Skip to content

GitLab

Closed
Created by Linda Lee@linda

Problems with starting managed Obfsproxy server when installed via debian package and with Tor as service

On a Ubuntu 12.04 "precise" host, I have installed obfsproxy and upgraded tor via the debian packages. More specifically:

$> sudo apt-get install -y tor obfsproxy
...
$> which obfsproxy
/usr/bin/obfsproxy
$> obfsproxy --version
obfsproxy 0.1.4 (git-94ebc4c3edf1e3e5)
$> tor --version
 [notice] Tor v0.2.3.22-rc (git-4a0c70a817797420) running on Linux.
 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Tor version 0.2.3.22-rc (git-4a0c70a817797420).

I'm typically managing Tor via:

$> sudo service tor start|stop|status

My torrc is:

$> grep -v "^#" /etc/tor/torrc | sed '/^$/d'
SocksPort 0
RunAsDaemon 1
User debian-tor
ORPort 8888
Nickname sricslbridge2
ExitPolicy reject *:* # no exits allowed
BridgeRelay 1
ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed

After starting Tor, the following process is running. But the obfsproxy process is missing, because of the following log output:

$> ps axu | grep tor
107       2228  0.7  1.3 379396 53244 ?        Sl   07:27   0:01 /usr/sbin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --hush
...
$> ps axu | grep obfs
$> sudo grep obfs /var/log/tor/log
 [warn] Could not launch managed proxy executable at '/usr/bin/obfsproxy' ('Permission denied').

When I turn Log on via torrc, the log output is slightly more verbose:

$> sudo grep -v "^#" /etc/tor/torrc | grep Log
Log debug file /var/log/tor/debug.log
$> sudo grep obfs /var/log/tor/debug.log
 [info] launch_managed_proxy(): Managed proxy at '/usr/bin/obfsproxy' has spawned with PID '2423'.
 [info] handle_proxy_line(): Got a line from managed proxy '/usr/bin/obfsproxy': (ERR: Failed to spawn background process - code 9/D)
 [warn] Could not launch managed proxy executable at '/usr/bin/obfsproxy' ('Permission denied').

The reason I was thinking it has to do with my init script (although I don't think I changed it myself. It was probably installed with Tor 0.2.2.x originally), is that I tried to run multiple Tor processes controlled via init.d using the instructions here: [https://www.torservers.net/wiki/setup/server#multiple_tor_processes] And the effect was that obfsproxy did start using this alternative init script. However, I reverted back to the original init script because the stopping of multiple Tor processes didn't work and I realized that I only need one Tor process to support a regular and an obfuscated bridge.

In the hope that the permission required to start the managed obfsproxy had to do with write permissions in certain locations, I attempted: (but it didn't resolve the problem)

$> sudo chown -R debian-tor:adm /var/tor
$> sudo ls -la /var/tor
total 6816
drwx------  3 debian-tor adm     4096 Sep 28 15:27 .
drwxr-xr-x 13 root       root    4096 Sep 29 07:23 ..
-rw-------  1 debian-tor adm    16947 Sep 28 13:11 cached-certs
-rw-------  1 debian-tor adm   706188 Sep 28 13:11 cached-consensus
-rw-------  1 debian-tor adm  4237891 Sep 28 14:36 cached-descriptors
-rw-------  1 debian-tor adm   184873 Sep 28 14:38 cached-descriptors.new
-rw-------  1 debian-tor adm   594762 Sep 28 13:11 cached-microdesc-consensus
-rw-------  1 debian-tor adm  1172036 Sep 28 14:36 cached-microdescs
-rw-------  1 debian-tor adm    23655 Sep 28 14:36 cached-microdescs.new
-rw-------  1 debian-tor adm       60 Sep 28 14:36 fingerprint
drwx------  2 debian-tor adm     4096 Sep 28 13:11 keys
-rw-------  1 debian-tor adm        0 Sep 28 14:36 lock
-rw-------  1 debian-tor adm     1510 Sep 28 15:27 state
$> sudo ls -la /var/run/tor
total 8
drwxr-s---  2 debian-tor debian-tor 100 Sep 29 07:50 .
drwxr-xr-x 21 root       root       700 Sep 29 07:49 ..
srw-rw----  1 debian-tor debian-tor   0 Sep 29 07:50 control
-rw-r-----  1 debian-tor debian-tor  32 Sep 29 07:50 control.authcookie
-rw-r--r--  1 debian-tor debian-tor   5 Sep 29 07:50 tor.pid

I'm attaching the short log and the more detailed debug.log. Also the init scripts tor (which must have come with the first Tor installation) and tor.MULTIPLE, which came from the commands below, are attached.

$> cd /etc/init.d
$> sudo mv tor tor.ORIG
$> sudo wget -O tor https://www.torservers.net/misc/config/initd-tor
$> sudo mv tor tor.MULTIPLE
$> sudo mv tor.ORIG tor

Thanks! Linda

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information