Re: [tor-relays] why my exit is not being used?

2017-01-29 Thread Roman Mamedov 
On Mon, 30 Jan 2017 15:12:46 +1100
teor  wrote:

> Your relay also does not seem capable of handling much tor traffic, so
> tor clients are being told not to use it:

That's the usual problem of relays in Asia (Singapore in this case), with all
the bandwidth measuring authority servers being too far away from there.


-- 
With respect,
Roman
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] why my exit is not being used?

2017-01-29 Thread teor 

> On 30 Jan 2017, at 14:35, gustavo panizzo (gfa)  wrote:
> 
> On Mon, Jan 30, 2017 at 12:03:40PM +1100, teor wrote:
> 
>> Hi,
>> 
>> Please send us your actual torrc:
> 
> that's my actual torrc, I've only edited HashedControlPassword

Then please reload your torrc so that your tor process is using it.

>> * your torrc has a DirPort, but your relay on atlas does not
>>  (this might be because you have a bandwidth limit set)
>> * your torrc says IPv6Exit, but your relay on atlas does not exit to
>>  IPv6
> 
> Port is open, tor is listening. no fw rules for IPv6

That's the ORPort, an entry port.

You say you have IPv6Exit and an ExitPolicy set in the torrc.

But your relay does not exit to IPv6, both atlas (IPv6 Exit Policy
Summary) and your relay's descriptor (ipv6-policy) show that it does not
allow any IPv6 ports:

https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE

(large file)
https://collector.torproject.org/recent/relay-descriptors/server-descriptors/2017-01-29-12-05-00-server-descriptors

Either that, or there is a bug in Tor relating to IPv6 Exit policies.
But I can't see anywhere in the code that makes the IPv6 exit policy
dependent on anything except ExitPolicy and IPv6Exit.

Are there any log entries relating to IPv6 or exit policies?

> ...
>> 
>> Since you have AccountingMax set, please send us any bandwidth-related
>> log entries.
> arm says i've used 106+107 GB
> 
> After increasing the loglevel to info and reloading I got this on the
> log
> 
> Heartbeat: Accounting enabled. Sent: 104.75 GB, Received: 104.44 GB, Used: 
> 209.22 GB / 1024.00 GB, Rule: sum.
> The current accounting interval ends on 2017-02-01 00:00:00, in 2 days 2:30 
> hours.

OK, so the accounting limits are not the issue.

>> 
>> Any more warning or notice log entries would also help, particularly
>> those related to reachability.
> 
> Jan 21 03:29:33 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]: Now
> checking whether ORPort 128.199.76.145:443 and DirPort 128.199.76.145:80
> are reachable... (this may take up to 20 minutes -- look for log
> messages indicating success)
> 
> Jan 21 03:29:34 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]:
> Self-testing indicates your DirPort is reachable from the outside.
> Excellent.
> 
> Jan 21 03:29:37 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]:
> Self-testing indicates your ORPort is reachable from the outside.
> Excellent. Publishing server descriptor.

And the IPv4 entry address works.

...
> I don't check daily, but when I check, tor never has more than 300 open 
> connections
...

Does your kernel, config, VPS, or provider place a limit on the number
of connections?

(Search the list archives for detailed troubleshooting steps for this.)

Your relay also does not seem capable of handling much tor traffic, so
tor clients are being told not to use it:

(large page)
https://consensus-health.torproject.org/consensus-health-2017-01-30-02-00.html#5E762A58B1F7FF92E791A1EA4F18695CAC6677CE

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org






signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] why my exit is not being used?

2017-01-29 Thread gustavo panizzo (gfa) 
On Mon, Jan 30, 2017 at 12:03:40PM +1100, teor wrote:
 
> Hi,
> 
> Please send us your actual torrc:

that's my actual torrc, I've only edited HashedControlPassword

> * your torrc has a DirPort, but your relay on atlas does not
>   (this might be because you have a bandwidth limit set)
> * your torrc says IPv6Exit, but your relay on atlas does not exit to
>   IPv6

Port is open, tor is listening. no fw rules for IPv6

$ telnet 2400:6180:0:d0::18a7:d001 443 (from a different computer)
Trying 2400:6180:0:d0::18a7:d001...
Connected to 2400:6180:0:d0::18a7:d001.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

# ss -putan |grep 443 |grep LISTEN
tcpLISTEN 0  20480 128.199.76.145:443   *:* 
 users:(("tor",pid=10809,fd=7))
tcpLISTEN 0  20480  2400:6180:0:d0::18a7:d001:443  
:::*  users:(("tor",pid=10809,fd=8))

> 
> Since you have AccountingMax set, please send us any bandwidth-related
> log entries.
arm says i've used 106+107 GB 

After increasing the loglevel to info and reloading I got this on the
log

Heartbeat: Accounting enabled. Sent: 104.75 GB, Received: 104.44 GB, Used: 
209.22 GB / 1024.00 GB, Rule: sum. 
The current accounting interval ends on 2017-02-01 00:00:00, in 2 days 2:30 
hours.

> 
> Any more warning or notice log entries would also help, particularly
> those related to reachability.

Jan 21 03:29:33 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]: Now
checking whether ORPort 128.199.76.145:443 and DirPort 128.199.76.145:80
are reachable... (this may take up to 20 minutes -- look for log
messages indicating success)

Jan 21 03:29:34 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]:
Self-testing indicates your DirPort is reachable from the outside.
Excellent.

Jan 21 03:29:37 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]:
Self-testing indicates your ORPort is reachable from the outside.
Excellent. Publishing server descriptor.

After increase loglevel to info, I found this in the logs, it looks
harmless but I'm not sure

Tor[10809]: connection_dir_client_reached_eof(): Received http status
code 404 ("Not found") from server '128.31.0.34:9131' while fetching
"/tor/server/d/0BD4536404AA42D4892848293B002A64459940BA+120D89A44DA007434669F18A89C170E4A31A07C3.z".
I'll try again soon.

Tor[10809]: connection_dir_client_reached_eof(): Received server info
(size 0) from server '128.31.0.34:9131'


> 
> Most likely, your relay has simply used 1024GB this month.
> 
top iptables rule

Chain INPUT (policy ACCEPT 314K packets, 267M bytes)
pkts bytes target prot opt in out source   destination  
   
339M  289G sshguard   all  --  *  *   0.0.0.0/00.0.0.0/0
   

I don't check daily, but when I check, tor never has more than 300 open 
connections

I've increased the loglevel to info, hopefully it will catch more info in the 
coming month

Any other check I can run? 

thanks :)

> Tim
> 
> > # general
> > Nickname sorrentini
> > Log notice syslog
> > ControlPort 9051
> > HashedControlPassword X
> > AccountingStart month 01 00:00
> > AccountingRule sum
> > AccountingMax 1024GB
> > ContactInfo 0x44BB1BA79F6C6333 
> > MyFamily 
> > 82C92FBAF2196EC346670D12BB9650FE9FF55741,EFD2EEB91E5C5D8CB999B1EC68D89E51F8776AC7
> > SocksPort 0
> > SocksPolicy reject *
> > ## IPv4
> > ORPort 128.199.76.145:443
> > DirPort 128.199.76.145:80
> > Address 128.199.76.145
> > OutboundBindAddress 128.199.76.145
> > ##IPv6
> > IPv6Exit 1
> > ORPort [2400:6180:0:d0::18a7:d001]:443
> > OutboundBindAddress [2400:6180:0:d0::18a7:d001]
> > # Exit
> > DirPortFrontPage /etc/tor/tor-exit-notice.html
> > CellStatistics 1
> > DirReqStatistics 1
> > EntryStatistics 1
> > ExitPortStatistics 1
> > ExtraInfoStatistics 1
> > HiddenServiceStatistics 1
> > ExitRelay 1
> > ExitPolicy accept *:53# DNS
> > ExitPolicy accept *:80# HTTP
> > ExitPolicy accept *:110   # POP3
> > ExitPolicy accept *:143   # IMAP
> > ExitPolicy accept *:220   # IMAP3
> > ExitPolicy accept *:443   # HTTPS
> > ExitPolicy accept *:873   # rsync
> > ExitPolicy accept *:989-990   # FTPS
> > ExitPolicy accept *:991   # NAS Usenet
> > ExitPolicy accept *:992   # TELNETS
> > ExitPolicy accept *:993   # IMAPS
> > ExitPolicy accept *:995   # POP3S
> > ExitPolicy accept *:1194  # OpenVPN
> > ExitPolicy accept *:1293  # IPSec
> > ExitPolicy accept *:3690  # SVN Subversion
> > ExitPolicy accept *:4321  # RWHOIS
> > ExitPolicy accept *:5222-5223 # XMPP, XMPP SSL
> > ExitPolicy accept *:5228  # Android Market
> > ExitPolicy accept *:9418  # git
> > ExitPolicy accept *:11371 # OpenPGP hkp
> > ExitPolicy accept *:64738 # Mumble
> > ExitPolicy reject *:* # nothing else is allowed
> 
> T
> 
> --
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
>

Re: [tor-relays] Updates removes status flags

2017-01-29 Thread teor 

> a tor op :
> Hi
> When a tor admin updates a tor node, what is the reasoning for
> punishing the status by removing flags like the guard flag?

It's not a punishment, it's an advisory notice to clients not to choose
the relay as a guard (or HSDir, or relay for Stable circuits).

The Tor network prioritises client circuit reliability and latency, not
relay bandwidth usage. This makes the user experience better.

If a relay's version becomes too old, it will be removed from the
network. But that's not a punishment either, it's done to protect
clients, so that users can have a secure and reliable tor network.

> The node may have been up for months on end without issues and goes
> down for a few minutes during install and restart and comes up with a
> newer version, hence it is clearly updated. And the guard flag goes
> away. Doesn't seem really appropriate.

A period of downtime is often correlated with another subsequent period
of downtime. But if a relay stays stable for a few days or weeks, then
it's much less likely it will go down again.

> Unless it's to indicate caution
> due to new version perhaps not being stable.

People run unstable versions on the tor network to help us find bugs.
We really appreciate this, because not all bugs show up in testing.

> But then that's what you
> do pre-prod testing in-house for.

We do integration testing, and pre-prod testing in-house.
But we have nothing that's the scale or age of the current tor network.

For more information, please feel free to search the list archives.
(This question is asked reasonably often.)

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org






signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] why my exit is not being used?

2017-01-29 Thread teor 

> On 27 Jan 2017, at 17:03, gustavo panizzo (gfa)  wrote:
> 
> Hello
> 
> I ran sorrentini [1] as a relay for a month or two and everything was
> fine.
> 
> then 2-3 weeks ago i decided to allow exit, the traffic went down
> significantly, is that expected? it has recovered a bit but i feel the
> node is underutilized, is it stational?
> 
> I've attached node's munin graphs
> 
> 
> [1]
> https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE
> 
> 
> here is my torrc

Hi,

Please send us your actual torrc:
* your torrc has a DirPort, but your relay on atlas does not
  (this might be because you have a bandwidth limit set)
* your torrc says IPv6Exit, but your relay on atlas does not exit to
  IPv6

Since you have AccountingMax set, please send us any bandwidth-related
log entries.

Any more warning or notice log entries would also help, particularly
those related to reachability.

Most likely, your relay has simply used 1024GB this month.

Tim

> # general
> Nickname sorrentini
> Log notice syslog
> ControlPort 9051
> HashedControlPassword X
> AccountingStart month 01 00:00
> AccountingRule sum
> AccountingMax 1024GB
> ContactInfo 0x44BB1BA79F6C6333 
> MyFamily 
> 82C92FBAF2196EC346670D12BB9650FE9FF55741,EFD2EEB91E5C5D8CB999B1EC68D89E51F8776AC7
> SocksPort 0
> SocksPolicy reject *
> ## IPv4
> ORPort 128.199.76.145:443
> DirPort 128.199.76.145:80
> Address 128.199.76.145
> OutboundBindAddress 128.199.76.145
> ##IPv6
> IPv6Exit 1
> ORPort [2400:6180:0:d0::18a7:d001]:443
> OutboundBindAddress [2400:6180:0:d0::18a7:d001]
> # Exit
> DirPortFrontPage /etc/tor/tor-exit-notice.html
> CellStatistics 1
> DirReqStatistics 1
> EntryStatistics 1
> ExitPortStatistics 1
> ExtraInfoStatistics 1
> HiddenServiceStatistics 1
> ExitRelay 1
> ExitPolicy accept *:53# DNS
> ExitPolicy accept *:80# HTTP
> ExitPolicy accept *:110   # POP3
> ExitPolicy accept *:143   # IMAP
> ExitPolicy accept *:220   # IMAP3
> ExitPolicy accept *:443   # HTTPS
> ExitPolicy accept *:873   # rsync
> ExitPolicy accept *:989-990   # FTPS
> ExitPolicy accept *:991   # NAS Usenet
> ExitPolicy accept *:992   # TELNETS
> ExitPolicy accept *:993   # IMAPS
> ExitPolicy accept *:995   # POP3S
> ExitPolicy accept *:1194  # OpenVPN
> ExitPolicy accept *:1293  # IPSec
> ExitPolicy accept *:3690  # SVN Subversion
> ExitPolicy accept *:4321  # RWHOIS
> ExitPolicy accept *:5222-5223 # XMPP, XMPP SSL
> ExitPolicy accept *:5228  # Android Market
> ExitPolicy accept *:9418  # git
> ExitPolicy accept *:11371 # OpenPGP hkp
> ExitPolicy accept *:64738 # Mumble
> ExitPolicy reject *:* # nothing else is allowed

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org






signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] BrassHornComms tor relays: 'MyFamily' fixed.

2017-01-29 Thread nusenu 
> *should* be sorted now

thanks for fixing it!

+--++
| nickname | eMyFamilyCount |
+--++
| BrassHornRelay06 |17. |
| BrassHornExit03  |17. |
| BrassHornRelay16 |17. |
| BrassHornRelay14 |17. |
| BrassHornExit02  |17. |
| BrassHornRelay09 |17. |
| BrassHornRelay02 |17. |
| BrassHornExit04  |17. |
| BrassHornRelay05 |17. |
| BrassHornRelay11 |17. |
| BrassHornRelay10 |17. |
| BrassHornRelay13 |17. |
| BrassHornRelay01 |17. |
| BrassHornRelay08 |17. |
| BrassHornRelay07 |17. |
| BrassHornRelay12 |17. |
| BrassHornRelay04 |17. |
+--++
17 rows



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Sharp rise in directly connecting tor users (AE)

2017-01-29 Thread nusenu 
see also:

https://lists.torproject.org/pipermail/metrics-team/2017-January/000285.html

(probably where it belongs better)



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ae rises and rises

2017-01-29 Thread nusenu 
>> https://metrics.torproject.org/userstats-relay-country.html?start=2015-10-22=2017-01-29=ae=off


less significant but also (IR):

https://metrics.torproject.org/userstats-relay-country.html?start=2016-01-01=2017-01-29=ir=off



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ae rises and rises

2017-01-29 Thread John Ricketts 
Excellent!

> On Jan 29, 2017, at 04:57, Felix  wrote:
> 
> Please check out
> 
> https:// 
> metrics.torproject.org/userstats-relay-country.html?start=2015-10-22=2017-01-29=ae=off
> 
> vs
> 
> https:// 
> metrics.torproject.org/userstats-relay-country.html?start=2015-10-22=2017-01-29=all=off
> 
> -- 
> I this cool or not?
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] ae rises and rises

2017-01-29 Thread Felix 

Please check out

https:// 
metrics.torproject.org/userstats-relay-country.html?start=2015-10-22=2017-01-29=ae=off


vs

https:// 
metrics.torproject.org/userstats-relay-country.html?start=2015-10-22=2017-01-29=all=off


--
I this cool or not?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays