Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Conrad Rockenhaus]

On Monday, February 26, 2018 11:24:37 AM CST Vinícius Zavam wrote:
> 2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus :
> > On Sunday, February 25, 2018 3:05:00 PM CST George wrote:
> > > Conrad Rockenhaus:
> > > > Hello All,
> > > > 
> > > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS
> 
> image
> 
> > > > that is fully configured and ready to run Tor. Right now it's an
> 
> eight GB
> 
> > > > image, but I'm reducing the size by removing all of the extra stuff
> 
> on it
> 
> > > > from the upgrade from FreeBSD 11 to 11.1.
> > > 
> > > I think it's great to ease the implementation of Tor relays,
> > > particularly on BSDs.
> > 
> > My main thought process behind trying to ease the implementation of BSD
> 
> relays
> 
> > is the fact that we should diversify what we have online within the
> 
> network.
> 
> > Most of our nodes are Linux. What if we have another vulnerability that
> 
> comes
> 
> > out that hits Linux specifically again?
> > 
> > > However, I'd be wary of an image that I didn't build myself, personally.
> > 
> > That's your opinion. The AWS relay project was very successful. Numerous
> > people ran an image that they didn't build. Numerous people also run
> 
> Docker
> 
> > containers that they didn't build. Numerous people run Vagrant boxes they
> > didn't build. You have the right to be weary, but there's numerous people
> 
> out
> 
> > there who run other people's images everyday.
> > 
> > > > If you're interested in the image let me know. This image has been
> 
> fully
> 
> > > > tested on OVH's Openstack infrastructure, so if you're interested in
> > > > running it on their infrastructure, let me know and I can walk you
> > > > through it, or you're more than welcome to host is within my cloud at
> > > > cost (it's a low monthly rate and unlimited bandwidth).
> > > 
> > > Another issue is that OVH is over relied upon for public nodes. It's the
> > > leading ASN with almost 15%.
> > 
> > They're one of the few providers out there that allow exits. That's why
> 
> 15% of
> 
> > our exits are on OVH.
> > 
> > > https://torbsd.org/oostats/relays-bw-by-asn.txt
> > > 
> > > OTOH, I do think we (in particular BSD people) need to facilitate the
> > > implementation of BSD relays, including for VPS services for those
> > > looking to test the waters.
> > 
> > I completely agree.
> 
> I wonder if people hosting Tor relays in any sort of VPS are doing
> filesystem encryption.

I can tell you on OVH, a basic level VPS (one for $5.00/mo) is not encrypted. 
If a customer is willing to spend $7.00/mo more for an additional partition, 
they will be able to have storage to encrypt the the Tor relay information at 
rest.

On the Cloud side, you encrypt the primary volume, so all storage is encrypted 
at rest. 

I can't speak of any of the other providers that provide BSD VPSes or BSD 
Cloud Instances.

> 
> > > The TDP wiki has a list of other BSD-offering VPSs, plus a script for
> > > Vultur to build on OpenBSD. I tend to think using other people's scripts
> > > that can be reviewed and hacked is a better gateway for new relay
> > > operators than images.
> 
> you can combine the FreeBSD jails feature with your idea.
> plus, do not share many Tor instances on the same machine/server/jail.

What my plan is to utilize the official FreeBSD Virtual Machine Images from 
their site and build on top of them with my Ansible Scripts. I should 
hopefully have a beta released next week that we can start hacking on.

> 
> > It would actually be very easy to find tampering within a BSD operating
> 
> system.
> 
> > Again, you're welcome to your opinion, but this is no the first time an
> 
> image
> 
> > has been offered to assist people within in the network, and again, with
> 
> your
> 
> > view, let's get rid of the tor docker containers, the AWS AMIs, etc.
> > 
> > Regards,
> > 
> > Conrad
> > 
> > > http://wiki.torbsd.org/doku.php?id=en:bsd-vps
> > > 
> > > g
> 
> --
> Vinícius Zavam
> keybase.io/egypcio/key.asc



signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] IPv6 for the nifty?

[nusenu]

Paul Templeton:
> 
>> I was wondering if you have any plans to get IPv6 connectivity?
> 
> At three of the ISPs i use have IPv6 available but my skill set is vastly 
> lacking. I would love to find a mentor to assist with configs.

this should get you started:
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#IPv6

let us know if you need more help

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] IPv6 for the nifty?

[Paul Templeton]

> I was wondering if you have any plans to get IPv6 connectivity?

At three of the ISPs i use have IPv6 available but my skill set is vastly 
lacking. I would love to find a mentor to assist with configs.

IPv6 is the future.

Paul

609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] IPv6 for the nifty?

[Gareth Llewellyn]

 Original Message 
On 26 Feb 2018, 19:52, nusenu wrote:

> I was wondering if you have any plans to get IPv6 connectivity?

As it happens AS28715 (BrassHornComms) is looking for any datacenters / ISPs 
that support IPv6 BGP peering from small (~1u / VPS) customers.

I've got a /32 to allocate but the expensive part is transit capacity (at least 
here in the UK) so once I hit ~1.5Gbit/s I can't push any more.

Vultr support BGP announcement from their VPS' but have adjusted their T&C's 
and you can't run Tor Exits even on your own IPs which is a shame.

Gareth___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] IPv6 for the nifty?

[nusenu]

Hi Markus,

since you are by far the biggest exit relay operator I was wondering
if you have any plans to get IPv6 connectivity?

thanks,
nusenu

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[niftybunny]

No multihoming = no AS. I do not pay for things I do not really need.

https://nusenu.github.io/OrNetStats/asnameshare 


0   OVH SAS 15.76   22.92   7.34499
1   Online S.a.s.   9.6 10.110.59   372
2   Hetzner Online GmbH 6.378.891.93273
3   DigitalOcean, LLC   4.475.792.3 280

My relays are #4. OVH is 4 times bigger than me...


Markus


> On 26. Feb 2018, at 19:06, Paul  wrote:
> 
> 
> 
> 
>> Yes, of course. However, you refer to the lack of diversity in operating
>> systems, but monocultures in providers/ASNs is another danger we should
>> be conscious of.
>> 
>>> 
 
 https://torbsd.org/oostats/relays-bw-by-asn.txt
> 
> These calculation don’t show the situation as it currently really is - 
> unfortunately:
> 
> About 32 out of these https://metrics.torproject.org/rs.html#search/nifty 
> relays seem not to get counted in ASN nor in cw-fraction (probably because as 
> in this example 
> https://metrics.torproject.org/rs.html#details/609E598FB6A00BCF7872906B602B705B64541C50
>   AS Name and AS Number are unknown).
> 
> But they are about 15% of total Exit 
> https://github.com/nusenu/OrNetStats/blob/master/allexitfamilies.md - that 
> seems kind of monocultures?
> 
> Paul
> <0xC8C330E7.asc>___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Paul]

> Yes, of course. However, you refer to the lack of diversity in operating
> systems, but monocultures in providers/ASNs is another danger we should
> be conscious of.
> 
>>
>>>
>>> https://torbsd.org/oostats/relays-bw-by-asn.txt

These calculation don’t show the situation as it currently really is - 
unfortunately:

About 32 out of these https://metrics.torproject.org/rs.html#search/nifty 
relays seem not to get counted in ASN nor in cw-fraction (probably because as 
in this example 
https://metrics.torproject.org/rs.html#details/609E598FB6A00BCF7872906B602B705B64541C50
  AS Name and AS Number are unknown).

But they are about 15% of total Exit 
https://github.com/nusenu/OrNetStats/blob/master/allexitfamilies.md - that 
seems kind of monocultures?

Paul


0xC8C330E7.asc
Description: application/pgp-keys
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image

[Vinícius Zavam]

2018-02-25 21:23 GMT+00:00 Conrad Rockenhaus :
>
> On Sunday, February 25, 2018 3:05:00 PM CST George wrote:
> > Conrad Rockenhaus:
> > > Hello All,
> > >
> > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS
image
> > > that is fully configured and ready to run Tor. Right now it's an
eight GB
> > > image, but I'm reducing the size by removing all of the extra stuff
on it
> > > from the upgrade from FreeBSD 11 to 11.1.
> >
> > I think it's great to ease the implementation of Tor relays,
> > particularly on BSDs.
>
> My main thought process behind trying to ease the implementation of BSD
relays
> is the fact that we should diversify what we have online within the
network.
> Most of our nodes are Linux. What if we have another vulnerability that
comes
> out that hits Linux specifically again?
>
> >
> > However, I'd be wary of an image that I didn't build myself, personally.
> >
> That's your opinion. The AWS relay project was very successful. Numerous
> people ran an image that they didn't build. Numerous people also run
Docker
> containers that they didn't build. Numerous people run Vagrant boxes they
> didn't build. You have the right to be weary, but there's numerous people
out
> there who run other people's images everyday.
>
> > > If you're interested in the image let me know. This image has been
fully
> > > tested on OVH's Openstack infrastructure, so if you're interested in
> > > running it on their infrastructure, let me know and I can walk you
> > > through it, or you're more than welcome to host is within my cloud at
> > > cost (it's a low monthly rate and unlimited bandwidth).
> >
> > Another issue is that OVH is over relied upon for public nodes. It's the
> > leading ASN with almost 15%.
>
> They're one of the few providers out there that allow exits. That's why
15% of
> our exits are on OVH.
>
> >
> > https://torbsd.org/oostats/relays-bw-by-asn.txt
> >
> > OTOH, I do think we (in particular BSD people) need to facilitate the
> > implementation of BSD relays, including for VPS services for those
> > looking to test the waters.
>
> I completely agree.

I wonder if people hosting Tor relays in any sort of VPS are doing
filesystem encryption.

> >
> > The TDP wiki has a list of other BSD-offering VPSs, plus a script for
> > Vultur to build on OpenBSD. I tend to think using other people's scripts
> > that can be reviewed and hacked is a better gateway for new relay
> > operators than images.

you can combine the FreeBSD jails feature with your idea.
plus, do not share many Tor instances on the same machine/server/jail.

> It would actually be very easy to find tampering within a BSD operating
system.
> Again, you're welcome to your opinion, but this is no the first time an
image
> has been offered to assist people within in the network, and again, with
your
> view, let's get rid of the tor docker containers, the AWS AMIs, etc.
>
> Regards,
>
> Conrad
>
> >
> > http://wiki.torbsd.org/doku.php?id=en:bsd-vps
> >
> > g


--
Vinícius Zavam
keybase.io/egypcio/key.asc
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays