Re: [tor-relays] Tor bridge and obfs4proxy
> On 5 Sep 2016, at 11:49, Arisbe wrote: > > I need someone's bridge experience. I had an HD crash and lost one of my Tor > bridges. So, I'm rebuilding on a leased VPS. First I tried with Debian 8 > and then with ubuntu 16.04 when Debian didn't work. With both operating > systems I get a warning message when I start Tor. Tor is the latest version > as is obfs4proxy: > > Sep 04 13:39:41.641 [warn] Strange ServerTransportPlugin type 'obfs4' > Sep 04 13:39:41.641 [warn] Failed to parse/validate config: Invalid server > transport line. See logs for details. > > There are no log entries. Apparently Tor starts without the proxy. I have > configured torrc as follows: > > ServerTransportPlugin obfs3 obfs4 exec /usr/bin/obfs4proxy > > ExtORPort auto > > /usr/bin/ does contain the obfs4proxy file. > > Does anyone know my problem? Is there a 'tell-all' explanation of obfs4proxy? From the tor manual page: ServerTransportPlugin transport exec path-to-binary [options] The Tor relay launches the pluggable transport proxy in path-to-binary using options as its command-line options, and expects to receive proxied client traffic from it. You're only allowed one space-separated transport name for "transport", you have two: "obfs3" and "obfs4". Tim > > Thanks, Arisbe > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor and Diplomatic Immunity
> On 5 Sep 2016, at 11:31, Mirimir wrote: > > On 09/04/2016 09:11 AM, Kenneth Freeman wrote: >> Do embassies and consulates run Tor nodes? AFAIK no studies have been >> done on this, but diplomatic immunity and Tor would seem to be a match >> made in Heaven. > > Well, they need uplinks, right? I doubt that diplomatic immunity forces > ISPs to serve them. Private routing is possible, of course, but is > probably too expensive for most. As wikileaks discovered, they definitely use Tor clients... > >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [tor-relays-universities] Legal issues relevant to UK
> * Duncan Guthrie schrieb am 2016-09-01 um 01:09 Uhr: >> I'm hoping to run a Tor relay here at a University in the UK. >> Is there anyone here who might have some experience with this in the >> past? I have been researching legal issues but information is >> extremely sparse (mostly relating to the DMCA). All I can really work >> out is that the issues relating to ISPs apply more generally, and more >> strictly to a Tor exit node operator. >> What protections, if any, exist here in the UK for a Tor exit node >> operator? > On 5 Sep 2016, at 05:08, Jens Kubieziel wrote: > > X-Post from tor-relays-universities@ > > I ran some relays at Geman universities in the past. I guess my > experiences won't help here. Maybe someone on tor-relays has experience > with running a relay at an UK university, so I send this mail to > tor-relays@ too. I can't help with UK-specific legislation, but if it hasn't diverged too far from Australia, the answer is likely the same: "there are some legal protections for carriage services, but the protections applying to an open proxy operator have not been testing in court yet". (Of course, you should get UK-specific legal advice on that.) One other option is to try setting up a non-exit relay first, which is what we've done recently in Australia. Another option is to have a talk with your local police (or the relevant police group dealing with Internet activities), and let them know about Tor and your Exit relay. And let them know you don't keep any logs, and Tor can't identify the end user anyway by design. That keeps them informed, and gives them someone to contact if there are ever any concerns about your relay. Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Useful metrics for relay operators
> On 4 Sep 2016, at 22:55, pa011 wrote: > > > > Am 01.09.2016 um 05:39 schrieb teor: >> >>> On 1 Sep 2016, at 13:36, I wrote: >>> >>> Did someone mention t-shirts? >>> >>> >>> When is the last time anyone got a t-shirt? >> >> I'm pretty sure Jon has been sending them out on a regular basis. >> (We're trying to automate the process a bit more.) >> >> If you want one, please feel free to get in touch with him, I've CC'd him on >> this email. >> >> Tim >> >> Tim Wilson-Brown (teor) > > Hi Tim, > > if not changed the person in charge should be Juris not Jon - a little bit > similar :-) Jon is sending out T-Shirts from the Tor office in Seattle. Juris was sending them out from torservers.net in Berlin. I believe there's been a transition recently, after Jon was employed to help out with administrative tasks like t-shirts. > I would bet nobody got a T-shirt this year - otherwise there wouldn’t be a > moaning every now an then, especially from Robert. > > I, waiting for a shirt as well, was offering my help on June, 13th in this > group - nobody ever came back on that. I'm sorry about that. There has been a transition between different people. Also, our automated t-shirt email system Tor Weather wasn't working correctly, and we're doing it manually for the moment. I've CC'd Jon on this email as well. You can get in touch with him to arrange a t-shirt. Tim > Rgds > > Paul > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor-relays Digest, Vol 68, Issue 12
> Am 04.09.2016 um 06:52 schrieb daniel boone: >> Ok, 1st on to MATT >> "I missed your SOCKS question." >> Well that doesnt matter because I took you advice on the first reply you >> sent explaing things so I commented all again as suggested. So all is well >> now on that part of the torrc file. Disabling SOCKSPort on a relay is a good idea. You're not really anonymous if you use your relay as a client - its IP address is public, and so is its uptime/downtime. And there are statistical ways of matching relay and client traffic hiccups. >> What I did do was kept the ORPort at 9001. I tried 443 but in the terminal >> it showed me it could not bind so it would not work. >> As for the question on "hope this helps" you bet and well appricated. Thank >> you. Likely your tor process is running as a non-root user (this is good) without the CAP_NET_BIND_SERVICE capability, or your OS equivalent. And 9001 is a fine port, there's no need to change it to 443. >> {Sep 04 00:11:56.000 [notice] Your network connection speed appears to have >> changed. Resetting timeout to 60s after 18 timeouts and 104 buildtimes.} >> >> > using anything to set it back. Right with the MB too.} > On 4 Sep 2016, at 22:17, jensm1 wrote: > > Nice to see your relay is running now! Though I must admit that I have no > idea what these "connection speed" notices mean. Probably nothing important, > or they'd be warnings. Your network connections are timing out on a regular basis. This isn't great for a relay, it means that clients using your relay will be slowed down. This could be your ISP having poor connectivity, or actively closing long-lived connections. Or perhaps other traffic on your connection competes with the Tor traffic, and causes it to time out? Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Why can't I see more traffic? (is my banana too weak?)
> On 4 Sep 2016, at 04:35, Farid Joubbi wrote: > > It seems as if Cpu1 is almost idle most of the time. > Cpu0 is somewhere between 5 and 20. > This is a rather high snapshot: > > %Cpu0 : 17.2 us, 2.0 sy, 0.0 ni, 79.5 id, 0.0 wa, 0.0 hi, 1.3 si, 0.0 > st > %Cpu1 : 2.4 us, 0.3 sy, 0.0 ni, 97.3 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 > st > > I have had the guard flag before. > Maybe I lost it since I rebooted twice and changed ISP a bit more than a week > ago. > > The IP address does not change unless I reboot or release the current address > manually > > I used to have 250Mbit/s downstream and 10Mbit/s up with my old ISP. > > How does the algorithm that checks the bandwidth work? Your relay reports a bandwidth based on the amount of traffic it has sustained in any 10 second period over the past day. You can also set a maximum advertised bandwidth on your relay. (Don't do this if you're trying to pick up more traffic.) Five bandwidth authorities measure each relay each week, and report how fast it is. Each of these factors can restrict the amount of bandwidth that the network assigns to your relay. Here's one way of testing what your relay is capable of: Run a Tor client as close to your relay as possible: tor DataDirectory /tmp/tor.$$ SOCKSPort [IPv4:]1 EntryNodes your-relay-name Then download a large file using port 1 as a socks proxy. That will give you some idea of how much traffic your relay can sustain, but it's worth noting that each client is limited to about 1 Mbps (I think - I can't find the manual page entry). Tim > Does anyone else reading this run a Banana Pro, Raspberry or similar hardware > with better results than me? > > Regards, > Farid > > > From: Roman Mamedov > Sent: 03 September 2016 17:14 > To: Aeris > Cc: Farid Joubbi; tor-relays@lists.torproject.org > Subject: Re: [tor-relays] Why can't I see more traffic? (is my banana too > weak?) > > On Sat, 03 Sep 2016 16:53:25 +0200 > Aeris wrote: > >>> Could it be that it is due to the quite slow hardware, even though I know >>> that it is able to push more traffic? >> >> Yep, surely. >> >> You currently push 3Mbps of traffic, which is correct for this kind of >> hardware. >> All "cheap" hardware (raspi, banana, olimex, pine…) suffer of the fact they >> don’t have crypto hardware acceleration and do software encryption. And so is >> very slow (10-100× factor) even compared to low end amd64 CPU with AES-NI >> extension. > > According to 'openssl speed aes-128-cbc' the Allwinner A20 CPU in Banana Pro > is > capable of about 25 MBytes/sec in AES performance. While that won't translate > 1:1 into Tor performance, as Farid noted in his case the CPU isn't being a > bottleneck, with only 10-20% CPU load observed. > > @Farid, > >> According to top the CPU hovers around 10-20% most of the time. > > I wonder is it 20% across both cores, which could be 40% of one core (since > Tor is not multithreaded enough), and at least somewhat closer to not being > practically idle. Can you launch 'top' and press '1' there to check? > > Also seems unclear why it didn't get the guard flag for so long, does your > public IP address change from time to time? Or do you turn the relay off and > on for whatever reason. > > -- > With respect, > Roman > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor bridge and obfs4proxy
I need someone's bridge experience. I had an HD crash and lost one of my Tor bridges. So, I'm rebuilding on a leased VPS. First I tried with Debian 8 and then with ubuntu 16.04 when Debian didn't work. With both operating systems I get a warning message when I start Tor. Tor is the latest version as is obfs4proxy: Sep 04 13:39:41.641 [warn] Strange ServerTransportPlugin type 'obfs4' Sep 04 13:39:41.641 [warn] Failed to parse/validate config: Invalid server transport line. See logs for details. There are no log entries. Apparently Tor starts without the proxy. I have configured torrc as follows: ServerTransportPlugin obfs3 obfs4 exec /usr/bin/obfs4proxy ExtORPort auto /usr/bin/ does contain the obfs4proxy file. Does anyone know my problem? Is there a 'tell-all' explanation of obfs4proxy? Thanks, Arisbe ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor and Diplomatic Immunity
On 09/04/2016 09:11 AM, Kenneth Freeman wrote: > Do embassies and consulates run Tor nodes? AFAIK no studies have been > done on this, but diplomatic immunity and Tor would seem to be a match > made in Heaven. Well, they need uplinks, right? I doubt that diplomatic immunity forces ISPs to serve them. Private routing is possible, of course, but is probably too expensive for most. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Guard vs Exit Bandwidth
> On 3 Sep 2016, at 03:53, Tristan wrote: > > But hidden service traffic makes up about 0.01% of Tor traffic. 0.9 Gbps / 75 Gbps = 1.2% > Total is about 75Gb/s: http://rougmnvswfsmd4dq.onion/bandwidth.html > > Hidden services are about 900Mb/s: > http://rougmnvswfsmd4dq.onion/hidserv-rend-relayed-cells.html Hidden Service traffic goes through two Guards and no Exits, Exit traffic goes through one of each. That said, the most likely explanation isL * almost every Exit has the Guard flag, but only a proportion of Guards have the Exit flag, and * the bandwidth allocation algorithms give relays with Exit and Guard flags all Exit and no Guard traffic, because Exits are rarer than Guards. Tim > > On Fri, Sep 2, 2016 at 12:51 PM, Green Dream wrote: > Don't forget that some traffic enters through guards but lands on > hidden services, skipping Exits. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > -- > Finding information, passing it along. ~SuperSluether > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [tor-relays-universities] Legal issues relevant to UK
X-Post from tor-relays-universities@ I ran some relays at Geman universities in the past. I guess my experiences won't help here. Maybe someone on tor-relays has experience with running a relay at an UK university, so I send this mail to tor-relays@ too. * Duncan Guthrie schrieb am 2016-09-01 um 01:09 Uhr: > I'm hoping to run a Tor relay here at a University in the UK. > Is there anyone here who might have some experience with this in the > past? I have been researching legal issues but information is > extremely sparse (mostly relating to the DMCA). All I can really work > out is that the issues relating to ISPs apply more generally, and more > strictly to a Tor exit node operator. > What protections, if any, exist here in the UK for a Tor exit node > operator? > > Thanks, > Duncan > ___ > tor-relays-universities mailing list > tor-relays-universit...@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universities -- Jens Kubieziel http://www.kubieziel.de Die meisten großen Taten, die meisten großen Gedanken haben einen belächelnswerten Anfang. Albert Camus signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor-relays Digest, Vol 68, Issue 14
To change your mailing-list preferences, you can simply visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays. On the other hand, you can also stay with the digest, if you don't plan on posting here regularly. Setting up a relay can be a lot of work, especially if you've never done it before. If you really want to do it, don't give up! You're probably almost there, since your relay is running and shown on Atlas. If you tell me the name of your relay and/or send me your full torrc, I might be able to help you with the remaining problems. Don't feel bad for asking questions and help, we all had to start at some point. > On the Atlas page I did see when I did a search it had found me but I > did not linke what I saw meaning location, ip address and provider. > I'm not sure what you mean by that. Is the info wrong? Or is the fact, that this info is publically available a problem for you? > As for the info on the proxy that is greek to me too. I usually use a > vpn service for everything else but tor does not let that happen for me. > I'm also not sure I understand what your problem is, and what a VPN has to do with that. Are you using a VPN to access the internet? If so, what is the reason for that? > Im not going to have the us law officles beating on my door. > If you don't run an exit, they will most certainly not come to you. I think it's best to take this conversation off the list for now, since this doesn't concern most relay-operators anymore, but feel free to message me directly, I'm happy to help you with your questions and problems! Jens Am 04.09.2016 um 17:30 schrieb daniel boone: > I appricate your help on this but this is all getting over my head. I > did create a folder for tor-relays in my inbox. As for changing from > "digest" to "actual mails" i dont see where to do that unless I > reregister with a new name and email. I wanted to run a relay and not > get into any BS over here but I think I may considring what you posted > back to me. > > On the Atlas page I did see when I did a search it had found me but I > did not linke what I saw meaning location, ip address and provider. I > have it set up wrong and not going to be a pain in the yazoo on all of > this. I think i may scrap my idea of a relay Jensm. > > As for the info on the proxy that is greek to me too. I usually use a > vpn service for everything else but tor does not let that happen for > me. I thank you for what you and matt have tried to get me going, I > did and its not correct and Im not going to have the us law officles > beating on my door. > > Regards > Daniel > [snip digest] > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor-relays Digest, Vol 68, Issue 15
I really am upset on giving up. But if I cant figure this all out jensm then I can be a pain the the yazoo to you people. I relaize the more relays the better for the project but I just think it is a bit over my head. I will check back in later and maybe unscribe tomorrow. Daniel Sent: Sunday, September 04, 2016 at 11:30 AM From: tor-relays-requ...@lists.torproject.org To: tor-relays@lists.torproject.org Subject: tor-relays Digest, Vol 68, Issue 15 Send tor-relays mailing list submissions to tor-relays@lists.torproject.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays or, via email, send a message with subject or body 'help' to tor-relays-requ...@lists.torproject.org You can reach the person managing the list at tor-relays-ow...@lists.torproject.org When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-relays digest..." Today's Topics: 1. Re: tor-relays Digest, Vol 68, Issue 12 (jensm1) 2. Re: Useful metrics for relay operators (Sebastian Niehaus) 3. Re: tor-relays Digest, 3 questions on torcc file (Kenneth Freeman) 4. Tor and Diplomatic Immunity (Kenneth Freeman) 5. Re: tor-relays Digest, Vol 68, Issue 14 (daniel boone) -- Message: 1 Date: Sun, 4 Sep 2016 16:25:05 +0200 From: jensm1 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] tor-relays Digest, Vol 68, Issue 12 Message-ID: Content-Type: text/plain; charset=utf-8 You're right, of course. The technically correct way would be to filter by the List-Id field and thunderbird supports this. I actually didn't know about this header field till now, thanks for pointing it out! But as you said, most webmails are crap (gmail apparently supports it, but not directly). The problem is, that this functionality is usually so well hidden, that even experienced users won't find it if they don't know exactly what they want to do, so filtering by subject/from/to - although technically "wrong" - is the only "visible" way to do it. Am 04.09.2016 um 15:28 schrieb grarpamp: > On Sun, Sep 4, 2016 at 8:17 AM, jensm1 wrote: >> you can then configure your inbox to >> put everything containing [tor-relays] into its own folder > This is non ideal as it continues the poor notion that bloating everyone's > subject lines with, currently 13, characters of non content junk is a good idea, > and it will cause mismatches on nonlist material. > The proper way to segregate a list is to match on envelope headers such as > the included X-BeenThere:, List-Id:, Sender:, not meta material in the body. > Unix users can easily use fetchmail and maildrop to do this. > Thunderbird and other clients should be able to. > Webmails are typically junk so no guarantees there. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Message: 2 Date: Sun, 4 Sep 2016 16:50:13 +0200 From: Sebastian Niehaus To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Useful metrics for relay operators Message-ID: <6cde48b5-ffb7-104b-489a-1ff1091a7...@web.de> Content-Type: text/plain; charset="utf-8" Am 01.09.2016 um 05:36 schrieb I: > Did someone mention t-shirts? I got my weather notification in January, recieved the t-shirt one week ago. Thanks! Sebastian -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160904/9d693e2a/attachment-0001.sig> -- Message: 3 Date: Sun, 4 Sep 2016 09:01:16 -0600 From: Kenneth Freeman To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] tor-relays Digest, 3 questions on torcc file Message-ID: <164af3e8-5cc6-0a67-61f1-af23bc0f4...@riseup.net> Content-Type: text/plain; charset="utf-8" On 09/03/2016 05:35 PM, jensm1 wrote: > I agree to everything Matt said. > > A good rule of thumb for tor configuration is "leave everything at > default, unless you've got a reason to change it". I concur. Generally speaking you really don't have to get under the hood much. Tor's ready to roll right out of the chute! -- next part -- A non-text attachment was scrubbed... Name: 0xDD79757F.asc Type: application/pgp-keys Size: 3129 bytes Desc: not available URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160904/dc1bb4d2/attachment-0001.key> -- next part -- A non-text attachment was scrubbed...
Re: [tor-relays] tor-relays Digest, Vol 68, Issue 14
ports on IPv4 only as well as > default exit policy > #ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as > default exit policy > ExitPolicy reject *:0 #no exits allowed: Minus the quotes natrually. > this line is line 190* > The links you sent me to look thru was interesting. Per what it says I > believe port 443 for the ORPort would be best but until I get the bind > issue I need to learn to do I best leave it set at 9001 for now. > As for the reading on the relay > ORPort 443 > Exitpolicy reject *:* > Nickname ididnotconfig > ContactInfo human@... > > *{ORPort 9001 > Exitpolicy reject *:* > Nickname danielboon > ContactInfo human@...}* > *back to line 190 I do have it UNCOMMENTED as you can see.* > *{ExitPolicy reject *:0 #no exits allowed}* > *Maybe i can comment line 190, I am not sure but u or Jen will get me > right.* > > This part is Addressed to Jen > > Regarding the exit settings: > Is this relay running on a computer at your home, Daniel? * > yes, my tower with a 64bit linux system duel core>* > > Is there other important stuff stored/running on that computer? > * > the partitons when I need. Think I'm safe on that>* > > If the answer to AT LEAST ONE of those two questions is yes, you > should definitely set > "ExitRelay 0" and "ExitPolicy reject *:*". > Actually, you should set this, regardless of the answers, unless you > know exactly, what it means to run an exit-relay and are willing and > prepared to do this. > > * > relay and exit different?>* > *and to the both of you I too will enjoying working with the group. > I'm interested in many things at my age. I am self taught on all with > books and just working with various OS's. Windows has been out for my > many years once I got to now linux.* > *As for both if you 2 are good enough to give me your names I can to > that too. It is David so we can use that.* > > I do have a setback here in the terminal I will post it> > > *{Sep 03 23:57:39.000 [notice] Bootstrapped 0%: Starting > Sep 03 23:57:47.000 [notice] Bootstrapped 80%: Connecting to the Tor > network > Sep 03 23:57:48.000 [notice] Bootstrapped 85%: Finishing handshake > with first hop > Sep 03 23:57:49.000 [notice] Guessed our IP address as 108.79.14.224 > (source: 154.35.175.225). > Sep 03 23:57:49.000 [notice] Bootstrapped 90%: Establishing a Tor circuit > Sep 03 23:57:51.000 [notice] Tor has successfully opened a circuit. > Looks like client functionality is working. > Sep 03 23:57:51.000 [notice] Bootstrapped 100%: Done > Sep 03 23:57:51.000 [notice] Now checking whether ORPort > 108.79.14.224:9001 is reachable... (this may take up to 20 minutes -- > look for log messages indicating success) > Sep 03 23:59:07.000 [notice] Your network connection speed appears to > have changed. Resetting timeout to 60s after 18 timeouts and 1000 > buildtimes. > Sep 04 00:07:45.000 [notice] Your network connection speed appears to > have changed. Resetting timeout to 60s after 18 timeouts and 100 > buildtimes. > Sep 04 00:11:48.000 [notice] Self-testing indicates your ORPort is > reachable from the outside. Excellent. Publishing server descriptor. > Sep 04 00:11:49.000 [notice] Performing bandwidth self-test...done.* > > *{*Sep 04 00:11:56.000 [notice] Your network connection speed appears > to have changed. Resetting timeout to 60s after 18 timeouts and 104 > buildtimes.} > > * > doing or using anything to set it back. Right with the MB too.}* > > I'll check back in the morn. 21 hrs today is enough for my butt. C/Ya > > *[snip quote of digest]* > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- next part -- An HTML attachment was scrubbed... URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160904/cbb9d604/attachment-0001.html> -- Message: 2 Date: Sun, 4 Sep 2016 14:28:15 +0200 From: jensm1 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] BeagleBoard-X15 Message-ID: <5bf7b624-a5b2-6ddb-b9b8-0d0f57bbb...@bbjh.de> Content-Type: text/plain; charset=utf-8 Hi, the BeagleBoard-X15 seems to be in the last phase of development/certification. We'll probably have to wait a bit until it finally gets released. As to alternatives: I'd be interested in these, too. Jens Am 04.09.2016 um 11:05 schrieb jchase: > Hello, > At least a year ago someone recommended the BeagleBoard-X15 as a Tor > relay, partly due to its speed. The X15 does
[tor-relays] Tor and Diplomatic Immunity
Do embassies and consulates run Tor nodes? AFAIK no studies have been done on this, but diplomatic immunity and Tor would seem to be a match made in Heaven. 0xDD79757F.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor-relays Digest, 3 questions on torcc file
On 09/03/2016 05:35 PM, jensm1 wrote: > I agree to everything Matt said. > > A good rule of thumb for tor configuration is "leave everything at > default, unless you've got a reason to change it". I concur. Generally speaking you really don't have to get under the hood much. Tor's ready to roll right out of the chute! 0xDD79757F.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Useful metrics for relay operators
Am 01.09.2016 um 05:36 schrieb I: > Did someone mention t-shirts? I got my weather notification in January, recieved the t-shirt one week ago. Thanks! Sebastian signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor-relays Digest, Vol 68, Issue 12
You're right, of course. The technically correct way would be to filter by the List-Id field and thunderbird supports this. I actually didn't know about this header field till now, thanks for pointing it out! But as you said, most webmails are crap (gmail apparently supports it, but not directly). The problem is, that this functionality is usually so well hidden, that even experienced users won't find it if they don't know exactly what they want to do, so filtering by subject/from/to - although technically "wrong" - is the only "visible" way to do it. Am 04.09.2016 um 15:28 schrieb grarpamp: > On Sun, Sep 4, 2016 at 8:17 AM, jensm1 wrote: >> you can then configure your inbox to >> put everything containing [tor-relays] into its own folder > This is non ideal as it continues the poor notion that bloating everyone's > subject lines with, currently 13, characters of non content junk is a good > idea, > and it will cause mismatches on nonlist material. > The proper way to segregate a list is to match on envelope headers such as > the included X-BeenThere:, List-Id:, Sender:, not meta material in the body. > Unix users can easily use fetchmail and maildrop to do this. > Thunderbird and other clients should be able to. > Webmails are typically junk so no guarantees there. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor-relays Digest, Vol 68, Issue 12
On Sun, Sep 4, 2016 at 8:17 AM, jensm1 wrote: > you can then configure your inbox to > put everything containing [tor-relays] into its own folder This is non ideal as it continues the poor notion that bloating everyone's subject lines with, currently 13, characters of non content junk is a good idea, and it will cause mismatches on nonlist material. The proper way to segregate a list is to match on envelope headers such as the included X-BeenThere:, List-Id:, Sender:, not meta material in the body. Unix users can easily use fetchmail and maildrop to do this. Thunderbird and other clients should be able to. Webmails are typically junk so no guarantees there. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Useful metrics for relay operators
Am 01.09.2016 um 05:39 schrieb teor: > >> On 1 Sep 2016, at 13:36, I wrote: >> >> Did someone mention t-shirts? >> >> >> When is the last time anyone got a t-shirt? > > I'm pretty sure Jon has been sending them out on a regular basis. > (We're trying to automate the process a bit more.) > > If you want one, please feel free to get in touch with him, I've CC'd him on > this email. > > Tim > > Tim Wilson-Brown (teor) Hi Tim, if not changed the person in charge should be Juris not Jon - a little bit similar :-) I would bet nobody got a T-shirt this year - otherwise there wouldn’t be a moaning every now an then, especially from Robert. I, waiting for a shirt as well, was offering my help on June, 13th in this group - nobody ever came back on that. Rgds Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] BeagleBoard-X15
Hi, the BeagleBoard-X15 seems to be in the last phase of development/certification. We'll probably have to wait a bit until it finally gets released. As to alternatives: I'd be interested in these, too. Jens Am 04.09.2016 um 11:05 schrieb jchase: > Hello, > At least a year ago someone recommended the BeagleBoard-X15 as a Tor > relay, partly due to its speed. The X15 does not seem to be available in > the Netherlands (according to Mouser electronics). Are there any other > comparable boards available in the Netherlands? > Thanks, > James Chase > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor-relays Digest, Vol 68, Issue 12
Hi Daniel One thing first: If you want to actively participate on this mailing list on a regular basis, it would be best if you switched your mailing-list-setting from digest to the actual mails (you can then either configure your inbox to put everything containing [tor-relays] into its own folder, or use a seperate email-address). This way, the Subject-lines are preserved when you answer, so it's easier to group the right messages together, automatically. Regarding relay vs. exit: Yes, there's a difference. I assume you're familiar with the basic workings of Tor (otherwise, read https://www.torproject.org/docs/faq.html.en#Torisdifferent and check out https://www.eff.org/pages/tor-and-https). An exit is a special kind of relay, as it is the one where your traffic leaves the Tor network and gets sent to the actual destination. This means that the destination sees the exit as the source of this traffic. So when somebody sends bad or illegal traffic, e.g. a hacker or someone downloading a movie, it looks like your exit is doing these things. Depending on the competence of your local law enforcement agencies, this could mean your computer (or all your computers in your home) might get seized, and you'll be a suspect. Therefore, it is not advisable to run an exit from home (since then you'll get all your computers taken away), or put anything else on the same server. Also, lawyers will file abuse complaints against your exit, which you'll have to deal with. It's perfectly fine to simply run a "normal" relay (you'll then be the middle hop), especially if you're running Tor on a system that's not online 24/7. Nice to see your relay is running now! Though I must admit that I have no idea what these "connection speed" notices mean. Probably nothing important, or they'd be warnings. Am 04.09.2016 um 06:52 schrieb daniel boone: > Ok, 1st on to MATT > "I missed your SOCKS question." > Well that doesnt matter because I took you advice on the first reply > you sent explaing things so I commented all again as suggested. So all > is well now on that part of the torrc file. > What I did do was kept the ORPort at 9001. I tried 443 but in the > terminal it showed me it could not bind so it would not work. > As for the question on "hope this helps" you bet and well appricated. > Thank you. > *What I did on the exit on lines 186-190 here is what it is set at* > *"#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 > and IPv6 but no more > #ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well > as default exit policy > #ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as > default exit policy > #ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as > default exit policy > ExitPolicy reject *:0 #no exits allowed: Minus the quotes natrually. > this line is line 190* > The links you sent me to look thru was interesting. Per what it says I > believe port 443 for the ORPort would be best but until I get the bind > issue I need to learn to do I best leave it set at 9001 for now. > As for the reading on the relay > ORPort 443 > Exitpolicy reject *:* > Nickname ididnotconfig > ContactInfo human@... > > *{ORPort 9001 > Exitpolicy reject *:* > Nickname danielboon > ContactInfo human@...}* > *back to line 190 I do have it UNCOMMENTED as you can see.* > *{ExitPolicy reject *:0 #no exits allowed}* > *Maybe i can comment line 190, I am not sure but u or Jen will get me > right.* > > This part is Addressed to Jen > > Regarding the exit settings: > Is this relay running on a computer at your home, Daniel? * yes, my tower with a 64bit linux system duel core>* > > Is there other important stuff stored/running on that computer? > * the partitons when I need. Think I'm safe on that>* > > If the answer to AT LEAST ONE of those two questions is yes, you > should definitely set > "ExitRelay 0" and "ExitPolicy reject *:*". > Actually, you should set this, regardless of the answers, unless you > know exactly, what it means to run an exit-relay and are willing and > prepared to do this. > > * relay and exit different?>* > *and to the both of you I too will enjoying working with the group. > I'm interested in many things at my age. I am self taught on all with > books and just working with various OS's. Windows has been out for my > many years once I got to now linux.* > *As for both if you 2 are good enough to give me your names I can to > that too. It is David so we can use that.* > > I do have a setback here in the terminal I will post it> > > *{Sep 03 23:57:39.000 [notice] Bootstrapped 0%: Starting > Sep 03 23:57:47.000 [notice] Bootstrapped 80%: Connecting to the Tor > network > Sep 03 23:57:48.000 [notice] Bootstrapped 85%: Finishing handshake > with first hop > Sep 03 23:57:49.000 [notice] Guessed our IP address as 108.79.14.224 > (source: 15
Re: [tor-relays] tor-relays Digest, Vol 68, Issue 12-UPDATE
ssed your SOCKS question. > > If you do not intend to directly use this Tor instance to access the Tor > network, you should leave the SocksPort as it was. By default Tor only > listens on localhost:9050 (as the documentation indicates). Therefore, > even if you *do* intend to use this Tor instance to access the Tor > network, by default you can already point your applications towards > localhost:9050. > > So in most cases, this option can be left alone so the default > configuration can do its thing. Either you won't use the SOCKS proxy and > it is harmlessly listening on localhost anyway, or you are like most > people and don't need it to listen on non-localhost non-9050. For either > case, the default behavior is fine. > > Hope this helps. > > Matt > > On 09/03/2016 03:55 PM, daniel boone wrote: >> >> I got a couple of question to ask on the torrc file and I hope one of >> you will direct me. >> >> Ok here we go. I got it working as a relay which i can see in the >> terminal. I just started so it is still testing bandwidth. but this is >> not my questions >> >> 1. on line 18 of mine it is about Socks. I was reading in the man pages >> on this. It was #Socksport 9050. Per the man pages I took out the >> comment and placed as "+" per the page. So now it is *+SOCKSPort 9050 # >> Default: Bind to localhost:9050 for local connections.* >> >> > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- next part -- An HTML attachment was scrubbed... URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160904/6f278d32/attachment-0001.html> -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160904/6f278d32/attachment-0001.sig> -- Message: 3 Date: Sun, 4 Sep 2016 01:38:28 +0200 From: jensm1 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] tor-relays-strike-snowden Message-ID: <0a8ee6b6-fff3-9e0a-9af8-29e613133...@bbjh.de> Content-Type: text/plain; charset="utf-8" First, let me welcome you to the world of relay operators! It's always nice to see new faces here, because it means I'm not the only "new guy" (just started running a relay not that long ago). Of course you won't be kicked out just for that one mail! I've seen a lot of worse FUD on here, which is probably why I reacted like I did, your mail just happened to be the last straw. If you still have problems with your relay, you could try to ask your (specific!) questions here or on the tor stackexchange. I'll also be happy to help you, if I can. Jens Am 03.09.2016 um 16:59 schrieb daniel boone: > > Jesm1, sorry about my rant. I am new to working with a relay and also > to Tor. Please bear with me on all of this. Give me a Chance. I just > wanted to help the project and not sit on my ass like some are afraid > to do. I will admitt i need to learn a few things on here. My mouth > for the first one. As for Snowden, he worked for a SubContractor and > was brought into the CIA or the NSA that way. I think it is wonderful > what the man did. He brought it all out in the OPEN for the world to > see. To see just how corrupt the security agency's are over in the > States. Look how they treated him. A man that told the whole truth and > if he would go back they would Kill Him. > I've said enough on that Jesm. I need some work and that is why I came > to the mailing list and Hope I can get some of my understanding of the > whole project and only Hope I am not cut from here cause of this. I > did get my relay running and it was what I was doing wrong on the > torcc file. Please Lets shake hands and start over. That is all i can > ask. Hope you take me up on it. The #tor chat room was of no help for > they just dont seem to want to help some with new questions. > -db- > [snip lengthy quote of digest] > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- next part -- An HTML attachment was scrubbed... URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160904/af206206/attachment.html> -- Subject: Digest Footer ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- End of tor-relays Digest, Vol 68, Issue 12 ** ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] BeagleBoard-X15
Hello, At least a year ago someone recommended the BeagleBoard-X15 as a Tor relay, partly due to its speed. The X15 does not seem to be available in the Netherlands (according to Mouser electronics). Are there any other comparable boards available in the Netherlands? Thanks, James Chase ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays