[tor-relays] cannot keep my bridge up

Hello:

I hope you can help me. I’m having trouble keeping my bridge up. Ports are forwarded. Running latest version of Tor. I had it running for at least roughly 7 to 10 days and then it went down and keeping it up is trouble. I even setup dynamic dns on my router using no-ip.com to see if that would help and still no. I’ve pasted logs from this morning here. Any help is appreciated.

Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF tor[17727]: Dec 20 08:55:16.929 [notice] Opened Extended OR listener connection (ready) on 127.0.0.1:34445
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: We compiled with OpenSSL 30000020: OpenSSL 3.0.2 15 Mar 2022 and we are running with OpenSSL 30000020: 3.0.2. These two versions should be binary compatible.
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Tor 0.4.7.12 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.2, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.35 as libc.
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Tor can’t help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Read configuration file “/etc/tor/torrc”.
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Based on detected system memory, MaxMemInQueues is set to 2849 MB. You can override this by setting MaxMemInQueues by hand.
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opening Socks listener on 127.0.0.1:9050
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opened Socks listener connection (ready) on 127.0.0.1:9050
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opening OR listener on 0.0.0.0:443
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opened OR listener connection (ready) on 0.0.0.0:443
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opening Extended OR listener on 127.0.0.1:0
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Extended OR listener listening on port 34445.
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opened Extended OR listener connection (ready) on 127.0.0.1:34445
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF kernel: [137278.310446] audit: type=1400 audit(1671544516.974:36): apparmor=“DENIED” operation=“open” profile=“system_tor” name=“/sys/kernel/mm/transparent_hugepage/hpage_pmd_size” pid=17728 comm=“obfs4proxy” requested_mask=“r” denied_mask=“r” fsuid=128 ouid=0
Dec 20 08:55:17 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Dec 20 08:55:17 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Dec 20 08:55:17 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your Tor server’s identity key fingerprint is ‘h4ck3rspace 93695FBD832C2A29A2DE719CC82B29F06C0B4E09’
Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your Tor bridge’s hashed identity key fingerprint is ‘h4ck3rspace 709E7C37DFE418F6A28B3F0352787606B51A66C6’
Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your Tor server’s identity key ed25519 fingerprint is ‘h4ck3rspace WpmTmQmwNU2PXhaGrwguLXwxiPL3g/4hHuXZRZxZli0’
Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: You can check the status of your bridge relay at https://bridges.torproject.org/status?id=709E7C37DFE418F6A28B3F0352787606B51A66C6
Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 0% (starting): Starting
Dec 20 08:55:18 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Starting with guard context “default”
Dec 20 08:55:26 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Signaled readiness to systemd
Dec 20 08:55:26 mxh-HP-Compaq-Pro-6300-SFF systemd[1]: Started Anonymizing overlay network for TCP.
Dec 20 08:55:26 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Registered server transport ‘obfs4’ at ‘[::]:52812’
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 5% (conn): Connecting to a relay
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opening Socks listener on /run/tor/socks
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opened Socks listener connection (ready) on /run/tor/socks
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opening Control listener on /run/tor/control
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Opened Control listener connection (ready) on /run/tor/control
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Unable to find IPv4 address for ORPort 443. You might want to specify IPv6Only to it or set an explicit address or set Address.
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 10% (conn_done): Connected to a relay
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 14% (handshake): Handshaking with a relay
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 15% (handshake_done): Handshake with a relay done
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Dec 20 08:55:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: External address seen and suggested by a directory authority: 100.38.62.232
Dec 20 08:55:28 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Bootstrapped 100% (done): Done
Dec 20 08:56:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Now checking whether IPv4 ORPort 100.38.62.232:443 is reachable… (this may take up to 20 minutes – look for log messages indicating success)
Dec 20 09:00:01 mxh-HP-Compaq-Pro-6300-SFF CRON[17784]: (root) CMD (timeshift --check --scripted)
Dec 20 09:00:01 mxh-HP-Compaq-Pro-6300-SFF crontab[17820]: (root) LIST (root)
Dec 20 09:00:01 mxh-HP-Compaq-Pro-6300-SFF crontab[17821]: (root) LIST (root)
Dec 20 09:00:01 mxh-HP-Compaq-Pro-6300-SFF systemd[1]: run-timeshift-17784-backup.mount: Deactivated successfully.
Dec 20 09:15:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your server has not managed to confirm reachability for its ORPort(s) at 100.38.62.232:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Dec 20 09:17:01 mxh-HP-Compaq-Pro-6300-SFF CRON[18262]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

What about this ?

I’m not sure I understand. Are you showing me more lines of code to add?

Hi,

These lines Toralf references come from the logs you sent. It looks
like apparmor didn't want obfs4proxy to open some file.
I'm not sure why obfs4proxy would care about this file, maybe it's
something the go runtime likes to look at. It does not look fatal
though.

Logs also says

Dec 20 09:15:27 mxh-HP-Compaq-Pro-6300-SFF Tor[17727]: Your server has not managed to confirm reachability for its ORPort(s) at 100.38.62.232:443.
Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.

It looks like your bridge isn't reachable from the internet. Have you
checked if your firewall accepts incoming connections? If you are on
an at home installation,
have you checked if your router NAT is configured to forward that port
properly. If you are on an at home installation too, is it possible
you are behind a CG-NAT
(Carrier-grade NAT - Wikipedia)?

Sidenotes: these logs contains your bridge fingerprint and its ip
address. These are informations you should never share publicly as it
allows censors to block
your bridge easily, while being hard to block is supposed to be the
whole purpose of bridges.

Regards,

trinity-1686a

Thank you for this. Is there any way around this? This didn't used to be problem.

Personally, I've had enough problems with apparmor doing this exact
sort of thing that I just remove/purge it and mark it as on hold so
that it doesn't reinstall.

Since apparmor is 'security' software, that may not be the best advice,
but at the same time, I have a hard time trusting security software
that has the power that apparmor has (and screws up other legit
software so often).

Another option is to do a web search for your problem. Apparmor thinks
it's just doing it's job blocking a dangerous file, but I'm sure there
are changes you can make in apparmor to flag the file/program as
safe/legit.