Re: [tor-relays] Help with FreeBSD relays
Hi Shawn, I looked at HardenedBSD and have actually moved to a different VPS so that can I use HBSD. FreeBSD was the only option I had at the time but both instances crashed repeatedly and it got so frustrating that I gave up on FreeBSD. I will give HardenedBSD a go. Cheers, Dan Sent from ProtonMail for iOS On Wed, Mar 31, 2021 at 10:12 AM, Shawn Webb wrote: > On Wed, Mar 31, 2021 at 01:09:45PM +0200, René Ladan wrote: >> On 30-03-2021 15:47, Shawn Webb wrote: >> > On Tue, Mar 30, 2021 at 02:36:36AM +, xplato wrote: >> > > Greetings, >> > > >> > > I am a bit of a noob here so please bear with me. I ran a relay using >> > > Ubuntu with very few issues however I decide to add an additional relay >> > > and decided to use FreeBSD. They will only run for around 18 hours and >> > > then they shut down. I have adjust the torrc file every way I know how >> > > and increased the Max vnodes thinking this may have been my issue. I can >> > > post the sysrc and torrc if needed. Anyone that might help me figure >> > > this out I would be grateful otherwise I am going to reluctantly move >> > > them both back to Ubuntu. >> > Emerald Onion runs over twenty Tor exit nodes on HardenedBSD 12 and >> > 13. Given Tor's need for security, you might want to consider using >> > HardenedBSD, a derivative of FreeBSD that implements exploit >> > mitigations and security hardening technologies. FreeBSD's state of >> > security leaves much to be desired. Tor's relay operators and users >> > really should at least have exploit mitigations like ASLR and W^X >> > applied. >> But it won't fix the problem at hand, unless memory management in >> HardenedBSD is different than in FreeBSD. > > Memory management is indeed different in HardenedBSD than in FreeBSD. > HardenedBSD implemented a clean-room version of grsecurity's PaX ASLR. > FreeBSD's version of ASLR, more appropriately called ASR, has known > issues. HardenedBSD's does not. > > Thanks, > > -- > Shawn Webb > Cofounder / Security Engineer > HardenedBSD > > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] relay impersonation (contactinfo)
Hi, I'd like to raise your awareness of an ongoing scheme of questionable entities that make use of your name or relay contactinfo and/or relay nicknames. Those using other people's relay _nicknames_ got and get spotted by multiple people already and are somewhat obvious (at least for now), but I'd like to highlight those using familiar names in contactInfo that are likely less frequently uncovered because people lookup their relays by searching for their relay nicknames (and not so often by searching their contactinfo). So here are two practical things that you can do to help uncover more of them: - list your relay fingerprints under the well-known tor-relay URI: https:///.well-known/tor-relay/rsa-fingerprint.txt and add "url: proof:uri-rsa ciissversion:2" to your ContactInfo to allow for automated linkability verification. This protects your relays against spoofing of the url field. A domain is not required: You can use github-pages or similar if you do not have a domain. more details: https://gitlab.torproject.org/tpo/core/torspec/-/blob/master/proposals/326-tor-relay-well-known-uri-rfc8615.md https://nusenu.github.io/ContactInfo-Information-Sharing-Specification/ Thanks to the 291 relays, that allow for automated verification already. Verifiable relay groups also get graphs on OrNetStats, for an example see: https://nusenu.github.io/OrNetStats/artikel10.org.html - search for your names/nicknames/org names/... in the ContactInfo field. On Relay Search you can do so using "contact:searchstring" Be creative in your search terms. This even makes sense if you do not run relays at all but your name is somewhat known in this context. kind regards, nusenu Forwarded Message Subject: tor relays rosiwig429(at)lidte(dot)com Date: Tue, 30 Mar 2021 23:55:01 > 2021-03-29 > > | Up | Ext | JoinTime | IP | AS > | CC | ORp | Dirp | OS| Version | Nickname | > eFamMembers | FP | > |--+---+++--+--+---++---+---+--+---+--| > |1 | 1 | 06:25:11 | 103.82.32.14 | CMC Telecom Infrastructure > Company | vn | 9001 | 9030 | Linux | 0.4.5.7 | coffswifi5 > | 1 | B8D95BB1AAFB6F234EC50A100F46E4CC8E8E90FB | > |1 | 1 | 07:34:40 | 78.138.135.110 | Ojsc oao Tattelecom > | ru | 9001 | 9030 | Linux | 0.4.5.7 | artikel5ev3b2| > 1 | 771C9BC56DF4B29BA97CAA9387FB1FC140CFE3E3 | > |1 | 1 | 13:43:04 | 103.56.156.143 | VNPT Corp > | vn | 9001 | 9030 | Linux | 0.4.5.7 | CalyxInstitute18 | > 1 | 04998AB63A49C4A0B5A5CD2994D95D098D2B5399 | > |1 | 1 | 14:28:18 | 77.245.158.134 | Niobe Bilisim Teknolojileri > Yazilim San. | tr | 9001 | 9030 | Linux | 0.4.5.7 | Merlin2 | > 1 | B4285A497939D190739C976B947053D6CC0AE07C | OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] bridge static or dynamic ip and multiple bridge config
Bridge does not require static ip. You can run one at home. More than one —> use different ports > Am 31.03.2021 um 22:14 schrieb gi vi an : > > does bridge require static or dynamic ip? > > if more than one bridge can be configured per one isp connection, how do i > configure? > > -- > who am i ? https://mstdn.social/@gvian > > donate or patron: > [+]₿ bitcoin (BTC): 3K7Ba2DFyyuGTukNqXEmogG4VgYp2RWnZV > [×]gridcoin (GRC): SK7A2yq4rsoDSKc592dxSb3JSYeSSopbNB > [÷]Ᵽ peercoin (PPC): PENnyj6dvEqaAKtqh9tV9KzRKc4N5EWfeH > [=]pivx (PIVX): DNyihy8xWXkGyaLnipzWUrC3kjrbcvahHJ > [<]blackcoin (BC): B4pCYCRhS6itEs2rsSAVbRnoKkL6thj3Bt > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Many SSH requests
On 31 March 2021, Cristiano Kubiaki Gomes wrote: O noticed many ssh requests to my Debian VM running a Relay and I am wondering if this is normal or if this is happening only with me. I think that's normal for every host on the internet! A tool like Fail2ban¹ does a good job with those probes; anything else that's recommended for securing a machine will also help. Bill ¹ https://www.fail2ban.org/wiki/index.php/Main_Page -- William Denton :: Toronto, Canada --- Listening to Art: https://listeningtoart.org/ https://www.miskatonic.org/ --- GHG.EARTH: https://ghg.earth/ Caveat lector. --- STAPLR: https://staplr.org/___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Many SSH requests
Happens on all internet-facing ssh daemons. Independently of tor. On 3/31/21 6:35 PM, Cristiano Kubiaki Gomes wrote: > Hi there, > O noticed many ssh requests to my Debian VM running a Relay and I am > wondering if this is normal or if this is happening only with me. > > Anyone else see this ssh attemptives? Is it normal? > > sshd[27004]: Failed password for root from 45.91.226.235 port 41012 ssh2 > sshd[27004]: Received disconnect from 45.91.226.235 port 41012:11: Bye > Bye [preauth] > sshd[27004]: Disconnected from authenticating user root 45.91.226.235 > port 41012 [preauth] > sshd[27006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 > euid=0 tty=ssh ruser= rhost=108.36.253.227 user=root > > It's many different ips and trying to access in many different ports. > > Thank you! > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Many SSH requests
Hi there, O noticed many ssh requests to my Debian VM running a Relay and I am wondering if this is normal or if this is happening only with me. Anyone else see this ssh attemptives? Is it normal? sshd[27004]: Failed password for root from 45.91.226.235 port 41012 ssh2 sshd[27004]: Received disconnect from 45.91.226.235 port 41012:11: Bye Bye [preauth] sshd[27004]: Disconnected from authenticating user root 45.91.226.235 port 41012 [preauth] sshd[27006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.36.253.227 user=root It's many different ips and trying to access in many different ports. Thank you! ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] bridge static or dynamic ip and multiple bridge config
does bridge require static or dynamic ip? if more than one bridge can be configured per one isp connection, how do i configure? -- who am i ? https://mstdn.social/@gvian donate or patron: [+]₿ bitcoin (BTC): 3K7Ba2DFyyuGTukNqXEmogG4VgYp2RWnZV [×]gridcoin (GRC): SK7A2yq4rsoDSKc592dxSb3JSYeSSopbNB [÷]Ᵽ peercoin (PPC): PENnyj6dvEqaAKtqh9tV9KzRKc4N5EWfeH [=]pivx (PIVX): DNyihy8xWXkGyaLnipzWUrC3kjrbcvahHJ [<]blackcoin (BC): B4pCYCRhS6itEs2rsSAVbRnoKkL6thj3Bt ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help with FreeBSD relays
On Wed, Mar 31, 2021 at 01:09:45PM +0200, René Ladan wrote: > On 30-03-2021 15:47, Shawn Webb wrote: > > On Tue, Mar 30, 2021 at 02:36:36AM +, xplato wrote: > > > Greetings, > > > > > > I am a bit of a noob here so please bear with me. I ran a relay using > > > Ubuntu with very few issues however I decide to add an additional relay > > > and decided to use FreeBSD. They will only run for around 18 hours and > > > then they shut down. I have adjust the torrc file every way I know how > > > and increased the Max vnodes thinking this may have been my issue. I can > > > post the sysrc and torrc if needed. Anyone that might help me figure this > > > out I would be grateful otherwise I am going to reluctantly move them > > > both back to Ubuntu. > > Emerald Onion runs over twenty Tor exit nodes on HardenedBSD 12 and > > 13. Given Tor's need for security, you might want to consider using > > HardenedBSD, a derivative of FreeBSD that implements exploit > > mitigations and security hardening technologies. FreeBSD's state of > > security leaves much to be desired. Tor's relay operators and users > > really should at least have exploit mitigations like ASLR and W^X > > applied. > But it won't fix the problem at hand, unless memory management in > HardenedBSD is different than in FreeBSD. Memory management is indeed different in HardenedBSD than in FreeBSD. HardenedBSD implemented a clean-room version of grsecurity's PaX ASLR. FreeBSD's version of ASLR, more appropriately called ASR, has known issues. HardenedBSD's does not. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help with FreeBSD relays
On 30-03-2021 15:47, Shawn Webb wrote: On Tue, Mar 30, 2021 at 02:36:36AM +, xplato wrote: Greetings, I am a bit of a noob here so please bear with me. I ran a relay using Ubuntu with very few issues however I decide to add an additional relay and decided to use FreeBSD. They will only run for around 18 hours and then they shut down. I have adjust the torrc file every way I know how and increased the Max vnodes thinking this may have been my issue. I can post the sysrc and torrc if needed. Anyone that might help me figure this out I would be grateful otherwise I am going to reluctantly move them both back to Ubuntu. Emerald Onion runs over twenty Tor exit nodes on HardenedBSD 12 and 13. Given Tor's need for security, you might want to consider using HardenedBSD, a derivative of FreeBSD that implements exploit mitigations and security hardening technologies. FreeBSD's state of security leaves much to be desired. Tor's relay operators and users really should at least have exploit mitigations like ASLR and W^X applied. But it won't fix the problem at hand, unless memory management in HardenedBSD is different than in FreeBSD. René ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP
Yes, I had a few exits there for some time. They were quite good and all abuse was closed with a comment explaining that you run a tor exit node and you are not responsible for the traffic. However, after about a year, they closed my account from one day to the next and I had to shut down all exit nodes due to too much abuse volume. For non-exit relays they are quite popular though. I had some random downtimes and needed to wait several days for support to notice that their router is down, because opening a ticket for that will only result in several days back and forth with some stupid tests, even though you point out the routers affected when opening the ticket. On 31.03.21 03:13, Андрей Гвоздев wrote: Did anyone run relays on Scaleway? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help with FreeBSD relays
xplato schreef op 30 maart 2021 04:36:36 CEST: >Greetings, > >I am a bit of a noob here so please bear with me. I ran a relay using Ubuntu >with very few issues however I decide to add an additional relay and decided >to use FreeBSD. They will only run for around 18 hours and then they shut >down. I have adjust the torrc file every way I know how and increased the Max >vnodes thinking this may have been my issue. I can post the sysrc and torrc if >needed. Anyone that might help me figure this out I would be grateful >otherwise I am going to reluctantly move them both back to Ubuntu. > >Thanks, >Dan > >Sent from ProtonMail for iOS How many circuits does your relay typically have? Perhaps memory consumption depends on the amount of circuits, my tiny relay typically has 500 to 3000 circuits and uses 800 to 1000 MB of RAM. René___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DirPortFrontPage file '.....' not found | Permission denied
Dear Petrusco, I have had success putting that file in /etc/tor where the torrc is: -rw-r--r-- 1 root root 17551 Oct 29 18:03 tor-exit-notice.html Don't forget to change your line in the torrc to tell it where you moved the file. i.e.: DirPortFrontPage /etc/tor/tor-exit-notice.html Hope this works for you. --Torix ‐‐‐ Original Message ‐‐‐ On Tuesday, March 30, 2021 11:53 AM, Petrusko wrote: > Hey, > > I'm having a little problem with setting up (my be some rights...) the > html page on the relay DIRPort. > > On my logs : > 00:00:03 [NOTICE] Tor 0.4.5.7 opening new log file. > 00:00:03 [WARN] Could not open "/var/www/html/tor-relay.html": > Permission denied > 00:00:03 [WARN] DirPortFrontPage file '/var/www/html/tor-relay.html' > not found. Continuing anyway. > > I've not found any information about how to set up this correctly. > > Many thanks in advance. > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP
On Wed, 31 Mar 2021 01:13:56 + Андрей Гвоздев wrote: > Did anyone run relays on Scaleway? Scaleway is the new name of Online SAS, a lot of people run relays there (#3 most popular AS) -- for that reason it is actually kind of discouraged to add more. If you already have a server there for some other purposes, sure, add a Tor relay on the side. But at this point it is not really a good idea to pay for a server there specifically to run Tor. I do run a few too, you are unlikely to have any issues with a non-exit relay. Don't know about exit ones. -- With respect, Roman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP (?????? ???????)
I used to run a couple of relays on their DEV1-S instances and never had any problems. They let you use the advertised bandwidth 24/7 without being throttled. ‐‐‐ Original Message ‐‐‐ On Wednesday, March 31, 2021 8:26 AM, wrote: > Send tor-relays mailing list submissions to > tor-relays@lists.torproject.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > or, via email, send a message with subject or body 'help' to > tor-relays-requ...@lists.torproject.org > > You can reach the person managing the list at > tor-relays-ow...@lists.torproject.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tor-relays digest..." > > Today's Topics: > > 1. Re: ipv6 ORPort + DIRPort too ? (Petrusko) > 2. This is not me (Paul Templeton) > 3. Re: syn flood iptables rule (Toralf F?rster) > 4. Re: DirPortFrontPage file '.' not found | Permission > denied (to...@protonmail.com) > > 5. ISP (?? ???) > 6. Re: Is OVH a safe vps provider to run an exit relay on? > (Volker Mink) > > > Message: 1 > Date: Tue, 30 Mar 2021 21:38:59 +0200 > From: Petrusko petru...@riseup.net > To: tor-relays@lists.torproject.org > Subject: Re: [tor-relays] ipv6 ORPort + DIRPort too ? > Message-ID: f943db9d-b3c9-e51b-03ea-ac3447f78...@riseup.net > Content-Type: text/plain; charset="utf-8" > > Ouch, this config looks like not so cool... > I see on Metrics the ipv6 choosen by Tor process, is now on : > "Unreachable OR Addresses" > > I'll write the other solution you given previously... with > ORPort xxx.xxx.xxx.xxx:9001 > ORPort [::xxx:x::::xxx]:9001 > > 30/03/2021 ? 20:07, Petrusko : > > > Ok ! > > So this only line will serve on both ipv4 and ipv6 together, ok thx ! Cool > > 30/03/2021 ? 15:51, li...@for-privacy.net : > > > > > ORPort 9001 > > -- next part -- > A non-text attachment was scrubbed... > Name: OpenPGP_signature > Type: application/pgp-signature > Size: 840 bytes > Desc: OpenPGP digital signature > URL: > http://lists.torproject.org/pipermail/tor-relays/attachments/20210330/31420516/attachment-0001.sig > > -- > > Message: 2 > Date: Wed, 31 Mar 2021 00:09:27 + (UTC) > From: Paul Templeton p...@coffswifi.net > To: tor-relays@lists.torproject.org > Subject: [tor-relays] This is not me > Message-ID: 617146268.293.1617149367117.javamail.zim...@apawc.com.au > > Content-Type: text/plain; charset=utf-8 > > the relay with fingerprint B8D95BB1AAFB6F234EC50A100F46E4CC8E8E90FB > (coffswifi5)is not me... > > coffswifi4 is mine so don't ask me to add as a family... > > Paul > > 137CF322859E400455E457DB920F65FFDD222CDF > > > - > > Message: 3 > Date: Tue, 30 Mar 2021 19:46:14 +0200 > From: Toralf F?rster toralf.foers...@gmx.de > To: tor-relays@lists.torproject.org > Subject: Re: [tor-relays] syn flood iptables rule > Message-ID: f4b88ab1-edb0-35ba-0382-c34a6a4bc...@gmx.de > Content-Type: text/plain; charset=utf-8; format=flowed > > On 2/22/21 3:27 PM, Toralf F?rster wrote: > > > ?#?DDoS > > ?$IPT?-A?INPUT?-p?tcp?-m?state?--state?NEW?-m?recent?--name?synflood?--set > > ?$IPT?-A?INPUT?-p?tcp?-m?state?--state?NEW?-m?recent?--name?synflood > > --update?--seconds?60?--hitcount?10?-j?DROP > > just for the record: > > In the emanwhile I do think that this idea was BS. > > The reason is that if an advisory spoofs the sender address then this > eventually blocks the (spoofed) sender address thereby. > > -- > > Toralf > > > > > Message: 4 > Date: Tue, 30 Mar 2021 20:57:41 + > From: to...@protonmail.com > To: "tor-relays@lists.torproject.org" > tor-relays@lists.torproject.org > Subject: Re: [tor-relays] DirPortFrontPage file '.' not found | > Permission denied > Message-ID: > q6NusKkLvXka9JwhiTnLlWZ0Bdp4ZPPo2gu88hO6rq52A9rr6ejOrNxX25zwwAw2PhZHGSRQHrOWjkTWs3-3s7V1doZv54d3Pky7hpl6lVE=@protonmail.com > > Content-Type: text/plain; charset=utf-8 > > Dear Petrusco, > > I have had success putting that file in /etc/tor where the torrc is: > -rw-r--r-- 1 root root 17551 Oct 29 18:03 tor-exit-notice.html > > Don't forget to change your line in the torrc to tell it where you moved the > file. i.e.: > DirPortFrontPage /etc/tor/tor-exit-notice.html > > Hope this works for you. > > --Torix > > ??? Original Message ??? > On Tuesday, March 30, 2021 11:53 AM, Petrusko petru...@riseup.net wrote: > > > Hey, > > I'm having a little problem with setting up (my be some rights...) the > > html page on the relay
Re: [tor-relays] ISP
Yes. I have some there. You get abuse messages. Reply fast or your accout will be blocked. Olaf Am 31.03.2021 03:13 schrieb Андрей Гвоздев: Did anyone run relays on Scaleway? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] This is not me
Paul Templeton: > the relay with fingerprint B8D95BB1AAFB6F234EC50A100F46E4CC8E8E90FB > (coffswifi5)is not me... > > coffswifi4 is mine so don't ask me to add as a family... We won't, promised. :) We are aware of that relay and similar ones and are about to bump them out of the network. Thanks for being vigilant. Georg > Paul > > > > 137CF322859E400455E457DB920F65FFDD222CDF > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is OVH a safe vps provider to run an exit relay on?
From my point of view - yes :) > Am 30.03.2021 um 17:48 schrieb Keifer Bly : > > > Does that include exits? Thx > >> On Tue, Mar 30, 2021, 1:59 AM wrote: >> Hi Keifer. >> >> >> >> There are a lots of relays on OVH >> >> >> >> >> >> >> >> Best regards, >> >> volker >> >> >> >> Von: tor-relays Im Auftrag von >> Keifer Bly >> Gesendet: Dienstag, 30. März 2021 07:40 >> An: tor-relays@lists.torproject.org >> Betreff: [tor-relays] Is OVH a safe vps provider to run an exit relay on? >> >> >> >> Hi, >> >> >> >> I am wondering if OVH is a safe VPS provider to run an exit relay on? Thank >> you. >> >> >> >> --Keifer >> >> >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] ISP
Did anyone run relays on Scaleway? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] syn flood iptables rule
On 2/22/21 3:27 PM, Toralf Förster wrote: # DDoS $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --set $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --update --seconds 60 --hitcount 10 -j DROP just for the record: In the emanwhile I do think that this idea was BS. The reason is that if an advisory spoofs the sender address then this eventually blocks the (spoofed) sender address thereby. -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] This is not me
the relay with fingerprint B8D95BB1AAFB6F234EC50A100F46E4CC8E8E90FB (coffswifi5)is not me... coffswifi4 is mine so don't ask me to add as a family... Paul 137CF322859E400455E457DB920F65FFDD222CDF ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ipv6 ORPort + DIRPort too ?
Ouch, this config looks like not so cool... I see on Metrics the ipv6 choosen by Tor process, is now on : "Unreachable OR Addresses" I'll write the other solution you given previously... with ORPort xxx.xxx.xxx.xxx:9001 ORPort [::xxx:x::::xxx]:9001 30/03/2021 à 20:07, Petrusko : > Ok ! > > So this only line will serve on both ipv4 and ipv6 together, ok thx ! Cool > > > > 30/03/2021 à 15:51, li...@for-privacy.net : >> ORPort 9001 > OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ipv6 ORPort + DIRPort too ?
Ok ! So this only line will serve on both ipv4 and ipv6 together, ok thx ! Cool 30/03/2021 à 15:51, li...@for-privacy.net : > ORPort 9001 OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DirPortFrontPage file '.....' not found | Permission denied
Place the DirPortFrontPage in the same folder like torrc, not /var/... Give the path correctly in the torrc. This is the default in all my relays with Debian and Ubuntu. Olaf Am 30.03.21 um 13:53 schrieb Petrusko: > Hey, > > I'm having a little problem with setting up (my be some rights...) the > html page on the relay DIRPort. > > On my logs : > 00:00:03 [NOTICE] Tor 0.4.5.7 opening new log file. > 00:00:03 [WARN] Could not open "/var/www/html/tor-relay.html": > Permission denied > 00:00:03 [WARN] DirPortFrontPage file '/var/www/html/tor-relay.html' > not found. Continuing anyway. > > I've not found any information about how to set up this correctly. > > Many thanks in advance. > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help with FreeBSD relays
xplato wrote on 2021-03-30: > I am running two relays and the error message is the same for both: > > Mar 30 08:13:01 freebsd kernel: pod 1745 (tor) , jid 0 , uid 256, was killed: > out of swap space > > If I run > # dd if=/dev/zero of=/usr/swap0 bs=1m count=512 > > #chmod 0600 /usr/swap0 > > #swapon -aL > > Will that fix the error above? Is /usr/swap0 already referenced in /etc/fstab? How much RAM and swap space is currently available? Are both relays running on the same system? Before adjusting the swap space I'd try experimenting with MaxMemInQueues. The auto-tuning is based on the system's memory and may result in a value that is too high if the system's memory is also needed elsewhere. If you then still need to increase the swap space you'll probably have to increase it by more than 512 MB. On one of my relays where I've set "MaxMemInQueues 300MB" the tor process currently consumes 870 MB of "real memory" and the memory usage is still slowly increasing. Fabian pgpk_HKWZ5XUK.pgp Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help with FreeBSD relays
xplato wrote: > I am running two relays and the error message is the same for both: > > Mar 30 08:13:01 freebsd kernel: pod 1745 (tor) , jid 0 , uid 256, was killed: > out of swap space > Oh. Then Fabian may be right. Assuming that you already have what should be an adequate amount of swap space available, then this could be due to one of the cluster of memory management bugs introduced into the FreeBSD kernel in 11.2-RELEASE and remains in 12.x and very likely will be in the upcoming 13.0. > If I run > # dd if=/dev/zero of=/usr/swap0 bs=1m count=512 > Note that, while once upon a time 512 MB was a large amount of swap space, in modern times it is almost trivial and inconsequential. > #chmod 0600 /usr/swap0 > > #swapon -aL > > Will that fix the error above? It might alleviate it for a short time, but if the problem is due to those bugs, it likely will make little or no difference. The reason for that is that the message is partly erroneous; i.e., it is correct that the OOM killer has killed the process, but it is incorrect that it was out of swap space. Having watched those bugs in action for several years now, what I can tell you is that a lot of pagefixing is going on, but very little pagefreeing happens later. Processes being killed with that error message is just one symptom, and it can be a real problem, for example, if xorg is running and gets killed, leaving the console inaccessible. Another symptom is that, one by one, processes stop doing anything because they get swapped out due to the shortage of page frames on the free list. The kernel will not begin to page processes back in unless there is at least ~410 MB on the free list, so the system ends up with nothing running, not even shells, because everything is marked as swapped out. If what is happening to tor on your system, then increasing swap space likely will have no effect because swap space is not really where the shortage exists. The shortage is on the free list. There are some things that you can do in 11.4 that will minimize the situations where the memory management problems take over the system. You can set a sysctl tunable that may help a bit. Unfortunately, vm.max_wired no longer does anything and is a red herring. You can try to limit kernel memory by setting vm.kmem_size_max to some value considerably less than the size of real memory on your system. Although the system does not honor this limit either, it may still have a minor influence on how much the kernel uses. I think I set mine to 4 GB on an 8 GB machine. This should be set in /boot/loader.conf. In /etc/sysctl.conf there are several variables that should each help a little more. If you use ZFS, you can try limiting the size of the ARC by setting vfs.zfs.arc_max. After setting that, you may see the ARC grow to as much as ~200 MB more than the size you set the limit to, but it doesn't really go beyond that, so it does work after a fashion. Just allow for that extra couple of hundred megabytes or so. Next is vm.v_free_min, which on my system defaults to 65536, and I have increased that to 98304. Then there is this very important one: vm.pageout_wakeup_thresh=112640. Its default value is only 14124, a far cry from the ~410 MB needed on the free list for the kernel to begin paging a swapped process back into memory. (112640 pages are 440 MB, so it gives a tiny bit of leeway to the pagedaemon to get to work before the free list gets too low.) Lastly, set vm.pageout_oom_seq=10240 to prevent the OOM killer from killing your processes. This value is the number of complete passes through memory the pagedaemon must make in its attempt to free enough memory to satisfy the current demand for free page frames before it calls the OOM killer. Setting the value that high means that the pagedaemon never will get through that may passes, so the OOM killer never gets called. After setting this one you may occasionally see the pagedaemon using all of one core's CPU time for a while, possibly a *long* while, but it should protect your processes from being killed due to the collection of memory management bugs. With all of the variables mentioned above set to better values you may still see the system slowly grind down to an idle state. This can happen due to the kernel prioritizing the keeping of unused file system buffers in memory over swapping processes in to get actual work done. In such a case, manual intervention is required to free up page frames. For example, if you confine your ccache directory trees to a UFS file system, the system will quickly accumulate a lot of buffers it doesn't want to let go of. The same holds true for portmaster's $WRKDIRPREFIX, where a "portmaster -a" to update your ports will tie up a large number of buffers. buildworld and buildkernel are also culprits. The file system buffers can be forcibly freed up, thereby freeing page frames occupied by the file system buffers, by unmounting the
