[tor-relays] Question on bridge hibernation

[Keifer Bly]

Hi,

So for my bridge at

https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB

Is set to hibernate once it reaches a certain traffic level (this is to
prevent massive charges to my VPS). Now that is in hibernation, when will
it start again, and how would this effect how it's distributed? Are bridges
that are hibernating removed from relay search? Mew to hibernation, thanks.

May 14 18:49:39.000 [notice] Configured to measure statistics. Look for the
*-stats files that will first be written to the data directory in 24 hours
from now.
May 14 18:49:39.000 [warn] You are running Tor as root. You don't need to,
and you probably shouldn't.
May 14 18:49:39.000 [notice] Bootstrapped 0% (starting): Starting
May 14 18:49:47.000 [notice] Starting with guard context "default"
May 14 18:49:47.000 [notice] Registered server transport 'obfs4' at
'[::]:8081'
May 14 18:49:48.000 [notice] Bandwidth soft limit reached; commencing
hibernation. No new connections will be accepted
May 14 18:49:48.000 [notice] Going dormant. Blowing away remaining
connections.
May 14 18:49:48.000 [notice] Delaying directory fetches: We are hibernating
or shutting down.
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Updating tor issue

[Keifer Bly]

Thanks, After checking with  lsb_release -a, it is now running Debian 11.9.
Is there a tool for auto updating tor when a new version is released?

Thanks.
--Keifer


On Thu, May 9, 2024 at 12:11 PM boldsuck  wrote:

> On Donnerstag, 9. Mai 2024 04:30:49 CEST Keifer Bly wrote:
> > Doing it via this guide here:
> >
> > https://phoenixnap.com/kb/upgrade-debian-10-to-11
> >
> > What other changes need to be made? Thanks.
> > --Keifer
>
> Be careful, you can only ever upgrade to the next version!
> From Debian 9 to 11 doesn't work. You have to do 2 upgrades.
> From 9 to 10 first and later from 10 to 11.
> You also cannot upgrade Windows 7 to Win 11 directly.
>
> This is very time-consuming, hence the recommendation to reinstall.
>
> No matter what you do, I would back up the tor config and the tor keys
> first.
>
> Important: (apt-key is deprecated) How the tor repo is added has changed.
> https://support.torproject.org/apt/
>
> Again as a recommendation: Take the official Debian documentation and not
> any
> random guides from the Internet. Here are the links again. The documentary
> is
> translated into many languages. Chapters 2 and 4 are important.
> Your architecture is: 64-Bit-PC (AMD64)
>
> https://www.debian.org/releases/bullseye/releasenotes
> https://www.debian.org/releases/bookworm//releasenotes
>
> Your relay is running Tor 0.4.8.11 on Linux
> That means you have time to read and ask questions.
>
>
> I'm out of here for now.
> I have enormous personal and legal problems because of the exits that I
> have
> to take care of.
>
> > On Wed, May 8, 2024 at 10:46 AM Keifer Bly  wrote:
> > > Ok. So the vps I have is command line only, is there a way to update to
> > > debian 11 via the command line? Thanks.
> > >
> > > --Keifer
> > >
> > > On Wed, May 8, 2024, 1:22 AM Bauruine  wrote:
> > >> Sorry I meant reinstall it with Bookworm of course. You can backup and
> > >> restore your keys if you like so you are not loosing your relays
> history.
> > >> There is some documentation at
> > >> https://community.torproject.org/relay/setup/post-install/ "Backup
> Tor
> > >> Identity Keys"
> > >> On 08.05.24 10:16, Bauruine wrote:
> > >>
> > >> What they told you, maybe a bit harsh, is that you are using a very
> old
> > >> Debian version that will soon be end of life and won't get updates
> > >> anymore.
> > >> apt-get upgrade doesn't upgrade to new releases, you have to do it
> > >> "manually". Think like a Windows 7 to Windows 10 upgrade which also
> > >> doesn't
> > >> happen with the normal Windows updates. You can either upgrade from
> your
> > >> current version Buster (10 )--> Bullseye (11) --> Bookworm (12) or
> just
> > >> reinstall it with Bullseye and configure it again.
> > >>
> > >> Bauruine
> > >> On 07.05.24 19:50, Keifer Bly wrote:
> > >>
> > >> Right? Why comment if your just going to be such a jerk and not be
> > >> helpful?
> > >>
> > >> I am just unable to figure why this would suddenly happen when the
> relay
> > >> has been updating without issue and suddenly this happens, have been
> > >> keeping Debian up to date using apt-get update so wondering what else
> > >> needs
> > >> to be done? Thanks.
> > >> --Keifer
> > >>
> > >>
> > >> On Mon, May 6, 2024 at 4:12 PM Micah Elizabeth Scott
> > >> 
> > >>
> > >> wrote:
> > >>> On 5/6/24 3:19 PM, li...@for-privacy.net wrote:
> > >>> > Did you even only read 2 sentences from the link?
> > >>>
> > >>> Can we stop just accepting behavior like this on the tor community's
> > >>> mailing lists?
> > >>>
> > >>> Seriously, it makes us all look bad.
> > >>>
> > >>> I'm sorry folks have to endure so much just to use a computer program
> > >>> that's intended to be humane and helpful.
> > >>>
> > >>> --beth
> > >>> ___
> > >>> tor-relays mailing list
> > >>> tor-relays@lists.torproject.org
> > >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > >>
> > >> ___
> > >> tor-relays mailing
> > >> listtor-relays@lists.torproject.orghttps://
> lists.torproject.org/cgi-bin/
> > >> mailman/listinfo/tor-relays
> > >>
> > >>
> > >> ___
> > >> tor-relays mailing
> > >> listtor-relays@lists.torproject.orghttps://
> lists.torproject.org/cgi-bin/
> > >> mailman/listinfo/tor-relays
> > >>
> > >> ___
> > >> tor-relays mailing list
> > >> tor-relays@lists.torproject.org
> > >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Updating tor issue

[Keifer Bly]

Doing it via this guide here:

https://phoenixnap.com/kb/upgrade-debian-10-to-11

What other changes need to be made? Thanks.
--Keifer


On Wed, May 8, 2024 at 10:46 AM Keifer Bly  wrote:

> Ok. So the vps I have is command line only, is there a way to update to
> debian 11 via the command line? Thanks.
>
> --Keifer
>
> On Wed, May 8, 2024, 1:22 AM Bauruine  wrote:
>
>> Sorry I meant reinstall it with Bookworm of course. You can backup and
>> restore your keys if you like so you are not loosing your relays history.
>> There is some documentation at
>> https://community.torproject.org/relay/setup/post-install/ "Backup Tor
>> Identity Keys"
>> On 08.05.24 10:16, Bauruine wrote:
>>
>> What they told you, maybe a bit harsh, is that you are using a very old
>> Debian version that will soon be end of life and won't get updates anymore.
>> apt-get upgrade doesn't upgrade to new releases, you have to do it
>> "manually". Think like a Windows 7 to Windows 10 upgrade which also doesn't
>> happen with the normal Windows updates. You can either upgrade from your
>> current version Buster (10 )--> Bullseye (11) --> Bookworm (12) or just
>> reinstall it with Bullseye and configure it again.
>>
>> Bauruine
>> On 07.05.24 19:50, Keifer Bly wrote:
>>
>> Right? Why comment if your just going to be such a jerk and not be
>> helpful?
>>
>> I am just unable to figure why this would suddenly happen when the relay
>> has been updating without issue and suddenly this happens, have been
>> keeping Debian up to date using apt-get update so wondering what else needs
>> to be done? Thanks.
>> --Keifer
>>
>>
>> On Mon, May 6, 2024 at 4:12 PM Micah Elizabeth Scott 
>> wrote:
>>
>>> On 5/6/24 3:19 PM, li...@for-privacy.net wrote:
>>> > Did you even only read 2 sentences from the link?
>>>
>>> Can we stop just accepting behavior like this on the tor community's
>>> mailing lists?
>>>
>>> Seriously, it makes us all look bad.
>>>
>>> I'm sorry folks have to endure so much just to use a computer program
>>> that's intended to be humane and helpful.
>>>
>>> --beth
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>
>> ___
>> tor-relays mailing 
>> listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>> ___
>> tor-relays mailing 
>> listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Updating tor issue

[Keifer Bly]

Ok. So the vps I have is command line only, is there a way to update to
debian 11 via the command line? Thanks.

--Keifer

On Wed, May 8, 2024, 1:22 AM Bauruine  wrote:

> Sorry I meant reinstall it with Bookworm of course. You can backup and
> restore your keys if you like so you are not loosing your relays history.
> There is some documentation at
> https://community.torproject.org/relay/setup/post-install/ "Backup Tor
> Identity Keys"
> On 08.05.24 10:16, Bauruine wrote:
>
> What they told you, maybe a bit harsh, is that you are using a very old
> Debian version that will soon be end of life and won't get updates anymore.
> apt-get upgrade doesn't upgrade to new releases, you have to do it
> "manually". Think like a Windows 7 to Windows 10 upgrade which also doesn't
> happen with the normal Windows updates. You can either upgrade from your
> current version Buster (10 )--> Bullseye (11) --> Bookworm (12) or just
> reinstall it with Bullseye and configure it again.
>
> Bauruine
> On 07.05.24 19:50, Keifer Bly wrote:
>
> Right? Why comment if your just going to be such a jerk and not be
> helpful?
>
> I am just unable to figure why this would suddenly happen when the relay
> has been updating without issue and suddenly this happens, have been
> keeping Debian up to date using apt-get update so wondering what else needs
> to be done? Thanks.
> --Keifer
>
>
> On Mon, May 6, 2024 at 4:12 PM Micah Elizabeth Scott 
> wrote:
>
>> On 5/6/24 3:19 PM, li...@for-privacy.net wrote:
>> > Did you even only read 2 sentences from the link?
>>
>> Can we stop just accepting behavior like this on the tor community's
>> mailing lists?
>>
>> Seriously, it makes us all look bad.
>>
>> I'm sorry folks have to endure so much just to use a computer program
>> that's intended to be humane and helpful.
>>
>> --beth
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
> ___
> tor-relays mailing 
> listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing 
> listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Updating tor issue

[Keifer Bly]

Right? Why comment if your just going to be such a jerk and not be helpful?

I am just unable to figure why this would suddenly happen when the relay
has been updating without issue and suddenly this happens, have been
keeping Debian up to date using apt-get update so wondering what else needs
to be done? Thanks.
--Keifer


On Mon, May 6, 2024 at 4:12 PM Micah Elizabeth Scott 
wrote:

> On 5/6/24 3:19 PM, li...@for-privacy.net wrote:
> > Did you even only read 2 sentences from the link?
>
> Can we stop just accepting behavior like this on the tor community's
> mailing lists?
>
> Seriously, it makes us all look bad.
>
> I'm sorry folks have to endure so much just to use a computer program
> that's intended to be humane and helpful.
>
> --beth
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Updating tor issue

[Keifer Bly]

Ok thanks.

On Mon, May 6, 2024, 3:20 PM  wrote:

> On Freitag, 3. Mai 2024 18:17:41 CEST Keifer Bly wrote:
> > System is up to date, I run apt-get update regularly.
>
> Did you even only read 2 sentences from the link?
> Buster is EOL and will be completely archived in a few weeks.
> > > https://www.debian.org/releases/buster/
> Debian is 2 releases ahead!
> You won't get 3rd party packages (tor) anymore.
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Updating tor issue

[Keifer Bly]

System is up to date, I run apt-get update regularly.
--Keifer


On Fri, May 3, 2024 at 9:15 AM  wrote:

> On Freitag, 3. Mai 2024 17:00:44 CEST Keifer Bly wrote:
>
> > What is the correct format for adding tor as a trusted source?
> A not outdated system. ¹AFAIK obfs4proxy for buster (oldoldstable) has had
> a
> security hole for a long time and you are putting your users at risk!
>
> > deb-src http://deb.debian.org/debian buster main
> > deb http://security.debian.org/ buster/updates main
> > deb-src http://security.debian.org/ buster/updates main
> First upgrade the system. buster -> bullseye -> bookworm
> https://www.debian.org/releases/buster/
>
> https://www.debian.org/releases/bullseye/releasenotes
> https://www.debian.org/releases/stable/releasenotes
>
> Reinstalling might be easier.
>
> ¹Upgrading your old system & obfs4proxy was recommended here 2-3 years ago.
> Somehow you're going around in circles.
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Updating tor issue

[Keifer Bly]

https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D

Hi, so for my relay at the address above, when trying to update tor,
suddenly getting the "updating from such a respiratory can't be done
securly" message. Odd as this just suddenly started happening.

Here is my sources file.

What is the correct format for adding tor as a trusted source?

Thanks.

deb-src http://deb.debian.org/debian buster main

## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main




## Uncomment the following two lines to add software from the 'backports'
## repository.
##
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
deb http://deb.debian.org/debian buster-backports main
deb-src http://deb.debian.org/debian buster-backports main
deb [trusted=yes] https://deb.torproject.org/torproject.org buster main
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Problem with relay and ovh??

[Keifer Bly]

Of course, did so and problem still got occurs? Thanks.

--Keifer

On Tue, Feb 20, 2024, 8:09 PM Keifer Bly  wrote:

> Thanks. How in torrc to configure no ipv6? Thanks.
>
> --Keifer
>
> On Sat, Feb 17, 2024, 4:42 PM Keifer Bly  wrote:
>
>> Hi,
>>
>> So my relay at
>>
>>
>> https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D
>>
>>
>> Goes offline at sporadic times. Upon checking the tor log file, there
>> does not appear to be anything written causing tor to crash:
>>
>>
>> Feb 18 00:36:34.000 [notice] Tor 0.4.8.10 opening new log file.
>> Feb 18 00:36:34.630 [notice] We compiled with OpenSSL 101010ef: OpenSSL
>> 1.1.1n  15 Mar 2022 and we are running with OpenSSL 101010ef: 1.1.1n. These
>> two versions should be binary compatible.
>> Feb 18 00:36:34.634 [notice] Tor 0.4.8.10 running on Linux with Libevent
>> 2.1.8-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and
>> Glibc 2.28 as libc.
>> Feb 18 00:36:34.634 [notice] Tor can't help you if you use it wrong!
>> Learn how to be safe at
>> https://support.torproject.org/faq/staying-anonymous/
>> Feb 18 00:36:34.636 [notice] Read configuration file "/etc/tor/torrc".
>> Feb 18 00:36:34.637 [notice] Based on detected system memory,
>> MaxMemInQueues is set to 1462 MB. You can override this by setting
>> MaxMemInQueues by hand.
>> Feb 18 00:36:34.640 [notice] Opening OR listener on 0.0.0.0:9001
>> Feb 18 00:36:34.640 [notice] Opened OR listener connection (ready) on
>> 0.0.0.0:9001
>> Feb 18 00:36:34.640 [notice] Opening OR listener on [::]:9001
>> Feb 18 00:36:34.640 [notice] Opened OR listener connection (ready) on
>> [::]:9001
>> Feb 18 00:36:34.640 [notice] Opening Directory listener on 0.0.0.0:9030
>> Feb 18 00:36:34.640 [notice] Opened Directory listener connection (ready)
>> on 0.0.0.0:9030
>> Feb 18 00:36:35.000 [notice] Configured to measure directory request
>> statistics, but no GeoIP database found. Please specify a GeoIP database
>> using the GeoIPFile option.
>> Feb 18 00:36:35.000 [warn] You are running Tor as root. You don't need
>> to, and you probably shouldn't.
>> Feb 18 00:36:35.000 [notice] Your Tor server's identity key fingerprint
>> is 'udeserveprivacy 79E3B585803DE805CCBC00C1EF36B1E74372861D'
>> Feb 18 00:36:35.000 [notice] Your Tor server's identity key ed25519
>> fingerprint is 'udeserveprivacy b7n+DkH5IsJHJexEqilhQ5tC0LRd9Td888RZpYkxEvc'
>> Feb 18 00:36:35.000 [notice] Bootstrapped 0% (starting): Starting
>> Feb 18 00:36:49.000 [notice] Starting with guard context "default"
>> Feb 18 00:36:50.000 [notice] Unable to find IPv6 address for ORPort 9001.
>> You might want to specify IPv4Only to it or set an explicit address or set
>> Address.
>> Feb 18 00:36:50.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
>> Feb 18 00:36:50.000 [notice] Bootstrapped 10% (conn_done): Connected to a
>> relay
>>
>> Unless the old file is being overwritten when tor restarts. But is there
>> a known problem with OVH that causes this?
>>
>> Thanks.
>>
>> Oddly there is no definite time when this happens, sometimes the relay
>> operates no problem for weeks on end and then it happens, other times it
>> only makes it a day or two.
>> --Keifer
>>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Relay again saying it's new

[Keifer Bly]

Hi,

So my relay at
https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D
is again saying it's new despite that it's been running for a few years
now. Second time this has happened. Thanks.
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Problem with relay and ovh??

[Keifer Bly]

Thanks. How in torrc to configure no ipv6? Thanks.

--Keifer

On Sat, Feb 17, 2024, 4:42 PM Keifer Bly  wrote:

> Hi,
>
> So my relay at
>
>
> https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D
>
>
> Goes offline at sporadic times. Upon checking the tor log file, there does
> not appear to be anything written causing tor to crash:
>
>
> Feb 18 00:36:34.000 [notice] Tor 0.4.8.10 opening new log file.
> Feb 18 00:36:34.630 [notice] We compiled with OpenSSL 101010ef: OpenSSL
> 1.1.1n  15 Mar 2022 and we are running with OpenSSL 101010ef: 1.1.1n. These
> two versions should be binary compatible.
> Feb 18 00:36:34.634 [notice] Tor 0.4.8.10 running on Linux with Libevent
> 2.1.8-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and
> Glibc 2.28 as libc.
> Feb 18 00:36:34.634 [notice] Tor can't help you if you use it wrong! Learn
> how to be safe at https://support.torproject.org/faq/staying-anonymous/
> Feb 18 00:36:34.636 [notice] Read configuration file "/etc/tor/torrc".
> Feb 18 00:36:34.637 [notice] Based on detected system memory,
> MaxMemInQueues is set to 1462 MB. You can override this by setting
> MaxMemInQueues by hand.
> Feb 18 00:36:34.640 [notice] Opening OR listener on 0.0.0.0:9001
> Feb 18 00:36:34.640 [notice] Opened OR listener connection (ready) on
> 0.0.0.0:9001
> Feb 18 00:36:34.640 [notice] Opening OR listener on [::]:9001
> Feb 18 00:36:34.640 [notice] Opened OR listener connection (ready) on
> [::]:9001
> Feb 18 00:36:34.640 [notice] Opening Directory listener on 0.0.0.0:9030
> Feb 18 00:36:34.640 [notice] Opened Directory listener connection (ready)
> on 0.0.0.0:9030
> Feb 18 00:36:35.000 [notice] Configured to measure directory request
> statistics, but no GeoIP database found. Please specify a GeoIP database
> using the GeoIPFile option.
> Feb 18 00:36:35.000 [warn] You are running Tor as root. You don't need to,
> and you probably shouldn't.
> Feb 18 00:36:35.000 [notice] Your Tor server's identity key fingerprint is
> 'udeserveprivacy 79E3B585803DE805CCBC00C1EF36B1E74372861D'
> Feb 18 00:36:35.000 [notice] Your Tor server's identity key ed25519
> fingerprint is 'udeserveprivacy b7n+DkH5IsJHJexEqilhQ5tC0LRd9Td888RZpYkxEvc'
> Feb 18 00:36:35.000 [notice] Bootstrapped 0% (starting): Starting
> Feb 18 00:36:49.000 [notice] Starting with guard context "default"
> Feb 18 00:36:50.000 [notice] Unable to find IPv6 address for ORPort 9001.
> You might want to specify IPv4Only to it or set an explicit address or set
> Address.
> Feb 18 00:36:50.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
> Feb 18 00:36:50.000 [notice] Bootstrapped 10% (conn_done): Connected to a
> relay
>
> Unless the old file is being overwritten when tor restarts. But is there a
> known problem with OVH that causes this?
>
> Thanks.
>
> Oddly there is no definite time when this happens, sometimes the relay
> operates no problem for weeks on end and then it happens, other times it
> only makes it a day or two.
> --Keifer
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Problem with relay and ovh??

[Keifer Bly]

Hi,

So my relay at

https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D


Goes offline at sporadic times. Upon checking the tor log file, there does not 
appear to be anything written causing tor to crash:


Feb 18 00:36:34.000 [notice] Tor 0.4.8.10 opening new log file.
Feb 18 00:36:34.630 [notice] We compiled with OpenSSL 101010ef: OpenSSL 1.1.1n  
15 Mar 2022 and we are running with OpenSSL 101010ef: 1.1.1n. These two 
versions should be binary compatible.
Feb 18 00:36:34.634 [notice] Tor 0.4.8.10 running on Linux with Libevent 
2.1.8-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and 
Glibc 2.28 as libc.
Feb 18 00:36:34.634 [notice] Tor can't help you if you use it wrong! Learn how 
to be safe at https://support.torproject.org/faq/staying-anonymous/
Feb 18 00:36:34.636 [notice] Read configuration file "/etc/tor/torrc".
Feb 18 00:36:34.637 [notice] Based on detected system memory, MaxMemInQueues is 
set to 1462 MB. You can override this by setting MaxMemInQueues by hand.
Feb 18 00:36:34.640 [notice] Opening OR listener on 0.0.0.0:9001
Feb 18 00:36:34.640 [notice] Opened OR listener connection (ready) on 
0.0.0.0:9001
Feb 18 00:36:34.640 [notice] Opening OR listener on [::]:9001
Feb 18 00:36:34.640 [notice] Opened OR listener connection (ready) on [::]:9001
Feb 18 00:36:34.640 [notice] Opening Directory listener on 0.0.0.0:9030
Feb 18 00:36:34.640 [notice] Opened Directory listener connection (ready) on 
0.0.0.0:9030
Feb 18 00:36:35.000 [notice] Configured to measure directory request 
statistics, but no GeoIP database found. Please specify a GeoIP database using 
the GeoIPFile option.
Feb 18 00:36:35.000 [warn] You are running Tor as root. You don't need to, and 
you probably shouldn't.
Feb 18 00:36:35.000 [notice] Your Tor server's identity key fingerprint is 
'udeserveprivacy 79E3B585803DE805CCBC00C1EF36B1E74372861D'
Feb 18 00:36:35.000 [notice] Your Tor server's identity key ed25519 fingerprint 
is 'udeserveprivacy b7n+DkH5IsJHJexEqilhQ5tC0LRd9Td888RZpYkxEvc'
Feb 18 00:36:35.000 [notice] Bootstrapped 0% (starting): Starting
Feb 18 00:36:49.000 [notice] Starting with guard context "default"
Feb 18 00:36:50.000 [notice] Unable to find IPv6 address for ORPort 9001. You 
might want to specify IPv4Only to it or set an explicit address or set Address.
Feb 18 00:36:50.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Feb 18 00:36:50.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay

Unless the old file is being overwritten when tor restarts. But is there a 
known problem with OVH that causes this?

Thanks.

Oddly there is no definite time when this happens, sometimes the relay operates 
no problem for weeks on end and then it happens, other times it only makes it a 
day or two.
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Way to be notified when relay goes offline?

[Keifer Bly]

Thanks for the responses all.
--Keifer


On Sun, Feb 4, 2024 at 9:19 PM Chris Enkidu-6  wrote:

> Or, like me, you can run your own monitoring service:
>
> https://github.com/louislam/uptime-kuma
>
> docker-compose.yml  content:
>
> ```
>
> version: '3.8'
>
> services:
>   uptime-kuma:
> image: louislam/uptime-kuma:latest
> container_name: uptime-kuma
> volumes:
>   - uptime-kuma:/app/data
> ports:
>   - "3001:3001"  # :
> restart: always
>
> volumes:
>   uptime-kuma:
>
> ```
>
>
>
>
> On 2/4/2024 4:33 PM, mail--- via tor-relays wrote:
> > Hi,
> >
> > > Is there a way to be notified when a relay goes offline? Thanks.
> >
> > For a few relays you could make an account on weather.torproject.org
> > and add your email address and relays. But pretty much any other
> > remote monitoring tool will suffice as well.
> >
> > Cheers,
> >
> > tornth
> >
> >
> > Feb 4, 2024, 22:30 by keifer@gmail.com:
> >
> > Hi,
> >
> > So my relay at
> >
> https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D
>
> > went offline for a few days, and I was unaware. Is there a way to
> > be notified when a relay goes offline? Thanks.
> > --Keifer
> >
> >
> >
> > ___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Way to be notified when relay goes offline?

[Keifer Bly]

Hi,

So my relay at
https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D
went offline for a few days, and I was unaware. Is there a way to be
notified when a relay goes offline? Thanks.
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay that's been running for a long time suddenly saying it's new?

[Keifer Bly]

Ok thanks all. Just wanted to make sure this wasn't a problem going on.

--Keifer

On Mon, Jan 15, 2024, 1:16 PM Chris Enkidu-6  wrote:

> It's not just you. 3 of my relays show as new for the past few days and
> they still do. It doesn't seem to affect the traffic though so I'm
> assuming it's just a reporting issue and Authorities don't see your
> relay as new.
>
>
> On 1/12/2024 1:00 PM, Keifer Bly wrote:
> > Hi,
> >
> > So my relay
> > at
> https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D
> > is suddenly saying it's a new relay. Don't know why this would happen
> > as it's been running for a few years, but suddenly saying it's new?
> >
> > Thanks.
> >
> > --Keifer
> >
> > ___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Relay that's been running for a long time suddenly saying it's new?

[Keifer Bly]

Hi,

So my relay at
https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D
is suddenly saying it's a new relay. Don't know why this would happen as
it's been running for a few years, but suddenly saying it's new?

Thanks.

--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Is there a way to update obfs4 using chocklatey?

[Keifer Bly]

Hi,

So on Windows, it is possible to install the tor relay software using
Chocolatey https://chocolatey.org/.

Once it is installed, tor can be installed by using choco install tor and
updated using choco upgrade tor in Windows powershell. But I am wondering,
is there a way to install and update obfs4 in Chocolatey? Thanks.

--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] For some reason, my bridge is still saying it has no distribution mechanism, despite it is listed as email in my torrc and says it is overloaded?

[Keifer Bly]

It did also (just now) say the transport exited with code status 1 I
don't know what that means..
--Keifer


On Sat, Apr 22, 2023 at 7:05 PM Keifer Bly  wrote:

> Now its more confusing. That tool says the port is not reachable for both
> port 8080 and 8081. But the notices.log says the port is reachable. And
> apparently the accountigmax is being reached.
> --Keifer
>
>
> On Wed, Apr 19, 2023 at 8:06 AM meskio  wrote:
>
>> Quoting Keifer Bly (2023-04-19 16:46:37)
>> > How to find that?
>>
>> https://community.torproject.org/relay/setup/bridge/post-install/
>>
>> > It gave the message its reachable from the outside.
>>
>> This message is saying that the ORPort is reachable from outside, but it
>> doesn't
>> test for the obfs4 configured port. You can test it yourself if the port
>> is
>> reachable using our reachability test:
>> https://bridges.torproject.org/scan/
>>
>> Or directly configure the bridgeline in Tor Browser and see if it
>> connects
>> correctly.
>>
>> --
>> meskio | https://meskio.net/
>> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>>  My contact info: https://meskio.net/crypto.txt
>> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>> Nos vamos a Croatan.
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] For some reason, my bridge is still saying it has no distribution mechanism, despite it is listed as email in my torrc and says it is overloaded?

[Keifer Bly]

Now its more confusing. That tool says the port is not reachable for both
port 8080 and 8081. But the notices.log says the port is reachable. And
apparently the accountigmax is being reached.
--Keifer


On Wed, Apr 19, 2023 at 8:06 AM meskio  wrote:

> Quoting Keifer Bly (2023-04-19 16:46:37)
> > How to find that?
>
> https://community.torproject.org/relay/setup/bridge/post-install/
>
> > It gave the message its reachable from the outside.
>
> This message is saying that the ORPort is reachable from outside, but it
> doesn't
> test for the obfs4 configured port. You can test it yourself if the port
> is
> reachable using our reachability test:
> https://bridges.torproject.org/scan/
>
> Or directly configure the bridgeline in Tor Browser and see if it connects
> correctly.
>
> --
> meskio | https://meskio.net/
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>  My contact info: https://meskio.net/crypto.txt
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Nos vamos a Croatan.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] For some reason, my bridge is still saying it has no distribution mechanism, despite it is listed as email in my torrc and says it is overloaded?

[Keifer Bly]

Yes, there is nothing in the log and the firewall is configured to allow
that port.
--Keifer


On Tue, Apr 18, 2023 at 3:21 AM meskio  wrote:

> Hello,
>
> Quoting Keifer Bly (2023-04-03 21:11:21)
> > So for my bridge at
> >
> https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB
> >
> > Despite my newest torrc, which is here:
> >
> >
> > Nickname gbridge
> > ORPort 8080
> > SocksPort 0
> > BridgeRelay 1
> > PublishServerDescriptor bridge
> > BridgeDistribution email
> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> > ServerTransportListenAddr obfs4 0.0.0.0:8081
> > ExtOrPort auto
> > Log notice file /var/log/tor/notices.log
> > ExitPolicy reject *:*
> > AccountingMax 50 GB
> > ContactInfo keiferdodderblyyatgmaildoddercom
> >
> > It still says "Bridge Distribution Mechanism: None".
> >
> > However, that's VERY confusing as it is listed in the torrc file to be
> > distributed by email and apparently despite that it is not distributed,
> it
> > is overloaded somehow?
> >
> > This is confusing to me as why would it say no distribution mechanism
> when
> > it is in the torrc as email, and how could it be overloaded if it's not
> > being used?
>
> It looks like rdsys thinks your bridge is not reachable and is not
> distributing
> it:
>
> https://bridges.torproject.org/status?id=4D6E3CA2110FC36D3106C86940A1D4C8C91923AB
>
> I see you have configured obfs4 to use port 8081. Have you checked that
> there is
> not firewall or something blocking the connections there? Have you looked
> into
> the logs to see if there is any hint of the problem?
>
> Thank you for running the bridge.
>
> --
> meskio | https://meskio.net/
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>  My contact info: https://meskio.net/crypto.txt
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Nos vamos a Croatan.
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] For some reason, my bridge is still saying it has no distribution mechanism, despite it is listed as email in my torrc and says it is overloaded?

[Keifer Bly]

Hi,

So for my bridge at
https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB

Despite my newest torrc, which is here:


Nickname gbridge
ORPort 8080
SocksPort 0
BridgeRelay 1
PublishServerDescriptor bridge
BridgeDistribution email
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8081
ExtOrPort auto
Log notice file /var/log/tor/notices.log
ExitPolicy reject *:*
AccountingMax 50 GB
ContactInfo keiferdodderblyyatgmaildoddercom

It still says "Bridge Distribution Mechanism: None".

However, that's VERY confusing as it is listed in the torrc file to be
distributed by email and apparently despite that it is not distributed, it
is overloaded somehow?

This is confusing to me as why would it say no distribution mechanism when
it is in the torrc as email, and how could it be overloaded if it's not
being used?

Thanks so much all,

--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Notification when tor relay goes offline

[Keifer Bly]

Thanks. I am wondering why the bridge may be doing this as well?

--Keifer

On Fri, Mar 24, 2023, 1:54 AM Georg Koppen  wrote:

> Keifer Bly:
> > Hi,
> >
> > So I am still working on the issues for my relays, but am wondering, is
> it
> > possible to sign up for email notifications when a relay goes offline?
>
> If you can wait another week until we have officially launched our new
> Tor Weather service then we could offer that one. If you can't wait then
> you can test it out already now at
>
> https://weather.torproject.org
>
> It's doing its job as far as we can see. (If you find bugs please report
> them, ideally at
>
> https://gitlab.torproject.org/tpo/network-health/tor-weather
>
> ). :)
>
> Thanks,
> Georg
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Notification when tor relay goes offline

[Keifer Bly]

Hi, So I am still working on the issues for my relays, but am wondering, is it possible to sign up for email notifications when a relay goes offline? Also, for my gbridge relay at https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB, it still says the bridge distribution mechanism is still none despite the previously posted new torrc and it said it was overloaded yesterday?? Thanks. --Keifer 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Well so the bridge now jumped to being online for 18 days. But despite the
torrc it is now saying it's still no distribution mechanism??

Thanks.
--Keifer


On Tue, Mar 14, 2023 at 10:23 AM Keifer Bly  wrote:

> Ok, so when this happens, what would be the best command to use for
> reading the newest tor log?
>
> I am also needing this for another relay, my middle relay at
> https://metrics.torproject.org/rs.html#search/udeserveprivacy also keeps
> going offline with no warning and nothing written to the log file. Thanks.
> --Keifer
>
>
> On Sun, Mar 12, 2023 at 3:39 PM  wrote:
>
>> On Sonntag, 12. März 2023 04:45:21 CET Keifer Bly wrote:
>> > I do not use any scripts to start tor, I just type tor to start the
>> process
>> > on debian.
>> That's where your problems begin. You start a 2nd tor process as root
>> that
>> doesn't take the default configs from:
>> /usr/share/tor/tor-service-defaults-torrc & /etc/tor/torrc
>>
>> You have a systemd system & tor.service is activated by default. You
>> don't
>> have to do anything, tor runs automatically after a reboot|server start.
>>
>> The systemd services are controlled with the following commands:
>> systemctl start tor.service
>> systemctl stop tor.service
>> systemctl restart tor.service
>> systemctl reload tor.service
>> systemctl status tor.service
>>
>> > And yes the datacenter I run in has an external firewall which
>> > requires setting up port forwarding.
>> Ok, anything in the customer interface for the datacenter router.
>>
>> > The result of running ls -A /var/log/tor
>> >
>> > root@instance-1:/home/keifer_bly# ls -A /var/log/tor
>> > notices.log  notices.log.1  notices.log.2.gz  notices.log.3.gz
>> >  notices.log.4.gz  notices.log.5.gz
>> There are 6 log files of one of the tor processes. Both write to syslog.
>>
>> >
>> > So it's creating separate .gz files for some reason. I don't know why
>> that
>> > is or what to do from here. Thanks.
>> I wrote, learn what _logrotate_ does. Hint: without that, the hd fills up.
>> man logrotate
>>
>> >
>> >
>> >
>> > --Keifer
>> >
>> > On Fri, Mar 10, 2023 at 8:15 AM  wrote:
>> > > On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote:
>> > > > Strangely, nothing whatsoever is being written to the notices.log
>> file,
>> > > > upon checking it it is completely empty, nothing there.
>> > >
>> > > That can't be, please post:
>> > > ~# ls -A /var/log/tor
>> > >
>> > > In general, everything is always written to /var/log/syslog &
>> > > systemd-journald
>> > > to /var/log/journal (binaries).
>> > > ~$ man journalctl
>> > >
>> > > > I wonder why that
>> > >
>> > > Read what _logrotate_ does. Every tor restart creates a new empty log
>> > > file.
>> > >
>> > > > would happen and how else to tell what's going on? Tor is running as
>> > > > root
>> > >
>> > > Why do you change security-related default settings? Default tor user
>> is:
>> > > debian-tor. (On Debian and Ubuntu systems)
>> > >
>> > > > so it's not a permission issue, and I also set up a port forwarding
>> rule
>> > >
>> > > Why? You have a server in the data center. You only need forwarding
>> on a
>> > > router! Packet forwarding is also disabled in /etc/sysctl.conf per
>> > > default.
>> > >
>> > > Your iptables must start like this.
>> > > *filter
>> > >
>> > > :INPUT DROP [0:0]
>> > > :FORWARD DROP [0:0]
>> > > :OUTPUT ACCEPT [0:0]
>> > >
>> > > ...
>> > > -A INPUT -p tcp --dport   -j ACCEPT
>> > > ...
>> > >
>> > > No FORWARD, no  OUTPUT rules.
>> > >
>> > > --
>> > > ╰_╯ Ciao Marco!
>> > >
>> > > Debian GNU/Linux
>> > >
>> > > It's free software and it gives you
>> > > freedom!___
>> > > tor-relays mailing list
>> > > tor-relays@lists.torproject.org
>> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>> --
>> ╰_╯ Ciao Marco!
>>
>> Debian GNU/Linux
>>
>> It's free software and it gives you
>> freedom!___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Ok, so when this happens, what would be the best command to use for reading
the newest tor log?

I am also needing this for another relay, my middle relay at
https://metrics.torproject.org/rs.html#search/udeserveprivacy also keeps
going offline with no warning and nothing written to the log file. Thanks.
--Keifer


On Sun, Mar 12, 2023 at 3:39 PM  wrote:

> On Sonntag, 12. März 2023 04:45:21 CET Keifer Bly wrote:
> > I do not use any scripts to start tor, I just type tor to start the
> process
> > on debian.
> That's where your problems begin. You start a 2nd tor process as root that
> doesn't take the default configs from:
> /usr/share/tor/tor-service-defaults-torrc & /etc/tor/torrc
>
> You have a systemd system & tor.service is activated by default. You don't
> have to do anything, tor runs automatically after a reboot|server start.
>
> The systemd services are controlled with the following commands:
> systemctl start tor.service
> systemctl stop tor.service
> systemctl restart tor.service
> systemctl reload tor.service
> systemctl status tor.service
>
> > And yes the datacenter I run in has an external firewall which
> > requires setting up port forwarding.
> Ok, anything in the customer interface for the datacenter router.
>
> > The result of running ls -A /var/log/tor
> >
> > root@instance-1:/home/keifer_bly# ls -A /var/log/tor
> > notices.log  notices.log.1  notices.log.2.gz  notices.log.3.gz
> >  notices.log.4.gz  notices.log.5.gz
> There are 6 log files of one of the tor processes. Both write to syslog.
>
> >
> > So it's creating separate .gz files for some reason. I don't know why
> that
> > is or what to do from here. Thanks.
> I wrote, learn what _logrotate_ does. Hint: without that, the hd fills up.
> man logrotate
>
> >
> >
> >
> > --Keifer
> >
> > On Fri, Mar 10, 2023 at 8:15 AM  wrote:
> > > On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote:
> > > > Strangely, nothing whatsoever is being written to the notices.log
> file,
> > > > upon checking it it is completely empty, nothing there.
> > >
> > > That can't be, please post:
> > > ~# ls -A /var/log/tor
> > >
> > > In general, everything is always written to /var/log/syslog &
> > > systemd-journald
> > > to /var/log/journal (binaries).
> > > ~$ man journalctl
> > >
> > > > I wonder why that
> > >
> > > Read what _logrotate_ does. Every tor restart creates a new empty log
> > > file.
> > >
> > > > would happen and how else to tell what's going on? Tor is running as
> > > > root
> > >
> > > Why do you change security-related default settings? Default tor user
> is:
> > > debian-tor. (On Debian and Ubuntu systems)
> > >
> > > > so it's not a permission issue, and I also set up a port forwarding
> rule
> > >
> > > Why? You have a server in the data center. You only need forwarding on
> a
> > > router! Packet forwarding is also disabled in /etc/sysctl.conf per
> > > default.
> > >
> > > Your iptables must start like this.
> > > *filter
> > >
> > > :INPUT DROP [0:0]
> > > :FORWARD DROP [0:0]
> > > :OUTPUT ACCEPT [0:0]
> > >
> > > ...
> > > -A INPUT -p tcp --dport   -j ACCEPT
> > > ...
> > >
> > > No FORWARD, no  OUTPUT rules.
> > >
> > > --
> > > ╰_╯ Ciao Marco!
> > >
> > > Debian GNU/Linux
> > >
> > > It's free software and it gives you
> > > freedom!___
> > > tor-relays mailing list
> > > tor-relays@lists.torproject.org
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

I do not use any scripts to start tor, I just type tor to start the process
on debian. And yes the datacenter I run in has an external firewall which
requires setting up port forwarding.

The result of running ls -A /var/log/tor

root@instance-1:/home/keifer_bly# ls -A /var/log/tor
notices.log  notices.log.1  notices.log.2.gz  notices.log.3.gz
 notices.log.4.gz  notices.log.5.gz
root@instance-1:/home/keifer_bly#

So it's creating separate .gz files for some reason. I don't know why that
is or what to do from here. Thanks.




--Keifer


On Fri, Mar 10, 2023 at 8:15 AM  wrote:

> On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote:
>
> > Strangely, nothing whatsoever is being written to the notices.log file,
> > upon checking it it is completely empty, nothing there.
> That can't be, please post:
> ~# ls -A /var/log/tor
>
> In general, everything is always written to /var/log/syslog &
> systemd-journald
> to /var/log/journal (binaries).
> ~$ man journalctl
>
> > I wonder why that
> Read what _logrotate_ does. Every tor restart creates a new empty log file.
>
> > would happen and how else to tell what's going on? Tor is running as root
> Why do you change security-related default settings? Default tor user is:
> debian-tor. (On Debian and Ubuntu systems)
>
> > so it's not a permission issue, and I also set up a port forwarding rule
> Why? You have a server in the data center. You only need forwarding on a
> router! Packet forwarding is also disabled in /etc/sysctl.conf per default.
>
> Your iptables must start like this.
> *filter
> :INPUT DROP [0:0]
> :FORWARD DROP [0:0]
> :OUTPUT ACCEPT [0:0]
> ...
> -A INPUT -p tcp --dport   -j ACCEPT
> ...
>
> No FORWARD, no  OUTPUT rules.
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Well so here is the current torrc file:

Nickname gbridge
ORPort 8080
SocksPort 0
BridgeRelay 1
PublishServerDescriptor bridge
BridgeDistribution email
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8081
ExtOrPort auto
Log notice file /var/log/tor/notices.log
ExitPolicy reject *:*
AccountingMax 50 GB
ContactInfo keiferdodderblyyatgmaildoddercom

Strangely, nothing whatsoever is being written to the notices.log file,
upon checking it it is completely empty, nothing there. I wonder why that
would happen and how else to tell what's going on? Tor is running as root
so it's not a permission issue, and I also set up a port forwarding rule
for the obfs4 port. Thanks.

--Keifer


On Fri, Mar 3, 2023 at 7:47 AM  wrote:

> On Dienstag, 28. Februar 2023 19:02:38 CET Keifer Bly wrote:
> > Yep, and after that the same still happens, it is still going offline
> In the syslog is why tor aborts.
>
> To help you, you should post your logs to a pastbin page. From the start
> of
> the tor daemon until it goes offline.
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Wheres the pastebin page? Thanks.
--Keifer


On Fri, Mar 3, 2023 at 7:47 AM  wrote:

> On Dienstag, 28. Februar 2023 19:02:38 CET Keifer Bly wrote:
> > Yep, and after that the same still happens, it is still going offline
> In the syslog is why tor aborts.
>
> To help you, you should post your logs to a pastbin page. From the start
> of
> the tor daemon until it goes offline.
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Yep, and after that the same still happens, it is still going offline
despite the also different ports and having followed the listed steps.
--Keifer


On Mon, Feb 27, 2023 at 9:45 PM Keifer Bly  wrote:

> Hi,
>
> So I had changed the listener port for obfs4, it's now 8181.
>
> Upon running your steps, and systemctl status tor, it returns the
> following:
>
> ● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
>Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor
> preset: enabled)
>Active: active (exited) since Tue 2023-02-28 05:42:48 UTC; 18s ago
>   Process: 15314 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
>  Main PID: 15314 (code=exited, status=0/SUCCESS)
>
> Feb 28 05:42:48 instance-1 systemd[1]: Starting Anonymizing overlay
> network for TCP (multi-instance-master)...
> Feb 28 05:42:48 instance-1 systemd[1]: Started Anonymizing overlay network
> for TCP (multi-instance-master).
>
>
> Will check it in a few hours, but is there a way to limit the bridge to
> only connections of a certain size? Thanks.
> --Keifer
>
>
> On Sun, Feb 26, 2023 at 3:16 AM  wrote:
>
>> On Freitag, 24. Februar 2023 04:11:27 CET Keifer Bly wrote:
>> > Yes, the limit is 50GB per month, but for some reason the distribution
>> > mechanism is not updating and the bridge keeps going offline despite the
>> > new torrc.
>>
>> What comes to my mind without logs (& your 'killall -HUP' of a systemd
>> service
>> is not optimal), your wrong config (2x same Port) has maxed out
>> 'Restart=on-
>> failure'.
>>
>> Try:
>> ~# systemctl stop tor
>> ~# systemctl list-units --failed
>>
>> if not zero than:
>> ~# systemctl reset-failed
>> ~# systemctl start tor
>>
>> To see if the tor.service has finished successfully:
>> ~# systemctl status tor
>>
>> if not, read log:
>> journalctl -xe
>>
>> --
>> ╰_╯ Ciao Marco!
>>
>> Debian GNU/Linux
>>
>> It's free software and it gives you
>> freedom!___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Hi,

So I had changed the listener port for obfs4, it's now 8181.

Upon running your steps, and systemctl status tor, it returns the following:

● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
   Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset:
enabled)
   Active: active (exited) since Tue 2023-02-28 05:42:48 UTC; 18s ago
  Process: 15314 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 15314 (code=exited, status=0/SUCCESS)

Feb 28 05:42:48 instance-1 systemd[1]: Starting Anonymizing overlay network
for TCP (multi-instance-master)...
Feb 28 05:42:48 instance-1 systemd[1]: Started Anonymizing overlay network
for TCP (multi-instance-master).


Will check it in a few hours, but is there a way to limit the bridge to
only connections of a certain size? Thanks.
--Keifer


On Sun, Feb 26, 2023 at 3:16 AM  wrote:

> On Freitag, 24. Februar 2023 04:11:27 CET Keifer Bly wrote:
> > Yes, the limit is 50GB per month, but for some reason the distribution
> > mechanism is not updating and the bridge keeps going offline despite the
> > new torrc.
>
> What comes to my mind without logs (& your 'killall -HUP' of a systemd
> service
> is not optimal), your wrong config (2x same Port) has maxed out
> 'Restart=on-
> failure'.
>
> Try:
> ~# systemctl stop tor
> ~# systemctl list-units --failed
>
> if not zero than:
> ~# systemctl reset-failed
> ~# systemctl start tor
>
> To see if the tor.service has finished successfully:
> ~# systemctl status tor
>
> if not, read log:
> journalctl -xe
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Yes, the limit is 50GB per month, but for some reason the distribution
mechanism is not updating and the bridge keeps going offline despite the
new torrc.
--Keifer


On Thu, Feb 23, 2023 at 1:43 PM  wrote:

> On Donnerstag, 23. Februar 2023 13:43:29 CET gus wrote:
>
> >   AccountingStart day 12:00
> >   AccountingMax 50 GB
> >
> >
> > Example: Let's say you want to allow 50 GB of traffic every day in each
> > direction and the accounting should reset at noon each day:
> Hi Gus, I think Keifer meant the 5GB limit or now 50GB per month. ;-)
>
> I would recommend checking here more often:
> https://lowendbox.com/blog/2-usd-vps-cheap-vps-under-2-month/
> Server Host: 2048MB RAM, 1000Mbps Unmetered Port
> (^^ make sure to use the coupon code!)
>
> There are always offers for Easter, Christmas or Black Friday. (VPS
> unlimited
> for 10-30 dollars/year)
>
> Or:
>
> Yes, Frantech should actually be avoided. But in Miami there are few Tor
> relays. A SLICE 512  for $2.00/m or $20.00/y is sufficient for a bridge.
> https://buyvm.net/kvm-dedicated-server-slices/
>
> > For more details about AccountinMax, see this Support doc:
> > https://support.torproject.org/relay-operators/limit-total-bandwidth/
>
> > Did you also install obfs4proxy package? Because on Metrics it says
> > that your bridge don't have any 'transport protocol'.
>
> @Keifer read my message how you check that:
> https://lists.torproject.org/pipermail/tor-relays/2023-January/020979.html
>
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Hi,

So yes I had obfs4 installed. I accidentally set it to the same port as tor
without relazing, silly me. Here is my new torrc:

Nickname gbridge
ORPort 8080
SocksPort 0
BridgeRelay 1
PublishServerDescriptor bridge
BridgeDistribution email
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8081
ExtOrPort auto
Log notice file /var/log/tor/notices.log
ExitPolicy reject *:*
AccountingMax 50 GB
ContactInfo keiferdodderblyyatgmaildoddercom

I am wanting to limit to 50GB per month to avoid being overcharged. Would
this do that? Thanks.
--Keifer


On Thu, Feb 23, 2023 at 4:43 AM gus  wrote:

> Hi Keifer,
>
> You can't use the same port.
>
> Here is a simple example:
>
>   BridgeRelay 1
>   ORPort 56331
>   ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
>   ServerTransportListenAddr obfs4 0.0.0.0:5
>   ExtORPort auto
>   ContactInfo keiferdodderblyyatgmaildoddercom
>   Log notice file /var/log/tor/notices.log
>   BridgeDistribution email
>   Nickname gbridge
>   AccountingStart day 12:00
>   AccountingMax 50 GB
>
>
> Example: Let's say you want to allow 50 GB of traffic every day in each
> direction and the accounting should reset at noon each day:
>
> For more details about AccountinMax, see this Support doc:
> https://support.torproject.org/relay-operators/limit-total-bandwidth/
>
> Did you also install obfs4proxy package? Because on Metrics it says
> that your bridge don't have any 'transport protocol'.
>
> cheers,
> Gus
>
> On Tue, Feb 21, 2023 at 08:23:44AM -0800, Keifer Bly wrote:
> > Ok, changed to port 8080 and upped my allowed traffic a bit:
> >
> > GNU nano 3.2
> >   /etc/tor/torrc
> >
> >
> > Nickname gbridge
> > ORPort 8080
> > SocksPort 0
> > BridgeRelay 1
> > PublishServerDescriptor bridge
> > BridgeDistribution email
> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> > ServerTransportListenAddr obfs4 0.0.0.0:8080
> > ExtOrPort auto
> > Log notice file /var/log/tor/notices.log
> > ExitPolicy reject *:*
> > AccountingMax 50 GB
> > ContactInfo keiferdodderblyyatgmaildoddercom
> >
> > Yes, I have limited bandwidth I can give so as to avoid being
> > massively charged for traffic. Perhaps there is a way to set tor to only
> > allow traffic with a small connection? Thanks.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > --Keifer
> >
> >
> > On Tue, Feb 21, 2023 at 1:29 AM trinity pointard <
> trinity.point...@gmail.com>
> > wrote:
> >
> > > > And the reason why it's on port 443 is so as to be on a port that's
> not
> > > likely blocked by network administrators.
> > >
> > > That might be useful for the ORPort of a relay, and for the obfs4 port
> > > of a bridge, but not for the ORPort of a bridge. Clients are not
> > > supposed to connect to it.
> > > The only reason it's exposed is because the bridge authority still
> > > requires it to verify the bridge is reachable. See
> > > https://gitlab.torproject.org/tpo/core/tor/-/issues/7349.
> > > You are better of using 443 for the ServerTransportListenAddr, and
> > > some high port for ORPort.
> > >
> > > On Tue, 21 Feb 2023 at 03:05, Keifer Bly  wrote:
> > > >
> > > > Well,
> > > >
> > > > So I just changed my torrc to this:
> > > >
> > > > Nickname gbridge
> > > > ORPort 443
> > > > SocksPort 0
> > > > BridgeRelay 1
> > > > PublishServerDescriptor bridge
> > > > BridgeDistribution email
> > > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> > > > ServerTransportListenAddr obfs4 0.0.0.0:8080
> > > > ExtOrPort auto
> > > > Log notice file /var/log/tor/notices.log
> > > > ExitPolicy reject *:*
> > > > AccountingMax 50 GB
> > > > ContactInfo keiferdodderblyyatgmaildoddercom
> > > >
> > > > Trying to avoid being charged a huge amount for traffic as these VPS
> > > providers can be ridiculous when it comes to that, which is why it was
> set
> > > to so little. Ran killall -HUP tor to reload it and see that happens
> in the
> > > next day or so. And the reason why it's on port 443 is so as to be on a
> > > port that's not likely blocked by network administrators. Thank you.
> > > > --Keifer
> > > >
> > > >
> > > > On Mon, Feb 20, 2023 at 2:23 PM trinity pointard <
> > > trinity.point...@gmail.

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Ok, changed to port 8080 and upped my allowed traffic a bit:

GNU nano 3.2
  /etc/tor/torrc


Nickname gbridge
ORPort 8080
SocksPort 0
BridgeRelay 1
PublishServerDescriptor bridge
BridgeDistribution email
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8080
ExtOrPort auto
Log notice file /var/log/tor/notices.log
ExitPolicy reject *:*
AccountingMax 50 GB
ContactInfo keiferdodderblyyatgmaildoddercom

Yes, I have limited bandwidth I can give so as to avoid being
massively charged for traffic. Perhaps there is a way to set tor to only
allow traffic with a small connection? Thanks.










--Keifer


On Tue, Feb 21, 2023 at 1:29 AM trinity pointard 
wrote:

> > And the reason why it's on port 443 is so as to be on a port that's not
> likely blocked by network administrators.
>
> That might be useful for the ORPort of a relay, and for the obfs4 port
> of a bridge, but not for the ORPort of a bridge. Clients are not
> supposed to connect to it.
> The only reason it's exposed is because the bridge authority still
> requires it to verify the bridge is reachable. See
> https://gitlab.torproject.org/tpo/core/tor/-/issues/7349.
> You are better of using 443 for the ServerTransportListenAddr, and
> some high port for ORPort.
>
> On Tue, 21 Feb 2023 at 03:05, Keifer Bly  wrote:
> >
> > Well,
> >
> > So I just changed my torrc to this:
> >
> > Nickname gbridge
> > ORPort 443
> > SocksPort 0
> > BridgeRelay 1
> > PublishServerDescriptor bridge
> > BridgeDistribution email
> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> > ServerTransportListenAddr obfs4 0.0.0.0:8080
> > ExtOrPort auto
> > Log notice file /var/log/tor/notices.log
> > ExitPolicy reject *:*
> > AccountingMax 50 GB
> > ContactInfo keiferdodderblyyatgmaildoddercom
> >
> > Trying to avoid being charged a huge amount for traffic as these VPS
> providers can be ridiculous when it comes to that, which is why it was set
> to so little. Ran killall -HUP tor to reload it and see that happens in the
> next day or so. And the reason why it's on port 443 is so as to be on a
> port that's not likely blocked by network administrators. Thank you.
> > --Keifer
> >
> >
> > On Mon, Feb 20, 2023 at 2:23 PM trinity pointard <
> trinity.point...@gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> Your torrc is correct wrt to distribution mechanism (your bridge is
> >> indicating "bridge-distribution-request any" in the descriptor it
> >> sends), but for the record, the line would have been
> >> "BridgeDistribution any".
> >> A bridge uses less bandwidth than a relay, but it's still a proxy. At
> >> 5GB per month, you'd be providing a steady 16kbps over the month, or a
> >> single mbps for little over 11 hours. That's very little, if you can't
> >> have more bandwidth (by using a provider with no bandwidth accounting,
> >> or one that gives better pricing per bandwidth), I fear your bridge
> >> won't be very useful at all. Mine consumes between a few hundred GB
> >> and a few TB depending on the distribution mechanism.
> >>
> >> Are you sure your bridge is reachable? Bridgestrap reports suggest it
> isn't.
> >> As the bridge operator, you should know its bridge line. Can you test
> >> it with Tor Browser to make sure?
> >> Given your accounting limits, it could be unreachable because
> >> currently hibernating. Or you could have a firewall issue, or
> >> something else.
> >> I believe not passing bridgestrap can explain not being assigned a
> >> distribution mechanism.
> >>
> >> It might also explain why it would be considered blocked in Russia: if
> >> it's not reachable from anywhere, it's not reachable from Russia. An
> >> other possibility, given you use 443 for your ORPort, is that your
> >> bridge was indeed detected by just scanning the whole internet. The
> >> ORPort is very recognizable (enough that some of my former bridges
> >> ended up tagged "tor" on Shodan) so it should be put on a port that's
> >> less likely to be scanned.
> >>
> >> Regards,
> >> trinity-1686a
> >>
> >> On Mon, 20 Feb 2023 at 21:29, Keifer Bly  wrote:
> >> >
> >> > Where in the torrc file would I set it to any? I am looking for a way
> to run a bridge without being charged a huge amount of money for it, and I
> was curious how it would have been detected by Russia if noone had used the
> bridge there? Thanks.
> >> > --Keife

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Well,

So I just changed my torrc to this:

Nickname gbridge
ORPort 443
SocksPort 0
BridgeRelay 1
PublishServerDescriptor bridge
BridgeDistribution email
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8080
ExtOrPort auto
Log notice file /var/log/tor/notices.log
ExitPolicy reject *:*
AccountingMax 50 GB
ContactInfo keiferdodderblyyatgmaildoddercom

Trying to avoid being charged a huge amount for traffic as these VPS
providers can be ridiculous when it comes to that, which is why it was set
to so little. Ran killall -HUP tor to reload it and see that happens in the
next day or so. And the reason why it's on port 443 is so as to be on a
port that's not likely blocked by network administrators. Thank you.
--Keifer


On Mon, Feb 20, 2023 at 2:23 PM trinity pointard 
wrote:

> Hi,
>
> Your torrc is correct wrt to distribution mechanism (your bridge is
> indicating "bridge-distribution-request any" in the descriptor it
> sends), but for the record, the line would have been
> "BridgeDistribution any".
> A bridge uses less bandwidth than a relay, but it's still a proxy. At
> 5GB per month, you'd be providing a steady 16kbps over the month, or a
> single mbps for little over 11 hours. That's very little, if you can't
> have more bandwidth (by using a provider with no bandwidth accounting,
> or one that gives better pricing per bandwidth), I fear your bridge
> won't be very useful at all. Mine consumes between a few hundred GB
> and a few TB depending on the distribution mechanism.
>
> Are you sure your bridge is reachable? Bridgestrap reports suggest it
> isn't.
> As the bridge operator, you should know its bridge line. Can you test
> it with Tor Browser to make sure?
> Given your accounting limits, it could be unreachable because
> currently hibernating. Or you could have a firewall issue, or
> something else.
> I believe not passing bridgestrap can explain not being assigned a
> distribution mechanism.
>
> It might also explain why it would be considered blocked in Russia: if
> it's not reachable from anywhere, it's not reachable from Russia. An
> other possibility, given you use 443 for your ORPort, is that your
> bridge was indeed detected by just scanning the whole internet. The
> ORPort is very recognizable (enough that some of my former bridges
> ended up tagged "tor" on Shodan) so it should be put on a port that's
> less likely to be scanned.
>
> Regards,
> trinity-1686a
>
> On Mon, 20 Feb 2023 at 21:29, Keifer Bly  wrote:
> >
> > Where in the torrc file would I set it to any? I am looking for a way to
> run a bridge without being charged a huge amount of money for it, and I was
> curious how it would have been detected by Russia if noone had used the
> bridge there? Thanks.
> > --Keifer
> >
> >
> > On Mon, Feb 20, 2023 at 8:45 AM  wrote:
> >>
> >> On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote:
> >> > Ok. Here is the torrc file:
> >> >
> >> >   GNU nano 3.2   /etc/tor/torrc
> >> >
> >> >
> >> > Nickname gbridge
> >> > ORPort 443
> >> > SocksPort 0
> >> > BridgeRelay 1
> >> > PublishServerDescriptor bridge
> >> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> >> > ServerTransportListenAddr obfs4 0.0.0.0:8080
> >> > ExtOrPort auto
> >> > Log notice file /var/log/tor/notices.log
> >> > ExitPolicy reject *:*
> >> > AccountingMax 5 GB
> >> > ContactInfo keiferdodderblyyatgmaildoddercom
> >> >
> >> >
> >> > Where in this torrc file is that configured?
> >> Then set it to 'any' and wait 24-48 hours to see what happens. Maybe
> there was
> >> an error in the db.
> >>
> >> If your bridge is still not distributed, it could be due to the outdated
> >> obfs4proxy or because of 'AccountingMax 5 GB'.
> >> Sorry but, 5 GB is a 'fart in the wind' the accounting period would
> only be a
> >> few hours a month. It's not even worth distributing them because it
> would only
> >> frustrate the users.
> >>
> >> > And how would it be blocked in
> >> > Russia already if it hasn't even been used?
> >> Why should this new feature of the bridgedb, more precisely the rdsys
> backend,
> >> have anything to do with whether someone uses a bridge? This is a
> bridgedb
> >> distribution method introduced by meskio.
> >>
> >>
> >> --
> >> ╰_╯ Ciao Marco!
> >>
> >> Debian GNU/Linux
> >>
> >> It's

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Where in the torrc file would I set it to any? I am looking for a way to
run a bridge without being charged a huge amount of money for it, and I was
curious how it would have been detected by Russia if noone had used the
bridge there? Thanks.
--Keifer


On Mon, Feb 20, 2023 at 8:45 AM  wrote:

> On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote:
> > Ok. Here is the torrc file:
> >
> >   GNU nano 3.2   /etc/tor/torrc
> >
> >
> > Nickname gbridge
> > ORPort 443
> > SocksPort 0
> > BridgeRelay 1
> > PublishServerDescriptor bridge
> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> > ServerTransportListenAddr obfs4 0.0.0.0:8080
> > ExtOrPort auto
> > Log notice file /var/log/tor/notices.log
> > ExitPolicy reject *:*
> > AccountingMax 5 GB
> > ContactInfo keiferdodderblyyatgmaildoddercom
> >
> >
> > Where in this torrc file is that configured?
> Then set it to 'any' and wait 24-48 hours to see what happens. Maybe there
> was
> an error in the db.
>
> If your bridge is still not distributed, it could be due to the outdated
> obfs4proxy or because of 'AccountingMax 5 GB'.
> Sorry but, 5 GB is a 'fart in the wind' the accounting period would only
> be a
> few hours a month. It's not even worth distributing them because it would
> only
> frustrate the users.
>
> > And how would it be blocked in
> > Russia already if it hasn't even been used?
> Why should this new feature of the bridgedb, more precisely the rdsys
> backend,
> have anything to do with whether someone uses a bridge? This is a bridgedb
> distribution method introduced by meskio.
>
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Confusing bridge signs...

[Keifer Bly]

Ok. Here is the torrc file:

  GNU nano 3.2   /etc/tor/torrc


Nickname gbridge
ORPort 443
SocksPort 0
BridgeRelay 1
PublishServerDescriptor bridge
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8080
ExtOrPort auto
Log notice file /var/log/tor/notices.log
ExitPolicy reject *:*
AccountingMax 5 GB
ContactInfo keiferdodderblyyatgmaildoddercom


Where in this torrc file is that configured? And how would it be blocked in
Russia already if it hasn't even been used? Thanks.

--Keifer


On Sat, Feb 18, 2023 at 4:34 AM  wrote:

> On Donnerstag, 16. Februar 2023 06:15:02 CET Keifer Bly wrote:
>
> > So my bridge at
> >
> https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D
> > 4C8C91923AB says it has “none “,
> Well, then you have configured BridgeDistribution (Default: any) to none.
>
> > though the torrc file has it set to be distributed publicly.
> PublishServerDescriptor has nothing to do with BridgeDistribution method,
> 'man torrc' explains the config options.
>
> > I have not personally given the bridge to anyone.
> Then nobody can use the bridge except you :-(
> You can also see this in the metrics history or in
> /var/lib/tor/stats/bridge-
> stats.
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Confusing bridge signs...

[Keifer Bly]

Hi,



So my bridge at
https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB
says it has “none “, though the torrc file has it set to be distributed
publicly. I'm wondering why the bridge would say that, when it obviously is
being used as it's apparently blocked in Russia? I have not personally
given the bridge to anyone. Thanks.



--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor process sporadically gets hung on cloud server

[Keifer Bly]

Hi,

So I have been being careful to keep tor as well as Debian up to date,
however, both my middle relay "udeserveprivacy" and my bridge "gbridge",
running on two different cloud services (OVH and Google Cloud
respectively), the tor process gets hung and the relay become unreachable.
Upon checking the tor log file I cannot find anything suspicious, so this
is a possible bug in tor I am reporting. I am wondering why this would
happen and not be recorded in the tor log file?

Thanks all.

-Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Considering running a relay on AWS Free tier

[Keifer Bly]

Hi,

So I don't know if I will do it, but I am considering setting up a tor
middle relay on AWS free tier. I have been asking their support tem
regarding how much traffic one can push and remain free tier, their
response was:

If your microservice application is using an RDS or Amazon DynamoDB
Accelerator (DAX) database, the Lambda-to-database traffic will be free if
it’s in the same region, including if VPC peering is used.
Traffic to databases in a different region will incur a regional transfer
fee of $0.09 per GB for both the Lambda and database egress traffic.
Ingress traffic is free for both.\"

I am wondering does anyone else run tor middle relays on AWS free tier, and
what is the best torrc configuration to use for keeping the inbound and
outbound traffic in free tier in case I do go fourth with this?

Thanks.
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] My bridge has no distribution mechanism

[Keifer Bly]

https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB

Hey,

So my bridge, listed above, says it has no distribution mechanism. Does
this mean it is not currently being used? Thank you.

--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Setting a bridge to automatically change IP adresses

[Keifer Bly]

Thanks. But it just seems that would make it easier to have "new" bridges,
as all of the in use ones will eventually be blocked? Have you seen my
homemade tool for Windows tor relays at
https://www.youtube.com/watch?v=Vpk6yvUWQqU? Thanks.
--Keifer


On Tue, Aug 9, 2022 at 6:43 AM meskio  wrote:

> Quoting Keifer Bly (2022-07-22 18:42:57)
> >Says it is blocked in Russia. I take this as a good sign that the
> bridge
> >is being used, as it is being picked up. But I am wondering is there
> a way
> >to set the bridge to automatically change Ips every few days or so to
> make
> >it harder to detect? Maybe this would be an interesting thing to
> >implement.
>
> tl;rd: no, please don't rotate the IP address of your bridges.
>
>
> There is a complicated valance here.
>
> Many users will keep their bridges for long time if they are working fine,
> it
> might not be easy in some places to get new bridges. Tor Browser and many
> other
> software based on tor is designed around that, and bridges are kept long
> time
> (there are also other benefits for privacy keeping them stable as they end
> up as
> guards).
>
> At the same time once bridges are blocked it could be nice to rotate IP
> addresses, to keep them being useful. But rotating the IP address might
> affect
> users on other locations for which the bridge is still working fine.
>
> For now we are asking people to keep their IP address stable and don't
> rotate
> it. As we find more valuable stable bridges and that is what users expect.
> We
> have some ideas for the future to allow rotation and let users rediscover
> them,
> but that is not going to happen soon.
>
> So for now don't host a bridge if you can't have a stable IP address for a
> long
> period of time. Is not the end of the world if you rotate the IP address
> once
> per year or something like that, but don't do it on daily basics.
>
> --
> meskio | https://meskio.net/
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>  My contact info: https://meskio.net/crypto.txt
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Nos vamos a Croatan.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Setting a bridge to automatically change IP adresses

[Keifer Bly]

Hello, so my bridge relay at https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB Says it is blocked in Russia. I take this as a good sign that the bridge is being used, as it is being picked up. But I am wondering is there a way to set the bridge to automatically change Ips every few days or so to make it harder to detect? Maybe this would be an interesting thing to implement. Thanks. --Keifer 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Update on tor issue on my debian

[Keifer Bly]

Nevermind, I got it.

Now there are two other things I wanted to ask about, is there a way I can
set tor to automatically update over time? Also, my bridge at
https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB
says it's blocked in Russia. Is there a way to set a bridge to get a new IP
address automatically every once in a while so it will have a new,
unblocked IP address? I think this would be a good idea.
--Keifer


On Wed, Jun 1, 2022 at 10:25 AM Keifer Bly  wrote:

>
>
> Hi all,
>
>
>
> So upon trying all of the mentioned commands, my tor installation still
> encounters an error when trying to update. Attached is a photo of my
> sources.list.debian.templ and sources.list. When trying to update the
> returned error
>
>
>
> N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it
> has no filename extension
>
> N: Ignoring file 'tor.list.save.2' in directory '/etc/apt/sources.list.d/'
> as it has an invalid filename extension
>
> N: Ignoring file 'tor.list.save.1' in directory '/etc/apt/sources.list.d/'
> as it has an invalid filename extension
>
> E: Conflicting values set for option Signed-By regarding source
> https://deb.torproject.org/torproject.org/ buster:
> /usr/share/keyrings/tor-archive-keyring.gpg !=
>
> E: The list of sources could not be read.
>
>
>
> I am wondering, is there simply a tool for configuring the sources.list
> and all other Debian os needed files for tor updates? Thank you.
>
>
>
>
>
> --Keifer
>
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Update on tor issue on my debian

[Keifer Bly]

Well, after deleting those files, etc, here is the terminal output when
running apt-get update.

root@vps-3e661acc:/home/debian# root@vps-3e661acc:/home/debian# apt-get
update
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://deb.debian.org/debian buster InRelease
Hit:3 http://deb.debian.org/debian buster-backports InRelease
Ign:4 https://deb.torproject.org/torproject.org buster InRelease
Ign:5 https://deb.torproject.org/torproject.org buster Release
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main
Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main
Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main
Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main
Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main
Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main
Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Err:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
  Certificate verification failed: The certificate is NOT trusted. The
certificate chain uses expired certificate.  Could not handshake: Error in
the certificate verification. [IP: 95.216.163.36 443]
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main
Translation-en_US
Reading package lists... Done
E: Failed to fetch
https://deb.torproject.org/torproject.org/dists/buster/main/binary-amd64/Packages
 Certificate verification failed: The certificate is NOT trusted. The
certificate chain uses expired certificate.  Could not handshake: Error in
the certificate verification. [IP: 95.216.163.36 443]

So, that appears to have fixed the updating from a respiratory issue. But I
am wondering what is the terminal command to update the SSL certificate?
Thanks.
--Keifer


On Fri, Jun 3, 2022 at 9:48 AM  wrote:

> On Wednesday, June 1, 2022 7:25:44 PM CEST Keifer Bly wrote:
>
> > So upon trying all of the mentioned commands, my tor installation still
> > encounters an error when trying to update. Attached is a photo of my
> > sources.list.debian.templ and sources.list. When trying to update the
> > returned error
> sources.list.debian.temp
> I would not change the template from the provider.
>
> >
> >
> > N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it
> has
> > no filename extension
> >
> > N: Ignoring file 'tor.list.save.2' in directory
> '/etc/apt/sources.list.d/'
> > as it has an invalid filename extension
> >
> > N: Ignoring file 'tor.list.save.1' in directory
> '/etc/apt/sources.list.d/'
> > as it has an invalid filename extension
> Dir '/etc/apt/sources.list.d/' is empty by default. I would delete all
> files
> there. $ sudo rm -i /etc/apt/sources.list.d/*
>
>
> > E: Conflicting values set for option Signed-By regarding source
> > https://deb.torproject.org/torproject.org/ buster:
> > /usr/share/keyrings/tor-archive-keyring.gpg !=
> >
> > E: The list of sources could not be read.
>
> You have to configure it in either the Debian buster way or the new way
> since
> Debian bullseye.
>
> Old buster way + (apt-key add) in file: /etc/apt/sources.list
> deb https://deb.torproject.org/torproject.org buster main
>
> New bullseye way + (tor-archive-keyring) create a file in the directory:
> '/etc/apt/sources.list.d/' with the name 'tor.list'

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

[Keifer Bly]

Here is the return after running those commands, in the order you typed
them:

root@vps-3e661acc:/home/debian# ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=110 time=3.48 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=110 time=1.44 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=110 time=1.48 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=110 time=1.48 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 1.435/1.969/3.480/0.873 ms
root@vps-3e661acc:/home/debian# ping -c 4 deb.debian.org
PING debian.map.fastlydns.net (151.101.18.132) 56(84) bytes of data.
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=1 ttl=51 time=0.775
ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=2 ttl=51 time=0.778
ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=3 ttl=51 time=0.836
ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=4 ttl=51 time=0.804
ms

--- debian.map.fastlydns.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 30ms
rtt min/avg/max/mdev = 0.775/0.798/0.836/0.031 ms
root@vps-3e661acc:/home/debian# cat /etc/resolv.conf
domain openstacklocal
search openstacklocal
nameserver 213.186.33.99
root@vps-3e661acc:/home/debian# ls -al /etc/resolv.conf
-rw-r--r-- 1 root root 69 May 12 18:18 /etc/resolv.conf
root@vps-3e661acc:/home/debian# systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled;
vendor preset: enabled)
  Drop-In: /usr/lib/systemd/system/systemd-resolved.service.d
   └─resolvconf.conf
   Active: inactive (dead)
 Docs: man:systemd-resolved.service(8)
   https://www.freedesktop.org/wiki/Software/systemd/resolved

https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers

https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
root@vps-3e661acc:/home/debian# systemctl status ntp
● ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset:
enabled)
   Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2
days ago
 Docs: man:ntpd(8)
  Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited,
status=0/SUCCESS)
 Main PID: 443 (ntpd)
Tasks: 2 (limit: 2318)
   Memory: 1.9M
   CGroup: /system.slice/ntp.service
   └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112

May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file
('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501Warning:
Journal has been rotated since unit was started. Log output is incomplete
or unavailable.
...skipping...
● ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset:
enabled)
   Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2
days ago
 Docs: man:ntpd(8)
  Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited,
status=0/SUCCESS)
 Main PID: 443 (ntpd)
Tasks: 2 (limit: 2318)
   Memory: 1.9M
   CGroup: /system.slice/ntp.service
   └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112

May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file
('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501Warning:
Journal has been rotated since unit was started. Log output is incomplete
or unavailable.
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
lines 1-13/13 (END)...skipping...
● ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset:
enabled)
   Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2
days ago
 Docs: man:ntpd(8)
  Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited,
status=0/SUCCESS)
 Main PID: 443 (ntpd)
Tasks: 2 (limit: 2318)
   Memory: 1.9M
   CGroup: /system.slice/ntp.service
   └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112

May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file
('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501 days ago
Warning: Journal has been rotated since unit was started. Log output is
incomplete or unavailable.
~
~
~
~
root@vps-3e661acc:/home/debian# curl
https://deb.torproject.org/torproject.org/


 
  Index of /torproject.org
 
 
Index of /torproject.org
 Name
  Last modified
 Size  Description Parent Directory
 -
 A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
2022-04-27 17:32   37K
 dists/
2021-11-20 19:48-
 pool/
   2009-05-30 21:43-
 project/
  2009-09-16 11:56-

Apache Server at deb.torproject.org Port 443

root@vps-3e661acc:/ho

Thanks very much.

--Keifer


On Wed, May 11, 2022 at 4:19 AM  wrote:

> On Tuesday, May 10, 2022 10:51:23 PM CEST Keifer Bly wr

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

[Keifer Bly]

This is what that returns,

Debian GNU/Linux 10 \n \l

Running the command you listed returns:

Err:1 http://ftp.debian.org/debian buster-backports InRelease
  Temporary failure resolving 'ftp.debian.org'
Err:2 http://deb.debian.org/debian buster InRelease
  Temporary failure resolving 'deb.debian.org'
Err:3 http://security.debian.org/debian-security buster/updates InRelease
  Temporary failure resolving 'security.debian.org'
Err:4 http://deb.debian.org/debian buster-updates InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists... Done
Building dependency tree
Reading state information... Done
18 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease
 Temporary failure resolving 'deb.debian.org'
W: Failed to fetch
http://deb.debian.org/debian/dists/buster-updates/InRelease  Temporary
failure resolving 'deb.debian.org'
W: Failed to fetch
http://security.debian.org/debian-security/dists/buster/updates/InRelease
 Temporary failure resolving 'security.debian.org'
W: Failed to fetch
http://ftp.debian.org/debian/dists/buster-backports/InRelease  Temporary
failure resolving 'ftp.debian.org'
W: Some index files failed to download. They have been ignored, or old ones
used instead.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0
libapt-pkg5.0 libdns-export1104 libgcrypt20
  libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1
libudev1 systemd-sysv udev
18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 10.1 MB of archives.
After this operation, 2048 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Err:1 http://deb.debian.org/debian buster/main amd64 base-files amd64
10.3+deb10u10
  Temporary failure resolving 'deb.debian.org'
Err:2 http://security.debian.org/debian-security buster/updates/main amd64
systemd-sysv amd64 241-7~deb10u8
  Temporary failure resolving 'security.debian.org'
Ign:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64
1.8.3-1+deb10u1
Err:4 http://security.debian.org/debian-security buster/updates/main amd64
udev amd64 241-7~deb10u8
  Temporary failure resolving 'security.debian.org'
Ign:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64
1.8.2.3
Err:6 http://security.debian.org/debian-security buster/updates/main amd64
libudev1 amd64 241-7~deb10u8
  Temporary failure resolving 'security.debian.org'
Ign:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64
1.8.2.3
Err:8 http://security.debian.org/debian-security buster/updates/main amd64
libnettle6 amd64 3.4.1-1+deb10u1
  Temporary failure resolving 'security.debian.org'
Ign:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
Ign:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64
1.8.2.3
Err:11 http://security.debian.org/debian-security buster/updates/main amd64
libhogweed4 amd64 3.4.1-1+deb10u1
  Temporary failure resolving 'security.debian.org'
Err:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64
1.8.3-1+deb10u1
  Temporary failure resolving 'deb.debian.org'
Err:12 http://deb.debian.org/debian buster/main amd64 libgnutls30 amd64
3.6.7-4+deb10u7
  Temporary failure resolving 'deb.debian.org'
Err:13 http://deb.debian.org/debian buster/main amd64 libgcrypt20 amd64
1.8.4-5+deb10u1
  Temporary failure resolving 'deb.debian.org'
Ign:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64
1.1.1d-0+deb10u6
Ign:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100
amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Ign:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104
amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Err:17 http://deb.debian.org/debian buster/main amd64 isc-dhcp-client amd64
4.4.1-2+deb10u1
  Temporary failure resolving 'deb.debian.org'
Err:18 http://deb.debian.org/debian buster/main amd64 isc-dhcp-common amd64
4.4.1-2+deb10u1
  Temporary failure resolving 'deb.debian.org'
Err:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64
1.1.1d-0+deb10u6
  Temporary failure resolving 'deb.debian.org'
Err:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64
1.8.2.3
  Temporary failure resolving 'deb.debian.org'
Err:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64
1.8.2.3
  Temporary failure resolving 'deb.debian.org'
Err:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
  Temporary failure resolving 'deb.debian.org'
Err:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64
1.8.2.3
  Temporary failure resolving 'deb.debian.org'
Err:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100
amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
  Temporary failure resolving 'deb.debian.org'
Err:16 http://deb.debian.org/debian 

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

[Keifer Bly]

I have done all these and it still happens. Is there perhaps a tool that
will set this up? Thanks.

--Keifer

On Sat, May 7, 2022, 10:54 AM Keifer Bly  wrote:

> I am running as the root user.
>
> --Keifer
>
> On Sat, May 7, 2022, 10:50 AM Keifer Bly  wrote:
>
>> Ok will try these things. Does that it's an ovh debain have anything to
>> do with it? Hosted by them and they may frown on tor.
>>
>> --Keifer
>>
>> On Thu, May 5, 2022, 8:41 AM ben  wrote:
>>
>>> > Simply displays a message "no valid openpgp data found". My sources
>>> file
>>>
>>> You'll see this because your system doesn't trust the cert chain.
>>>
>>> You're not seeing a certificate warning because you've got output
>>> suppressed (the -q in wget's arguments)
>>>
>>> If you run
>>>
>>> wget
>>> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
>>> 6DDD89.asc
>>>
>>> I suspect you'll see the certificate warning.
>>>
>>> You need to fix that before anything suggested here is going to work -
>>> if the cert chain isn't trusted then apt isn't going to access the
>>> repository's indexes, and so won't even see what packages are there, much
>>> less install them.
>>>
>>> As apt didn't grab an updated version for you (which may be due to other
>>> repo misconfigurations) you probably want to grab and install the cert
>>> manually
>>>
>>> # Verify that this gives a cert warning
>>> curl https://deb.torproject.org/torproject.org/
>>>
>>> curl -k --output "/tmp/ISRG_Root_X1.crt"  "
>>> https://letsencrypt.org/certs/isrgrootx1.pem.txt;
>>> sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
>>> sudo update-ca-certificates
>>>
>>> # Now try again
>>> curl https://deb.torproject.org/torproject.org/
>>>
>>> If that final curl now works, run apt-get update and you should find apt
>>> no longer complains about the tor repo
>>>
>>>
>>> --
>>> Ben Tasker
>>> https://www.bentasker.co.uk
>>>
>>>  On Thu, 05 May 2022 13:21:22 +0100 * >> >* wrote 
>>>
>>> On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
>>> > Thank you. But running wget -qO-
>>> >
>>> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
>>> > 6DDD89.asc
>>> >
>>> > gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg
>>> >/dev/null
>>>
>>> Maybe copy paste error. It must be one line and you must be root or type
>>> 'sudo' in front of it. Maybe you can better copy from here:
>>>
>>> 3. Then add the gpg key ...
>>> https://support.torproject.org/apt/
>>>
>>> > Simply displays a message "no valid openpgp data found". My sources
>>> file
>>>
>>> If this message appears again, install gpg:
>>> sudo apt update && apt -y install gnupg
>>>
>>> --
>>> ╰_╯ Ciao Marco!
>>>
>>> Debian GNU/Linux
>>>
>>> It's free software and it gives you
>>> freedom!___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>>
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

[Keifer Bly]

I am running as the root user.

--Keifer

On Sat, May 7, 2022, 10:50 AM Keifer Bly  wrote:

> Ok will try these things. Does that it's an ovh debain have anything to do
> with it? Hosted by them and they may frown on tor.
>
> --Keifer
>
> On Thu, May 5, 2022, 8:41 AM ben  wrote:
>
>> > Simply displays a message "no valid openpgp data found". My sources file
>>
>> You'll see this because your system doesn't trust the cert chain.
>>
>> You're not seeing a certificate warning because you've got output
>> suppressed (the -q in wget's arguments)
>>
>> If you run
>>
>> wget
>> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
>> 6DDD89.asc
>>
>> I suspect you'll see the certificate warning.
>>
>> You need to fix that before anything suggested here is going to work - if
>> the cert chain isn't trusted then apt isn't going to access the
>> repository's indexes, and so won't even see what packages are there, much
>> less install them.
>>
>> As apt didn't grab an updated version for you (which may be due to other
>> repo misconfigurations) you probably want to grab and install the cert
>> manually
>>
>> # Verify that this gives a cert warning
>> curl https://deb.torproject.org/torproject.org/
>>
>> curl -k --output "/tmp/ISRG_Root_X1.crt"  "
>> https://letsencrypt.org/certs/isrgrootx1.pem.txt;
>> sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
>> sudo update-ca-certificates
>>
>> # Now try again
>> curl https://deb.torproject.org/torproject.org/
>>
>> If that final curl now works, run apt-get update and you should find apt
>> no longer complains about the tor repo
>>
>>
>> --
>> Ben Tasker
>> https://www.bentasker.co.uk
>>
>>  On Thu, 05 May 2022 13:21:22 +0100 * > >* wrote 
>>
>> On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
>> > Thank you. But running wget -qO-
>> >
>> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
>> > 6DDD89.asc
>> >
>> > gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg
>> >/dev/null
>>
>> Maybe copy paste error. It must be one line and you must be root or type
>> 'sudo' in front of it. Maybe you can better copy from here:
>>
>> 3. Then add the gpg key ...
>> https://support.torproject.org/apt/
>>
>> > Simply displays a message "no valid openpgp data found". My sources
>> file
>>
>> If this message appears again, install gpg:
>> sudo apt update && apt -y install gnupg
>>
>> --
>> ╰_╯ Ciao Marco!
>>
>> Debian GNU/Linux
>>
>> It's free software and it gives you
>> freedom!___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

[Keifer Bly]

Ok will try these things. Does that it's an ovh debain have anything to do
with it? Hosted by them and they may frown on tor.

--Keifer

On Thu, May 5, 2022, 8:41 AM ben  wrote:

> > Simply displays a message "no valid openpgp data found". My sources file
>
> You'll see this because your system doesn't trust the cert chain.
>
> You're not seeing a certificate warning because you've got output
> suppressed (the -q in wget's arguments)
>
> If you run
>
> wget
> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
> 6DDD89.asc
>
> I suspect you'll see the certificate warning.
>
> You need to fix that before anything suggested here is going to work - if
> the cert chain isn't trusted then apt isn't going to access the
> repository's indexes, and so won't even see what packages are there, much
> less install them.
>
> As apt didn't grab an updated version for you (which may be due to other
> repo misconfigurations) you probably want to grab and install the cert
> manually
>
> # Verify that this gives a cert warning
> curl https://deb.torproject.org/torproject.org/
>
> curl -k --output "/tmp/ISRG_Root_X1.crt"  "
> https://letsencrypt.org/certs/isrgrootx1.pem.txt;
> sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
> sudo update-ca-certificates
>
> # Now try again
> curl https://deb.torproject.org/torproject.org/
>
> If that final curl now works, run apt-get update and you should find apt
> no longer complains about the tor repo
>
>
> --
> Ben Tasker
> https://www.bentasker.co.uk
>
>  On Thu, 05 May 2022 13:21:22 +0100 *  >* wrote 
>
> On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
> > Thank you. But running wget -qO-
> >
> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
> > 6DDD89.asc
> >
> > gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg
> >/dev/null
>
> Maybe copy paste error. It must be one line and you must be root or type
> 'sudo' in front of it. Maybe you can better copy from here:
>
> 3. Then add the gpg key ...
> https://support.torproject.org/apt/
>
> > Simply displays a message "no valid openpgp data found". My sources file
>
> If this message appears again, install gpg:
> sudo apt update && apt -y install gnupg
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

[Keifer Bly]

I am slightly confused, thank you.
--Keifer


On Wed, May 4, 2022 at 5:29 PM Keifer Bly  wrote:

> Ok. I have tried different things. And the same is still happening:
>
> sources.list file:
>
> ## Note, this file is written by cloud-init on first boot of an instance
> ## modifications made here will not survive a re-bundle.
> ## if you wish to make changes you can:
> ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
> ## or do the same in user-data
> ## b.) add sources in /etc/apt/sources.list.d
> ## c.) make changes to template file
> /etc/cloud/templates/sources.list.debian.tmpl
> ###
>
> # See
> http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html
> # for how to upgrade to newer versions of the distribution.
> deb http://deb.debian.org/debian buster main
> deb-src http://deb.debian.org/debian buster main
>
> ## Major bug fix updates produced after the final release of the
> ## distribution.
> deb http://security.debian.org/ buster/updates main
> deb-src http://security.debian.org/ buster/updates main
>
> deb [trusted=yes] http://deb.torproject.org/torproject.org buster main
> deb http://deb.torproject.org/torproject.org buster main
>
> deb-src [trusted=yes] http://deb.torproject.org/torproject.org buster main
>
>
>
> ## Uncomment the following two lines to add software from the 'backports'
> ## repository.
> ##
> ## N.B. software from this repository may not have been tested as
> ## extensively as that contained in the main release, although it includes
> ## newer versions of some applications which may provide useful features.
> deb http://deb.debian.org/debian buster-backports main
> deb-src http://deb.debian.org/debian buster-backports main
> deb http://ftp.de.debian.org/debian stretch main
>
> tor.list file:
>
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org amd64 main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org amd64 main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org  main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org  main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org buster main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org buster main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main- main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main- main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main-buster main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main-buster main
>
> Please, what should the sources.list and tor.list files look like? I am
> sorry to ask. Thanks.
>
> --Keifer
>
>
> On Wed, May 4, 2022 at 4:34 AM  wrote:
>
>> On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:
>> > I am not sure how to get rid of the trusty / ubuntu packages?
>>
>> You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/
>> sources.list or you have created the file
>> /etc/apt/sources.list.d/tor.list?
>>
>> > I simply followed the instructions here:
>> > https://support.torproject.org/apt/tor-deb-repo/
>>
>> You are running oldstable 'buster', this guide has been updated for
>> stable
>> 'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not
>> yet
>> required in buster, but it doesn't hurt.
>> The new 'deb.torproject.org-keyring' package renews both keyrings in:
>> /etc/apt/trusted.gpg.d/ and /usr/share/keyrings/
>>
>> ¹Apt-key will last be available in Debian 11 and Ubuntu 22.04.
>> Since bullseye, 'apt-key add' has been deprecated and is no longer
>> available
>> in bookworm. Only 'apt-key del' then still works.
>>
>> ¹https://manpages.debian.org/testing/apt/apt-key.8.en.html
>>
>> Background info:
>>
>> https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key
>> or $websearch: Why apt-key is deprecated?
>>
>>
>> --
>> ╰_╯ Ciao Marco!
>>
>> Debian GNU/Linux
>>
>> It's free software and it gives you
>> freedom!___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

[Keifer Bly]

Ok. I have tried different things. And the same is still happening:

sources.list file:

## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
## or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file
/etc/cloud/templates/sources.list.debian.tmpl
###

# See
http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html
# for how to upgrade to newer versions of the distribution.
deb http://deb.debian.org/debian buster main
deb-src http://deb.debian.org/debian buster main

## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main

deb [trusted=yes] http://deb.torproject.org/torproject.org buster main
deb http://deb.torproject.org/torproject.org buster main

deb-src [trusted=yes] http://deb.torproject.org/torproject.org buster main



## Uncomment the following two lines to add software from the 'backports'
## repository.
##
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
deb http://deb.debian.org/debian buster-backports main
deb-src http://deb.debian.org/debian buster-backports main
deb http://ftp.de.debian.org/debian stretch main

tor.list file:

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org amd64 main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org amd64 main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org  main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org  main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org buster main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org tor-nightly-main- main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org tor-nightly-main- main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org tor-nightly-main-buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org tor-nightly-main-buster main

Please, what should the sources.list and tor.list files look like? I am
sorry to ask. Thanks.

--Keifer


On Wed, May 4, 2022 at 4:34 AM  wrote:

> On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:
> > I am not sure how to get rid of the trusty / ubuntu packages?
>
> You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/
> sources.list or you have created the file /etc/apt/sources.list.d/tor.list?
>
> > I simply followed the instructions here:
> > https://support.torproject.org/apt/tor-deb-repo/
>
> You are running oldstable 'buster', this guide has been updated for stable
> 'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not
> yet
> required in buster, but it doesn't hurt.
> The new 'deb.torproject.org-keyring' package renews both keyrings in:
> /etc/apt/trusted.gpg.d/ and /usr/share/keyrings/
>
> ¹Apt-key will last be available in Debian 11 and Ubuntu 22.04.
> Since bullseye, 'apt-key add' has been deprecated and is no longer
> available
> in bookworm. Only 'apt-key del' then still works.
>
> ¹https://manpages.debian.org/testing/apt/apt-key.8.en.html
>
> Background info:
>
> https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key
> or $websearch: Why apt-key is deprecated?
>
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

[Keifer Bly]

I am not sure how to get rid of the trusty / ubuntu packages? I simply
followed the instructions here:

https://support.torproject.org/apt/tor-deb-repo/

Thanks.
--Keifer


On Mon, May 2, 2022 at 10:31 PM Keifer Bly  wrote:

> Hi all,
>
>
>
> So I am running a tor relay on Debian, but no matter what when updating
> tor there is an “updating from such a respiritpry can’t be done securely
> and is therefore disabled by default”. Here is the log
>
>
>
>
>
> Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
>
> Hit:2 http://deb.debian.org/debian buster InRelease
>
> Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
>
> Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]
>
> Ign:5 http://ftp.de.debian.org/debian stretch InRelease
>
> Hit:6 http://ftpde.debian.org/debian stretch Release
>
> Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
>
> Ign:8 http://deb.torproject.org/torproject.org trusty Release
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Ign:14 https://deb.torproject.org/torproject.org amd64 InRelease
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Err:15 https://deb.torproject.org/torproject.org amd64 Release
>
>   Certificate verification failed: The certificate is NOT trusted. The
> certificate chain uses expired certificate.  Could not handshake: Error in
> the certificate verification. [IP: 95.216.163.36 443]
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Err:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
>   404  Not Found [IP: 116.202.120.166 80]
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Reading package lists... Done
>
> N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it
> has no filename extension
>
> E: The repository 'https://deb.torproject.org/torproject.org amd64
> Release' does not have a Release file.
>
> N: Updating from such a repository can't be done securely, and is
> therefore disabled by default.
>
> N: See apt-secure(8) manpage for repository creation and user
> configuration details.
>
> root@vps-3e661acc:/home/debian# nano /etc/apt/

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

[Keifer Bly]

What is the command for doing that? Thanks.
--Keifer


On Tue, May 3, 2022 at 12:00 AM Toralf Förster 
wrote:

> On 5/3/22 07:31, Keifer Bly wrote:
> > Err:15 https://deb.torproject.org/torproject.org amd64 Release
> >
> > Certificate verification failed: The certificate is NOT trusted. The
> > certificate chain uses expired certificate.  Could not handshake: Error
> > in the certificate verification. [IP: 95.216.163.36 443]
> >
> Maybe renew the key ?
>
> --
> Toralf
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

[Keifer Bly]

Just did this, and it says its up to date. Thanks.
--Keifer


On Tue, May 3, 2022 at 1:17 AM ben  wrote:

> >> Certificate verification failed: The certificate is NOT trusted. The
> >> certificate chain uses expired certificate.  Could not handshake: Error
> >> in the certificate verification. [IP: 95.216.163.36 443]
> >>
> > Maybe renew the key ?
>
> The repo uses a LetsEncrypt certificate.
>
> Odds are, the OP's system's trust store is quite old and so still has the
> old root in place - LE's intermediate has multiple signatures and one of
> the roots expired last year.
>
> Running
>
> sudo apt-get -y install ca-certificates
>
> Should bring it up to date (assuming there's a relatively modern openssl
> in use - I think 1.0 will throw an error either way because it still tries
> to follow both forks in the chain and borks when it sees the expired cert).
>
>
>
> --
> Ben Tasker
> https://www.bentasker.co.uk
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor respority can't be updated from securly on debian

[Keifer Bly]

Hi, so I am trying to update tor to the newest version on my debian vps,
only to receive this error:

Reading package lists... Done
E: The repository 'https://deb.torproject.org/torproject.org st
retch Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and
is therefore disabled by default.

Here is my sources.list file,


## Note, this file is written by cloud-init on first boot of a$
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/clo$
## or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sour$
###

# See http://www.debian.org/releases/stable/i386/release-notes$
# for how to upgrade to newer versions of the distribution.
deb http://deb.debian.org/debian buster main
deb-src http://deb.debian.org/debian buster main

## Major bug fix updates produced after the final release of t$
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main
deb http://deb.debian.org/debian buster-updates main
deb-src http://deb.debian.org/debian buster-updates main

## Uncomment the following two lines to add software from the $
## repository.
##



I am wondering what needs to be added here to allow tor to update? Thank
you.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor automatic restart

[Keifer Bly]

No. I have no other processes running on the vps. The OS Debian Linux is
running the newest version, it seems something is causing the tor process
to get hung up once a month. Will take a look at that, thanks.
--Keifer


On Sun, Oct 10, 2021 at 10:04 AM Tor Manager  wrote:

> On Sunday, October 10, 2021 at 4:48:47 AM UTC-4 Keifer Bly wrote:
>
>> I am wondering, is there a way configure tor (via the torrc file) to
>> restart automatically once a month? Thank you.
>>
>
> Before you implement a time-based service restart, you may wish to check
> that your OS and hardware (eg. firmware) are as up to date as you can
> reasonably make them. It strikes me as odd that you would have that
> instability that would require such a service restart. Do you have other
> services running? Are you running any sort of system monitoring that would
> tell you about issues with RAM or persistent storage?
>
> With that said, I have used monit[0] in the past to bring services back up
> when a test fails, though never tor. Note that my go-to if I were going to
> implement monit would be to have a service check, and not restart on a time
> basis, but rather on a threshold or reachability basis. Eg. if you were
> going to use monit with a webapp, Id suggest you have a page in the style
> of https://example.org/webapp/monit-check/ that must load the app
> runtime, and then have monit restart everything involved in the app if that
> page load takes more than 15 seconds. In your case that might look like
> installing nyx[1] and having a wrapper script that checks with nyx and has
> a non-zero exit you can have monit act on.
>
> Cheers,
> --
> ibiblio Tor Manager
>
> [0] https://mmonit.com/monit/documentation/monit.html
> [1] https://nyx.torproject.org/
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor automatic restart

[Keifer Bly]

Hi, So my relay at https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D Seems to periodically go down once a month or so. I am wondering, is there a way configure tor (via the torrc file) to restart automatically once a month? Thank you. --Keifer 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help with running a Tor Bridge

[Keifer Bly]

Well, it looks like your router or firewall is blocking it. You need to
configure your firewalls to allow tor. As well if your running from a
physical network, many routers need to be configured for port forwarding as
well.
--Keifer


On Mon, May 17, 2021 at 2:50 AM Cor.ling  wrote:

>
> Hi, I have set up a bridge on Kubuntu following this guide:
> https://community.torproject.org/relay/setup/bridge/debian-ubuntu/
> In TODO1 I put: 443 and in TODO2: 80 (I used these values only because
> they were in the example).
>
> But in my log (/var/log/syslog) I'm seeing these errors:
> Tor[X]: Your server has not managed to confirm reachability for its
> ORPort(s) at X.X.X.X:443. Relays do not publish descriptors until their
> ORPort and DirPort are reachable. Please check your firewalls, ports,
> address, /etc/hosts file, etc.
> Tor[X]: Unable to find IPv6 address for ORPort 443. You might want to
> specify IPv4Only to it or set an explicit address or set Address. [60
> similar message(s) suppressed in last 3600 seconds]
>
> How can I resolve them? And also: how can I enable IPv6?
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] A report on running a bridge on google cloud

[Keifer Bly]

For the last 3 days its been 50 cents, whereas usually vps are $20 per
month at least. I am wondering whats the minimal amount of traffic a bridge
should push to be useful? I am thinking of limiting the tor bridge traffic
per month. Thanks.
--Keifer


On Mon, May 3, 2021 at 2:12 PM Matt Traudt  wrote:

>
>
> On 4/26/21 1:40 PM, Keifer Bly wrote:
> > So for a little bit over a week now, I have been running a bridge on
> > Google Cloud and it has charged less then $5. So, while too expensive
> > for running relays, it seems to be an ok service for running bridges on.
>
> Is $0.085/GB (egress) accurate[0]? Meaning you sent ~60 GB of traffic?
>
> That sounds really really expensive, even for a bridge. As soon as your
> bridge saw more meaningful usage, I would expect you to need to take it
> down.
>
> Or maybe your pockets are deeper than mine ;)
>
> [0]: https://cloud.google.com/network-tiers/pricing#standard-pricing
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] A report on running a bridge on google cloud

[Keifer Bly]

Hi List, So for a little bit over a week now, I have been running a bridge on Google Cloud and it has charged less then $5. So, while too expensive for running relays, it seems to be an ok service for running bridges on.  I think we need as much diversity as possible so having nodes running on as many different providers as possible is good. Cheers. --Keifer 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Running a bridge via google cloud

[Keifer Bly]

Hi all,

So I am well aware, google cloud is too expensive to run a relay on, but I
wonder are they expensive to run a bridge?

They are on 1GB eqauls a few cents model. Thank you.
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Possible to give something I made to tor? (message for roger digeldine and other tor project heads)

[Keifer Bly]

Hi all,

So for the sake of diversity, as well as helping out Windows users who want
to contribute to tor, this is a tool I have created which makes running tor
relays on Windows very easy. The features are:

Auto installs tor and keeps it up to date.

Easy relay configuration with provided torrc file.

Can configure to start relay on OS boot.


The drawbacks is it configures the Windows Defender Firewall to allow the
relay traffic but can't auto configure any other firewalls, and only
supports vanilla bridges currently.

I am wanting to give this tool to tor project to list on the website for
those looking to run relays on Windows networks (networks running Windows
Server, etc). I've made this GUI open source with a GitHub link, if
interested. Thanks.


--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay Name Change

[Keifer Bly]

Hi, for the few relays I run Ive noticed it can take up to about 3-4
hours for a relay status change to show. Cheers.
--Keifer


On Fri, Apr 9, 2021 at 4:33 AM Kathi  wrote:

>I changed the name of my relay nick name from  to (Correct
> Name) after
>I got it to operate correctly. The relay was in operation when I did
> the change. I went
>into the menu in NYX, clicked reset tor. The relay has been up
> eighteen hours as of
>this writing. Its flags are: Fast, Running, V2Dir, Valid.1,911
> circuits open and 2709
>outbound, 20,670 connections on Ivp4
>
>Tor Metrics shows  only (Correct Name) isn't shown when
> searched
>
>How long does it take for the name change to take effect?
>
>sysop
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor relay issue on windows 10

[Keifer Bly]

Thanks will try. I know the tor process is not running as it never writes
anything to the log file well over 30 minutes later. I tried checking if
the tor process is running via cmd it is not. Is there a tor command to
generate the geoip files? Thanks very much.

On Thu, Apr 8, 2021, 5:17 AM Matt Traudt  wrote:

> On 4/7/21 23:15, Keifer Bly wrote:
> > Hi all,
> >
> > So I am attempting to start a new relay on Windows Server 2019. The
> > issue is though for an unspecified reason, the tor process just quits
> > when starting the relay:
> >
> > Here is the log file:
> >
> > image.png
> >
> > And then once  it gets to "now checking if qr port is reachable from the
> > outside" the tor process suddenly quits. Im running it as administrator
> > I am wondering why the process would suddenly stop for no apparent
> > reason on reaching this? Here is the torrc, though it seems to read that
> > no issue:
> >
> > SocksPort 0
> > ORPort 4555
> > Nickname testrelay
> > ContactInfo k...@gmail.com <mailto:k...@gmail.com>
> > Log notice file c:\notices.log
> > ControlPort 9051
> > ExitPolicy reject *:*
> >
> > Though it seems to read the torrc file without any issue. Thanks.
> > --Keifer
> >
>
> Hi
>
> I'm not a windows user, and especially not a
> run-things-as-a-service-on-windows user.
>
> My first thought was you somehow unknowingly had RunAsDaemon set to 1.
> But after reading the man page[0] and checking your command line in the
> picture, I don't think this is it.
>
> But in the same spirit of the above: are you *sure* tor isn't
> successfully running in the background? You could check by seeing if
> anything is listening on its ORPort, by checking if the log file is
> getting newer lines than the console, and by the process explorer or
> whatever. (Aside: consider adding a "Log notice stdout" for debugging)
>
> What's the DataDirectory that Tor is trying to use? Maybe it's unable to
> create it and failing silently? I think silent failure would be
> considered a bug. Maybe set DataDirectory in the torrc.
>
> Finally, the last thing that stood out to me is the GeoIP lines in the
> log output. I've never seen "" and I'm guessing
> C:\Users\Administrator\ doesn't exist. Perhaps there's a bad
> bug where Tor crashes (silently?) if the GeoIP files don't exist. It
> would be crazy if that existed, IMO, but maybe less crazy if it's a bug
> on Windows systems only. Running little-t tor manually--as a client or
> even as a relay--is much less common on Windows. The thing to try here
> is to specify GeoIPFile and GeoIPv6File in the torrc with the paths to
> the GeoIP files tor ships with (don't try getting a random database off
> the Internet: tor has its own format).
>
> Hope something here was helpful.
>
> Matt
>
> [0]:
>
>RunAsDaemon 0|1
>If 1, Tor forks and daemonizes to the
>background. This option has no effect on
>Windows; instead you should use the
>--service command-line option. Can not
>be changed while tor is running.
>(Default: 0)
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is OVH a safe vps provider to run an exit relay on?

[Keifer Bly]

Would running a bridge on ovh  be ok? Thanks.
--Keifer


On Thu, Apr 1, 2021 at 1:29 AM William Kane  wrote:

> Hi,
>
> no, OVH is the second most commonly used hosting provider, another
> relay hosted there would hurt the network more than it would help:
>
> https://metrics.torproject.org/bubbles.html#as
>
> We need to make the network as diverse as possible, in order to make
> it as hard as possible for law enforcement and other bad actors to
> de-anonymize tor circuits.
>
> If you really want to help us out, here's what I advise you to do:
>
> - Rent a dedicated machine, with a new-ish CPU (supporting VT-x and
> AES-NI, and good single thread performance since tor is mostly
> single-threaded).
> - Get your own subnet, it doesn't have to be huge, but make sure you
> are allowed to change the abuse-mailbox field to an e-mail you own, so
> your host doesn't get flooded with automated and mostly useless abuse
> reports and terminates your service in response.
> - Make use of QEMU/KVM and create one virtualized instance for each
> set of two relays (maximum amount of relays sharing the same public
> address is 2).
> - Make use of the CPU-pinning feature offered by libvirt, and the
> isolcpus kernel argument to isolate all but two cores from the
> kernel's scheduler, and pin two cores to each VM.
> - Disable all CPU mitigations (mitigations=off on the kernel command
> line) to increase performance, since you are only installing signed
> packages anyway, there is no untrusted code running on the system,
> which means there is no need for any mitigations to be active.
> - Make sure you have an unmetered traffic plan and at the very least
> 1, but best case 2 1Gbit/s uplinks.
>
> With a somewhat modern CPU supporting hardware AES acceleration, this
> should get you 150 to 200 Mbps per tor instance, at least that's my
> experience when I ran the setup described above around 4 years ago.
>
> On a last note, whatever you decide to do, please don't settle for
> some overused host just because it's easier or cheaper - you might as
> well not host a relay at all, then.
>
> Look for a host, get it's AS ID, then input it here:
> https://metrics.torproject.org/rs.html#search/as:
>
> Example:
>
> https://metrics.torproject.org/rs.html#search/as:AS197019
>
> If this was a bit too much, I apologize - I will gladly answer any
> questions you have.
>
> - William
>
> On 30/03/2021, Keifer Bly  wrote:
> > Hi,
> >
> >
> >
> > I am wondering if OVH is a safe VPS provider to run an exit relay on?
> Thank
> > you.
> >
> >
> >
> > --Keifer
> >
> >
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is OVH a safe vps provider to run an exit relay on?

[Keifer Bly]

Does that include exits? Thx

On Tue, Mar 30, 2021, 1:59 AM  wrote:

> Hi Keifer.
>
>
>
> There are a lots of relays on OVH 
>
>
>
>
>
>
>
> Best regards,
>
> volker
>
>
>
> *Von:* tor-relays  *Im Auftrag
> von *Keifer Bly
> *Gesendet:* Dienstag, 30. März 2021 07:40
> *An:* tor-relays@lists.torproject.org
> *Betreff:* [tor-relays] Is OVH a safe vps provider to run an exit relay
> on?
>
>
>
> Hi,
>
>
>
> I am wondering if OVH is a safe VPS provider to run an exit relay on?
> Thank you.
>
>
>
> --Keifer
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Is OVH a safe vps provider to run an exit relay on?

[Keifer Bly]

Hi, I am wondering if OVH is a safe VPS provider to run an exit relay on? Thank you. --Keifer 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] My tool I made which makes running relays on Windows very simple.

[Keifer Bly]

Hi all,

So this is a tool I developed for tor which makes running relays on Windows
very simple.

https://www.youtube.com/watch?v=Vpk6yvUWQqU

Features:

Example torrc file which can be configured as wanted.

Automatically checks if tor is running the newest version on startup, if
not updates to newest version.

One button configuration to configure relay to start when Windows starts.

Generates a tor log file which can tell tor messages.

Drawbacks:

Only supports vanilla bridges.

Configures Windows Defender Firewall automatically to allow tor traffic,
but other firewalls will need to be manually configured.

Cheers.


--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] My relay software gets hung up on OVH

[Keifer Bly]

Hi, so my relay running on OVH at https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D Sometimes gets hung up. About every two weeks or so, the relay software gets hung up, causing the relay to go offline. I notice when this happens, the tor log file becomes unreadable, making it difficult to tell what was happening with the tor process when this occurs. It is only when the relay is restarted by running “killall tor” in terminal and then restarting the relay. I am wondering if any other relay operators on OVH are getting this issue? It seems to sporadically happen once every two weeks or so. Thank you. --Keifer 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] I created a way of running tor relays on Windows easier

[Keifer Bly]

Here it is, thank you.
https://github.com/thecomputermaster/TorWrapperWindows/blob/main/WindowsTorRelayWrapper.zip
--Keifer


On Wed, Dec 16, 2020 at 8:39 AM Gisle Vanem  wrote:

> > This is a  project I have been working on which allows users to run
> relays on Windows with ease. Made this for
> > volunteers who want  to run relays, but only have Windows. See here
> >
> > https://www.youtube.com/watch?v=Vpk6yvUWQqU
>
> The link to GoogleDrive cannot be accessed;
> " ... in violation of Google's blah-blah .."
>
> Do you have a Release on Github instead?
>
> --
> --gv
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] I created a way of running tor relays on Windows easier

[Keifer Bly]

Hi all, This is a  project I have been working on which allows users to run relays on Windows with ease. Made this for volunteers who want  to run relays, but only have Windows. See here https://www.youtube.com/watch?v=Vpk6yvUWQqU  Features:Easy configuring of torAuto installation of tor or upgrade to newest version at launch Start relay when OS startsKeep tor software up to date automatically Drawbacks: Only supports vanilla bridges  currently.Configures Windows Firewall to allow relay traffic automatically, but can’t auto configure any other firewalls. Tested and working. For those wanting to run a relay on Windows, you may use this if you wish. Cheers, --Keifer 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] My app which makes running tor relays on Windows Very Simple

[Keifer Bly]

Hi all,

So this is a software peice I have been developing which makes running tor
relays on Windows very easy. All the user needs to do is write their torrc.
The app installs tor, and configures all once the torrc is written by
itself.

Here is a video showing the app:

Features
Automatic Tor download and installation (via Choclatey)
Type the torrc file, and the app configures and points tor there for you.
Attempted automatic firewall configuration.
Automatic creation of log file.

Cons:
Currently only directly support vanilla bridges. OBFS4 will have to be
manually downloaded / configured.

ATTEMPTED firewall auto configuration. It auto adds a rule to Windows
Defender Firewall to allow the traffic, but can't configure router
firewalls, etc.

Let know what you think. I have successfully gotten tor up and running
through this.

If chocolatey changes their install scripts, this will need to be updated.

I can send the source code if interested.

Programming Language: C#/.Net
 Tor Windows App.mp4


--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] So my relay is apparently being attacked

[Keifer Bly]

Thanks all.
--Keifer


On Thu, Nov 12, 2020 at 11:56 AM Will Shackleton 
wrote:

> My non-exit relays are being DDoS'ed too - I've received similar emails
> from my hosting provider.
>
>
> https://metrics.torproject.org/rs.html#search/family:B42C797CC8CD63C60FB643E820A11D113DF4F5C8
>
> -Will
>
> On Thu, 12 Nov 2020, at 7:09 PM, Roman Mamedov wrote:
> > On Thu, 12 Nov 2020 10:52:47 -0800
> > Keifer Bly  wrote:
> >
> > > I am wondering, are relays being ddosed a normal thing? Thank you.
> > > --Keifer
> >
> > DDoS'ing opponents in an argument is common on some IRC networks, so it
> could
> > have to do with the IRC exiting that you allow.
> >
> > I don't remember relays on their own getting DDoS'ed in years, but could
> > remember a couple of cases of DDoS which could be correlated to IRC
> > discussions I participated in right prior to that.
> >
> > --
> > With respect,
> > Roman
> > ___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] So my relay is apparently being attacked

[Keifer Bly]

Thanks very much.
--Keifer


On Thu, Nov 12, 2020 at 11:21 AM  wrote:

> Keifer Bly  wrote:
>
> > I am wondering, are relays being ddosed a normal thing? Thank you.
>
> Yes it's common. We have many users operating Tor relays on our network
> and we see this on a daily basis.
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] So my relay is apparently being attacked

[Keifer Bly]

Hi,

So twice this week I've gotten this email from OVH:

Dear Customer,

We have just detected an attack on IP address 51.68.197.220.

In order to protect your infrastructure, we vacuumed up your traffic onto
our mitigation infrastructure.

The entire attack will thus be filtered by our infrastructure, and only
legitimate traffic will reach your servers.


At the end of the attack, your infrastructure will be immediately withdrawn
from the mitigation.

For more information on the OVH mitigation infrastructure:
http://www.ovh.com/world/anti-ddos/


Regarding the relay at
https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D

I am wondering, are relays being ddosed a normal thing? Thank you.
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Possible compression bomb, abandoning stream message received

[Keifer Bly]

Thanks very much.
--Keifer


On Fri, Nov 6, 2020 at 1:30 AM mpan  wrote:

> > Suddenly received a message saying [warn] Possible compression bomb,
> abdnoning
> > steam. Not sure what this means, but the bridge does appear running,
> saying it
> > has pushed 3 GB within the last 7 days. It just seems odd as looking it
> has
> > logged this message a huge number of times within an hour or so.
>   Hi,
> <
> https://lists.torproject.org/pipermail/tor-relays/2020-November/019060.html
> >,
> cheers.
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Possible compression bomb, abandoning stream message received

[Keifer Bly]

 Hi, My bridge at https://metrics.torproject.org/rs.html#details/EF36AE38C162E96E0645E1DF25EF19522ADBAF90   Suddenly received a message saying [warn] Possible compression bomb, abdnoning steam. Not sure what this means, but the bridge does appear running, saying it has pushed 3 GB within the last 7 days. It just seems odd as looking it has logged this message a huge number of times within an hour or so. Thank you. I am wondering what this message means?  --Keifer 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Can't update tor relay on Debian, and notice about tor log file

[Keifer Bly]

I sorted it, thank you.
--Keifer


On Sun, Nov 1, 2020 at 5:51 PM  wrote:

> On 27.10.2020 21:30, Keifer Bly wrote:
> Can't update tor relay on Debian, and notice about tor log file
> ^^^
> > deb https://deb.torproject.org/torproject.org [1] focal main
> > deb-src https://deb.torproject.org/torproject.org [1] focal main
>^^
>
> focal is Ubuntu!
>
> Correct your source list. or you can ruin your system!
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you freedom!
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Fw: Can't update tor relay on Debian, and notice about tor log file

[Keifer Bly]

Torix, I just tried your workaround, the issue still occurs. Thank you.
--Keifer


On Tue, Oct 27, 2020 at 1:58 PM  wrote:

> Dear Keifer,
>
> Just guessing here, but have you tried reverting your sources.list to http?
>
> As for the notices and notices.1, this seems like normal linux log
> rotation.  See if you don't have an /etc/logrotate.d/tor file that gives
> the structure of how the tor log is handled.  Mine is set to rotate to a
> new file daily, so notices.log is renamed to notices.log.1, and the new log
> is notices.log. Notices.log.1 is zipped up to notices.2.tgz, and so on, and
> the last 5 days of files are kept before being deleted.
>
> --Torix
>
>
> Sent with ProtonMail <https://protonmail.com> Secure Email.
>
> ‐‐‐ Original Message ‐‐‐
> On Tuesday, October 27, 2020 8:30 PM, Keifer Bly 
> wrote:
>
> Hi all, so for my bridge at
>
>
> https://metrics.torproject.org/rs.html#details/EF36AE38C162E96E0645E1DF25EF19522ADBAF90
>
>
>
> I am some reason unable to update tor and obfs4 to the newest version. Upon 
> running sudo apt update && sudo apt install -y --only-upgrade tor
>
>
>
> I am getting an error saying that updating from such a resprrtory can’t be
> done securely and is therefor disabled by default. I have the following
> entered in Debian file  /etc/apt/sources.list:
>
>
>
>
>
> deb https://deb.torproject.org/torproject.org focal main
> deb-src https://deb.torproject.org/torproject.org focal main
>
>
>
> So am not sure why it thinks this is insecure.
>
>
>
> Another thing I noticed, it seems that for some reason, for the tor
> traffic log file, it switches from writing to notices.log to notices.log.1
> automatically after a while, this happened on both my bridge and my relay
> though I did not tell it to do this.
>
>
>
> I wonder why the update error is happening, thank you.
>
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Can't update tor relay on Debian, and notice about tor log file

[Keifer Bly]

Hi all, so for my bridge at https://metrics.torproject.org/rs.html#details/EF36AE38C162E96E0645E1DF25EF19522ADBAF90 I am some reason unable to update tor and obfs4 to the newest version. Upon running sudo apt update && sudo apt install -y --only-upgrade tor I am getting an error saying that updating from such a resprrtory can’t be done securely and is therefor disabled by default. I have the following entered in Debian file  /etc/apt/sources.list:  deb https://deb.torproject.org/torproject.org focal maindeb-src https://deb.torproject.org/torproject.org focal main So am not sure why it thinks this is insecure. Another thing I noticed, it seems that for some reason, for the tor traffic log file, it switches from writing to notices.log to notices.log.1 automatically after a while, this happened on both my bridge and my relay though I did not tell it to do this. I wonder why the update error is happening, thank you.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Odd error with tor 4.3 log file

[Keifer Bly]

Hi,  So for both my relay at https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D and my bridge on a separate machine, something strange  is happening. It opens a new log file in /var/log/tor/notices.log. For some reason, the file works fine at first, but then becomes unreadable as tor is running for longer and longer. It starts by writing exactly what tor is doing including how many gigabytes sent and received, but then later the file just becomes blank lines with end in it. I am using less /var/log/tor/notices.log The relay is run on OVH via SSH. Is there additional configuration that needs to be done to keep the log file readable after a certain point? Thank you very much.--Keifer 



	
		
			

			
		
		
			
This email has been checked for viruses by Avast antivirus software.
www.avast.com
			
		
	


 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Possible to run multiple tor instances from one machine?

[Keifer Bly]

Hi, So my relay at https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D And my bridge at https://metricstorproject.org/rs.html#details/EF36AE38C162E96E0645E1DF25EF19522ADBAF90 Are running on separate networks, but I just found out OVH allows for several different IPS on the same VPS. Is it possible to run more than one tor instance on the same machine? Thanks. Thanks very much. --Keifer 



	
		
			

			
		
		
			
This email has been checked for viruses by Avast antivirus software.
www.avast.com
			
		
	


 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What is the command to view the tor log file on Debian?

[Keifer Bly]

Thanks!
--Keifer


On Wed, Aug 5, 2020 at 11:16 PM Gunnar Wolf  wrote:

> Keifer Bly dijo [Wed, Jul 29, 2020 at 10:09:42AM -0700]:
> >Hello,
> >
> >
> >
> >So I am trying to view the tor log file (for how much traffic was
> sent,
> >etc) on my relay since start? I am trying using the “less
> >/var/log/tor/torrc.txt” command but this only shows a blank screen
> with
> >the word END and nothing else on Debian Linux.
>
> Besides the tips others have shared with you, which are all very much
> to the point and correct, I also suggest you to try using nyx, a
> terminal-based status monitor for Tor relays. It has a very easy,
> informative user interface that shows you, over the time, the usage
> details of your relay -- Incoming/outgoing bandwidth (instantaneous
> and over a lapse of time), flags your relay has got, system health
> data, inbound/outbound connections, etc.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor is showing it's running different versions, and continuing previous thread

[Keifer Bly]

That returns "reading config failed" so no luck. Thanks anyway though!
--Keifer


On Fri, Aug 7, 2020 at 12:43 PM  wrote:

> On 07.08.20 20:47, Keifer Bly wrote:
>
> > Hi all,
> >
> > So my relay at
> >
> >
> https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D
> >
> > Says it is running two different versions, on metrics it is showing it is
> > running tor 0.4.3.5 but when I log into the VPS via SSH it says it is
> > running tor 0.4.3.6. It has  been like this for a few days now. Something
> > is also not allowing me to check tors data logs, when I check my torrc it
> > says the log file is /var/log/tor/notices.log, it either just loads a
> blank
> > file or says the file is unwrite able. This is odd I don’t believe I did
> > add any special configuration for this.
>
> Hi Keifer,
>
> on Debian you can check: tor -v; dpkg -l|grep "ii ?tor"
> For me it shows:
>   Tor 0.4.3.6 running on Linux
>   ii  tor0.4.3.6-1~d10.buster+1
>   ii  tor-geoipdb0.4.3.6-1~d10.buster+1
>
> Next - check: ls -lA /var/log/tor
> An my server it shows:
>   -rw-r- 1 debian-tor adm 0 Jul 13 21:03 log
>
> The owner should be "debian-tor" or whatever your tor is running.
> use: chown to change file owner and group
> and: chmod to change file mod bits
>
> Good luck!
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor is showing it's running different versions, and continuing previous thread

[Keifer Bly]

Hi all,



So my relay at

https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D



Says it is running two different versions, on metrics it is showing it is
running tor 0.4.3.5 but when I log into the VPS via SSH it says it is
running tor 0.4.3.6. It has  been like this for a few days now. Something
is also not allowing me to check tors data logs, when I check my torrc it
says the log file is /var/log/tor/notices.log, it either just loads a blank
file or says the file is unwrite able. This is odd I don’t believe I did
add any special configuration for this.



Heads up, on my end the spam emails are coming through again. Cheers.



Thanks very much.
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Should I use Tor Alpha on my relays

[Keifer Bly]

This is my opinion. With that said, I would use the stable versions of tor
as they are best tested, etc. Cheers.
--Keifer


On Fri, Jul 31, 2020 at 2:48 PM nusenu  wrote:

> Sebastian Elisa Pfeifer:
> > I was wondering if the network would benefit if I
> > would start using Tor Alpha?
>
> relay operators that are willing to test new (unstable) builds and willing
> to report bugs are primarily useful for the Tor developers
> (see the recent call for testing of IPv6 features)
>
> If you use ansible-relayor for relay management you can choose to use
> alphas or nightly builds using the variables
> tor_alpha or
> tor_nightly_builds
> https://github.com/nusenu/ansible-relayor
>
>
> --
> https://mastodon.social/@nusenu
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What is the command to view the tor log file on Debian?

[Keifer Bly]

Thanks all. Sorry I am having trouble seeing responses due to the spam
coming across again.
--Keifer


On Thu, Jul 30, 2020 at 11:28 AM Paul Geurts  wrote:

> hi Keifer,
>
> some options:
>
> tor is not running as the default instance (This is what Matt allready
> said in his mail, for example because you use something like ansible rules
> to set it up), you could try using:
> sudo journalctl -eu tor*
>
> on debian the logging from tor is in some cases put in /var/log/syslog
> (this depends on how you have installed tor, again, if you used ansible
> rules to setup tor this could be the case). So if you edit this file you
> can find the relevant tor line items. There are lots of other options to
> look at syslog, simple way to start could be:
>
> cd /var/log
> more syslog | grep Tor
> (this shows only line items from syslog that contain 'Tor' in it)
>
> or
>
> sudo more syslog | grep Tor
> (depends on the account you are using)
>
>
>
>
> gr. Paul
>
>
> On Thu, Jul 30, 2020 at 8:38 AM Keifer Bly  wrote:
>
>> Hey so upon running the command Matt suggested, this is the return:
>>
>> It says there are no logs to display. Thanks. Wonder how else to do it?
>> --Keifer
>>
>>
>> On Wed, Jul 29, 2020 at 10:15 AM Matt Traudt 
>> wrote:
>>
>>> Assuming you didn't add any `Log` lines to the torrc and assuming you
>>> are using the `default` tor instance,
>>>
>>>journalctl -eu tor@default
>>>
>>> -e to jump to the end
>>> -u to specify the unit, tor@default
>>>
>>> Logs end up here by default because
>>> /usr/share/tor/tor-service-defaults-torrc has `Log notice syslog`. I
>>> think (but don't know for sure) adding a `Log` line in your torrc would
>>> override this, since this appears in the defaults torrc.
>>>
>>> Matt
>>>
>>> On 7/29/20 1:09 PM, Keifer Bly wrote:
>>> > Hello,
>>> >
>>> >
>>> >
>>> > So I am trying to view the tor log file (for how much traffic was sent,
>>> > etc) on my relay since start? I am trying using the “less
>>> > /var/log/tor/torrc.txt” command but this only shows a blank screen with
>>> > the word END and nothing else on Debian Linux.
>>> >
>>> >
>>> >
>>> > Thanks very much.
>>> >
>>> >
>>> >
>>> > --Keifer
>>> >
>>> >
>>> >
>>> >
>>> > <
>>> https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=emailclient_term=icon
>>> >
>>> >   Virus-free. www.avast.com
>>> > <
>>> https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=emailclient_term=link
>>> >
>>> >
>>> >
>>> > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>> >
>>> > ___
>>> > tor-relays mailing list
>>> > tor-relays@lists.torproject.org
>>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> >
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] What is the command to view the tor log file on Debian?

[Keifer Bly]

Hello, So I am trying to view the tor log file (for how much traffic was sent, etc) on my relay since start? I am trying using the “less /var/log/tor/torrc.txt” command but this only shows a blank screen with the word END and nothing else on Debian Linux. Thanks very much. --Keifer 

	

		Virus-free. www.avast.com
		
	
 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Heartbeat: It seems like we are not in the cached consensus.

[Keifer Bly]

>>  the machine has it's own global unicast ipv4 and ipv6 addresses.

I don't know for sure, but possibly that's causing the issue? I do know tor
uses one IP address for relays, so if it is detecting several different IPS
that may be confusing it.

It's only a thought.
--Keifer


On Tue, Jul 21, 2020 at 7:46 AM Fran  wrote:

> Hey,
>
> the problem persists. upgraded to several new daily snapshots of openbsd
> in between, no success.
>
> On 20.07.20 08:30, Keifer Bly wrote:
> > It is worth noting, tor conscious does not immediately update. It can
> take 40 minutes up to about 3 hours for an operating status update to
> appear in the conscious based on my experience from the
> > bridge and middle relay I run.
>
> the relay had been up for > 17 hours (see log excerpt)
>
> >>> Your relay has a very large number of connections to other relays. Is
> your outbound address the same as your relay address? Found 9 connections
> to 6 relays. Found 4
> >
> > What do you mean No FW on the machine?
>
> no firewall
>
> > You need to configure port forwarding on the network for the specific
> machine / ip address the relay is running on, for both inbound and outbound
> traffic.
>
> the machine has it's own global unicast ipv4 and ipv6 addresses.
>
> best
>
> fran
>
>
> > On Sat, Jul 18, 2020 at 9:40 PM Fran  fa...@mailbox.org>> wrote:
> >
> > Hello,
> >
> > I'm taking care of a server of a friend who's on holiday. The server
> is up and running but not part of the consensus.
> >
> > As beeing instructed I updated to the lastest OpenBSD snapshot when
> I saw that a new tor release is available  (Tor 0.4.3.5 on OpenBSD).
> >
> > Excerpts from the log:
> >
> > Jul 13 20:04:02.000 [notice] Self-testing indicates your DirPort is
> reachable from the outside. Excellent.
> > Jul 13 20:05:02.000 [notice] Self-testing indicates your ORPort is
> reachable from the outside. Excellent. Publishing server descriptor.
> > Jul 13 20:05:35.000 [notice] Performing bandwidth self-test...done.
> > Jul 14 02:04:01.000 [notice] Heartbeat: It seems like we are not in
> the cached consensus.
> > Jul 14 02:04:01.000 [notice] Heartbeat: Tor's uptime is 6:00 hours,
> with 0 circuits open. I've sent 2.04 MB and received 6.25 MB.
> > Jul 14 02:04:01.000 [notice] Average packaged cell fullness:
> 12.450%. TLS write overhead: 33%
> > Jul 14 02:04:01.000 [notice] Circuit handshake stats since last
> time: 0/0 TAP, 5/5 NTor.
> > Jul 14 02:04:01.000 [notice] Since startup we initiated 0 and
> received 157 v1 connections; initiated 0 and received 0 v2 connections;
> initiated 0 and received 0 v3 connections; initiated 0 and
> > received 5 v4 connections; initiated 48 and received 124 v5
> connections.
> > Jul 14 02:04:01.000 [notice] DoS mitigation since startup: 0
> circuits killed with too many cells. 0 circuits rejected, 0 marked
> addresses. 0 connections closed. 0 single hop clients refused. 0
> > INTRODUCE2 rejected.
> > Jul 14 06:04:02.000 [notice] Your relay has a very large number of
> connections to other relays. Is your outbound address the same as your
> relay address? Found 9 connections to 6 relays. Found 4
> > current canonical connections, in 0 of which we were a non-canonical
> peer. 3 relays had more than 1 connection, 0 had more than 2, and 0 had
> more than 4 connections.
> > Jul 14 08:04:01.000 [notice] Heartbeat: It seems like we are not in
> the cached consensus.
> > Jul 14 08:04:01.000 [notice] Heartbeat: Tor's uptime is 12:00 hours,
> with 1 circuits open. I've sent 3.46 MB and received 11.22 MB.
> > Jul 14 08:04:01.000 [notice] Average packaged cell fullness:
> 12.450%. TLS write overhead: 47%
> > Jul 14 08:04:01.000 [notice] Circuit handshake stats since last
> time: 2/2 TAP, 1/1 NTor.
> > Jul 14 08:04:01.000 [notice] Since startup we initiated 0 and
> received 340 v1 connections; initiated 0 and received 0 v2 connections;
> initiated 0 and received 0 v3 connections; initiated 0 and
> > received 10 v4 connections; initiated 57 and received 246 v5
> connections.
> > Jul 14 08:04:01.000 [notice] DoS mitigation since startup: 0
> circuits killed with too many cells. 0 circuits rejected, 0 marked
> addresses. 0 connections closed. 0 single hop clients refused. 0
> > INTRODUCE2 rejected.
> > Jul 14 14:04:01.000 [notice] Heartbeat: It seems like we are not in
> the cached consensus.
> > Jul 14 14:04:01.000 [notice] Heartbeat: Tor's uptime is 18:00 hours,
> with 1 circuits open. I've sent 4.89 MB and recei

Re: [tor-relays] Heartbeat: It seems like we are not in the cached consensus.

[Keifer Bly]

It is worth noting, tor conscious does not immediately update. It can take
40 minutes up to about 3 hours for an operating status update to appear in
the conscious based on my experience from the bridge and middle relay I run.

>> Your relay has a very large number of connections to other relays. Is
your outbound address the same as your relay address? Found 9 connections
to 6 relays. Found 4

What do you mean No FW on the machine? You need to configure port
forwarding on the network for the specific machine / ip address the relay
is running on, for both inbound and outbound traffic.

Cheers,

--Keifer


On Sat, Jul 18, 2020 at 9:40 PM Fran  wrote:

> Hello,
>
> I'm taking care of a server of a friend who's on holiday. The server is up
> and running but not part of the consensus.
>
> As beeing instructed I updated to the lastest OpenBSD snapshot when I saw
> that a new tor release is available  (Tor 0.4.3.5 on OpenBSD).
>
> Excerpts from the log:
>
> Jul 13 20:04:02.000 [notice] Self-testing indicates your DirPort is
> reachable from the outside. Excellent.
> Jul 13 20:05:02.000 [notice] Self-testing indicates your ORPort is
> reachable from the outside. Excellent. Publishing server descriptor.
> Jul 13 20:05:35.000 [notice] Performing bandwidth self-test...done.
> Jul 14 02:04:01.000 [notice] Heartbeat: It seems like we are not in the
> cached consensus.
> Jul 14 02:04:01.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 0
> circuits open. I've sent 2.04 MB and received 6.25 MB.
> Jul 14 02:04:01.000 [notice] Average packaged cell fullness: 12.450%. TLS
> write overhead: 33%
> Jul 14 02:04:01.000 [notice] Circuit handshake stats since last time: 0/0
> TAP, 5/5 NTor.
> Jul 14 02:04:01.000 [notice] Since startup we initiated 0 and received 157
> v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and
> received 0 v3 connections; initiated 0 and
> received 5 v4 connections; initiated 48 and received 124 v5 connections.
> Jul 14 02:04:01.000 [notice] DoS mitigation since startup: 0 circuits
> killed with too many cells. 0 circuits rejected, 0 marked addresses. 0
> connections closed. 0 single hop clients refused. 0
> INTRODUCE2 rejected.
> Jul 14 06:04:02.000 [notice] Your relay has a very large number of
> connections to other relays. Is your outbound address the same as your
> relay address? Found 9 connections to 6 relays. Found 4
> current canonical connections, in 0 of which we were a non-canonical peer.
> 3 relays had more than 1 connection, 0 had more than 2, and 0 had more than
> 4 connections.
> Jul 14 08:04:01.000 [notice] Heartbeat: It seems like we are not in the
> cached consensus.
> Jul 14 08:04:01.000 [notice] Heartbeat: Tor's uptime is 12:00 hours, with
> 1 circuits open. I've sent 3.46 MB and received 11.22 MB.
> Jul 14 08:04:01.000 [notice] Average packaged cell fullness: 12.450%. TLS
> write overhead: 47%
> Jul 14 08:04:01.000 [notice] Circuit handshake stats since last time: 2/2
> TAP, 1/1 NTor.
> Jul 14 08:04:01.000 [notice] Since startup we initiated 0 and received 340
> v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and
> received 0 v3 connections; initiated 0 and
> received 10 v4 connections; initiated 57 and received 246 v5 connections.
> Jul 14 08:04:01.000 [notice] DoS mitigation since startup: 0 circuits
> killed with too many cells. 0 circuits rejected, 0 marked addresses. 0
> connections closed. 0 single hop clients refused. 0
> INTRODUCE2 rejected.
> Jul 14 14:04:01.000 [notice] Heartbeat: It seems like we are not in the
> cached consensus.
> Jul 14 14:04:01.000 [notice] Heartbeat: Tor's uptime is 18:00 hours, with
> 1 circuits open. I've sent 4.89 MB and received 15.33 MB.
> Jul 14 14:04:01.000 [notice] Average packaged cell fullness: 26.760%. TLS
> write overhead: 51%
> Jul 14 14:04:01.000 [notice] Circuit handshake stats since last time: 2/2
> TAP, 6/6 NTor.
> Jul 14 14:04:01.000 [notice] Since startup we initiated 0 and received 493
> v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and
> received 0 v3 connections; initiated 0 and
> received 18 v4 connections; initiated 64 and received 370 v5 connections.
> Jul 14 14:04:01.000 [notice] DoS mitigation since startup: 0 circuits
> killed with too many cells. 0 circuits rejected, 0 marked addresses. 0
> connections closed. 0 single hop clients refused. 0
> INTRODUCE2 rejected.
>
>
> Atlas show the server as down:
> https://metrics.torproject.org/rs.html#details/AC601DBDB7FBD53454045EDC08DAE3C381C8CF88
>
> Accessing the status page on port 80 works.
> No FW on the machine.
>
> Any ideas?
>
> Thanks and regards
>
> Fran
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org

[tor-relays] trouble with tor relay software on debian

[Keifer Bly]

Hi all,

So my middel guard relay at

https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D


As well as my bridge at
https://metrics.torproject.org/rs.html#details/EF36AE38C162E96E0645E1DF25EF19522ADBAF90

Are not updating, though I had configured them to be updated by
unattended upgrades they are stuck on tor 4.3.5.

When running

sudo apt update && sudo apt install -y --only-upgrade tor

This is the return, it's a google drive link to the screenshot as copy
pasting the text ended up in a jumbled mess.

https://drive.google.com/file/d/1ULtvt8B28tTwN5DI7oLmfj7mbfBIDh6A/view?usp=sharing

It says ip address not found, I wonder why this is as I had imported tors
keyring before hand.

What's also going on is, I am trying to see how much traffic my relay has
pushed but am not able to open the log file, when using less
/var/log/tor/notices.log I am only seeing a black screen with (END) and
that's it.

I wonder why this is.

Thanks very much,


--Keifer


Virus-free.
www.avast.com

<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Fw: So I am moving my bridge to a new OS and have a few questions?

[Keifer Bly]

Awesome, thanks! This is very helpful Torix. It's still the same IP
address, I wonder if that means the bridge is less effective.
--Keifer


On Fri, May 29, 2020 at 5:18 AM  wrote:

> Dear Keifer,
>
> I'm sure the gurus can say exactly what happens in an upgrade, but I can
> say that it is the keys in /var/lib/tor/keys that uniquely define your tor
> instance. As you did not transfer the keys from the windows box, they were
> created anew when you first started up tor, and your box is considered a
> new relay.
>
> I don't think this is a problem, especially as new bridges 1. are needed
> for May35th(Tinamann Square) right now, when China usually locks down its
> internet "just in case" and 2. bridges gradually get discovered and
> blocked, so starting anew is a plus, not a minus.
>
> HTH,
>
> --Torix
>
>
> Sent with ProtonMail <https://protonmail.com> Secure Email.
>
> ‐‐‐ Original Message ‐‐‐
> On Friday, May 29, 2020 11:17 AM, Keifer Bly  wrote:
>
> Hi all,
>
> So I am switching my OBFS4 bridge that was here
>
>
> https://metrics.torproject.org/rs.html#details/386E99371B8CD938248940B754F16AAC54B5712B
>
>
> From running on Windows to running on Debian, as the older computer I was
> running it on, Windows updates started causing it to not boot correctly
> haha. With some work I was able to get Debian running on the machine.
>
> I am wondering, does unattended upgrades as configured here:
> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/DebianUbuntuUpdates
>
>
> Keep OBFS4 up to date as well?
>
> Is it safe to use tor browser through teamviewer from the computer I am
> running the bridge on?
>
> Unfortunately the relay key for the former bridge was lost as  the hard
> drive failed due to a Windows update causing it to crash, do the
> bridge relay keys have any other relevance than flags?
>
> Thanks very much.
> --Keifer
>
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] So I am moving my bridge to a new OS and have a few questions?

[Keifer Bly]

Hi all,

So I am switching my OBFS4 bridge that was here

https://metrics.torproject.org/rs.html#details/386E99371B8CD938248940B754F16AAC54B5712B


>From running on Windows to running on Debian, as the older computer I was
running it on, Windows updates started causing it to not boot correctly
haha. With some work I was able to get Debian running on the machine.

I am wondering, does unattended upgrades as configured here:
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/DebianUbuntuUpdates


Keep OBFS4 up to date as well?

Is it safe to use tor browser through teamviewer from the computer I am
running the bridge on?

Unfortunately the relay key for the former bridge was lost as  the hard
drive failed due to a Windows update causing it to crash, do the
bridge relay keys have any other relevance than flags?

Thanks very much.
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] How do I add relays to a "family" and what are the benefits?

[Keifer Bly]

Thanks very much all, as bridges are meant to be kept private as possible. Thanks very much all. Sent from Mail for Windows 10 From: ger...@bulger.co.ukSent: Friday, May 22, 2020 3:49 PMTo: tor-relays@lists.torproject.orgSubject: Re: [tor-relays] How do I add relays to a "family" and what are the benefits? My understanding is that you don’t, if you do you give the game away about your bridge.  From: tor-relays  On Behalf Of Keifer BlySent: 22 May 2020 23:24To: tor-relays@lists.torproject.orgSubject: [tor-relays] How do I add relays to a "family" and what are the benefits? Hi all, So as I run this bridgehttps://metrics.torproject.org/rs.html#details/386E99371B8CD938248940B754F16AAC54B5712B And this relay https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D How do you add these as a “family”? What are the benefits of doing so? Thanks very much. Sent from Mail for Windows 10  This email has been checked for viruses by Avast antivirus software. www.avast.com   ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] How do I add relays to a "family" and what are the benefits?

[Keifer Bly]

Hi all, So as I run this bridgehttps://metrics.torproject.org/rs.html#details/386E99371B8CD938248940B754F16AAC54B5712B And this relay https://metrics.torproject.org/rs.html#details/79E3B585803DE805CCBC00C1EF36B1E74372861D How do you add these as a “family”? What are the benefits of doing so? Thanks very much. Sent from Mail for Windows 10 



	
		
			

			
		
		
			
This email has been checked for viruses by Avast antivirus software.
www.avast.com
			
		
	


 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor bridge on windows?

[Keifer Bly]

Here you are:

Nickname torland SOCKSPort 0

# no local SOCKS proxy

ORPort 80

# public bridge must have an open ORPort

 ExtORPort auto

# configure ExtORPort for obfs4proxy

ExitPolicy reject *:*

# no exits allowed BridgeRelay 1

# relay won't show up in the public consensus

PublishServerDescriptor 1

# publish to the bridge authority

 # use obfs4proxy to provide obfs4 on port 9003, 443

#point tor to ofbs 4 directory path ServerTransportPlugin

obfs4 exec
C:\Users\keife\Desktop\TotBrowser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe

 # set port for obfs4 to run on ServerTransportListenAddr obfs4 0.0.0.0:443

Contact Info line:

ContactInfo keifer@gmail.com


Try this, let me know if it helps.
--Keifer


On Mon, May 18, 2020 at 1:02 AM eliaz  wrote:

> I’d be much obliged if you could send the torrc.
>  I’m assuming that window implementation of bridges came back with
> Vidalia 2 in 2011. Would a bridge on Win 7x54 work?
>
> Sent from my iPhone
>
> On May 17, 2020, at 10:35 PM, Keifer Bly  wrote:
>
> 
> I run an OBFS4 tore bridge on Windowsm which is called torland.
> https://metrics.torproject.org/rs.html#details/386E99371B8CD938248940B754F16AAC54B5712B
>
>
> You just need to make a self generated torrc.txt file with the bridge
> configuration. I can send you my torrc file if you want an example.
> --Keifer
>
>
> On Sun, May 17, 2020 at 5:55 PM eliaz  wrote:
>
>> Is tor running on windows again? On which win versions? I gave up trying
>> to run a bridge when Vidalia 1 was dropped and tor.exe was integrated into
>> Torbrowser. I was told at the time that windows implementations would no
>> longer be supported.  Thanks, eliaz
>>
>>
>>
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Does this mean upgrades are working?

[Keifer Bly]

Thanks very much.
--Keifer


On Sun, May 17, 2020 at 5:53 PM Paul Geurts  wrote:

> yes, for as far as I know this is normal if you configure unattended
> upgrades, only thing is that there is currently nothing to upgrade on your
> system.
> the last line means that there is no mailserver installed on this specific
> machine, so there is probably not a way to send an automated mail telling
> you the status of unattended upgrades. I normally not use this myself so I
> am not completely sure, but that is the most logical thing.
>
> rgds. Paul
>
>
> On Sun, May 17, 2020 at 7:24 PM Keifer Bly  wrote:
>
>> Hi, upon configuring unattended upgrades, I am getting this on testing.
>> Does this mean the upgrades are working properly? How will running upgrades
>> every day effect my uptime? Thx.
>>
>>
>>
>>
>>
>>  unanttended upgrades.PNG
>> <https://drive.google.com/file/d/1jcm_STo87waEKMpxztdajQWXV4Enk89d/view?usp=drive_web>
>>
>>
>> --Keifer
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] tor bridge on windows?

[Keifer Bly]

I run an OBFS4 tore bridge on Windowsm which is called torland.
https://metrics.torproject.org/rs.html#details/386E99371B8CD938248940B754F16AAC54B5712B


You just need to make a self generated torrc.txt file with the bridge
configuration. I can send you my torrc file if you want an example.
--Keifer


On Sun, May 17, 2020 at 5:55 PM eliaz  wrote:

> Is tor running on windows again? On which win versions? I gave up trying
> to run a bridge when Vidalia 1 was dropped and tor.exe was integrated into
> Torbrowser. I was told at the time that windows implementations would no
> longer be supported.  Thanks, eliaz
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] OVH Service

[Keifer Bly]

I started a relay with them recently as well, for me it took about 1 day
before I was able to start the VPS. They will send you an email saying it
is ready.
--Keifer


On Sun, May 17, 2020 at 8:10 AM mnlph74  wrote:

> This is for Tor Relay Operators with OVH
>
> A couple of hours ago, I availed a VPS from OVH just to try it out and
> it's been 10 hours now
> and my payment was validated and the order is still being processed, is
> this a normal waiting time for the order to be delivered? Thanks for the
> help.
>
>
> Sent with ProtonMail  Secure Email.
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Does this mean upgrades are working?

[Keifer Bly]

This output does mean it will do this automatically correct? Thx

On Sun, May 17, 2020 at 10:29 AM Matthew Smith  wrote:

>
> Keifer Bly writes:
> > How will running upgrades every day effect my uptime? Thx.
>
> When an update to Tor is available, it will be applied and then your Tor
> daemon will be restarted. It will affect your uptime, but all of your
> relay's flags (like fast, stable, ...) will still be there when it comes
> back online.
>
-- 
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays