Re: [tor-relays] 300mbps FreeBSD Tor relay on HPE MicroServer Gen10 (AMD X3421)
Hi Neel My relay runs FreeBSD 11.2 and Tor runs in a "jail". Jails are perfect for that! I observed the host Freebsd tcp stack is strong enough for more than 500Mbit/s in AND out. > I am using AESNI and Tor is configured to use OpenSSL cryptodev. Does crypto run? On log info you should find the following entry during start: [info] crypto_openssl_init_engines: Initializing dynamic OpenSSL engine "dynamic" acceleration support. [info] crypto_openssl_init_engines: Loaded dynamic OpenSSL engine "dynamic". After finding this message you can switch to notice and restart. * I want to keep using FreeBSD on my server and do not want to run Linux +1 * I would prefer to have a single instance, but can use multiple if I have to It's BSD, so may-be consider to go for libressl from ports (which does not support the crypto engine). And then use 2 instances per ip. Better for diversity ;) * My server supports hardware accelerated AES and SHA. I am using this on FreeBSD with the aesni kernel module and Tor with "HardwareAccel 1" and "AccelName cryptodev" A toorc can look like: RelayBandwidthRate 0 RelayBandwidthBurst 0 HardwareAccel 1 AccelName dynamic Log info file /var/log/tor/info -- Cheers from 35c3 , Felix ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Security issue
OK thanks, now I feel better. It's just that It is the first exit relay that I maintain, so I'm not very experienced on security issues. Cheers, Gigi Il 29 dicembre 2018 10:47:34 CET, niftybunny ha scritto: > > >> On 29. Dec 2018, at 10:21, dns1...@riseup.net wrote: >> >> Hello, >> >> Do I have to worry about those many warns on my log file? >> >> [warn] Tried to establish rendezvous on non-OR circuit with purpose >Acting as rendezvous (pending) >> >> I found some old posts on this warn, but I don't understand if it is >a security issue and what I have to do to fix this. > >No, its not. > >> >> Someone could tell me if there is something that I can do to fix this >and improve security of my Debian -derived machine? >> > >Just ignore it. Seriously. got it on all my Exists, does no harm and >can easily ignored. > >> Thanks >> Gigi___ >> > >Cheers, Markus > > > >___ >tor-relays mailing list >tor-relays@lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Security issue
> On 29. Dec 2018, at 10:21, dns1...@riseup.net wrote: > > Hello, > > Do I have to worry about those many warns on my log file? > > [warn] Tried to establish rendezvous on non-OR circuit with purpose Acting as > rendezvous (pending) > > I found some old posts on this warn, but I don't understand if it is a > security issue and what I have to do to fix this. No, its not. > > Someone could tell me if there is something that I can do to fix this and > improve security of my Debian -derived machine? > Just ignore it. Seriously. got it on all my Exists, does no harm and can easily ignored. > Thanks > Gigi___ > Cheers, Markus ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Security issue
Hello, Do I have to worry about those many warns on my log file? [warn] Tried to establish rendezvous on non-OR circuit with purpose Acting as rendezvous (pending) I found some old posts on this warn, but I don't understand if it is a security issue and what I have to do to fix this. Someone could tell me if there is something that I can do to fix this and improve security of my Debian -derived machine? Thanks Gigi___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays