Re: [tor-relays] do not run exits at home
+1 to this. > On Jul 27, 2019, at 12:50, nusenu wrote: > > dns1...@riseup.net: >> Yes, I know. >> >> Keyweb rent IPs, from 9 € per month for 8 IPs. They say that I'd need >> at least a Rv-server. But I don't know how to do. Would be possible >> to use different IPs on my home connection, than those assigned from >> my ISP? Could you give me some tips? > > My general advise would be to _not_ run a tor exit relay at home. > > > > -- > https://twitter.com/nusenu_ > https://mastodon.social/@nusenu > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] do not run exits at home
dns1...@riseup.net: > Yes, I know. > > Keyweb rent IPs, from 9 € per month for 8 IPs. They say that I'd need > at least a Rv-server. But I don't know how to do. Would be possible > to use different IPs on my home connection, than those assigned from > my ISP? Could you give me some tips? My general advise would be to _not_ run a tor exit relay at home. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running gigabit relay
Yes, I know. Keyweb rent IPs, from 9 € per month for 8 IPs. They say that I'd need at least a Rv-server. But I don't know how to do. Would be possible to use different IPs on my home connection, than those assigned from my ISP? Could you give me some tips? On 27 July 2019 18:38:00 CEST, nusenu wrote: > > >dns1...@riseup.net: >> I should activate an asymmetrical FTTH connection (1000/200). I >> should buy a new router in order to manage properly this bandwidth. >> If possible, I would run an exit relay instance in the router too. > >for the record: >remember, it is strongly discouraged to run tor exit relays from home. > > > > >-- >https://twitter.com/nusenu_ >https://mastodon.social/@nusenu ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question about Bridges Bandwidth Authority
On Wed, Jul 24, 2019 at 07:36:59PM +0300, s7r wrote: > I'd like to know more details about how exactly the bridge bandwidth > authority works, and if we use the "weight" of each bridge for anything. I'll start off by answering some of the questions, and let others fill in the gaps. The first answer is that there is no such thing as a bridge bandwidth authority. There is only the bridge directory authority, Serge, which collects self-signed bridge descriptors from bridges, checks reachability, and passes them on to the bridgedb service. > For example, I have setup 5 obfs4 bridges, with the exact very same > hardware resources and all on the same network speed of course. Thanks! > One of them gets used by clients (say 20-50 unique clients every 6 hours > or so) while the rest of 4 are not used at all. This usage is not a > concern for me, as its known bridges take time until they get used, > depending on which bucket they have been assigned and etc. So I assume > it's OK at this particular point in their lifetime to be unused by any > client. Yep, it is not unusual for bridges to not see much use. As you say this is due to a variety of factors -- which distribution strategy bridgedb picks for them, which countries are blocking Tor in what way this week, whether your IP address has gotten on any blacklists, etc. > But what I am curious about is, when I search them on RelaySearch, the > used one has a measured bandwidth of over 2 MiB/s (and has the fast > flag) while other 3 unused ones have bandwidths of between 50 and 60 > KiB/s (these also have the fast flag) and there is one last one which is > also not used and has a bandwidth of less than 10 KiB/s that does not > have the fast flag. (Fast flag missing is also not my problem, I am just > mentioning it as a side detail). > > Now I know for sure those values are not at all in according to the real > environment. Each bridge should be at least capable of 3 MiB/s even if > all 5 are used at the same time at their full speeds. Actually I have > simulated this, it's not just theoretical. > > Is there anything related to usage, so that the bridge bandwidth > authority only measures the used bridges? What could have cause such big > discrepancy in my particular case, any ideas? These numbers are simply the self-reported bandwidth numbers from the bridges. All kinds of relays, including bridge relays, watch how much traffic they've seen themselves doing, and put the largest burst they've seen into their relay descriptor (or bridge descriptor in this case). https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n432 So the bridges that have a bunch of users have had more traffic load, and thus have a higher burst traffic number to report. Or to answer it differently, the issue is the other way around from what you were worried about: it isn't that something is giving one of your bridges a higher bandwidth value, and thus it has more users. It's that one of your bridges has more users, so it ends up with a higher bandwidth value. > Also, do we use the weight of each bridge in order to determine how much > % probability it has to be served to a request in the bucket that is > part of, or we don't use bridge weights for anything at all? I believe we don't use bridge weights for anything at all. But I might be wrong about this last part. We've changed our mind several times over the years about how to handle weighting. Specifically, I don't know if the behavior changed with the latest iteration of the entry guard selection design: https://gitweb.torproject.org/torspec.git/tree/guard-spec.txt Hope that helps, --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question about Bridges Bandwidth Authority
We should start making the OS available for small units like Raspberry PI, and do not concentrate on large installations. Newer smartphones should also be able to be used as relays, with unlimited data and with 4G (soon 5G) up to 20 Mb download and 5 Mb downloads at the moment, where we can put the TAILS OS or Tor Browsers Bundles with orbot features, which manually should be connected to public Tor Relays. Many small units are many untraceable units, large installations are easily compromised and indeed very traceable, where their locations also are known! Regards David Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Saturday, July 27, 2019 12:12 PM, s7r wrote: > Hello again, > > Getting back to this post with an update, see inline: > > s7r wrote: > > > Hello, > > I'd like to know more details about how exactly the bridge bandwidth > > authority works, and if we use the "weight" of each bridge for anything. > > For example, I have setup 5 obfs4 bridges, with the exact very same > > hardware resources and all on the same network speed of course. > > One of them gets used by clients (say 20-50 unique clients every 6 hours > > or so) while the rest of 4 are not used at all. This usage is not a > > concern for me, as its known bridges take time until they get used, > > depending on which bucket they have been assigned and etc. So I assume > > it's OK at this particular point in their lifetime to be unused by any > > client. > > But what I am curious about is, when I search them on RelaySearch, the > > used one has a measured bandwidth of over 2 MiB/s (and has the fast > > flag) while other 3 unused ones have bandwidths of between 50 and 60 > > KiB/s (these also have the fast flag) and there is one last one which is > > also not used and has a bandwidth of less than 10 KiB/s that does not > > have the fast flag. (Fast flag missing is also not my problem, I am just > > mentioning it as a side detail). > > Now I know for sure those values are not at all in according to the real > > environment. Each bridge should be at least capable of 3 MiB/s even if > > all 5 are used at the same time at their full speeds. Actually I have > > simulated this, it's not just theoretical. > > Is there anything related to usage, so that the bridge bandwidth > > authority only measures the used bridges? What could have cause such big > > discrepancy in my particular case, any ideas? > > It could be something about this. > Another bridge just started to get fair usage (say 60 - 80 unique > clients every 6 hour or so) and it got measured from slightly over 50 > KiB/s to ~4 MiB/s which is actually closer to the reality. > > The rest of unused bridges by clients still are reported as ~50 KiB/s > which is very low. > > > Also, do we use the weight of each bridge in order to determine how much > > % probability it has to be served to a request in the bucket that is > > part of, or we don't use bridge weights for anything at all? > > Thanks! > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running gigabit relay
dns1...@riseup.net: > I should activate an asymmetrical FTTH connection (1000/200). I > should buy a new router in order to manage properly this bandwidth. > If possible, I would run an exit relay instance in the router too. for the record: remember, it is strongly discouraged to run tor exit relays from home. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running gigabit relay
By "NUC" I was meaning the low-end Celeron boxes. A NUC with a i7-8650U should work for Tor and a dedicated AP. It won't be as good as a desktop or server CPU, but for your use case it's fine as a relay and AP/router. However, the built-in Wi-Fi is usually only a single band at once. -Neel On 2019-07-27 01:38, Mitar wrote: Hi! On Fri, Jul 26, 2019 at 12:08 PM Neel Chauhan wrote: About the server, I have a powerful HPE ProLiant as mentioned earlier, but like other said at minimum you need a i5/i7 CPU, or an equivalent Xeon or AMD CPU. So this means no NUCs or HPE MicroServers. Hm, why not NUCs? There are NUCs with 8th Generation Intel CPUs: https://ark.intel.com/content/www/us/en/ark/products/series/129705/intel-nuc-kit-with-8th-generation-intel-core-processors.html For example, this one uses i7-8650U Processor: https://ark.intel.com/content/www/us/en/ark/products/130392/intel-nuc-kit-nuc7i7dnke.html Based on what I read in all the replies (thank you all!) this should be more than enough? I was thinking of not really using a dedicated router, but hopefully configure NUC's WiFi into an AP. This is all I really need. I just hope I can configure it as a dual-band AP. I am not yet clear about that part. Mitar ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question about Bridges Bandwidth Authority
Hello again, Getting back to this post with an update, see inline: s7r wrote: > Hello, > > I'd like to know more details about how exactly the bridge bandwidth > authority works, and if we use the "weight" of each bridge for anything. > > For example, I have setup 5 obfs4 bridges, with the exact very same > hardware resources and all on the same network speed of course. > > One of them gets used by clients (say 20-50 unique clients every 6 hours > or so) while the rest of 4 are not used at all. This usage is not a > concern for me, as its known bridges take time until they get used, > depending on which bucket they have been assigned and etc. So I assume > it's OK at this particular point in their lifetime to be unused by any > client. > > But what I am curious about is, when I search them on RelaySearch, the > used one has a measured bandwidth of over 2 MiB/s (and has the fast > flag) while other 3 unused ones have bandwidths of between 50 and 60 > KiB/s (these also have the fast flag) and there is one last one which is > also not used and has a bandwidth of less than 10 KiB/s that does not > have the fast flag. (Fast flag missing is also not my problem, I am just > mentioning it as a side detail). > > Now I know for sure those values are not at all in according to the real > environment. Each bridge should be at least capable of 3 MiB/s even if > all 5 are used at the same time at their full speeds. Actually I have > simulated this, it's not just theoretical. > > Is there anything related to usage, so that the bridge bandwidth > authority only measures the used bridges? What could have cause such big > discrepancy in my particular case, any ideas? It could be something about this. Another bridge just started to get fair usage (say 60 - 80 unique clients every 6 hour or so) and it got measured from slightly over 50 KiB/s to ~4 MiB/s which is actually closer to the reality. The rest of unused bridges by clients still are reported as ~50 KiB/s which is very low. > > Also, do we use the weight of each bridge in order to determine how much > % probability it has to be served to a request in the bucket that is > part of, or we don't use bridge weights for anything at all? > > Thanks! > signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running gigabit relay
Hi! On Fri, Jul 26, 2019 at 12:08 PM Neel Chauhan wrote: > About the server, I have a powerful HPE ProLiant as mentioned earlier, > but like other said at minimum you need a i5/i7 CPU, or an equivalent > Xeon or AMD CPU. So this means no NUCs or HPE MicroServers. Hm, why not NUCs? There are NUCs with 8th Generation Intel CPUs: https://ark.intel.com/content/www/us/en/ark/products/series/129705/intel-nuc-kit-with-8th-generation-intel-core-processors.html For example, this one uses i7-8650U Processor: https://ark.intel.com/content/www/us/en/ark/products/130392/intel-nuc-kit-nuc7i7dnke.html Based on what I read in all the replies (thank you all!) this should be more than enough? I was thinking of not really using a dedicated router, but hopefully configure NUC's WiFi into an AP. This is all I really need. I just hope I can configure it as a dual-band AP. I am not yet clear about that part. Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays