]: Bootstrapped 50% (loading_descriptors): Loading relay descriptors

Jeep.

P.S. Actually, as time goes by, I wonder if this has something to do with IPFire … afraid that answer is « no ». :confused:

Edit at 19:54 :
4185 connections have failed
Problem bootstrapping. Stuck at 50% (loading_descriptors): […]

==> No big change after ~5 hours running … I feel like I’ll give up :frowning:

Hi,

do you have some IPS rulesets enabled preventing Tor communication?

Thanks, and best regards,
Peter Müller

1 Like

Hello Peter, my Hero :wink:

do you have some IPS rulesets enabled preventing Tor communication?

Erf… [very busy these times and a little bit tired] … I’m answering from under the carpet where I’m hiding, so ashamed I am :[
The answer is … : « YESSSssss… » !

How could I’ve forgotten this &£§#@%! IDS !?!
Of course IT is the cause of my troubles … :expressionless:

IDS rapport for yesterday :
Total du nombre de règles activées pour Janvier 06: 15388

Most of these are :
“ET TOR Known Tor Relay/Router (Not Exit) Node Traffic”

Didn’t even thunk to look at this yesterday, pfffff…
[feeling reeeeeally ashamed at the moment]

The check on https://check.torproject.org says :
"Congratulations. This browser is configured to use Tor. "

So : Thousand of « Danke sehr » und « Danke schön » Peter, you saved my life … and make the rest of my day !
Cool. :wink:
[I felt very demoralized / discouraged 'bout all of this]

Again : many, many thanks to you, Peter.

Very best regards,

Tschüüüß !

Jeep.

P.S. : … And I’m really sorry having disturbing [bothering] you from real problems, real bugs etc…;/

Hi,

thanks for confirming this as the problems’ root cause.

No worries, the IPS came to my over a cup of coffee; sometimes taking a little break
from the monitor is definitely worth it. After all, we are - fortunately or unfortunately,
this is up to the reader - only human.

Thanks, and best regards,
Peter Müller

Hi Peter,

thanx making me coming out from under my carpet ! :wink:
Hoping all these copy-paste, screenshots and questions-answers may help other guys encountering same type of troubles.

After all, we are […] only human.

Yes … and may it continue to be so ! :expressionless:

Many thanks for all this [very good] job, best regards,

1 Like