Re: [tor-relays] why my exit is not being used?
On Mon, 30 Jan 2017 15:12:46 +1100 teorwrote: > Your relay also does not seem capable of handling much tor traffic, so > tor clients are being told not to use it: That's the usual problem of relays in Asia (Singapore in this case), with all the bandwidth measuring authority servers being too far away from there. -- With respect, Roman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] why my exit is not being used?
> On 30 Jan 2017, at 14:35, gustavo panizzo (gfa)wrote: > > On Mon, Jan 30, 2017 at 12:03:40PM +1100, teor wrote: > >> Hi, >> >> Please send us your actual torrc: > > that's my actual torrc, I've only edited HashedControlPassword Then please reload your torrc so that your tor process is using it. >> * your torrc has a DirPort, but your relay on atlas does not >> (this might be because you have a bandwidth limit set) >> * your torrc says IPv6Exit, but your relay on atlas does not exit to >> IPv6 > > Port is open, tor is listening. no fw rules for IPv6 That's the ORPort, an entry port. You say you have IPv6Exit and an ExitPolicy set in the torrc. But your relay does not exit to IPv6, both atlas (IPv6 Exit Policy Summary) and your relay's descriptor (ipv6-policy) show that it does not allow any IPv6 ports: https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE (large file) https://collector.torproject.org/recent/relay-descriptors/server-descriptors/2017-01-29-12-05-00-server-descriptors Either that, or there is a bug in Tor relating to IPv6 Exit policies. But I can't see anywhere in the code that makes the IPv6 exit policy dependent on anything except ExitPolicy and IPv6Exit. Are there any log entries relating to IPv6 or exit policies? > ... >> >> Since you have AccountingMax set, please send us any bandwidth-related >> log entries. > arm says i've used 106+107 GB > > After increasing the loglevel to info and reloading I got this on the > log > > Heartbeat: Accounting enabled. Sent: 104.75 GB, Received: 104.44 GB, Used: > 209.22 GB / 1024.00 GB, Rule: sum. > The current accounting interval ends on 2017-02-01 00:00:00, in 2 days 2:30 > hours. OK, so the accounting limits are not the issue. >> >> Any more warning or notice log entries would also help, particularly >> those related to reachability. > > Jan 21 03:29:33 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]: Now > checking whether ORPort 128.199.76.145:443 and DirPort 128.199.76.145:80 > are reachable... (this may take up to 20 minutes -- look for log > messages indicating success) > > Jan 21 03:29:34 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]: > Self-testing indicates your DirPort is reachable from the outside. > Excellent. > > Jan 21 03:29:37 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]: > Self-testing indicates your ORPort is reachable from the outside. > Excellent. Publishing server descriptor. And the IPv4 entry address works. ... > I don't check daily, but when I check, tor never has more than 300 open > connections ... Does your kernel, config, VPS, or provider place a limit on the number of connections? (Search the list archives for detailed troubleshooting steps for this.) Your relay also does not seem capable of handling much tor traffic, so tor clients are being told not to use it: (large page) https://consensus-health.torproject.org/consensus-health-2017-01-30-02-00.html#5E762A58B1F7FF92E791A1EA4F18695CAC6677CE T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] why my exit is not being used?
On Mon, Jan 30, 2017 at 12:03:40PM +1100, teor wrote: > Hi, > > Please send us your actual torrc: that's my actual torrc, I've only edited HashedControlPassword > * your torrc has a DirPort, but your relay on atlas does not > (this might be because you have a bandwidth limit set) > * your torrc says IPv6Exit, but your relay on atlas does not exit to > IPv6 Port is open, tor is listening. no fw rules for IPv6 $ telnet 2400:6180:0:d0::18a7:d001 443 (from a different computer) Trying 2400:6180:0:d0::18a7:d001... Connected to 2400:6180:0:d0::18a7:d001. Escape character is '^]'. ^] telnet> quit Connection closed. # ss -putan |grep 443 |grep LISTEN tcpLISTEN 0 20480 128.199.76.145:443 *:* users:(("tor",pid=10809,fd=7)) tcpLISTEN 0 20480 2400:6180:0:d0::18a7:d001:443 :::* users:(("tor",pid=10809,fd=8)) > > Since you have AccountingMax set, please send us any bandwidth-related > log entries. arm says i've used 106+107 GB After increasing the loglevel to info and reloading I got this on the log Heartbeat: Accounting enabled. Sent: 104.75 GB, Received: 104.44 GB, Used: 209.22 GB / 1024.00 GB, Rule: sum. The current accounting interval ends on 2017-02-01 00:00:00, in 2 days 2:30 hours. > > Any more warning or notice log entries would also help, particularly > those related to reachability. Jan 21 03:29:33 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]: Now checking whether ORPort 128.199.76.145:443 and DirPort 128.199.76.145:80 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) Jan 21 03:29:34 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]: Self-testing indicates your DirPort is reachable from the outside. Excellent. Jan 21 03:29:37 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. After increase loglevel to info, I found this in the logs, it looks harmless but I'm not sure Tor[10809]: connection_dir_client_reached_eof(): Received http status code 404 ("Not found") from server '128.31.0.34:9131' while fetching "/tor/server/d/0BD4536404AA42D4892848293B002A64459940BA+120D89A44DA007434669F18A89C170E4A31A07C3.z". I'll try again soon. Tor[10809]: connection_dir_client_reached_eof(): Received server info (size 0) from server '128.31.0.34:9131' > > Most likely, your relay has simply used 1024GB this month. > top iptables rule Chain INPUT (policy ACCEPT 314K packets, 267M bytes) pkts bytes target prot opt in out source destination 339M 289G sshguard all -- * * 0.0.0.0/00.0.0.0/0 I don't check daily, but when I check, tor never has more than 300 open connections I've increased the loglevel to info, hopefully it will catch more info in the coming month Any other check I can run? thanks :) > Tim > > > # general > > Nickname sorrentini > > Log notice syslog > > ControlPort 9051 > > HashedControlPassword X > > AccountingStart month 01 00:00 > > AccountingRule sum > > AccountingMax 1024GB > > ContactInfo 0x44BB1BA79F6C6333 > > MyFamily > > 82C92FBAF2196EC346670D12BB9650FE9FF55741,EFD2EEB91E5C5D8CB999B1EC68D89E51F8776AC7 > > SocksPort 0 > > SocksPolicy reject * > > ## IPv4 > > ORPort 128.199.76.145:443 > > DirPort 128.199.76.145:80 > > Address 128.199.76.145 > > OutboundBindAddress 128.199.76.145 > > ##IPv6 > > IPv6Exit 1 > > ORPort [2400:6180:0:d0::18a7:d001]:443 > > OutboundBindAddress [2400:6180:0:d0::18a7:d001] > > # Exit > > DirPortFrontPage /etc/tor/tor-exit-notice.html > > CellStatistics 1 > > DirReqStatistics 1 > > EntryStatistics 1 > > ExitPortStatistics 1 > > ExtraInfoStatistics 1 > > HiddenServiceStatistics 1 > > ExitRelay 1 > > ExitPolicy accept *:53# DNS > > ExitPolicy accept *:80# HTTP > > ExitPolicy accept *:110 # POP3 > > ExitPolicy accept *:143 # IMAP > > ExitPolicy accept *:220 # IMAP3 > > ExitPolicy accept *:443 # HTTPS > > ExitPolicy accept *:873 # rsync > > ExitPolicy accept *:989-990 # FTPS > > ExitPolicy accept *:991 # NAS Usenet > > ExitPolicy accept *:992 # TELNETS > > ExitPolicy accept *:993 # IMAPS > > ExitPolicy accept *:995 # POP3S > > ExitPolicy accept *:1194 # OpenVPN > > ExitPolicy accept *:1293 # IPSec > > ExitPolicy accept *:3690 # SVN Subversion > > ExitPolicy accept *:4321 # RWHOIS > > ExitPolicy accept *:5222-5223 # XMPP, XMPP SSL > > ExitPolicy accept *:5228 # Android Market > > ExitPolicy accept *:9418 # git > > ExitPolicy accept *:11371 # OpenPGP hkp > > ExitPolicy accept *:64738 # Mumble > > ExitPolicy reject *:* # nothing else is allowed > > T > > -- > Tim Wilson-Brown (teor) > > teor2345 at gmail dot com > PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B > ricochet:ekmygaiu4rzgsk6n > xmpp: teor at torproject dot org >
Re: [tor-relays] Updates removes status flags
> a tor op : > Hi > When a tor admin updates a tor node, what is the reasoning for > punishing the status by removing flags like the guard flag? It's not a punishment, it's an advisory notice to clients not to choose the relay as a guard (or HSDir, or relay for Stable circuits). The Tor network prioritises client circuit reliability and latency, not relay bandwidth usage. This makes the user experience better. If a relay's version becomes too old, it will be removed from the network. But that's not a punishment either, it's done to protect clients, so that users can have a secure and reliable tor network. > The node may have been up for months on end without issues and goes > down for a few minutes during install and restart and comes up with a > newer version, hence it is clearly updated. And the guard flag goes > away. Doesn't seem really appropriate. A period of downtime is often correlated with another subsequent period of downtime. But if a relay stays stable for a few days or weeks, then it's much less likely it will go down again. > Unless it's to indicate caution > due to new version perhaps not being stable. People run unstable versions on the tor network to help us find bugs. We really appreciate this, because not all bugs show up in testing. > But then that's what you > do pre-prod testing in-house for. We do integration testing, and pre-prod testing in-house. But we have nothing that's the scale or age of the current tor network. For more information, please feel free to search the list archives. (This question is asked reasonably often.) T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] why my exit is not being used?
> On 27 Jan 2017, at 17:03, gustavo panizzo (gfa)wrote: > > Hello > > I ran sorrentini [1] as a relay for a month or two and everything was > fine. > > then 2-3 weeks ago i decided to allow exit, the traffic went down > significantly, is that expected? it has recovered a bit but i feel the > node is underutilized, is it stational? > > I've attached node's munin graphs > > > [1] > https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE > > > here is my torrc Hi, Please send us your actual torrc: * your torrc has a DirPort, but your relay on atlas does not (this might be because you have a bandwidth limit set) * your torrc says IPv6Exit, but your relay on atlas does not exit to IPv6 Since you have AccountingMax set, please send us any bandwidth-related log entries. Any more warning or notice log entries would also help, particularly those related to reachability. Most likely, your relay has simply used 1024GB this month. Tim > # general > Nickname sorrentini > Log notice syslog > ControlPort 9051 > HashedControlPassword X > AccountingStart month 01 00:00 > AccountingRule sum > AccountingMax 1024GB > ContactInfo 0x44BB1BA79F6C6333 > MyFamily > 82C92FBAF2196EC346670D12BB9650FE9FF55741,EFD2EEB91E5C5D8CB999B1EC68D89E51F8776AC7 > SocksPort 0 > SocksPolicy reject * > ## IPv4 > ORPort 128.199.76.145:443 > DirPort 128.199.76.145:80 > Address 128.199.76.145 > OutboundBindAddress 128.199.76.145 > ##IPv6 > IPv6Exit 1 > ORPort [2400:6180:0:d0::18a7:d001]:443 > OutboundBindAddress [2400:6180:0:d0::18a7:d001] > # Exit > DirPortFrontPage /etc/tor/tor-exit-notice.html > CellStatistics 1 > DirReqStatistics 1 > EntryStatistics 1 > ExitPortStatistics 1 > ExtraInfoStatistics 1 > HiddenServiceStatistics 1 > ExitRelay 1 > ExitPolicy accept *:53# DNS > ExitPolicy accept *:80# HTTP > ExitPolicy accept *:110 # POP3 > ExitPolicy accept *:143 # IMAP > ExitPolicy accept *:220 # IMAP3 > ExitPolicy accept *:443 # HTTPS > ExitPolicy accept *:873 # rsync > ExitPolicy accept *:989-990 # FTPS > ExitPolicy accept *:991 # NAS Usenet > ExitPolicy accept *:992 # TELNETS > ExitPolicy accept *:993 # IMAPS > ExitPolicy accept *:995 # POP3S > ExitPolicy accept *:1194 # OpenVPN > ExitPolicy accept *:1293 # IPSec > ExitPolicy accept *:3690 # SVN Subversion > ExitPolicy accept *:4321 # RWHOIS > ExitPolicy accept *:5222-5223 # XMPP, XMPP SSL > ExitPolicy accept *:5228 # Android Market > ExitPolicy accept *:9418 # git > ExitPolicy accept *:11371 # OpenPGP hkp > ExitPolicy accept *:64738 # Mumble > ExitPolicy reject *:* # nothing else is allowed T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] BrassHornComms tor relays: 'MyFamily' fixed.
> *should* be sorted now thanks for fixing it! +--++ | nickname | eMyFamilyCount | +--++ | BrassHornRelay06 |17. | | BrassHornExit03 |17. | | BrassHornRelay16 |17. | | BrassHornRelay14 |17. | | BrassHornExit02 |17. | | BrassHornRelay09 |17. | | BrassHornRelay02 |17. | | BrassHornExit04 |17. | | BrassHornRelay05 |17. | | BrassHornRelay11 |17. | | BrassHornRelay10 |17. | | BrassHornRelay13 |17. | | BrassHornRelay01 |17. | | BrassHornRelay08 |17. | | BrassHornRelay07 |17. | | BrassHornRelay12 |17. | | BrassHornRelay04 |17. | +--++ 17 rows signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Sharp rise in directly connecting tor users (AE)
see also: https://lists.torproject.org/pipermail/metrics-team/2017-January/000285.html (probably where it belongs better) signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ae rises and rises
>> https://metrics.torproject.org/userstats-relay-country.html?start=2015-10-22=2017-01-29=ae=off less significant but also (IR): https://metrics.torproject.org/userstats-relay-country.html?start=2016-01-01=2017-01-29=ir=off signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ae rises and rises
Excellent! > On Jan 29, 2017, at 04:57, Felixwrote: > > Please check out > > https:// > metrics.torproject.org/userstats-relay-country.html?start=2015-10-22=2017-01-29=ae=off > > vs > > https:// > metrics.torproject.org/userstats-relay-country.html?start=2015-10-22=2017-01-29=all=off > > -- > I this cool or not? > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] ae rises and rises
Please check out https:// metrics.torproject.org/userstats-relay-country.html?start=2015-10-22=2017-01-29=ae=off vs https:// metrics.torproject.org/userstats-relay-country.html?start=2015-10-22=2017-01-29=all=off -- I this cool or not? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays