Re: [tor-relays] routing script

[Green Dream]

> I spoke with an VPN provider and
> they are okay with routing tor traffic over their VPN as long I have
> exit rulez etc. The only thing I need is a routing script for Debian
> to route all the Tor traffic over the VPN. Anyone can help me out with


If I understand correctly you are hoping to setup an exit node where the
outbound user traffic that would normally go to the clearnet winds up going
through a VPN first instead?

I'm not sure this is a very friendly idea for the Tor network. At the very
least, it's introducing an extra hop and additional latency. The average
Tor user has no ability to easily detect or opt-out of this situation. At
the worst, depending on how the VPN is implemented, you might introduce
other performance issues (TCP over TCP tunnels comes to mind) or security
issues (DNS leaks, VPN provider now has the ability to sniff traffic, etc.).
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] routing script

[k0nsl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mr. Koch,

I'd like to recommend BuyVM as well. They have reliable services for
as low as $15 per year (OpenVZ and KVM) in Luxembourg and USA.
Maybe you've already heard of them, if not: https://buyvm.net/
Bes wishes,
- -k0nsl

On 02/19/2016 01:15 AM, Markus Koch wrote:
> At the moment I am hosting with online.net and hetzner with over 1 
> Petabyte traffic so its not really my home connection :) But both
> have my personal information and Hetzner even needed a copy of my
> passport so I am very cautious.
> 
> But this URL looks great. Any recommendations? Btw, how long does
> it take to be "useful" as an exit node?
> 
> 
> 2016-02-19 0:59 GMT+01:00 I :
>> Markus,
>> 
>> From that you must have been thinking of your home for the exit
>> which is a bit dicey.
>> 
>> https://www.exoticvps.com/ is a place to look for a vps which
>> might be $50 (Australian) a year and fairly speedy.
>> 
>> Rob
>> 
>> 
>> ___ tor-relays
>> mailing list tor-relays@lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___ tor-relays mailing
> list tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJWxmLPAAoJEB6Ovd/r64WWgYQP/R3CCCOoWVrrBSzpgUNHxwJD
dS3cnxRaLMWKL2QLBLWGI8kLHSPll54xco2sBFBeDvF3vEwEDqR1QyDqFfyab/s9
A0t65J39gRzF+reyBwp90FaHRfTWCOqLlbadV6Qkr2qE7L7SVMc/aWSV4wXuW5pw
JoJyqX4ydMLqSyNtgoXJGCGMbGCIpt3EOWxtfrKbmTlTBbm0TU9LyB+v1KWT5tuw
e9E/32uolCTlKveldW2aTCYlW67zIf6NhuPzEQmSlgUmx5HN5gm42ShrXH0DXINd
FD07oemh1zB+mdEsrIBrduu+ZWoZgVDe7ep60OxGiPriShlId1dIf0OqtizMR3c7
PyCeQ0guKttkF0OkuCBcbZrS/nSdW5fU8vgUgkLOhNDjyDzZjByqi9IT/EV/usRy
WZtIoTIIpPkrR87Zf/JATN/iJG+dMc65SlOZ66y8kVhMGorG2uJD5N7uZ7xmbmlR
HFHMm2ce5e/FFs8YfgNOR5x+9sia3/4atf0UfGLG65CvMeCS2UjOs+tAjTukg4ng
9+/HqVaS4VRt7Xxg2EOMoMYTAmdSUkVyRrfNO/z507gLY8VcBAERPWsP+U4NIY3N
fRu9jFKbvj8fx7JSQKPiHyU600OXaWbogJyAFmI9LykAk1e6sCW61F8TgYYU6rA6
Geo3mo9WazPDXMssbFV6
=MD99
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] routing script

[Markus Koch]

At the moment I am hosting with online.net and hetzner with over 1
Petabyte traffic so its not really my home connection :) But both have
my personal information and Hetzner even needed a copy of my passport
so I am very cautious.

But this URL looks great. Any recommendations? Btw, how long does it
take to be "useful" as an exit node?


2016-02-19 0:59 GMT+01:00 I :
> Markus,
>
> From that you must have been thinking of your home for the exit which is a 
> bit dicey.
>
> https://www.exoticvps.com/ is a place to look for a vps which might be $50 
> (Australian) a year and fairly speedy.
>
> Rob
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] routing script

[I]

Markus,

>From that you must have been thinking of your home for the exit which is a bit 
>dicey.

https://www.exoticvps.com/ is a place to look for a vps which might be $50 
(Australian) a year and fairly speedy.

Rob


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] routing script

[Markus Koch]

I am not really sure if this will help. As a german subject living in
Germany I have to obey german laws even if I host a server in another
EU country. Right or wrong?




2016-02-19 0:40 GMT+01:00  :
> You can rent a VPS in another country for as little as ten bucks a month. You
> could configure one as an exit node.
>
> Cheers,
>
> K.
>
>
>
> On 18/02/16 23:16, Markus Koch wrote:
>> Hi,
>>
>> after having four entry/middle nodes online I would like to help out
>> with an exit node. Unfortunately you will get in a lot of trouble in
>> Germany for hosting an exit node. I spoke with an VPN provider and
>> they are okay with routing tor traffic over their VPN as long I have
>> exit rulez etc. The only thing I need is a routing script for Debian
>> to route all the Tor traffic over the VPN. Anyone can help me out with
>> this?
>>
>> Markus
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] routing script

[Markus Koch]

Thank you, I contacted them a few days before. Unfortunately they cant
really help me with routing on Linux and I use my servers for other
stuff too so I dont really want to sponsor a dedicated server as an
exit node. Dual use 4 the win :)

2016-02-19 0:46 GMT+01:00 I :
> Markus,
>
> You might find this worth a glance
>
> https://www.zwiebelfreunde.de/
>
> Rob
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] routing script

[I]

Markus,

You might find this worth a glance

https://www.zwiebelfreunde.de/

Rob


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] routing script

[ken]

You can rent a VPS in another country for as little as ten bucks a month. You
could configure one as an exit node.

Cheers,

K.



On 18/02/16 23:16, Markus Koch wrote:
> Hi,
>
> after having four entry/middle nodes online I would like to help out
> with an exit node. Unfortunately you will get in a lot of trouble in
> Germany for hosting an exit node. I spoke with an VPN provider and
> they are okay with routing tor traffic over their VPN as long I have
> exit rulez etc. The only thing I need is a routing script for Debian
> to route all the Tor traffic over the VPN. Anyone can help me out with
> this?
>
> Markus
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] routing script

[Markus Koch]

Hi,

after having four entry/middle nodes online I would like to help out
with an exit node. Unfortunately you will get in a lot of trouble in
Germany for hosting an exit node. I spoke with an VPN provider and
they are okay with routing tor traffic over their VPN as long I have
exit rulez etc. The only thing I need is a routing script for Debian
to route all the Tor traffic over the VPN. Anyone can help me out with
this?

Markus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Mexico ISP blocking authority nodes and preventing exit relays.

[Ricardo Malagon Jerez]

I suspect that Telmex ISP, Mexico biggest by far, found a very surgical way
to prevent relays.
Atlas only show a small group of Mexican relays, all of them in other ISP.

Tor client (and I2P) works well, and the hidden services too. Pluggable
transports and/or the tor alpha make easy to bypass this little nuance.

Usually Telmex ISP does not implement any kind of wide censorship, is
generally pretty open. I think this a very smart attack to tor
infrastructure, it does not prevent tor in general, but almost all the exit
traffic will go to outside the country, and little traffic will mix between
Mexican tor clients that choose having a relay.

For me, I will try to make stone arguments for a little David/Goliath
action, because Telmex works like "that is not a problem if others are not
complaining" , "Facebook is working, right?"

On Thu, Feb 18, 2016 at 4:47 AM, Tim Wilson-Brown - teor  wrote:

>
> On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez 
> wrote:
>
> I don't know how and why, but since January is impossible to have an exit
> relay in Telmex ISP.
> And is harder to reach authority nodes.
> Someone wrote about this, but is mid February and is the same.
> Tor 2.8 alpha works pretty good with the authority fallback measures, but
> I can't implement the exit relay or publish the relay.
>
>
> Thanks for the feedback about the fallback directory mirrors feature - I
> am glad to hear that it's working as planned.
> But it only works for clients.
>
> Relays need to be able to post their descriptors to the authorities. So
> they have to be able to reach at least one authority - they can't use only
> fallback directory mirrors.
>
> Tim
>
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP 968F094B
>
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Mexico ISP blocking authority nodes and preventing exit relays.

[Mirimir]

On 02/18/2016 04:24 AM, Tim Wilson-Brown - teor wrote:
> 
>> On 18 Feb 2016, at 22:16, Mirimir  wrote:
>>
>> On 02/18/2016 03:47 AM, Tim Wilson-Brown - teor wrote:
>>>
 On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez  
 wrote:

 I don't know how and why, but since January is impossible to have an exit 
 relay in Telmex ISP.
 And is harder to reach authority nodes.
 Someone wrote about this, but is mid February and is the same.
 Tor 2.8 alpha works pretty good with the authority fallback measures, but 
 I can't implement the exit relay or publish the relay.
>>>
>>> Thanks for the feedback about the fallback directory mirrors feature - I am 
>>> glad to hear that it's working as planned.
>>> But it only works for clients.
>>>
>>> Relays need to be able to post their descriptors to the authorities. So 
>>> they have to be able to reach at least one authority - they can't use only 
>>> fallback directory mirrors.
>>
>> Could relays somehow use bridges for that?
> 
> 
> Relays could upload their descriptors to the authorities over 3-hop tor 
> circuits, like hidden services do to hidden service directories.
> 
> But that doesn't solve the core issue: Tor assumes all relays can connect to 
> every other relay. If a relay can't reach the authorities, then that's 9 
> relays it can't reach, and it's likely that other relays are also blocked.

Doh. And any network that blocked access to authorities could block
access to all Tor relays.

> We would need to answer the following questions before we allowed relays that 
> can't reach the authorities to bootstrap:
> * how many other relays can each Tor relay reach at the moment?
> * what's the minimum number of relays each relay should be able to reach to 
> be useful?
> * how can we check if a relay can reach that many relays?
> * should the relay do the check itself before it submits its descriptor, or 
> should the authorities or bandwidth authorities do the check?
> 
> This requires some research and security analysis.

Right. A relay that needs a bridge to reach other relays is relatively
useless. And can perhaps hide malicious activity more easily too.

> Tim
> 
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com
> PGP 968F094B
> 
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
> 
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Mexico ISP blocking authority nodes and preventing exit relays.

[Tim Wilson-Brown - teor]

> On 18 Feb 2016, at 22:16, Mirimir  wrote:
> 
> On 02/18/2016 03:47 AM, Tim Wilson-Brown - teor wrote:
>> 
>>> On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez  wrote:
>>> 
>>> I don't know how and why, but since January is impossible to have an exit 
>>> relay in Telmex ISP.
>>> And is harder to reach authority nodes.
>>> Someone wrote about this, but is mid February and is the same.
>>> Tor 2.8 alpha works pretty good with the authority fallback measures, but I 
>>> can't implement the exit relay or publish the relay.
>> 
>> Thanks for the feedback about the fallback directory mirrors feature - I am 
>> glad to hear that it's working as planned.
>> But it only works for clients.
>> 
>> Relays need to be able to post their descriptors to the authorities. So they 
>> have to be able to reach at least one authority - they can't use only 
>> fallback directory mirrors.
> 
> Could relays somehow use bridges for that?


Relays could upload their descriptors to the authorities over 3-hop tor 
circuits, like hidden services do to hidden service directories.

But that doesn't solve the core issue: Tor assumes all relays can connect to 
every other relay. If a relay can't reach the authorities, then that's 9 relays 
it can't reach, and it's likely that other relays are also blocked.

We would need to answer the following questions before we allowed relays that 
can't reach the authorities to bootstrap:
* how many other relays can each Tor relay reach at the moment?
* what's the minimum number of relays each relay should be able to reach to be 
useful?
* how can we check if a relay can reach that many relays?
* should the relay do the check itself before it submits its descriptor, or 
should the authorities or bandwidth authorities do the check?

This requires some research and security analysis.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Mexico ISP blocking authority nodes and preventing exit relays.

[Mirimir]

On 02/18/2016 03:47 AM, Tim Wilson-Brown - teor wrote:
> 
>> On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez  wrote:
>>
>> I don't know how and why, but since January is impossible to have an exit 
>> relay in Telmex ISP.
>> And is harder to reach authority nodes.
>> Someone wrote about this, but is mid February and is the same.
>> Tor 2.8 alpha works pretty good with the authority fallback measures, but I 
>> can't implement the exit relay or publish the relay.
> 
> Thanks for the feedback about the fallback directory mirrors feature - I am 
> glad to hear that it's working as planned.
> But it only works for clients.
> 
> Relays need to be able to post their descriptors to the authorities. So they 
> have to be able to reach at least one authority - they can't use only 
> fallback directory mirrors.

Could relays somehow use bridges for that?

> Tim
> 
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com
> PGP 968F094B
> 
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
> 
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Mexico ISP blocking authority nodes and preventing exit relays.

[Tim Wilson-Brown - teor]

> On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez  wrote:
> 
> I don't know how and why, but since January is impossible to have an exit 
> relay in Telmex ISP.
> And is harder to reach authority nodes.
> Someone wrote about this, but is mid February and is the same.
> Tor 2.8 alpha works pretty good with the authority fallback measures, but I 
> can't implement the exit relay or publish the relay.

Thanks for the feedback about the fallback directory mirrors feature - I am 
glad to hear that it's working as planned.
But it only works for clients.

Relays need to be able to post their descriptors to the authorities. So they 
have to be able to reach at least one authority - they can't use only fallback 
directory mirrors.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays