Re: [tor-relays] bridge installation help please

[Keifer Bly]

Generally, if a VPS is cheap it probably means that they don’t have much 
bandwidth. What you might want to consider doing is contacting the VPS provider 
(sending an email to their support email address, or contacting them via their 
contact tab on their website, and asking them how much bandwidth they are 
providing your account with and also ask weather they allow tor (and ask if 
they allow port forwarding). 

Generally, bridges require less bandwidth then public relays do as they are 
mostly only used in areas where the tor network is blocked, whereas the public 
relays handle every bit of traffic sent through the network (from guard or 
bridge relays to exit nodes, and exit nodes back to guard or bridge relays).

Contact them (the vps provider) with these questions and tell us what they 
said. If you’d kindly provide us with the name of the VPS provide I’ll try to 
find some information.

Thank you.

From: I
Sent: Monday, June 25, 2018 8:59 PM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] bridge installation help please

Thank you.
There do seem to be a few faults and missing bits in the help stuff.

As nothing has worked I'll reinstall Deb9 and start again.
I wonder whether cheap VPS operators might have something to do with the 
problems. 

Rob


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge installation help please

[Mirimir]

On 06/25/2018 08:01 PM, Keifer Bly wrote:
> Ok. It could be possible your tor installation was somehow corrupted. Try 
> completely uninstalling tor with this command
> 
> As root: apt-get remove tor
> 
> This should completely uninstall tor
> 
> I am saying this as it could be that somehow one of your tor files was 
> accidentally deted or moved. Doing this will unfortunately mean that you will 
> have to go through these steps again
> 
> 1. In the terminal root window type “apt install tor”. This will tell Linux 
> to install the tor relay packages.
> 
> 2. In the root terminal window, type “gedit /etc/tor/torrc” This sould open 
> the file so you can add the bridge configuration.
> 
> 3. If Linux yells at you for trying to install unrecognized  packages in 
> installing tor, do the following things listed  here: 
> https://www.torproject.org/docs/debian.html.en

I always use the Tor Project repo, as in option two on that page.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge installation help please

[I]

Thank you.There do seem to be a few faults and missing bits in the help stuff.As nothing has worked I'll reinstall Deb9 and start again.I wonder whether cheap VPS operators might have something to do with the problems. Rob




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge installation help please

[Colin Childs]

Hi Rob,

The default log location on Debian changed some time ago to be your syslog 
instead of a file in /var/log/tor. 

If you would like to have tor log to a specific file, please add the following 
to your torrc and restart tor:

Log notice file /var/log/tor/log

I will get this page updated right away to reflect these changes, sorry for the 
confusion and thank you for running bridges. 

> On Jun 25, 2018, at 6:51 PM, I  wrote:
> 
> Keifer, thanks for the swift answer,
> 
> ! shift work
> 
> I followed 
> https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy
>  
> 
> 
> on a vps with Debian 9
> the torrc reads
> 
> RunAsDaemon 1
> ORPort 9001
> BridgeRelay 1
> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> ExtORPort auto
> DataDirectory /var/lib/tor
> ContactInfo 
> Nickname 
> 
> from root this  
> 
> tail -F /var/log/tor/log
> 
> brought this
> 
> tail: cannot open '/var/log/tor/log' for reading: No such file or directory
> 
> Rob
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge installation help please

[Keifer Bly]

Ok. It could be possible your tor installation was somehow corrupted. Try 
completely uninstalling tor with this command

As root: apt-get remove tor

This should completely uninstall tor

I am saying this as it could be that somehow one of your tor files was 
accidentally deted or moved. Doing this will unfortunately mean that you will 
have to go through these steps again

1. In the terminal root window type “apt install tor”. This will tell Linux to 
install the tor relay packages.

2. In the root terminal window, type “gedit /etc/tor/torrc” This sould open the 
file so you can add the bridge configuration.

3. If Linux yells at you for trying to install unrecognized  packages in 
installing tor, do the following things listed  here: 
https://www.torproject.org/docs/debian.html.en



Please, I would ask, run pluggable transport bridge as opposed to a vanilla 
bridge (which is what your setting up), as pluggable transport bridges are more 
difficult to detect for network censors.

Find how to do that here: 
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4prox

Let me know how it goes.

Cheers.

From: I
Sent: Monday, June 25, 2018 5:53 PM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] bridge installation help please

Keifer,

That was from root.
That is what is odd as I only install things from root and use them as a user.

Rob

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge installation help please

[I]

Keifer,That was from root.That is what is odd as I only install things from root and use them as a user.Rob




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge installation help please

[Keifer Bly]

Try signing into the root account on your Linux. This should these issues. Let 
me know.

From: I
Sent: Monday, June 25, 2018 5:37 PM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] bridge installation help please

Keifer, thanks,

Try navigating to /var/log/tor/. This is where tor will normally save the log 
files to. See if there is a tor log text file there. If you have not started 
your relay, tor might not have created the log file yet.

Try starting the tor software then see if the file appears after that.

As it showed before there is no /var/log/tor.
I thought I installed it from root but typing tor as root brought 
/var/lib/tor is not owned by this user (root, 0) but by debian-tor (107)
Failed to parse/validate config: Couldn't create private data directory 
"/var/lib/tor"

Rob

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge installation help please

[I]

Keifer, thanks,	Try navigating to /var/log/tor/. This is where tor will normally save the log files to. See if there is a tor log text file there. If you have not started your relay, tor might not have created the log file yet.	Try starting the tor software then see if the file appears after that.As it showed before there is no /var/log/tor.I thought I installed it from root but typing tor as root brought /var/lib/tor is not owned by this user (root, 0) but by debian-tor (107)Failed to parse/validate config: Couldn't create private data directory "/var/lib/tor"Rob



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge installation help please

[Keifer Bly]

Is the tor software successfully launched? Try simply launching the tor 
software just by opening a terminal window and typing “tor” in the Debian 
command line. This will start the tor software. If the bridge becomes 
successfully useable, you will see a message which will read “Self testing 
indicates your QRPort is reachable. Excellent. Publishing server descriptor” (I 
am not sure what the exact confirmation messages is for bridges but if the tor 
software manages to confirm your bridge is useable you should see a message 
that read something like that).

➢ Tail-f /var/log/tor/log

Try navigating to /var/log/tor/. This is where tor will normally save the log 
files to. See if there is a tor log text file there. If you have not started 
your relay, tor might not have created the log file yet.

Try starting the tor software then see if the file appears after that.
From: I
Sent: Monday, June 25, 2018 4:51 PM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] bridge installation help please

Keifer, thanks for the swift answer,

! shift work

I followed 
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy

on a vps with Debian 9
the torrc reads

RunAsDaemon 1
ORPort 9001
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto
DataDirectory /var/lib/tor
ContactInfo 
Nickname 
from root this  

tail -F /var/log/tor/log

brought this

tail: cannot open '/var/log/tor/log' for reading: No such file or directory

Rob

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge installation help please

[I]

Keifer, thanks for the swift answer,! shift workI followed https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxyon a vps with Debian 9the torrc readsRunAsDaemon 1ORPort 9001BridgeRelay 1ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxyExtORPort autoDataDirectory /var/lib/torContactInfo Nickname from root this  tail -F /var/log/tor/logbrought thistail: cannot open '/var/log/tor/log' for reading: No such file or directoryRob




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] bridge installation help please

[Keifer Bly]

This is Debian Linux your doing this on correct? I am assuming this as most 
relays are run on Linux.

Here are the steps I’d use to install tor on Linux:

1. Open the Linux terminal 
2. Sign into the Linux root account by typing su, then press enter. Liux will 
then ask you for a password; type the password you set  as the administrator 
password when you set upr your Linux login (this might not be a 100% necessary 
step, but  in my experience Linux can be quite naggy about users not having 
permission to install software and this should help avoid that issue).
3. In the terminal root window type “apt install tor”. This will tell Linux to 
install the tor relay packages.

4. In the root terminal window, type “gedit /etc/tor/torrc” This sould open the 
file so you can add the bridge configuration.

5. If Linux yells at you for trying to install unrecognized  packages in 
installing tor, do the following things listed  here: 
https://www.torproject.org/docs/debian.html.en



Please, I would ask, run pluggable transport bridge as opposed to a vanilla 
bridge (which is what your setting up), as pluggable transport bridges are more 
difficult to detect for network censors.

Find how to do that here: 
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4prox


Cheers. 


From: I
Sent: Monday, June 25, 2018 4:04 PM
To: tor-relays@lists.torproject.org
Subject: [tor-relays] bridge installation help please





Would someone know what the problem is, please.
I can't see how the bridge is running nor what is wrong but have followed the 
torproject.org guide.

 tail -F /var/log/tor/log
tail: cannot open '/var/log/tor/log' for reading: No such file or directory

RunAsDaemon 1
ORPort 9001
BridgeRelay 1
ExtORPort auto
DataDirectory /var/lib/tor
ContactInfo 
Nickname 

Robert


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] bridge installation help please

[I]

Would someone know what the problem is, please.I can't see how the bridge is running nor what is wrong but have followed the torproject.org guide. tail -F /var/log/tor/logtail: cannot open '/var/log/tor/log' for reading: No such file or directoryRunAsDaemon 1ORPort 9001BridgeRelay 1ExtORPort autoDataDirectory /var/lib/torContactInfo Nickname Robert



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay Guide - IPv6 Connectivity Testing

[Matthew Finkel]

On Tue, Jun 26, 2018 at 04:31:55AM +1000, teor wrote:
> 
> On 26 Jun 2018, at 02:40, nusenu  wrote:
> 
> >> It would also be nice if the relay, itself, performed self-checks of
> >> this connectivity and printed a warning log if some failure-threshold is
> >> reached (and possibly disabling the IPv6 ORPort). But, in reality, this
> >> is a hack 
> > 
> > I wouldn't call it a 'hack', I'd consider it a reliability feature.
> 
> Relays already check that their IPv4 ORPorts are working.
> 
> Doing reachability checks for relay IPv6 ORPorts is a bit more
> complicated, because we have to teach relays to extend over IPv6 first.
> 
> Here's the master ticket:
> https://trac.torproject.org/projects/tor/ticket/24403
> 
> And if relays use authority IPv6 ORPorts to upload descriptors, they
> will get connectivity checks for free:
> https://trac.torproject.org/projects/tor/ticket/24777

Good point (and I agree). I'll stopping opening a separate ticket for
this. Thanks!
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay Guide - IPv6 Connectivity Testing

[Matthew Finkel]

On Mon, Jun 25, 2018 at 04:40:00PM +, nusenu wrote:
> > Considering there are potential critical failures when the IPv6 ORPort
> > is configured, should the relay guide suggest the operator confirm they
> > have IPv6 connectivity to all of the IPv6-enabled directory
> > authorities[2] before enabling it ("Please ping6/telnet/nc to these
> > hosts before enabling this.")?
> 
> thanks for this suggestion, I hope you like the change:
> 
> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide?action=diff=218

That change looks great, thanks!
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay Guide - IPv6 Connectivity Testing

[teor]

On 26 Jun 2018, at 02:40, nusenu  wrote:

>> It would also be nice if the relay, itself, performed self-checks of
>> this connectivity and printed a warning log if some failure-threshold is
>> reached (and possibly disabling the IPv6 ORPort). But, in reality, this
>> is a hack 
> 
> I wouldn't call it a 'hack', I'd consider it a reliability feature.

Relays already check that their IPv4 ORPorts are working.

Doing reachability checks for relay IPv6 ORPorts is a bit more
complicated, because we have to teach relays to extend over IPv6 first.

Here's the master ticket:
https://trac.torproject.org/projects/tor/ticket/24403

And if relays use authority IPv6 ORPorts to upload descriptors, they
will get connectivity checks for free:
https://trac.torproject.org/projects/tor/ticket/24777

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay Guide - IPv6 Connectivity Testing

[nusenu]

nusenu:
>> Considering there are potential critical failures when the IPv6 ORPort
>> is configured, should the relay guide suggest the operator confirm they
>> have IPv6 connectivity to all of the IPv6-enabled directory
>> authorities[2] before enabling it ("Please ping6/telnet/nc to these
>> hosts before enabling this.")?
> 
> thanks for this suggestion, I hope you like the change:
> 
> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide?action=diff=218

I'll need to adjust this command should one of the used IPv6 addresses
becomes unavailable because a dir auth failed.

I'll setup something to alert me automatically.

-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay Guide - IPv6 Connectivity Testing

[nusenu]

> Considering there are potential critical failures when the IPv6 ORPort
> is configured, should the relay guide suggest the operator confirm they
> have IPv6 connectivity to all of the IPv6-enabled directory
> authorities[2] before enabling it ("Please ping6/telnet/nc to these
> hosts before enabling this.")?

thanks for this suggestion, I hope you like the change:

https://trac.torproject.org/projects/tor/wiki/TorRelayGuide?action=diff=218

>
> It would also be nice if the relay, itself, performed self-checks of
> this connectivity and printed a warning log if some failure-threshold is
> reached (and possibly disabling the IPv6 ORPort). But, in reality, this
> is a hack 

I wouldn't call it a 'hack', I'd consider it a reliability feature.




-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Relay Guide - IPv6 Connectivity Testing

[Matthew Finkel]

Over the last few days I've started thinking more about IPv6 and,
inevitably, I started thinking about how we can improve support within
the Tor network.

Within the last few months, there were a few instances of relay
operators seeking answers for why their relay did not have the running
flag in the consensus. After some investigation, in some cases this was
because the relay had an IPv6 ORPort configured but a majority of the
IPv6-enabled directory authorities did not believe it was running.

Unfortunately, despite IPv6 connectivity being a necessity now, ISP
rollout is slow and on-going in some geographical areas and network
peering arrangements are sometimes sub-standard or not stable.

The Relay Guide[0] has a section describing how an operator can enable
an IPv6 ORPort, and there's a supplementary page[1] specifically
describing additional information about it.

Considering there are potential critical failures when the IPv6 ORPort
is configured, should the relay guide suggest the operator confirm they
have IPv6 connectivity to all of the IPv6-enabled directory
authorities[2] before enabling it ("Please ping6/telnet/nc to these
hosts before enabling this.")?

It would also be nice if the relay, itself, performed self-checks of
this connectivity and printed a warning log if some failure-threshold is
reached (and possibly disabling the IPv6 ORPort). But, in reality, this
is a hack around a broken internet - and I hesitate advocating for
something like this in tor. Maybe there is a compromise we can find
between the relay operator manually testing connectivity periodically
and tor automatically doing-smart-things.

Thoughts?

- Matt

[0] https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#IPv6
[1] https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
[2] https://gitweb.torproject.org/tor.git/tree/src/or/auth_dirs.inc
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays