Tor on ASUS RT-AC66U after FW upgrade to 380.67

[kuzmwitch]

Hi
Some days ago I upgrade FW from 380.66.6 to 380.67
Upgrade process without problem
But now find out that if TOR option is ENABLE for ALL LAN or Only specified hosts they cant't go to Internet at all
Restore to factory defaults & manuale reconfigure device do not resolve this problem
Downgrade back to 380.66.6 - host behind TOR work with Internet without problem
May be I need do some additional steps with new FW 380.67 for TOR ?

Thanks

 

[RMerlin]

Works normally for me. If you have problems even after a factory default reset, then it sounds more like an ISP issue than a firmware one.

 

[kuzmwitch]

Thank you for answer
I also think about FireWall of my ISP but why TOR work on your previous asus FW 380.66.6
May be some sugesstion how to check it ? Or what can I see in asus log in this case ( which settings of System Log to use ? I use this logging settings debug/all
My hardware ASUS RT-AC66U ( HW version B0 )
Additional info
If I don't enable TOR on asus and use Tor browser - it always work on both asus FW

Thanks

 

[KentE]

Hi,
I have the exact same problem, the same router and same firmware.
The changelog for 380.67 says:
- CHANGED: Tor now runs as a limited user instead of as root
Maybe it has something to do with that change ?
When I downgraded it works fine again.
Regards

 

[RMerlin]

Hi,
I have the exact same problem, the same router and same firmware.
The changelog for 380.67 says:
- CHANGED: Tor now runs as a limited user instead of as root
Maybe it has something to do with that change ?
When I downgraded it works fine again.
Regards

Still can't reproduce it here.

Have you modified the default login name from "admin" to something different, or made any particular changes to the passwd file (like possibly creating additional users)?

Any particular error message in syslog regarding Tor?

 

[KentE]

Still can't reproduce it here.

Have you modified the default login name from "admin" to something different, or made any particular changes to the passwd file (like possibly creating additional users)?

Any particular error message in syslog regarding Tor?

No, the user is admin and no additional users has been created.
However the password contains 5 letters followed by a underscore followed by 5 letters and two numbers. A total of 13 chars.
There are no messages at all in the syslog that has been created by tor, I have looked for that but the log is equal as before. I'm using the specified mac option for tor.

 

[kuzmwitch]

Hi
I do everything again
Step by step with two FW using same settings ( all as default - only my password 13 char and MAC clone ) and do Factory Reset also
Get log after device Reboot
Device work with TOR as I wrote before 380.67 - PROBLEM and 380.66.6 - WORK
But I compare Log files and find out that on 380.67 something start not the same time as on 380.66.6

Check attached file

May be it help
Now I again on 380.66.6

Thanks
Sergey

 

[Fitz Mutch]

Tor is running fine for me on Asuswrt-Merlin 380.68-alpha1. However, I'm using Tor 0.3.0.10 upgrade, and a homemade /jffs/scripts/torrc.postconf

/jffs/scripts/torrc.postconf
https://cryptobin.co/36s0b7v3, password is lol

 

[RMerlin]

Post the output of these commands, run over SSH:

ps w | grep Tor
more /tmp/tor

 

[KentE]

Post the output of these commands, run over SSH:

ps w | grep Tor
more /tmp/tor

I'm no Linux guy so I'm not really sure if I'm doing this right but I attached a screen jpg.
Regards

 

[kuzmwitch]

Hi
Thank you for commands But they must be like this I think:
ps w | grep -v grep | grep Tor
more /tmp/tor*

And it explains that Tor not start at all
Check attached PDF

Thanks
Sergey

 

[Fitz Mutch]

I'm no Linux guy so ...

The Tor log file name is /tmp/torlog

cat /tmp/torlog

 

[KentE]

The Tor log file name is /tmp/torlog

cat /tmp/torlog

Sorry for my lack of knowledge, a new jpg.

 

[Fitz Mutch]

Sorry for ...

I'm guessing the issue is either the non-root Tor user or the Tor directory ownership/permissions.

cat /tmp/torrc | grep tor
cat /et?/passwd | grep tor
cat /et?/shadow | grep tor
cat /et?/group | grep tor
cat /et?/gshadow | grep tor
A="l s"; ${A/ /} -ld /var/lib/tor/

(silly Cloudflare)

 

[KentE]

I'm guessing the issue is either the non-root Tor user or the Tor directory ownership/permissions.

cat /tmp/torrc | grep tor
cat /et?/passwd | grep tor
cat /et?/shadow | grep tor
cat /et?/group | grep tor
cat /et?/gshadow | grep tor
A="l s"; ${A/ /} -ld /var/lib/tor/

(Silly Cloudfare )

Hi, tor directory is missing ?

 

[Fitz Mutch]

Hi, tor directory is missing ?

Your Tor data directory is /tmp/.tordb. Please check the ownership and permissions of your Tor data directory. Sometimes this is a cause of Tor not starting.

A="l s"; ${A/ /} -ld /tmp/.tordb/

What I think about is the ownership and permissions of the Tor data directory. How to fix it:

/bin/chown -R tor:tor /tmp/.tordb /jffs/.tordb
/bin/chmod -R u=rwx,g-rwx,o-rwx /tmp/.tordb /jffs/.tordb

Tor is very strict about it.


And, it appears that AsusWRT does backup /tmp/.tordb to /jffs/.tordb. @RMerlin, may want to preserve the ownership and directory permissions when backing up and restoring the Tor data directory. Use "cp -af" instead?
https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/rc/watchdog.c#L3491

https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/rc/services.c#L9926


On my router, nothing is backed up to /jffs because I changed the location of the Tor data directory to /var/lib/tor. That's why Tor is running fine for me. The only disadvantage is that Tor takes longer to open a circuit when the router is rebooted because it must re-load the authority key certs and relay descriptors.

 

[KentE]

Your Tor data directory is /tmp/.tordb. Please check the ownership and permissions of your Tor data directory. Sometimes this is a cause of Tor not starting.

A="l s"; ${A/ /} -ld /tmp/.tordb/

What I think about is the ownership and permissions of the Tor data directory. How to fix it:

/bin/chown -R tor:tor /tmp/.tordb /jffs/.tordb
/bin/chmod -R u=rwx,g-rwx,o-rwx /tmp/.tordb /jffs/.tordb

Tor is very strict about it.


And, it appears that AsusWRT does backup /tmp/.tordb to /jffs/.tordb. @RMerlin, may want to preserve the ownership and directory permissions when backing up and restoring the Tor data directory. Use "cp -af" instead?
https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/rc/watchdog.c#L3491

https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/rc/services.c#L9926


On my router, nothing is backed up to /jffs because I changed the location of the Tor data directory to /var/lib/tor. That's why Tor is running fine for me. The only disadvantage is that Tor takes longer to open a circuit when the router is rebooted because it must re-load the authority key certs and relay descriptors.

Hi, this command did not work /bin/chmod -R u=rwx,g-rwx,o-rwx /tmp/.tordb /jffs/.tordb
and when I restarted the router the owner was restored to admin root
Sorry, but this is getting really above my Linux competence so Tank you for your support and I will wait for the next release and try again.

 

[RMerlin]

And, it appears that AsusWRT does backup /tmp/.tordb to /jffs/.tordb. @RMerlin, may want to preserve the ownership and directory permissions when backing up and restoring the Tor data directory. Use "cp -af" instead?

That could make sense. I don't use Tor, so the couple of minutes I have it running was probably not enough for the watchdog to make a backup. Past users probably have a backup that belongs to root instead of to the Tor user.

Those with problems with Tor, try deleting the backed up data:

rm -rf /jffs/.tordb

Then restart Tor.

 

[RMerlin]

Watchdog only creates a backup of the database if there isn't already one. Doesn't that mean that this database will become stale after a while?

 

[KentE]

Watchdog only creates a backup of the database if there isn't already one. Doesn't that mean that this database will become stale after a while?

I can't say that I know what I'm doing but I executed rm -rf /jffs/.tordb and after that /bin/chown -R tor:tor /tmp/.tordb and /bin/chmod -R u+rwx,g-rwx,o-rwx /tmp/.tordb
Restarted the router and now tor works again, hope I did'nt mess something up
Thank you all for your support.