Re: [tor-relays] Possible to run a tor bridge/relay via tor browser?

[Keifer Bly]

Well, I just tried, and no luck, see the attached video. I edited the torrc
file included with the torrc file to run the bridge, and after doing this,
it causes tor to immediately crash on startup before even making any logs.



This is what is entered in the torrc file, the same as what is entered in
my tor expert bundle torrc



Nickname torland





SOCKSPort 0# no local SOCKS proxy



ORPort 80# public bridge must have an open ORPort



ExtORPort auto # configure ExtORPort for obfs4proxy



ExitPolicy reject *:*  # no exits allowed



BridgeRelay 1  # relay won't show up in the public consensus



PublishServerDescriptor 1  # publish to the bridge authority





# use obfs4proxy to provide obfs4 on port 9003, 443



ServerTransportPlugin obfs4 exec C:\Users\keife\Desktop\Tor Browser test
relay\Browser\TorBrowser\Tor\PluggableTransports



ServerTransportListenAddr obfs4 0.0.0.0:443



ContactInfo keifer@gmail.com





Any thoughts are appreciated, thank you. I am also wondering, can tor
browser be configured to automatically install updates on startup? Thanks.



 tor browser relay error.mp4




--Keifer


On Fri, Mar 27, 2020 at 2:40 AM teor  wrote:

> Hi,
>
> On 25 Mar 2020, at 06:35, Keifer Bly  wrote:
>
>
>
> So I am currently running an OBFS4 bridge here:
>
>
>
>
> https://metrics.torproject.org/rs.html#details/386E99371B8CD938248940B754F16AAC54B5712B
>
>
>
> It is being done via the TOR expert bundle on Windows 10. I am wondering,
> would it be possible to run the bridge via the tor that comes with the tor
> browser? This way, everything (tor, obfs4, etc). could be automatically
> updated for the bridge just when updating tor browser.
>
>
> Probably.
>
> Why don't you try it, and let us know how you go?
>
> T
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay

[William Pate]

I'll increase it. I have two running from home, so I don't want to eat up too 
much bandwidth, but I left the config at the default rate until certain it was 
working. :)

William Pate
willp...@pm.me
512-947-3311
inadequate.net

‐‐‐ Original Message ‐‐‐
On Friday, March 27, 2020 5:09 AM, teor  wrote:

> Thanks!
>
> Looks like a small bandwidth rate, did you really mean
> 300 kilobytes per second?
>
> T
>
> --
> teor
> --
>
>> On 26 Mar 2020, at 04:59, William Pate  wrote:
>
>> 
>> Set up another relay (this time on Raspberry Pi 4): 
>> https://metrics.torproject.org/rs.html#details/BD187CF1B44A84EC7DD1BC2AC9C4F7DE23D16619
>>
>> William Pate
>> willp...@pm.me
>> 512-947-3311
>> inadequate.net
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] BadExit

[niftybunny]

This. Port 22 especially is a nightmare.

niftybunny

> On 27. Mar 2020, at 16:29, Toralf Förster  wrote:
> 
> Signed PGP part
> On 3/27/20 2:17 PM, ger...@bulger.co.uk wrote:
>> I have been free of abuse complaints and copyright claims for two years now.
> Well, the main problem here fore me is to get complaints from my hoster 
> itself b/c any open address range are abused soon for port scans
> --
> Toralf
> 
> 
> 



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] BadExit

[Toralf Förster]

On 3/27/20 2:17 PM, ger...@bulger.co.uk wrote:
>  I have been free of abuse complaints and copyright claims for two years now. 
Well, the main problem here fore me is to get complaints from my hoster itself 
b/c any open address range are abused soon for port scans
-- 
Toralf



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] BadExit

[gerard]

Thanks.  Funny that my long time restricted IPv4 port 80 exit was noticed just 
now giving the bad exit tag.   I suspect the hour one of my  server was 
quarantined by my ISP may have precipitated the system to look hard.

As for my single /8 for port 80, for reason not clear to me, having many ports 
open including 443 open to all, IPV6 open on port 80 to all, while restricting 
IPV4 to a single /8 stops all abuse complaints.  I have been free of abuse 
complaints and copyright claims for two years now.   I tried to offer more IPv4 
/8 ranges but abuses notices soon popped up, as if traffic is being en-route by 
some agencies.   The free-text nature of port 80 meant contents read too 
easily, and IPV6 still not used enough... yet.
  
Gerry

-Original Message-
From: tor-relays  On Behalf Of Georg 
Koppen
Sent: 27 March 2020 12:40
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] BadExit

teor:
> Hi,
> 
>> On 27 Mar 2020, at 02:00, niftybunny  
>> wrote:
>>
>> My bad. Never seen this before. I there a good reason for the accept 
>> 133.0.0.0/8:80 ?
>>
>>> On 26. Mar 2020, at 15:06, ger...@bulger.co.uk wrote:
>>>
>>> "btw, you need to have at least port 80 and 443 … port 80 is missing …"
>>>
>>> It there. But to a /8 area IPV4, all IPv6
>>>
>>> I have not changed my exit policy for years.  Port 80 is there, just 
>>> limited to a  /8  network and all IPv6 addresses port 80 allowed.
>>> 443 all there IPv4 and IPv6
>>>
>>> Testing seems to be exiting OK, but badexit tag still there.
> 
> The Exit flag only request one IPv4 /8 :
> https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2628
> 
> But if the network health team is testing a different IPv4 /8, then 
> your relay might appear down.

Yep, I think that's what happened. I'll get the badexit flag removed from both 
of your relays and think about ways for improving our tests.
Sorry for the inconvenience.

(FWIW: I sent an email to the address you put into your ContactInfo. I heard 
that mails for Tor Project addresses repeatedly land in spam folders. Maybe 
that happened this time, too.)

> (If the DNS for the site they are testing has both IPv4 and IPv6, then 
> the outcome will depend on their tor version and config. 0.4.3 and 
> later will prefer IPv6 by default.)

Not sure what Arthur is running but I am just using what Debian ships on the 
box I run the tests, which is currently 0.3.5.8. I guess it might be worth 
thinking about switching away from that. Maybe tracking and using the version 
Tor Browser ships is smarter?

Georg


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] BadExit

[Georg Koppen]

teor:
> Hi,
> 
>> On 27 Mar 2020, at 02:00, niftybunny  
>> wrote:
>>
>> My bad. Never seen this before. I there a good reason for the accept 
>> 133.0.0.0/8:80 ?
>>
>>> On 26. Mar 2020, at 15:06, ger...@bulger.co.uk wrote:
>>>
>>> "btw, you need to have at least port 80 and 443 … port 80 is missing …"
>>>
>>> It there. But to a /8 area IPV4, all IPv6
>>>
>>> I have not changed my exit policy for years.  Port 80 is there, just 
>>> limited to a  /8  network and all IPv6 addresses port 80 allowed.
>>> 443 all there IPv4 and IPv6
>>>
>>> Testing seems to be exiting OK, but badexit tag still there.
> 
> The Exit flag only request one IPv4 /8 :
> https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2628
> 
> But if the network health team is testing a different IPv4 /8, then your
> relay might appear down.

Yep, I think that's what happened. I'll get the badexit flag removed
from both of your relays and think about ways for improving our tests.
Sorry for the inconvenience.

(FWIW: I sent an email to the address you put into your ContactInfo. I
heard that mails for Tor Project addresses repeatedly land in spam
folders. Maybe that happened this time, too.)

> (If the DNS for the site they are testing has both IPv4 and IPv6, then
> the outcome will depend on their tor version and config. 0.4.3 and
> later will prefer IPv6 by default.)

Not sure what Arthur is running but I am just using what Debian ships on
the box I run the tests, which is currently 0.3.5.8. I guess it might be
worth thinking about switching away from that. Maybe tracking and using
the version Tor Browser ships is smarter?

Georg



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] BadExit

[teor]

> On 27 Mar 2020, at 20:42, teor  wrote:
> 
>>> On 26. Mar 2020, at 15:06, ger...@bulger.co.uk wrote:
>>> 
>>> "btw, you need to have at least port 80 and 443 … port 80 is missing …"
>>> 
>>> It there. But to a /8 area IPV4, all IPv6
>>> 
> The Exit flag only request one IPv4 /8 :
> https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2628

Correction: The Exit flag only *requires* one IPv4 /8.

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] BadExit

[teor]

Hi,

> On 27 Mar 2020, at 02:00, niftybunny  
> wrote:
> 
> My bad. Never seen this before. I there a good reason for the accept 
> 133.0.0.0/8:80 ?
> 
>> On 26. Mar 2020, at 15:06, ger...@bulger.co.uk wrote:
>> 
>> "btw, you need to have at least port 80 and 443 … port 80 is missing …"
>> 
>> It there. But to a /8 area IPV4, all IPv6
>> 
>> I have not changed my exit policy for years.  Port 80 is there, just limited 
>> to a  /8  network and all IPv6 addresses port 80 allowed.
>> 443 all there IPv4 and IPv6
>> 
>> Testing seems to be exiting OK, but badexit tag still there.

The Exit flag only request one IPv4 /8 :
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2628

But if the network health team is testing a different IPv4 /8, then your
relay might appear down.

(If the DNS for the site they are testing has both IPv4 and IPv6, then
the outcome will depend on their tor version and config. 0.4.3 and
later will prefer IPv6 by default.)

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay

[teor]

Thanks!

Looks like a small bandwidth rate, did you really mean
300 kilobytes per second?

T

-- 
teor
--


> On 26 Mar 2020, at 04:59, William Pate  wrote:
> 
> 
> Set up another relay (this time on Raspberry Pi 4): 
> https://metrics.torproject.org/rs.html#details/BD187CF1B44A84EC7DD1BC2AC9C4F7DE23D16619
> 
> William Pate
> willp...@pm.me
> 512-947-3311
> inadequate.net
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Possible to run a tor bridge/relay via tor browser?

[teor]

Hi,

> On 25 Mar 2020, at 06:35, Keifer Bly  wrote:
>  
> So I am currently running an OBFS4 bridge here:
>  
> https://metrics.torproject.org/rs.html#details/386E99371B8CD938248940B754F16AAC54B5712B
>  
> It is being done via the TOR expert bundle on Windows 10. I am wondering, 
> would it be possible to run the bridge via the tor that comes with the tor 
> browser? This way, everything (tor, obfs4, etc). could be automatically 
> updated for the bridge just when updating tor browser.

Probably.

Why don't you try it, and let us know how you go?

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays