Re: [tor-relays] Good vsp providers

[I]

Seriously!

Just run the relay and don't worry.
And don't listen to the nongs.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

[Mirimir]

On 01/18/2018 01:13 PM, I wrote:
> They mean that what you are intending to do on their servers should be within 
> the law.
> 
> Rob

"Do what thou wilt shall be the whole of the Law. Love is the law, love
under will."

>> I asked online.net about their cloud ssd vps service and tor and have the
>> following dialog going:
>>
>> "
>> Hello. I'm interested in running a Tor relay exit node on your cloud SSD
>> vps product. Is this allowed? I would be running a reduced reduced exit
>> policy. Thank you.
>>
>> 
>>
>>  Flavio Pastore 1/18/18 5:13 PM
>> Hello,
>>
>> Thanks for your ticket.
>> Our platform is a IaaS one. So, if you're willing to set up legal
>> activities, you're more than welcome regardless of the service used. If
>> not, you will reported accordingly.
>>
>> I hope I have this point clear, but we remain here at your entire
>> disposal for any further information.
>>
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

[Fabian A. Santiago]

On January 18, 2018 7:13:42 PM EST, I  wrote:
>They mean that what you are intending to do on their servers should be
>within the law.
>
>Rob
>
>> 
>> I asked online.net about their cloud ssd vps service and tor and have
>the
>> following dialog going:
>> 
>> "
>> Hello. I'm interested in running a Tor relay exit node on your cloud
>SSD
>> vps product. Is this allowed? I would be running a reduced reduced
>exit
>> policy. Thank you.
>> 
>> 
>> 
>>  Flavio Pastore 1/18/18 5:13 PM
>> Hello,
>> 
>> Thanks for your ticket.
>> Our platform is a IaaS one. So, if you're willing to set up legal
>> activities, you're more than welcome regardless of the service used.
>If
>> not, you will reported accordingly.
>> 
>> I hope I have this point clear, but we remain here at your entire
>> disposal for any further information.
>> 
>
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Agreed. Thanks.
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

[Fabian A. Santiago]

On January 18, 2018 6:26:40 PM EST, Mirimir  wrote:
>On 01/18/2018 11:54 AM, niftybunny wrote:
>> You will held responsible to your actions (traffic). So worst case
>scenario is: They give your personal data to a LEA and you are now in
>charge to explain to a LEO that this is a Tor Exit. 
>> Depends on your country if this is a good idea. If you dont want any
>personal data with your VPS, get a bulletproof VPS but even offshore
>ISPs ban Tor Exists together with CP and hate speech. 
>> 
>> Welcome to the wonderful world of Tor Exists.
>> Enjoy your stay.
>> 
>> Markus
>
>How about HostSailor? They accept Bitcoin, and don't authenticate
>customers. But I don't know how they'd handle Tor relays.
>
>>> On 18. Jan 2018, at 23:45, Fabian A. Santiago
> wrote:
>>>
>>> January 18, 2018 4:50 PM, "George"  wrote:
>>>
 niftybunny:

> online.net 
> trabia.com  (ask first)
>
> both offer 100mbit for less than 5 euros

 This is a CSV file that TDP is slowly tinkering with. While it's
>focused
 on BSD-providing VPSs, most offer more.


>https://github.com/torbsd/torbsd.github.io/blob/master/docs/bsd-vps.md

 g

 --

 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682

 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>> I asked online.net about their cloud ssd vps service and tor and
>have the following dialog going:
>>>
>>> "
>>> Hello. I'm interested in running a Tor relay exit node on your cloud
>SSD vps product. Is this allowed? I would be running a reduced reduced
>exit policy. Thank you.
>>>
>>> 
>>>
>>> Flavio Pastore 1/18/18 5:13 PM
>>> Hello,
>>>
>>> Thanks for your ticket.
>>> Our platform is a IaaS one. So, if you're willing to set up legal
>activities, you're more than welcome regardless of the service used. If
>not, you will reported accordingly.
>>>
>>> I hope I have this point clear, but we remain here at your entire
>disposal for any further information.
>>>
>>> Best regards,
>>>
>>> Flavio 
>>> Online / Scaleway
>>> Looking for an amazing job? Join us NOW !
>https://careers.scaleway.com/
>>>
>>> 
>>>
>>> fabian.santi...@gmail.com 1/18/18 5:40 PM
>>> By legal services, do you mean a mechanism in order to respond to
>abuse reports? if so, i have covered that need by the following:
>>>
>>> 1.> i publish a tor readme html page on the server for anyone to
>browse to learn about tor and what my server is doing. it also includes
>links to the tor project's own pages with additional information. I
>would also be published in the tor atlas showing my node's information
>for all to see that i am a tor node. 
>>> 2.> i publish contact information so that complaint concerns can be
>addressed to me directly as needed.
>>>
>>> will this suffice in your opinion? could you also make a note on
>your end that I would be running an exit relay so that you know, in
>case you do wind up receiving complaints about my node's traffic? I
>find (and have read) that with a reduced reduced exit policy the chance
>for complaint generating traffic is greatly minimized anyway. thank
>you.
>>> "
>>>
>>> so they seem to be kewl with it but in your opinions, what does he
>mean by "legal activities"? Thanks. 
>>>
>>> --
>>>
>>> Thanks,
>>>
>>> Fabian S.
>>>
>>> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Uggh, monthly recurring Bitcoin payments sounds painful. Nah. 

Maybe not a good idea then with online.net. they seem to offer vps' in Paris 
and Amsterdam and I have no idea what their LE would do when handed my info. So 
forget it. 

Ok, any decently priced unmetered providers with servers in the US? I am in the 
US.

I'll check out the csv someone mentioned as well. Thanks.

They also just added this response:

"
Flavio Pastore wrote: 

Hello,


Thanks for providing us more information about what services you're going to 
use in your server.

By the way, it is very difficult to give you an exhaustive reply in advance, 
there is not a full text explaining what can be considered as illegal and what 
legal instead.

But we ensure to apply the EU law as general set of rules, and the French law 
as specific set of 

Re: [tor-relays] Good vsp providers

[Mirimir]

On 01/18/2018 11:54 AM, niftybunny wrote:
> You will held responsible to your actions (traffic). So worst case scenario 
> is: They give your personal data to a LEA and you are now in charge to 
> explain to a LEO that this is a Tor Exit. 
> Depends on your country if this is a good idea. If you dont want any personal 
> data with your VPS, get a bulletproof VPS but even offshore ISPs ban Tor 
> Exists together with CP and hate speech. 
> 
> Welcome to the wonderful world of Tor Exists.
> Enjoy your stay.
> 
> Markus

How about HostSailor? They accept Bitcoin, and don't authenticate
customers. But I don't know how they'd handle Tor relays.

>> On 18. Jan 2018, at 23:45, Fabian A. Santiago  
>> wrote:
>>
>> January 18, 2018 4:50 PM, "George"  wrote:
>>
>>> niftybunny:
>>>
 online.net 
 trabia.com  (ask first)

 both offer 100mbit for less than 5 euros
>>>
>>> This is a CSV file that TDP is slowly tinkering with. While it's focused
>>> on BSD-providing VPSs, most offer more.
>>>
>>> https://github.com/torbsd/torbsd.github.io/blob/master/docs/bsd-vps.md
>>>
>>> g
>>>
>>> --
>>>
>>> 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> I asked online.net about their cloud ssd vps service and tor and have the 
>> following dialog going:
>>
>> "
>> Hello. I'm interested in running a Tor relay exit node on your cloud SSD vps 
>> product. Is this allowed? I would be running a reduced reduced exit policy. 
>> Thank you.
>>
>> 
>>
>> Flavio Pastore 1/18/18 5:13 PM
>> Hello,
>>
>> Thanks for your ticket.
>> Our platform is a IaaS one. So, if you're willing to set up legal 
>> activities, you're more than welcome regardless of the service used. If not, 
>> you will reported accordingly.
>>
>> I hope I have this point clear, but we remain here at your entire disposal 
>> for any further information.
>>
>> Best regards,
>>
>> Flavio 
>> Online / Scaleway
>> Looking for an amazing job? Join us NOW ! https://careers.scaleway.com/
>>
>> 
>>
>> fabian.santi...@gmail.com 1/18/18 5:40 PM
>> By legal services, do you mean a mechanism in order to respond to abuse 
>> reports? if so, i have covered that need by the following:
>>
>> 1.> i publish a tor readme html page on the server for anyone to browse to 
>> learn about tor and what my server is doing. it also includes links to the 
>> tor project's own pages with additional information. I would also be 
>> published in the tor atlas showing my node's information for all to see that 
>> i am a tor node. 
>> 2.> i publish contact information so that complaint concerns can be 
>> addressed to me directly as needed.
>>
>> will this suffice in your opinion? could you also make a note on your end 
>> that I would be running an exit relay so that you know, in case you do wind 
>> up receiving complaints about my node's traffic? I find (and have read) that 
>> with a reduced reduced exit policy the chance for complaint generating 
>> traffic is greatly minimized anyway. thank you.
>> "
>>
>> so they seem to be kewl with it but in your opinions, what does he mean by 
>> "legal activities"? Thanks. 
>>
>> --
>>
>> Thanks,
>>
>> Fabian S.
>>
>> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

[niftybunny]

You will held responsible to your actions (traffic). So worst case scenario is: 
They give your personal data to a LEA and you are now in charge to explain to a 
LEO that this is a Tor Exit. 
Depends on your country if this is a good idea. If you dont want any personal 
data with your VPS, get a bulletproof VPS but even offshore ISPs ban Tor Exists 
together with CP and hate speech. 

Welcome to the wonderful world of Tor Exists.
Enjoy your stay.

Markus


> On 18. Jan 2018, at 23:45, Fabian A. Santiago  
> wrote:
> 
> January 18, 2018 4:50 PM, "George"  wrote:
> 
>> niftybunny:
>> 
>>> online.net 
>>> trabia.com  (ask first)
>>> 
>>> both offer 100mbit for less than 5 euros
>> 
>> This is a CSV file that TDP is slowly tinkering with. While it's focused
>> on BSD-providing VPSs, most offer more.
>> 
>> https://github.com/torbsd/torbsd.github.io/blob/master/docs/bsd-vps.md
>> 
>> g
>> 
>> --
>> 
>> 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> I asked online.net about their cloud ssd vps service and tor and have the 
> following dialog going:
> 
> "
> Hello. I'm interested in running a Tor relay exit node on your cloud SSD vps 
> product. Is this allowed? I would be running a reduced reduced exit policy. 
> Thank you.
> 
> 
> 
> Flavio Pastore 1/18/18 5:13 PM
> Hello,
> 
> Thanks for your ticket.
> Our platform is a IaaS one. So, if you're willing to set up legal activities, 
> you're more than welcome regardless of the service used. If not, you will 
> reported accordingly.
> 
> I hope I have this point clear, but we remain here at your entire disposal 
> for any further information.
> 
> Best regards,
> 
> Flavio 
> Online / Scaleway
> Looking for an amazing job? Join us NOW ! https://careers.scaleway.com/
> 
> 
> 
> fabian.santi...@gmail.com 1/18/18 5:40 PM
> By legal services, do you mean a mechanism in order to respond to abuse 
> reports? if so, i have covered that need by the following:
> 
> 1.> i publish a tor readme html page on the server for anyone to browse to 
> learn about tor and what my server is doing. it also includes links to the 
> tor project's own pages with additional information. I would also be 
> published in the tor atlas showing my node's information for all to see that 
> i am a tor node. 
> 2.> i publish contact information so that complaint concerns can be addressed 
> to me directly as needed.
> 
> will this suffice in your opinion? could you also make a note on your end 
> that I would be running an exit relay so that you know, in case you do wind 
> up receiving complaints about my node's traffic? I find (and have read) that 
> with a reduced reduced exit policy the chance for complaint generating 
> traffic is greatly minimized anyway. thank you.
> "
> 
> so they seem to be kewl with it but in your opinions, what does he mean by 
> "legal activities"? Thanks. 
> 
> --
> 
> Thanks,
> 
> Fabian S.
> 
> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

[Fabian A. Santiago]

January 18, 2018 4:50 PM, "George"  wrote:

> niftybunny:
> 
>> online.net 
>> trabia.com  (ask first)
>> 
>> both offer 100mbit for less than 5 euros
> 
> This is a CSV file that TDP is slowly tinkering with. While it's focused
> on BSD-providing VPSs, most offer more.
> 
> https://github.com/torbsd/torbsd.github.io/blob/master/docs/bsd-vps.md
> 
> g
> 
> --
> 
> 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

I asked online.net about their cloud ssd vps service and tor and have the 
following dialog going:

"
Hello. I'm interested in running a Tor relay exit node on your cloud SSD vps 
product. Is this allowed? I would be running a reduced reduced exit policy. 
Thank you.



 Flavio Pastore 1/18/18 5:13 PM
Hello,

Thanks for your ticket.
Our platform is a IaaS one. So, if you're willing to set up legal activities, 
you're more than welcome regardless of the service used. If not, you will 
reported accordingly.

I hope I have this point clear, but we remain here at your entire disposal for 
any further information.

Best regards,

Flavio 
Online / Scaleway
Looking for an amazing job? Join us NOW ! https://careers.scaleway.com/



 fabian.santi...@gmail.com 1/18/18 5:40 PM
By legal services, do you mean a mechanism in order to respond to abuse 
reports? if so, i have covered that need by the following:

1.> i publish a tor readme html page on the server for anyone to browse to 
learn about tor and what my server is doing. it also includes links to the tor 
project's own pages with additional information. I would also be published in 
the tor atlas showing my node's information for all to see that i am a tor 
node. 
2.> i publish contact information so that complaint concerns can be addressed 
to me directly as needed.

will this suffice in your opinion? could you also make a note on your end that 
I would be running an exit relay so that you know, in case you do wind up 
receiving complaints about my node's traffic? I find (and have read) that with 
a reduced reduced exit policy the chance for complaint generating traffic is 
greatly minimized anyway. thank you.
"

so they seem to be kewl with it but in your opinions, what does he mean by 
"legal activities"? Thanks. 

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

[George]

niftybunny:
> online.net 
> trabia.com  (ask first)
> 
> both offer 100mbit for less than 5 euros
> 


This is a CSV file that TDP is slowly tinkering with. While it's focused
on BSD-providing VPSs, most offer more.

https://github.com/torbsd/torbsd.github.io/blob/master/docs/bsd-vps.md

g


-- 


34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

[niftybunny]

online.net 
trabia.com  (ask first)

both offer 100mbit for less than 5 euros

> On 18. Jan 2018, at 21:46, Fabian A. Santiago  
> wrote:
> 
> On January 18, 2018 3:39:22 PM EST, niftybunny 
>  wrote:
>> exit or guard?
>> 
>>> On 18. Jan 2018, at 21:37, Fabian A. Santiago
>>  wrote:
>>> 
>>> Does anyone here use a vsp hosting provider which offers unlimited
>> bandwidth usage at a reasonable cost monthly? 
>>> 
>>> Would need to run / offer Ubuntu.
>>> 
>>> Country is of little importance. 
>>> 
>>> Thanks. 
>>> --
>>> 
>>> Thanks,
>>> 
>>> Fabian S.
>>> 
>>> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> Exit, specifically I like to run a reduced reduced policy.
> --
> 
> Thanks,
> 
> Fabian S.
> 
> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

[Fabian A. Santiago]

On January 18, 2018 3:39:22 PM EST, niftybunny  
wrote:
>exit or guard?
>
>> On 18. Jan 2018, at 21:37, Fabian A. Santiago
> wrote:
>> 
>> Does anyone here use a vsp hosting provider which offers unlimited
>bandwidth usage at a reasonable cost monthly? 
>> 
>> Would need to run / offer Ubuntu.
>> 
>> Country is of little importance. 
>> 
>> Thanks. 
>> --
>> 
>> Thanks,
>> 
>> Fabian S.
>> 
>> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Exit, specifically I like to run a reduced reduced policy.
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries

[nusenu]

Quintin:
>> Do you reach your server's conntrack limit?
> 
> The word conntrack never appears in my logs, so I don't think it's that.
> The ISP also requires this from tor exits: net.netfilter.nf_conntrack_max =
> 1

How many conntrack entries do you actually have when you get 
sendto failed: Operation not permitted
log entries?

sysctl net.netfilter.nf_conntrack_count
or
cat /proc/sys/net/netfilter/nf_conntrack_count

Regardless of whether this is the root-cause or not, 
nf_conntrack_max = 10k is probably to low for an exit relay.

If nf_conntrack_count is near nf_conntrack_max, does the problem
go away when you temporarily increase nf_conntrack_max?

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Good vsp providers

[niftybunny]

exit or guard?

> On 18. Jan 2018, at 21:37, Fabian A. Santiago  
> wrote:
> 
> Does anyone here use a vsp hosting provider which offers unlimited bandwidth 
> usage at a reasonable cost monthly? 
> 
> Would need to run / offer Ubuntu.
> 
> Country is of little importance. 
> 
> Thanks. 
> --
> 
> Thanks,
> 
> Fabian S.
> 
> OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Good vsp providers

[Fabian A. Santiago]

Does anyone here use a vsp hosting provider which offers unlimited bandwidth 
usage at a reasonable cost monthly? 

Would need to run / offer Ubuntu.

Country is of little importance. 

Thanks. 
--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries

[Quintin]

> Do you reach your server's conntrack limit?

The word conntrack never appears in my logs, so I don't think it's that.
The ISP also requires this from tor exits: net.netfilter.nf_conntrack_max =
1

> Try setting RelayBandwidthRate to 95% of your link capacity.

Why 95%? Are you thinking to give it more bandwidth?

> From the IPs in your logs I assume your unbound is configured to query
> recursively itself (no upstream forwarding) that is good, can you confirm
that
> and provide your unbound config + iptalbes -vnL?

Correct, unbound is recursive. Here's the config:
server:
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: no
num-threads: 2
interface-automatic: no
do-ip6: no
chroot: ""
username: "unbound"
directory: "/etc/unbound"
log-time-ascii: yes
pidfile: "/var/run/unbound/unbound.pid"
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
use-caps-for-id: no
unwanted-reply-threshold: 1000
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
module-config: "validator iterator"
trusted-keys-file: /etc/unbound/keys.d/*.key
auto-trust-anchor-file: "/var/lib/unbound/root.key"
val-clean-additional: yes
val-permissive-mode: no
val-log-level: 1
include: /etc/unbound/local.d/*.conf
remote-control:
control-enable: no
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
include: /etc/unbound/conf.d/*.conf

Quintin


-- 
01011001010101001101011101000101010010100110
01001100010001010101001101010011001001011001010001010101
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries

[teor]

> On 19 Jan 2018, at 06:06, Quintin  wrote:
> 
> No outbound filters, this is my config:
> 
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -p tcp -m comment --comment "SSH" -s x.x.x.x -m state --state NEW -m 
> tcp --dport 22 -j ACCEPT
> -A INPUT -p tcp -m comment --comment "Tor" -m state --state NEW -m tcp 
> --dport 80 -j ACCEPT
> -A INPUT -p tcp -m comment --comment "Tor" -m state --state NEW -m tcp 
> --dport 443 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
> If I stop tor then "dig @127.0.0.1 google.com" works 100%. It's seems like 
> the pattern is that when tor traffic builds up so do DNS failures. And then 
> my dig @127.0.0.1 only succeeds about 0.1% of the time. At this stage large 
> amounts these errors start appearing:
> 
> > Jan 17 19:27:33 torexit unbound: [559:0] notice: remote address is 
> > 192.42.93.30 port 53
> > Jan 17 19:27:33 torexit unbound: [559:0] notice: sendto failed: Operation 
> > not permitted

Try setting RelayBandwidthRate to 95% of your link capacity.
Then wait a few hours.

If you are still having issues:
* check if you have a lot of inbound connections from a small number of IPs,
* read recent threads for firewall rules to limit inbound connection load.

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries

[Quintin]

No outbound filters, this is my config:

**filter*
*:INPUT ACCEPT [0:0]*
*:FORWARD ACCEPT [0:0]*
*:OUTPUT ACCEPT [0:0]*
*-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT*
*-A INPUT -p icmp -j ACCEPT*
*-A INPUT -i lo -j ACCEPT*
*-A INPUT -p tcp -m comment --comment "SSH" -s x.x.x.x -m state --state NEW
-m tcp --dport 22 -j ACCEPT*
*-A INPUT -p tcp -m comment --comment "Tor" -m state --state NEW -m tcp
--dport 80 -j ACCEPT*
*-A INPUT -p tcp -m comment --comment "Tor" -m state --state NEW -m tcp
--dport 443 -j ACCEPT*
*-A INPUT -j REJECT --reject-with icmp-host-prohibited*
*-A FORWARD -j REJECT --reject-with icmp-host-prohibited*
*COMMIT*

If I stop tor then "dig @127.0.0.1 google.com" works 100%. It's seems like
the pattern is that when tor traffic builds up so do DNS failures. And then
my dig @127.0.0.1 only succeeds about 0.1% of the time. At this stage large
amounts these errors start appearing:



*> Jan 17 19:27:33 torexit unbound: [559:0] notice: remote address
is 192.42.93.30 port 53> Jan 17 19:27:33 torexit unbound: [559:0] notice:
sendto failed: Operation not permitted*

Quintin


On Thu, Jan 18, 2018 at 12:42 PM nusenu  wrote:

>  wrote:
> > Resent under the correct alias.
> >
> > I'm having high amounts of failures on this VPS (PulseServers). I run a
> > local unbound instance, and see an incredible amount of:
> > Jan 17 19:27:33 torexit unbound: [559:0] notice: sendto failed: Operation
> > not permitted
> > Jan 17 19:27:33 torexit unbound: [559:0] notice: remote address is
> > 198.97.190.53 port 53
> > Jan 17 19:27:33 torexit unbound: [559:0] notice: sendto failed: Operation
> > not permitted
> > Jan 17 19:27:33 torexit unbound: [559:0] notice: remote address is
> > 192.42.93.30 port 53
> > Jan 17 19:27:33 torexit unbound: [559:0] notice: sendto failed: Operation
> > not permitted
> > Jan 17 19:27:33 torexit unbound: [559:0] notice: remote address is
> > 192.35.51.30 port 53
> > Jan 17 19:27:33 torexit unbound: [559:0] notice: sendto failed: Operation
> > not permitted
> >
> > To give proportion to "incredible amount",
> > Jan 17 19:21:32 torexit rsyslogd: imjournal: 9897 messages lost due to
> > rate-limiting
> > Jan 17 19:22:02 torexit journal: Suppressed 1216 messages from
> > /system.slice/unbound.service
> > Jan 17 19:22:32 torexit journal: Suppressed 1209 messages from
> > /system.slice/unbound.service
> > Jan 17 19:23:02 torexit journal: Suppressed 1827 messages from
> > /system.slice/unbound.service
> > Jan 17 19:23:32 torexit journal: Suppressed 2333 messages from
> > /system.slice/unbound.service
> > Jan 17 19:24:02 torexit journal: Suppressed 3029 messages from
> > /system.slice/unbound.service
> > Jan 17 19:24:32 torexit journal: Suppressed 2822 messages from
> > /system.slice/unbound.service
> > Jan 17 19:25:02 torexit journal: Suppressed 2715 messages from
> > /system.slice/unbound.service
> > Jan 17 19:25:32 torexit journal: Suppressed 3166 messages from
> > /system.slice/unbound.service
> > Jan 17 19:26:02 torexit journal: Suppressed 4093 messages from
> > /system.slice/unbound.service
> > Jan 17 19:26:32 torexit journal: Suppressed 45878 messages from
> > /system.slice/unbound.service
> > Jan 17 19:27:02 torexit journal: Suppressed 30125 messages from
> > /system.slice/unbound.service
> > Jan 17 19:27:32 torexit journal: Suppressed 31764 messages from
> > /system.slice/unbound.service
> > Jan 17 19:28:02 torexit journal: Suppressed 31229 messages from
> > /system.slice/unbound.service
> >
> > Could it be limits from the VPS provider on the amount of outbound udp/53
> > connections?
>
> To me this looks more like a local problem?
> Are you doing any packet filtering on the host (outbound)?
>
> Does DNS work on that host if you try manual queries?
>
> From the IPs in your logs I assume your unbound is configured to query
> recursively itself (no upstream forwarding) that is good, can you confirm
> that
> and provide your unbound config + iptalbes -vnL?
>
>
> --
> https://mastodon.social/@nusenu
> twitter: @nusenu_
>
>

-- 
01011001010101001101011101000101010010100110
01001100010001010101001101010011001001011001010001010101
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor 0.3.2.9 Linux - too slow to handle this many circuit creation requests - Freebsd 0328r

[teor]

> On 19 Jan 2018, at 04:59, Felix  wrote:
> 
> Hi everybody
> 
>> Am 18-Jan-18 um 11:44 schrieb Stijn Jonker:
>> First message is at Jan 18 07:17:13, last just Jan 18 11:37:44, when
>> adding the # of circuits up, total in ~4 hours: 18033820 being 18 Million
> 
> 
> The same here:
> 7993419 circuits and 64009930 NTor in 4 hours (Freebsd, Jan 9th, Tor
> 0.3.2.8-rc)
> 
> 
> and there without the 'too slow to handle' warning:
> 17059168 circuits and 37961895 NTor in 3 hours (Freebsd, Jan 14th, Tor
> 0.3.2.8-rc)
> Interesting here is the memory went up to 15GB where MaxMemInQueues was
> set to 2GB.

A few people have reported increased RAM usage recently, on and off list.
It may be the next stage of the extra load.
It even happens on relays with the destroy cell fix.

On my machine, Tor used too much RAM and started swapping.
Please use the advice in previous threads to reduce connections and RAM.

If it keeps going, we will analyse the traffic and make code changes.

T
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] The Onion Box v4.1

[Ralph Wetzel]

Hi Kenneth, hi Olaf!

Thanks for providing that feedback.

I have to apologize: I failed to put the correct path into the documentation.

It should read './bin/theonionbox' rather than the './lib/theonionbox' shown in the ReadMe.


 

I'll update the files tonight.

 

Blushing, Ralph

 


Gesendet: Dienstag, 16. Januar 2018 um 13:45 Uhr
Von: "Kenneth Freeman" 
An: tor-relays@lists.torproject.org
Betreff: Re: [tor-relays] The Onion Box v4.1



On 01/14/2018 04:03 PM, Ralph Wetzel wrote:

> Give it a try! I'm looking forward receiving your feedback and answering your
> questions.

I receive "[[Ernno 111]] Connection Refused"; running "$ sudo -u
debian-tor lib/theonionbox" yields "sudo: lib/the onionbox: command not
found" This on my 32-bit machine, Sunflower-II, running Ubuntu 12:04 LTS
and Tor 0.3.0.8 -deprecated, I know, I'll have to upgrade, I tug my
forelock. That said it runs just fine on Gaze, my 64-bit machine, which
is running Ubuntu 16.04 LTS & Tor 0.3.0.1 currently.

Good job on Onionbox! I've long regarded Arm-cum-Nyx as clunky; your UI
is gorgeous!


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




 

 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] The Onion Box v4.1

[Ralph Wetzel]

Thanks, Damian!

I'll check how to display that in the Onion Box.

Greetings, Ralph

 

Gesendet: Dienstag, 16. Januar 2018 um 23:52 Uhr
Von: "Damian Johnson" 
An: tor-relays@lists.torproject.org
Betreff: Re: [tor-relays] The Onion Box v4.1

>> Hi is there an option to show connections in theonionbox ?
>
> Sorry... currently not!

Hi Ralph. For what it's worth since Onion Box already uses Stem you
can get the connection data via...

https://stem.torproject.org/tutorials/east_of_the_sun.html#connection-resolution

Cheers! -Damian
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




 

 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor 0.3.2.9 Linux - too slow to handle this many circuit creation requests - Freebsd 0328r

[Felix]

Hi everybody

Am 18-Jan-18 um 11:44 schrieb Stijn Jonker:
> First message is at Jan 18 07:17:13, last just Jan 18 11:37:44, when
> adding the # of circuits up, total in ~4 hours: 18033820 being 18 Million


The same here:
7993419 circuits and 64009930 NTor in 4 hours (Freebsd, Jan 9th, Tor
0.3.2.8-rc)


and there without the 'too slow to handle' warning:
17059168 circuits and 37961895 NTor in 3 hours (Freebsd, Jan 14th, Tor
0.3.2.8-rc)
Interesting here is the memory went up to 15GB where MaxMemInQueues was
set to 2GB.

-- 
Cheers, Felix
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [OrNetRadar] AS: "DigitalOcean, LLC" - 2018-01-16

[x9p]

On Wed, January 17, 2018 5:45 pm, nusenu wrote:
>>> x9p:
 +1 blacklisted.
>>>
>>>
>>> can you elaborate on what you mean with that?
>>
>>
>> sorry. blocked on my relays.
>
>
> If you mean "dropping all packets coming from and to these IP addresses
> to your relays" by that, please don't do that. That breaks
> functionality for tor clients, removal should happen on a directory
> authority level.
>
>
> --
> https://mastodon.social/@nusenu
> twitter: @nusenu_
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

not doing DROPS anymore, trying not to hurt clients. StrictNodes, via torrc

cheers.

--
x9p | PGP : 0x03B50AF5EA4C8D80 / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 
E7EE

"I don't know where I'm going from here, but I promise it won't be boring." - 
David Bowie


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor 0.3.2.9 Linux - first period fine, since today lots of: Your computer is too slow to handle this many circuit creation requests!

[Stijn Jonker]

Hi All,

Is this a "known" issue, my non-exit relay has been running for over a 
year, and although with the recent issues (attack / network issue or the 
likes) with some ipfilter kunfu it managed to get through the storm 
pretty well. Now all of a sudden since early today my logs are flooded 
with:


Jan 18 11:34:44 tornode Tor[65839]: Your computer is too slow to handle 
this many circuit creation requests! Please consider using the 
MaxAdvertisedBandwidth config option or choosing a more restricted exit 
policy. [204844 similar message(s) suppressed in last 60 seconds]


First message is at Jan 18 07:17:13, last just Jan 18 11:37:44, when 
adding the # of circuits up, total in ~4 hours: 18033820 being 18 
Million, which feels a bit much, but don't have any figures to compare. 
On the current hardware this never seemed to be an issue, not even by 
far it was normally (according to ESXi) at ~400-500mhz, now it's using 2 
vCPU's at ~4000Mhz.


Now of course I can lower the bandwidth, but if these are low bandwidth 
circuits then lowering the bandwidth from 10Mbyte/sec (peak 
12,5Mbyte/sec) to a lower value might actually not resolve it.


Anybody seeing this as well and/or ideas / advice etc?


Stijn___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] debugging unbound on 'torexit' failing DNS queries

[nusenu]

 wrote:
> Resent under the correct alias.
> 
> I'm having high amounts of failures on this VPS (PulseServers). I run a
> local unbound instance, and see an incredible amount of:
> Jan 17 19:27:33 torexit unbound: [559:0] notice: sendto failed: Operation
> not permitted
> Jan 17 19:27:33 torexit unbound: [559:0] notice: remote address is
> 198.97.190.53 port 53
> Jan 17 19:27:33 torexit unbound: [559:0] notice: sendto failed: Operation
> not permitted
> Jan 17 19:27:33 torexit unbound: [559:0] notice: remote address is
> 192.42.93.30 port 53
> Jan 17 19:27:33 torexit unbound: [559:0] notice: sendto failed: Operation
> not permitted
> Jan 17 19:27:33 torexit unbound: [559:0] notice: remote address is
> 192.35.51.30 port 53
> Jan 17 19:27:33 torexit unbound: [559:0] notice: sendto failed: Operation
> not permitted
> 
> To give proportion to "incredible amount",
> Jan 17 19:21:32 torexit rsyslogd: imjournal: 9897 messages lost due to
> rate-limiting
> Jan 17 19:22:02 torexit journal: Suppressed 1216 messages from
> /system.slice/unbound.service
> Jan 17 19:22:32 torexit journal: Suppressed 1209 messages from
> /system.slice/unbound.service
> Jan 17 19:23:02 torexit journal: Suppressed 1827 messages from
> /system.slice/unbound.service
> Jan 17 19:23:32 torexit journal: Suppressed 2333 messages from
> /system.slice/unbound.service
> Jan 17 19:24:02 torexit journal: Suppressed 3029 messages from
> /system.slice/unbound.service
> Jan 17 19:24:32 torexit journal: Suppressed 2822 messages from
> /system.slice/unbound.service
> Jan 17 19:25:02 torexit journal: Suppressed 2715 messages from
> /system.slice/unbound.service
> Jan 17 19:25:32 torexit journal: Suppressed 3166 messages from
> /system.slice/unbound.service
> Jan 17 19:26:02 torexit journal: Suppressed 4093 messages from
> /system.slice/unbound.service
> Jan 17 19:26:32 torexit journal: Suppressed 45878 messages from
> /system.slice/unbound.service
> Jan 17 19:27:02 torexit journal: Suppressed 30125 messages from
> /system.slice/unbound.service
> Jan 17 19:27:32 torexit journal: Suppressed 31764 messages from
> /system.slice/unbound.service
> Jan 17 19:28:02 torexit journal: Suppressed 31229 messages from
> /system.slice/unbound.service
> 
> Could it be limits from the VPS provider on the amount of outbound udp/53
> connections?

To me this looks more like a local problem?
Are you doing any packet filtering on the host (outbound)?

Does DNS work on that host if you try manual queries?

From the IPs in your logs I assume your unbound is configured to query
recursively itself (no upstream forwarding) that is good, can you confirm that
and provide your unbound config + iptalbes -vnL?


-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Increased cpu usage

[Gisle Vanem]

Alexander Kührmann wrote:


Not any noticable difference in CPU usage for me: 
https://kuehrmann.de/privateshare/20180117_tah6Eig8/cpu_usage.png


Not really related, but I see Tor.exe CPU usage on Win-10
jumps to 80% CPU for approx a minute when running
this netstat-clone:
  https://github.com/giampaolo/psutil/blob/master/scripts/netstat.py

I've heavily modified it to print in colour and show GeoIP-information.
Maybe that's a problem?

--
--gv
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays