Tor relays connection issues, error messages and personal Setup on a Raspberry Pi

Anonymity4Free · July 22, 2024, 7:15pm

My setup
I recently started hosting a Tor relay non-exit server at home using a Raspberry Pi 4B with 8GB of RAM. The Pi is overclocked and easily reaches 2GHz while maintaining a stable temperature below 60 degrees Celsius.

Given my preference for the Linux Arch OS, I chose it for this project. For each instance, I added an extra user (four in total). I configured the torrc files with different ports and created all necessary directories. I also wrote four systemctl files to start the relays independently. For security reasons, I won’t share my torrc files here.

Here is an example of one systemctl file:
[Unit]
Description=Tor1
After=network.target

[Service]
Type=simple
User=tor1
ExecStart=/usr/bin/tor -f /etc/tor/torrc.1
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
TimeoutSec=60
Restart=on-failure
LimitNOFILE=32768

#Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor1
ReadWriteDirectories=-/var/log/tor1
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH CAP_KILL

[Install]
WantedBy=multi-user.target

I opened all the necessary ports on my router, started the services, and everything seemed to work well. The CPU usage is currently about 50%-60%.

Now the big BUT:

Initially, the relays connect and run smoothly, but after a while, I encounter error messages such as:

“No circuits are opened. Relaxed timeout for circuit ***** (a Measuring circuit timeout 3-hop circuit in state doing handshakes with channel state open) to 60000ms. However, it appears the circuit has timed out anyway.”
“Channel padding timeout scheduled 262323ms in the past.”
“Our consensus is too old, so we will not serve it to clients. It was valid until 2024-07-21 07:00:00 local time and we continued to serve it for up to 24 hours after it expired.”
“I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.”
“Our microdesc consensus is too old, so we will not serve it to clients. It was valid
until 2024-07-21 06:00:00 local time and we continued to serve it for up to 24 hours after it expired.”

These messages appear at regular intervals, roughly every hour. Some instances run without issues for days, while others experience these errors frequently. Eventually, all instances encounter these errors. Despite this, my relays appear online when I check them on the relay search.

I haven’t found any information about what these messages mean, but I suspect something is wrong. I would appreciate any insights or advice on how to resolve these issues.

Thank you and have a good one.

PS.: When I open nyx i get the following warning:

[NYX_NOTICE] BUG: Unexpected exception from ConnectionTracker: tuple index out of range range [1 duplicate hidden]

atari · July 23, 2024, 10:19am

Two possible reasons come to my mind:

Do you synchronize your clock and does it work properly? The Pi has no RTC (real time clock) so it has to get it from ntpd or something similar.

Does your router cope well with all the extra NAT connections? Have a look at your router if it can handle that many network packets.

Anonymity4Free · July 23, 2024, 11:27am

Thank you for your prompt response @atari.

I have checked the clock, and it appears to be stable. To ensure accuracy, I configured my router as a time server and will monitor for any changes, although this seems unlikely.

Regarding the router’s capability, it should be robust enough to handle the network traffic. Both the CPU and RAM usage are maintaining around 50%. I check the logs too. Additionally, with a bandwidth of 1 Gbps, I do not foresee any issues.

What seems unusual to me is that the servers appear to be online continuously when I check them on relay search. I am unable to deduce the reason for this.

PS.: I still get the same errors