Re: [tor-relays] Bridge Distribution Mechanism none
On Wednesday, April 20, 2022 10:22:54 AM CEST Ross Camm wrote: > I have no error from Apparmor and I dont believe obfs4 proxy is the issue > as I have obfs4 installed and confirmed running > > dpkg -l | grep obfs4 > ii obfs4proxy 0.0.7-4 > > ps ax | grep obfs4 > 5501 ? Sl 0:01 /usr/bin/obfs4proxy > > netstat -nap | grep obfs4 > tcp 0 0 X.X.X.X:12345 0.0.0.0:* LISTEN 5501/obfs4proxy > > Tor logs > > Apr 18 17:00:33 pi Tor[5497]: Registered server transport 'obfs4' at > 'X.X.X.X:12345' > > torrc > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > ServerTransportListenAddr obfs4 X.X.X.X:12345 > > [ https://bridges.torproject.org/scan/ ]( > https://bridges.torproject.org/scan/ ) > > also reports my ORPort is reachable via IPv4 and IPV6 > > Tor logs > > Apr 18 17:01:37 pi Tor[5497]: Self-testing indicates your ORPort > [X:Y:Z::A]:993 is reachable from the outside. Excellent. Apr 18 17:01:37 pi > Tor[5497]: Self-testing indicates your ORPort A.B.C.D:993 is reachable from > the outside. Excellent. Publishing server descriptor. > > What am I missing ? > Just to test, not 'PublishServerDescriptor bridge' try 1 (default): BridgeRelay 1 PublishServerDescriptor 1 BridgeDistribution moat If that doesn't work I would try the default 'any' here too: BridgeDistribution any -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] comments, hints and tipps for an ansible role to deploy Tor bridges
I do appreciate those for my attempt here: https://github.com/toralf/tor-relays TIA -- Toralf OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge Distribution Mechanism none
Hi Ross, Could you disable your bridge IPv6 and see if it works? Gus On Wed, Apr 20, 2022 at 06:41:45PM +1000, Ross Camm wrote: > > Thanks, that will no doubt be an issue > > Upgraded via debian backports > > dpkg -l | grep obfs4 > ii obfs4proxy 0.0.13-1~bpo11+1 > > > I will keep my eye on the bridge status page to see if the Bridge Mechanism > changes as well as my incoming connections. > > Regards > Ross > > Date: Tue, 19 Apr 2022 15:59:35 +0200 > From: li...@for-privacy.net > To: tor-relays@lists.torproject.org > Subject: Re: [tor-relays] Bridge Distribution Mechanism none > Message-ID: <2335525.61UdpqZOmS@w530> > Content-Type: text/plain; charset="utf-8" > On Tuesday, April 19, 2022 2:28:01 PM CEST 55578 via tor-relays wrote: > > Probably because obfs4 is not installed or not running properly. > Get the obfs4proxy package from backports. Outdated obfs bridges are rejected > AFAIK. > https://lists.torproject.org/pipermail/tor-relays/2022-March/020447.html > -- > ?_? Ciao Marco! > Debian GNU/Linux > It's free software and it gives you freedom! > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- The Tor Project Community Team Lead signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridges configuration
On 19/04/2022 21:07, onion...@riseup.net wrote: Hello, the Tor community. We already run relays and we have MyFamily configured. Now we want to start bridges. Should bridges have a separate family or we need to include them into relay family? As bridges are semi-secret they should never be in MyFamily or a .well-known/tor-relay/rsa-fingerprint.txt file. Mark ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Bridge Distribution Mechanism none
Thanks, that will no doubt be an issue Upgraded via debian backports dpkg -l | grep obfs4 ii obfs4proxy 0.0.13-1~bpo11+1 I will keep my eye on the bridge status page to see if the Bridge Mechanism changes as well as my incoming connections. Regards Ross Date: Tue, 19 Apr 2022 15:59:35 +0200 From: li...@for-privacy.net To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Bridge Distribution Mechanism none Message-ID: <2335525.61UdpqZOmS@w530> Content-Type: text/plain; charset="utf-8" On Tuesday, April 19, 2022 2:28:01 PM CEST 55578 via tor-relays wrote: > Probably because obfs4 is not installed or not running properly. Get the obfs4proxy package from backports. Outdated obfs bridges are rejected AFAIK. https://lists.torproject.org/pipermail/tor-relays/2022-March/020447.html -- ?_? Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge Distribution Mechanism none
I have no error from Apparmor and I dont believe obfs4 proxy is the issue as I have obfs4 installed and confirmed running dpkg -l | grep obfs4 ii obfs4proxy 0.0.7-4 ps ax | grep obfs4 5501 ? Sl 0:01 /usr/bin/obfs4proxy netstat -nap | grep obfs4 tcp 0 0 X.X.X.X:12345 0.0.0.0:* LISTEN 5501/obfs4proxy Tor logs Apr 18 17:00:33 pi Tor[5497]: Registered server transport 'obfs4' at 'X.X.X.X:12345' torrc ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 X.X.X.X:12345 [ https://bridges.torproject.org/scan/ ]( https://bridges.torproject.org/scan/ ) also reports my ORPort is reachable via IPv4 and IPV6 Tor logs Apr 18 17:01:37 pi Tor[5497]: Self-testing indicates your ORPort [X:Y:Z::A]:993 is reachable from the outside. Excellent. Apr 18 17:01:37 pi Tor[5497]: Self-testing indicates your ORPort A.B.C.D:993 is reachable from the outside. Excellent. Publishing server descriptor. What am I missing ? Thanks again Ross > Probably because obfs4 is not installed or not running properly.> Check your > logs for obfs4 errors, and for Apparmor error messages as well.> On Mon, Apr > 18, 2022 at 09:07, Ross Camm wrote:> I have been up and > running with my Tor Bridge for a number of months now, yet Tor Metrics > reports that the Bridge Distribution Mechanism for my server is stuck on > 'none'.>> Consequently I see no incoming connections to my Bridge.>> I have > tried altering the following>> BridgeRelay 1>> PublishServerDescriptor > bridge> BridgeDistribution moat>> with no success.>> The mechanism is always > noneand I have left the changes for a week to see if Metrics updates to > no avail.>> I have a static IPv4 address and functional IPv6 and have > confirmed my ports are publicly accessible for both protocols>> Self-testing > indicates your ORPort [::::XXX]:993 is reachable from the > outside. Excellent.> Self-testing indicates your ORPort XXX.XXX.XXX.XXX:993 > is reachable from the outside. Excellent. Publishing server descriptor.>> I > am running raspberry pi os buster which had an obsolete Tor version.>> I > subsequently upgraded and stay up to date with the latest bullseye version > via bullseye backports,>> Currently Tor 0.4.6.10-1~bpo10+1>> Any ideas of why > my servers Bridge Distribution Mechanism is always reported and behaving as > none ?>> Thanks in advance ;)>> Ross ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Another error
onion...@riseup.net: Hello, we tried a solution proposed by ad...@for-privacy.net (deleting /var/lib/tor folder) but now we get another error: │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 204.13.164.118:80. Please correct. │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 154.35.175.225:80. Please correct. │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 199.58.81.140:80. Please correct. │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 86.59.21.38:80. Please correct. │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 171.25.193.9:443. Please correct. │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 131.188.40.189:80. Please correct. Please help us if you know why it happens I think this is still the same problem as you run into before: your relays are blocked and you should have that conversation on the bad-relays list. Georg OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Another error
Hello, we tried a solution proposed by ad...@for-privacy.net (deleting /var/lib/tor folder) but now we get another error: │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 204.13.164.118:80. Please correct. │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 154.35.175.225:80. Please correct. │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 199.58.81.140:80. Please correct. │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 86.59.21.38:80. Please correct. │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 171.25.193.9:443. Please correct. │ 19:41:54 [WARN] http status 400 ("Suspicious relay address range -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to │ bad-rel...@lists.torproject.org mentioning your address(es) and fingerprint(s)?") response from dirserver 131.188.40.189:80. Please correct. Please help us if you know why it happens ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Bridges configuration
Hello, the Tor community. We already run relays and we have MyFamily configured. Now we want to start bridges. Should bridges have a separate family or we need to include them into relay family? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] [warn] Received a bad CERTS cell: Link certificate does not match TLS certificate
Hi all I found a message in the logs: Apr 16 15:07:46.000 [warn] Received a bad CERTS cell: Link certificate does not match TLS certificate -- Cheers Felix pgpz8Afm4HlbY.pgp Description: Digitale Signatur von OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor 0.4.5.8 died: Caught signal 7
All: I'm having an issue with a Tor Node catching signal 7 and exiting in high-load situations. T= 1650367869 Tor 0.4.5.8 died: Caught signal 7 /opt/sbin/tor(+0x1af500)[0x2a1af500] /opt/sbin/tor(hs_intro_received_introduce1+0x0)[0x2a09e6b8] /opt/sbin/tor(hs_intro_received_introduce1+0x0)[0x2a09e6b8] Anyone experience similar issues? Respectfully, Gary ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays