Re: [tor-relays] DirPortFrontPage file '.....' not found | Permission denied
Thx all ! It's working like a charm ! After setting up this page, I saw I had to code everything "inline"... images, CSS, all... But it's ok, cool :) Thx 30/03/2021 à 18:03, Olaf Grimm : > Place the DirPortFrontPage in the same folder like torrc, not /var/... OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ipv6 ORPort + DIRPort too ?
Ouch, this config looks like not so cool... I see on Metrics the ipv6 choosen by Tor process, is now on : "Unreachable OR Addresses" I'll write the other solution you given previously... with ORPort xxx.xxx.xxx.xxx:9001 ORPort [::xxx:x::::xxx]:9001 30/03/2021 à 20:07, Petrusko : > Ok ! > > So this only line will serve on both ipv4 and ipv6 together, ok thx ! Cool > > > > 30/03/2021 à 15:51, li...@for-privacy.net : >> ORPort 9001 > OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ipv6 ORPort + DIRPort too ?
Ok ! So this only line will serve on both ipv4 and ipv6 together, ok thx ! Cool 30/03/2021 à 15:51, li...@for-privacy.net : > ORPort 9001 OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] DirPortFrontPage file '.....' not found | Permission denied
Hey, I'm having a little problem with setting up (my be some rights...) the html page on the relay DIRPort. On my logs : 00:00:03 [NOTICE] Tor 0.4.5.7 opening new log file. 00:00:03 [WARN] Could not open "/var/www/html/tor-relay.html": Permission denied 00:00:03 [WARN] DirPortFrontPage file '/var/www/html/tor-relay.html' not found. Continuing anyway. I've not found any information about how to set up this correctly. Many thanks in advance. OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ipv6 ORPort + DIRPort too ?
Thx all for your answers. I'm not sure, because I see Tor listening too on DIRPort I've set up, with a "netstat -lpn", so may be it's still used ;) Le 27/03/2021 à 18:26, Toralf Förster a écrit : >> And I'm not sure if I can serve DIRPort on the ipv6 too ? > > If I understood it correctly a DirPort are no longer needed for latest > Tor software version. > So you should be fine with opened IPv4|6 ORports only. OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] ipv6 ORPort + DIRPort too ?
Hey, I've set up a new relay, available with ipv4 and ipv6. And I'm not sure if I can serve DIRPort on the ipv6 too ? In the torrc file, I've config : ORPort 9001 ORPort [::xxx:x::::xxx]:9001 DIRPort 9030 Is it allowed to add something like this, to advertise on ipv6 too ?? : DIRPort [::xxx:x::::xxx]:9030 Thank you all ! OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
Same problem here, relay down for this reason :( > Thank you for the anwer, but i am unable to find precompiled packages > for 1.1.1 for debian. > > I am currently using buster and i could downgrade to 1.1.0j from stretch > security. > > Can someone help me? -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP is aking me to send a selfie holding my identity card
OVH = French company... Damn, they ask this for renting a server ? Like someone who wants to buy a weapon !! (in this country + an additional hunter card...) 2020 we will need a "Good web citizen" digital card to rent a server... and adding a software running behind to prove we are good people, using our computer for good things ;) Le 08/12/2017 à 17:21, Anders Burmeister a écrit : > I rent 4 servers at OVH, They asked for copy of passport and some > government letter to prove my name and adress. I sent them (encrypted > of course), got my 4 servers, and they run as a charm. > > /anders > -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running both Transmission server and Tor relay
Hey, It's possible to set up the Relay trafic bandwidth used : *RelayBandwidthRate* + *RelayBandwidthBurst* in the torrc file ;) https://www.torproject.org/docs/tor-manual.html.en (be careful, it will be used in both sides ! if you put 5MB = 10MB up + down used for relaying tor traffic) And Transmission daemon can be set up from the web-interface, upload/download speed, too ;) You will have to know your 100% bandwidth available for both, then you will be able to give what you want to torrent + tor Thx for adding your relay ;) ps: sry for this noise 1 month after :s Dylan Issa : > unless, of course, torrenting is taking up 99% of your bandwidth and > the Tor relay can only access 1% of it, naturally -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor t-shirts
Hey, And on the road, you will be able to see "the man who is wearing the Tor Operator -Level 2- Tshirt" :) Cheers ;) > It seems to me that it might be better to have a reward for the first stage > of running a relay(s) at a couple of months and another reward for much > longer, faster or financial commitment. > That could be anything but I'd be happy with a different tshirt perhaps of > better quality so it lasted longer. > > Rob -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay uptime versus outdated Tor version
And why not taking a screenshot + print it to remember :p tor : > You'll lose your uptime, but... don't be ridiculous. It's better to > keep Tor up-to-date. That uptime undoubtedly means you're running an > outdated kernel too, which is not ideal. I think it would be wise to > take the hit and update both. -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ORSN DNS servers vs OpenNic
So Unbound looks like nice for this features ;) Easy to set up in a Linux/Windows box as server, it can be used on localhost when connecting to unknown wifi... low memory/cpu usage. It's used everyday for home/work since on long time ago... surf, etc... teor : > Using a caching, recursive resolver should be fine. > (Then the root servers only answer queries for top-level domains.) -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ORSN DNS servers vs OpenNic
On my LAN I'm using Unbound, forwarding all requests to "root servers". I've read it's not really cool for a high traffic server, to preserve those root servers...? But for home, I think it's perfect. For an exit, why not using too a dns cache as Igor said, may be less agressive for the root servers ? : On your node, run dnsmasq with a large (1) cache as a fast and secure alternative to running a full DNS server. That can prevent some DNS-based timing attacks. Is it a good idea to use those roots servers ? I'm not 100% sure about requests because of MITM attack, but better than GoogleDNS ? signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Debian9 install gpg repository problem
Nice shot ! Thx Daniel :) It can be useful to add it as needed package for Debian 9, in this tutorial... ;) Regards. Daniel Winzen: > Hello, > > you are missing dirmngr. You can install it via > # apt-get install dirmngr > > Regards, > Daniel -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Strange log in a middle relay "Gateway Time-out"
Ok thx mister (or lady) for your message. tor : > http://154.35.175.225/ is the directory authority "Faravahar". This > error happens from time to time with this authority. There's nothing > for you (the relay operator) to do about it. -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Strange log in a middle relay "Gateway Time-out"
Hey! Got a strange log from outer space, on a middle relay... :s [log] Jul 17 04:31:24.000 [warn] Received http status code 504 ("Gateway Time-out") from server '154.35.175.225:80' while fetching "/tor/server/d/679188844BFECBF0491F10692096A90C13C1EDD8+6A5F00758269A51C369C46480B82FD43F70A438+6D27FA6BC18185DFAFBABF72161BC9B5B851AE8F+6E4E9C532DF6B0B0A90A7259E77E963B4241F2D3+6E91C50C8222867DEE1638656CFC463A6A3B8A37+6E9421537D55BD56CC2A268B8478CBD1415ADE6+6F4D319593BFB0C06B14EB61478AF5BFCD8B442E+70B0CF367CF467C9562FC3A0C83EA3DA84659CDB+70ED5E2B880DB1A7C7F234AC28A1A78A9E40EA10+7133723103B5A9F9D77241A5F803C294A4B67185+71652BA723790D0C5000FEFC845D52A26C9BADC+7260088E17EA292064FBAD874BC0423C8AB925FB+74A5A26A2B41A347DE302DB9EF62AD018D6787FA+74C48EFF7EC8E9D49CB3C38F14B5BD96EAFD51B4+75075F3519ACB31171C02A3E70451878A0C01730+75269D293DB040608C694109B0A8B729FA94D12+75E63DB58F643AEFAF6E17CA38A77494FC45DF5D+75E95EAA24B11F59B8F06837F0B38743C7ED58A3+76F12392DA75F704E1759C8A9FA76007C4F2D82C+77B8B0538AD339DCB296E6C2A4DDA048E24F346+77BF48E4B80803041FD1357B7BB836B6394F55A4+78634FB9C7A08DCEFB3C5423C23A5F962FEB9B4A+7CE7931B070AAC9687696CEDD3CFDF822A8279D4+7D00BFC08346E223B58E3774BED6B1C9D118F5E0+7D886BE5360A86BE3AF6D6BDE95C64CD640E522+7F09C91D218339A6E07328D64429E7E30747EB6A+7FFDFBFFE767FC758A6D29ADAA84D11D908F344B+80B4E3A317A16EC89C1525D6838E7A619DBD9C47+80D1078EC53308F507AF3B1515A45E14680DFAFC+0FCEF96681C73FEA65D847349B7CBF9A46ED8E6+817ADF44836E6E71C365FEB8DB810CC5403F04F3+8183F0D8D76CF92F35899EA98F8135EB9B0E80C8+81DD41F46EB457337248B2D0B208B70F2A06997B+8208BAFED03EF6E98038345679CBE655135F792+833ADEF6A5CD4D1DA1F4B8B6060345368F5B8506+8401703254E2DFD862F3E1015FECB4B940CDDF5D+852DE73E5E8465D607CBE4685A3158AD5225F337+85384EF426E57B5BD704097037C207F140CE9ED5+8675D6AA701696F81C0419C7E48333C075EE33A+86DA06023C3F9E0E90CD32F85D754DA0A4696215+8726B3154869E52DA197DDD8E0EFFC0BC637CE89+874219A59E1B32EBB04639021F8A4E3742158CBD+87E70980F89893DC460E897CF41361288D98D90+887E253B86B280DA94F3B119B697393EF8AA41C8+8892EC4E9281593A7C784B10D3CB118B2FC1A931+8897E68DCED81942FEB35C680823633DB22F5449+889EA5B82AB92C885ECEB5E6E3D6312F0A4BB1DF+88AFD9C84761F8E23F11F59E381F45F62A6+88C40F3241ECAE83B21E64BB00349A09F9A2FDF9+890D7E99A9C7CAF2B0B41574CA54BA84D7942931+89AE45BD219EC98D3837F66A333FADF28C068A9A+89D6572C12D61CEAA4547476113294BB4DA79137+89DF50ADA4DF1A29EF3D4F64D3C47512FC58403+89FDBE308984AA76D82E8FA79A92153146A4841C+8A1FE8125FEC072CAB5A81339A96E3E25DC40EFA+8A37D046D5E696B40F9D367DE9B5E1AD3FB63C12+8A5AB94CF9AA25AA48ED74383274B110650E746+8A707B992533D269732BEE35BF2C90BE19FA82C8+8AADD8DDFA47017646C4ECB391404290F7B0A362+8BE5E002216A58895ABE9D8680FC6CD74FCE8C06+8BFB1A26D1E4571FB90DCEBB4DFD41A98BE3A5A6+8C4FB846801A2FD8875A95ACAC98548D8A6147D+8CA99E741D24C9634D3BE10E8FD4164D63364437+8DF6E3E5C81D3CD2E79B8374062C087FE39B3F57+8E83CAE9800E2688F5D29E975EB4CB8A5D1206FD+8EB5C1D8DB0009D66F352BF32BC6A544C0D9A074+8F0EA0D63677F6871F677791AA0C9EEBBC9AE61+903F76994232D010CCBBC0F5CF2364E315462DA6+91A967BC205C7E7C0C77903DA69F4A485D6C7E1F+926FBD5073A857E47D8C6BF675B1E4764B3FDCC2+92813AD1FAA843598116179E07CD9F0FD598D3F+92FDBB6EEB79A22056CD4901399F147DA229353B+935BCBC0217AC51B41C57F8B5425E33001D5B097+938B66249BC029CEAC9881E24170B13E254E1EE9+93DF9F56C7D6BEDF721D2BFADEBCB4EE9D6121BB+93E1455D3F70CCBC232A53E6CD15ACA1B62A5B1+94839EE51D100CAC68B8E35DA652F94452B3CAC4+94848881AD8E126C42FABE52CC48A07545E86B3F+9506914B6F1C4F3269C5CA3260FD818C5268524F+961C6983A289A9ADBD197F131B264CA167AFDDBC96B32736A5CBABE8200737F24D1BDE81385D143A+9AC9EE96BA7415A48070D644433C408D97C72558+9B5B8BB8DD31A59B4B9A984CCFD863869661D223+9C017143B8AB6AD270149CE57785B800471BA3AE+9D1997FE73A82F06C9C145F10761D0E38ADFE35+9DE4B468008939459D2EED84D20910872D540698+9EC80438962FA35924EBAE5E279FC0B86FE73373+9F1AE19C5B64B03AD74D7B4B32E548D86031F804+A101098F757D341D18067BD0EB58A5FBEE57+A19371D6CFEC58EB274F610F72265533919E999+A252FF1CE50F7593CCC7BF2F295098CEEBEA8E21+A25882A9ED76FEF99A8440FEE54CF6EC36AB6CFC+A32D12BC63C5DB7210BC635264ACD89150BB3B8C+A4614B75E3BE47FA8605D46709B0F466C7F3162+A5973769C6D1542163C030861A3283320831B274+A5F948DDD7E571F3A9B03FEFE9979DEBCB02453C.z". I'll try again soon. [/log] Tor version 0.3.0.9 (git-100816d92ab5664d) on a Debian 8 Jessie. I don't remember seeing this before ! If it can help... -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] sharing tor relay at night or working hours ? make sense ?
It can be a cool feature ! In torrc file, like Transmission (torrent client) for example, you can set up times with bandwidth ;) Why not setting days too ?! 5 working days / week, hours, bandwidth used during those different hours... As an example, the Transmission's web interface, where you can set up easily those parameters : Le 11/06/2017 à 16:29, Zalezny Niezalezny a écrit : > Hi, > > I have 100mbit Up/Down connection at home. Most of the day, my > connection is not use. Mostly between 22:00-17:00. > > I would like to share my Internet connection for Tor. If I will setup > some crontabs to start/stop my tor relay between that hours, will it > work ? Does it make sense ? Will TOR network know that my relay is > working only between 22:00 and 17:00 and will push some more traffic > to me ? > > How to properly configure such a relay which is working only for a few > hours per day ? > > > Cheers > > Zalezny > > <https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail_term=icon> > Virus-free. www.avast.com > <https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail_term=link> > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Hey, A random website (French speaking) about this unplug... https://www.nextinpact.com/news/104302-wannacrypt-nuds-tor-saisis-par-autorites-francaises.htm What will they find ? A Debian who ask a password to unlock the system, or it will stop booting ? Yeah, if police can read the system entirely, it looks like impossible to find something about the guyz behind the wannacry software ? Tor is not logging anything else than informations about uptimes/nb connections... what can be interesting for police by unpluging those guards relays ? @aeris, do they ask you to uncrypt the volume ? (good luck to you...) What can be the best ? Uncrypt the relay to help police when asking, when this relay is only a relay and storing nothing else ? I : > Did he not mean that it is well run yet did dopey things such as giving > outgoing ip address to the police which made no sense? > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] What kind of hardware do I need for my relay
Hey Farid, Have you found an interesting low cost hardware since this last message ? Sometimes I try to look for it, but there's a lot of little cards like RPi, Banana... sadly I think it has not enough CPU power to play with a lot of Tor traffic :s On the torserver webpage, there's a command line to know if the cpu has AES-NI acceleration. cat /proc/cpuinfo | grep aes For fun, I've tried on a laptop with Intel Core 2 Duo... no result shown after this command. So sadly this laptop will not be enough strong to have fun with this kind of crypto... it's sad because it's not burning a lot of watts! Farid Joubbi : > OK. I thought from the beginning that my relay running the Banana Pi would be > capable of handling more traffic. > I have asked about it before, and got some really good answers. > I still can't completely explain why it does not handle more. -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ansible relayor v0.2.1 released
Have read quickly, It looks like a nice doc°, thx nusenu ! :) nusenu : > https://medium.com/@nusenu/deploying-tor-relays-with-ansible-6612593fa34d -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New Tor relay
Thx and welcome! Have fun ! Luca Tortiglione : > Hi all! > I'm paying a VPS to run a tor relay. > I hope it will go well. > > Glad to belong to the family by helping the community. > > Of course, I'm runnin Tor 0.2.9.9 on Debian. > > Thank you. > -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] large server farms
Becoming an ISP may be ? Or may be I'm totally out :s anondroid : > > how to get the coaxial cable ran from the server facility to each > subscriber > > > Wut? -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Shutdown of TorLand1
Respect. tor-ad...@torland.is : > after 5 years of operation I will shutdown TorLand1 -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] assign_to_cpuworker failed
It's running fine since this last upgrade, on my case. (I've reduced RAM used by shutting down an instance... no problem, full bandwidth is used now!) Good luck ;) diffusae : > Hi! > > Didn't update right now and got the same message today. > So, it looks like, the address field wasn't the problem. > > Feb 05 15:01:25.000 [warn] assign_to_cpuworker failed. Ignoring. > Feb 05 15:01:29.000 [warn] circuit_mark_for_close_: Bug: Duplicate call > to circuit_mark_for_close at src/or/onion.c:238 (first at > src/or/command.c:579) (on Tor 0.2.9.8 01ab67e38b358ae9) > Feb 05 15:01:36.000 [warn] assign_to_cpuworker failed. Ignoring. > > Should I I update to 2.9.9, does it solve the issue. > > Regards, -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Updates removes status flags
Hey, May be the guard flag is back on this relay ? a tor op : > Hi > > When a tor admin updates a tor node, what is the reasoning for > punishing the status by removing flags like the guard flag? > > The node may have been up for months on end without issues and goes > down for a few minutes during install and restart and comes up with a > newer version, hence it is clearly updated. And the guard flag goes > away. Doesn't seem really appropriate. Unless it's to indicate caution > due to new version perhaps not being stable. But then that's what you > do pre-prod testing in-house for. > > A TOR bridge op -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] assign_to_cpuworker failed
Thx Ivan for your support. I got an eye on the logs and everything around. ps: updated to 2.9.9 some hours ago... looks like ok for now. Ivan Markin : > There is nothing wrong at your side. You're probably experiencing the > same issue as in ticket I've mentioned earlier. "a memory leakage > somewhere" means that this "somewhere" is a place in tor code and > probably triggered remotely. This definitely ought to be fixed since it > may be a DoS vulnerability (process crash). > So if you have some details on this issue please report them to the > mentioned ticket. > > Thanks, -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] assign_to_cpuworker failed
You're right Ivan, my bad ! Swap has grown quickly and has been full... Ok, it was a test with another instance... so I'll kill this other instance :( Thx for your help Ivan, next time, I'll check my graphs :s Nice shot ;) Ivan Markin : > Probably there is a memory leakage somewhere that makes everything fail > and get process eventually killed by OS. -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] assign_to_cpuworker failed
A good way to explore ! Exact, some swap is used... may be full of it ! Have to check it... > Probably there is a memory leakage somewhere that makes everything fail > and get process eventually killed by OS. -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Good Bad ISP - update required
Hey, Sorry to disturb about that... I'm trying to find a way to update/add informations on this page : https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs I have mailed a vps provider about running Tor relays on their DC, and there's no problem about running it. About exit node, it can be (like others) more dangerous if they have a lot of abuse mails (for sure it can be solved, but I'm not an expert with that :p) So it's possible to update informations on this page... If there's a mail address to inform ? Or here on this mailing list ?... Thx :) -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Uptime missing from Arm
Thx Damian for this ! Please you give some useful commands to install and use it ? I'll be happy to try your tool! Many thx :) > I've been rewriting it from the ground up and that's Nyx... > https://gitweb.torproject.org/nyx.git -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] All I want for Chrismas is a bloody t-shirt
Humm, I don't know how to solve your issue :'( Here my output with your relay fingerprint : ./tshirt.py Enter relay search-query : E856ABA2020AA9C483CC2D9B4C878D8D948B0887 Fetched bandwidth document Fetched uptime document Fetched details document = Relay details - Fingerprint : E856ABA2020AA9C483CC2D9B4C878D8D948B0887 First seen at least 2 months ago : True Exit to port 80 allowed : False Uptime percentage in past 2 months : 100.0 Average bandwidth in past 2 months : 443.31KBytes/s Eligibility Not eligible for T-shirt Reason : Average bandwidth less than 500KBytes/s and port 80 blocked > Can't get it to work, this is the output: > > python tshirt.py > Enter relay search-query : E856ABA2020AA9C483CC2D9B4C878D8D948B0887 > Fetched bandwidth document > Fetched uptime document > Fetched details document > Traceback (most recent call last): > File "tshirt.py", line 197, in > check_tshirt(search_query) > File "tshirt.py", line 181, in check_tshirt > first_seen_check = check_first_seen(details_data[i]) > File "tshirt.py", line 132, in check_first_seen > return (today - first_seen).total_seconds() >= TWO_MONTHS > AttributeError: 'datetime.timedelta' object has no attribute 'total_seconds' > > Alan -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] All I want for Chrismas is a bloody t-shirt
Hey, there's an old python script found many months ago... (attached file) If you want to try it, just launch it with command line (I've used a linux laptop) : ./tshirt.py XXX XXX is the relay fingerprint chmod +x if you can't execute this script > I requested a tshirt but my relays haven't done enough traffic yet. I'll > ask again in a few months. > > Alan > -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 #!/usr/bin/python import sys import urllib import urllib2 import json import threading import _strptime from datetime import timedelta, datetime TWO_MONTHS = 2 * 30 * 86400 def print_debug_info(fingerprint, first_seen_check, exit_port_check, uptime_percent, avg_bandwidth): """ Provides debugging information about relay operator's eligibility for acquiring a t-shirt """ print("=") print("\nRelay details") print("-") print("Fingerprint : " + fingerprint) print("First seen at least 2 months ago : " + str(first_seen_check)) print("Exit to port 80 allowed : " + str(exit_port_check)) if uptime_percent == -1: print("Uptime percentage in past 2 months : Insufficient data") else: print("Uptime percentage in past 2 months : " + str(uptime_percent)) if avg_bandwidth == -1: print("Average bandwidth in past 2 months : Insufficient data") else: print("Average bandwidth in past 2 months : " + str(avg_bandwidth) + "KBytes/s") print("\nEligibility") print("") if not first_seen_check: print("Not eligible for T-shirt") print("Reason : Relay first appeared in past 2 months") elif uptime_percent < 95: print("Not eligible for T-shirt") print("Reason : Insufficient relay uptime percentage") else: if exit_port_check is False: if avg_bandwidth >= 500: print("Eligible for T-shirt") print("Reason : Average bandwidth greater than 500KBytes/s and " "relay uptime greater than 95%") else: print("Not eligible for T-shirt") print("Reason : Average bandwidth less than 500KBytes/s and " "port 80 blocked") else: if avg_bandwidth < 100: print("Not eligible for T-shirt") print("Reason : Average bandwidth less than 100KBytes/s") else: print("Eligible for T-shirt") print("Reason : Average bandwidth greater than 100KBytes/s," "relay uptime greater than 95% and port 80 unblocked") print("") def fetch_data(doc_type, params): """ Fetches onionoo data and returns response formatted as a dictionary """ # Build the request base_URL = 'https://onionoo.torproject.org/' + doc_type request_URL = base_URL + '?' + urllib.urlencode(params) request = urllib2.Request(url=request_URL) # Send request to Onionoo try: response = urllib2.urlopen(request) except urllib2.HTTPError, error: print("Error " + str(error.code) + ": " + error.reason) exit() # Exit if no relay object in response response_dict = json.loads(response.read()) if response_dict['relays'] == []: print("Error: No such relay") exit() return response_dict def calculate_2mo_avg(response, response_type): """ Calculates the average of values in 2-month time frame """ # Check if required data is present in the response if response_type == 'uptime': if '3_months' not in response['uptime']: return -1 data = response['uptime']['3_months'] elif response_type == 'bandwidth': if '3_months' not in response['write_history']: return -1 data = response['write_history']['3_months'] # Sum up all values within past 2 months _sum = 0 count = 0 today = datetime.now() first = datetime.strptime(data['first'], "%Y-%m-%d %H:%M:%S") last = datetime.strptime(data['last'], "%Y-%m-%d %H:%M:%S") for i in range(data['count']): value_date = first + timedelta(seconds=(i * float(data['interval']))) if (today - value_date).total_seconds() <= TWO_MONTHS: if data['values'][i] not in [None, 'null']: _sum += (data['values'][i]) count += 1 # Calculate the result return (_sum * data['factor']) / count def check_in_ports(ports): """ Checks if port 80 is present in the ports list """ for entry in ports: if entry == '80': return True if '-' in entry: [x, y] = entry.split('-') if 80 in range(int(x), int(y)): return True return False de
Re: [tor-relays] All I want for Chrismas is a bloody t-shirt
Hi all, This quick mail to inform the tshirt has arrived successfully here ! Sooo many thx for your support, your hard work with all Tor projects, making the web better for everybody, easily. Now I'll be proud to show this tshirt ! (but have to wait for higher temperature...) Thx all for this gift ! Happy new year, Cheers :) Le 23/12/2016 à 20:30, Dakota Hourie a écrit : > Apologies for digging up this thread, but I just wanted to report that > I got my tshirt in the mail today along with some other tor swag just > in time for Christmas. > > Thanks Jon and Teor! > > Merry Christmas! > - > Dakota > > On Sun, Dec 11, 2016 at 6:36 PM, I <beatthebasta...@inbox.com > <mailto:beatthebasta...@inbox.com>> wrote: > > All, > > > > We learnt a lot from doing it last year, and we have plans to make it > more efficient this year. (And get more people on it.) > > We have already gone from having 0 paid people on it, to having 1 > paid person on it (and they do many other tasks as well). I think we > are getting more to help over the next few months. > > This should hopefully help relay operators get t-shirts as well.<< > > One thing which seemed a silly time consumer was that when I put > in a claim to the tshirt address forwarding the message that told > to me I could claim a tshirt, my legitimacy was doubted because > they didn't accept the reply was from the relay operator despite > their initiating it! > > What about simplifying that to one automated congratulation > message with the request for the size and address in the answer? > > Robert > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > <mailto:tor-relays@lists.torproject.org> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Raspberry Pi + Raspbian GNU/Linux 8.0 (jessie) + bind errors
Hey, Tor from Raspbian Repo is not very updated... v0.2.5... On a RPi, I usually build Tor Stable from source. No problem about using ports >1024 in my case. * Some dependencies required... (sorry, I don't remember which ones...) * Add source repo in your /etc/apt/sources.list At the bottom of the file : #TOR stable - pour building from source deb-src http://deb.torproject.org/torproject.org jessie main * Compil Tor from source with a script, in my home folder (for example): nano tor-compil.sh I use "root" user. -- #!/bin/bash # init function pause(){ read -p "$*" } mkdir ~/debian-packages cd ~/debian-packages rm * -R apt-get source tor cd tor-* debuild -rfakeroot -uc -us cd .. pause 'Press [Enter] key to continue... Installation TOR' dpkg -i tor_*.deb tor-*.deb exit 0 -- Then chmod +x tor-compil.sh ./tor-compil.sh Hope it will help! Le 06/01/2017 à 03:38, Kurt Besig a écrit : I just installed tor on a Raspberry Pi 3 Model B and can't get a relay to start unless I sudo. When I attempt to start tor as a non-privileged user I get a permissions error: Opening Jan 05 18:33:35.929 [notice] Opening OR listener on 0.0.0.0:443 Jan 05 18:33:35.930 [warn] Could not bind to 0.0.0.0:443: Permission denied Jan 05 18:33:35.930 [notice] Opening Directory listener on 0.0.0.0:80 Jan 05 18:33:35.930 [warn] Could not bind to 0.0.0.0:80: Permission denied Ideas on best method to bind these ports to tor on startup as non-root? Thanks -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running a relay with low transfer limits
Hey! Here a "vnstat" example on a relay, I hope it will help you. Only Tor is set up, nothing else. This relay has guard flag. Cheers. Le 04/01/2017 à 19:54, ike a écrit : Hi folks, Is there a generally accepted recommendation for how to set up a relay on a server with a fast connection but limited monthly transfers, say less than 100GB each way per month? Having done a bit of reading it seems daily limits are the way to go but I've found contradictory information regarding also limiting the bandwidth. Should I keep the relay accepting traffic (albeit slowly) for most of the day, allow a fast connection but for a very limited period every 24 hours or something in between. Thanks, Ike ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reset torrc file
Hey! I've updated an "old" Debian8 server not plugged since a long time ago, with Tor from Debian repo, and when updating it with a "apt-get update && apt-get dist-upgrade", when Tor package has came, it asked : Paramétrage de tor (0.2.9.8-2~d80.jessie+1) ... Fichier de configuration « /etc/tor/torrc » ==> Modifié (par vous ou par un script) depuis l'installation. ==> Le distributeur du paquet a fourni une version mise à jour. Que voulez-vous faire ? Vos options sont les suivantes : Y ou I : installer la version du responsable du paquet N ou O : garder votre version actuellement installée D : afficher les différences entre les versions Z : suspendre ce processus pour examiner la situation L'action par défaut garde votre version actuelle. *** torrc (Y/I/N/O/D/Z) [défaut=N] ? Sry for french, so quickly, it asked if I want to use the new torrc file from repo, yes or no, and No was the default choice (what I've done). Tor has automatically restarted without any problem. So in your case, it can be Webmin automatically answered "Yes" to this previous question, and the update has removed your torrc file, and the new has been set up...? (Ive not used Webmin since many years, I don't know if it can be possible to upgrade without any questions...?) Le 21/12/2016 à 23:30, Sec INT a écrit : > Hi > > Im using webmin but have done for a number of upgrades and this hasnt > happened before but I agree seems more likely to be a package manager issue - > just very odd that all torrc were renamed and new default torrc were > generated... > > Cheers > Mark B > Snaptor.co.uk (non commercial) > -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] confusing error from "tor --verify-config"
If you try : sudo -u debian-tor tor --verify-config Le 21/12/2016 à 01:59, Patrice a écrit : > Hi, >> I would suggest running tor --verify-config as debian-tor user instead of >> root > After I run the following command I`ve got no output. > Is this correct then? I expected a few lines somehow. > > su -c "/etc/init.d/tor --verify-config" debian-tor > > >> I would suggest not running tor as root . :) >> As root you can do: >> su debian-tor "tor --verify-config" >> > > I am not running tor as root. Tor runs as "debian-tor". > I installed it from the repositories and changed nothing in the > permissions. > > > Cheers, > Patrice > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Report of home relay experience (cont'd)
Haaa extra packages needed to compile from source... I don't remember which ones ! If someone here knows ? :s Something like : gcc Le 20/12/2016 à 19:08, Petrusko a écrit : Hey, I remember Raspberry Pi 1 + 2 are not really friendly with AES because of CPU limitation. And RPi 3 is better for this... For lazy guyz, here are Atlas links about the 2 relays : https://atlas.torproject.org/#details/31B8C4C4F1C78F923BD906769297B15A428C4A04 https://atlas.torproject.org/#details/707A9A3358E0D8653089AF32A097570A96400CC6 For new relays, it's always good to wait for consensus growing, so it will be more used in the future... may be some weeks needed. I see current Raspbian Tor package : Tor 0.2.5.12 on Linux May be it can be better to compile a newer Tor package, by using source Tor repo ? Add Tor repo in the RPi to have the source available (here is stable source) : in the /etc/apt/source.list, you can add, then apt-get update : #TOR stable - pour building from source deb-src http://deb.torproject.org/torproject.org jessie main I've made a script a moment ago for a RPi, located in my home folder : nano tor-compil-source.sh #!/bin/bash # init function pause(){ read -p "$*" } mkdir ~/debian-packages cd ~/debian-packages rm * -R apt-get source tor cd tor-* debuild -rfakeroot -uc -us cd .. pause 'Press [Enter] key to continue... Install TOR' dpkg -i tor_*.deb tor-*.deb exit 0 As you can see, the script is waiting for you to push a key before installing the new package... Why not, can be cool to watch log during set up, on another console, or "tmux" window : tail -f /var/log/tor/log (or notice file... depend on what you set up in torrc file) You can use your current fingerprint, relay name... only the packge will be updated. (if I'm wrong, don't hesitate to burn me here !) I hope it can help ;) Le 20/12/2016 à 11:10, Rana a écrit : Of the two relays that I run from two different residential premises for some time now, the first, nicknamed ZG0 (has absolutely stable dynamic IP and Stable flag for many days now) is clinically dead despite the measured BW of 100 kbytes/sec. The second, nicknamed GG2 (static IP, Stable, Fast, HSdir) is not dead but is relaying only about 0.5 gbytes per day. That’s an average rate of just 4% of its never-changing measured BW of 153 Kbytes/sec (which is equal to 100% of its bandwidth limit in torrc). It currently has 900 connections and made over 16,000 circuit handshakes in the last 6 hours, all of them successful. The two relays run on identical Pies with the same configuration except the bandwidth limit (which is higher on ZG0 than on GG2) and negligible CPU and memory utilization. Comments? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Report of home relay experience (cont'd)
Hey, I remember Raspberry Pi 1 + 2 are not really friendly with AES because of CPU limitation. And RPi 3 is better for this... For lazy guyz, here are Atlas links about the 2 relays : https://atlas.torproject.org/#details/31B8C4C4F1C78F923BD906769297B15A428C4A04 https://atlas.torproject.org/#details/707A9A3358E0D8653089AF32A097570A96400CC6 For new relays, it's always good to wait for consensus growing, so it will be more used in the future... may be some weeks needed. I see current Raspbian Tor package : Tor 0.2.5.12 on Linux May be it can be better to compile a newer Tor package, by using source Tor repo ? Add Tor repo in the RPi to have the source available (here is stable source) : in the /etc/apt/source.list, you can add, then apt-get update : #TOR stable - pour building from source deb-src http://deb.torproject.org/torproject.org jessie main I've made a script a moment ago for a RPi, located in my home folder : nano tor-compil-source.sh #!/bin/bash # init function pause(){ read -p "$*" } mkdir ~/debian-packages cd ~/debian-packages rm * -R apt-get source tor cd tor-* debuild -rfakeroot -uc -us cd .. pause 'Press [Enter] key to continue... Install TOR' dpkg -i tor_*.deb tor-*.deb exit 0 As you can see, the script is waiting for you to push a key before installing the new package... Why not, can be cool to watch log during set up, on another console, or "tmux" window : tail -f /var/log/tor/log (or notice file... depend on what you set up in torrc file) You can use your current fingerprint, relay name... only the packge will be updated. (if I'm wrong, don't hesitate to burn me here !) I hope it can help ;) Le 20/12/2016 à 11:10, Rana a écrit : Of the two relays that I run from two different residential premises for some time now, the first, nicknamed ZG0 (has absolutely stable dynamic IP and Stable flag for many days now) is clinically dead despite the measured BW of 100 kbytes/sec. The second, nicknamed GG2 (static IP, Stable, Fast, HSdir) is not dead but is relaying only about 0.5 gbytes per day. That’s an average rate of just 4% of its never-changing measured BW of 153 Kbytes/sec (which is equal to 100% of its bandwidth limit in torrc). It currently has 900 connections and made over 16,000 circuit handshakes in the last 6 hours, all of them successful. The two relays run on identical Pies with the same configuration except the bandwidth limit (which is higher on ZG0 than on GG2) and negligible CPU and memory utilization. Comments? signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] All I want for Chrismas is a bloody t-shirt
Yeah! Tshirt tshirt tshirt !!! Christmas time ?? :p 12/12/2016 02:36, I : > What about simplifying that to one automated congratulation message > with the request for the size and address in the answer? -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] 0.2.8.11 bridge + hidden service, restart loop
Hey, Compiled current 0.2.8.11 (git-c49e563d0096aa5d) on a RPi, set up as a bridge + hidden service (http) Before update, everything was fine. Now, it's starting only fine when only bridge is enabled If hidden service is enabled in torrc, some problems : - restart loop - /var/log/tor/notices.log is not used. but can watch log in /var/log/syslog file... Custom hostname + private_key in hidden_service, it was nice before... Thx for your help :) Dec 9 23:48:06 XXX systemd[1]: Starting Anonymizing overlay network for TCP... Dec 9 23:48:08 XXX tor[3935]: Dec 09 23:48:08.336 [notice] Tor v0.2.8.11 (git-c49e563d0096aa5d) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8. Dec 9 23:48:08 XXX tor[3935]: Dec 09 23:48:08.342 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Dec 9 23:48:08 XXX tor[3935]: Dec 09 23:48:08.343 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Dec 9 23:48:08 XXX tor[3935]: Dec 09 23:48:08.343 [notice] Read configuration file "/etc/tor/torrc". Dec 9 23:48:08 XXX tor[3935]: Dec 09 23:48:08.399 [warn] Tor is currently configured as a relay and a hidden service. That's not very secure: you should probably run your hidden service in a separate Tor process, at least -- see https://trac.torproject.org/8742 Dec 9 23:48:08 XXX tor[3935]: Dec 09 23:48:08.405 [notice] Based on detected system memory, MaxMemInQueues is set to 361 MB. You can override this by setting MaxMemInQueues by hand. Dec 9 23:48:08 XXX tor[3935]: Configuration was valid Dec 9 23:48:10 XXX tor[3941]: Dec 09 23:48:10.088 [notice] Tor v0.2.8.11 (git-c49e563d0096aa5d) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8. Dec 9 23:48:10 XXX tor[3941]: Dec 09 23:48:10.093 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Dec 9 23:48:10 XXX tor[3941]: Dec 09 23:48:10.093 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Dec 9 23:48:10 XXX tor[3941]: Dec 09 23:48:10.094 [notice] Read configuration file "/etc/tor/torrc". Dec 9 23:48:10 XXX tor[3941]: Dec 09 23:48:10.151 [warn] Tor is currently configured as a relay and a hidden service. That's not very secure: you should probably run your hidden service in a separate Tor process, at least -- see https://trac.torproject.org/8742 Dec 9 23:48:10 XXX tor[3941]: Dec 09 23:48:10.157 [notice] Based on detected system memory, MaxMemInQueues is set to 361 MB. You can override this by setting MaxMemInQueues by hand. *Dec 9 23:48:10 XXX systemd[1]: tor@default.service: main process exited, code=exited, status=1/FAILURE** **Dec 9 23:48:10 XXX tor[3941]: Dec 09 23:48:10.165 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied** **Dec 9 23:48:10 XXX tor[3941]: Dec 09 23:48:10.165 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.** **Dec 9 23:48:10 XXX tor[3941]: Dec 09 23:48:10.165 [err] Reading config failed--see warnings above.** **Dec 9 23:48:10 XXX systemd[1]: Failed to start Anonymizing overlay network for TCP.** **Dec 9 23:48:10 XXX systemd[1]: Unit tor@default.service entered failed state.** **Dec 9 23:48:10 XXX systemd[1]: tor@default.service holdoff time over, scheduling restart.* Dec 9 23:48:10 XXX systemd[1]: Stopping Anonymizing overlay network for TCP... Dec 9 23:48:10 XXX systemd[1]: Starting Anonymizing overlay network for TCP... -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Fwd: Spam mailout
Le 21/11/2016 à 16:33, Alison a écrit : > Hi Petrusko, > > I got the same to this riseup account, which is not connected to a > relay. So it may be targeting riseup users. Ok, thx for reporting this too. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Fwd: Spam mailout
Hey, Here a copy of a mail containing an attached file logs_petrusko.zip containing .js sent to my mail address used for relays... This file edit here : https://framabin.org/?0b8d246a55e76e07#deg6j9x5HjLbtOhY9rA6FIiINzthE0t+qfYUJc+Bp3s= It smells like shit... I'm not 100% sure, but first time it happens on this mailbox. May be a new bot scanning relays informations...? Take care. ps: torrc contains this mail address obfuscated... not enough may be ? Here is the mail (name changed...), : Dear petrusko We've been receiving spam mailout from your address recently. Contents and logging of such messages are in the attachment. Please look into it and contact us. Best Regards, Marian Henderson ISP Support Tel.: xxx signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] network scan results for CVE-2016-5696 / rfc 5961
On a Raspberry pi... Linux 4.4.26+ #915 Thu Oct 20 17:02:14 BST 2016 armv6l GNU/Linux $ netstat -s | grep -i challenge TCPChallengeACK: 10 (no TCPSYNChallenge result ??) Le 17/11/2016 à 20:24, Univibe a écrit : > My relays have been patched to the latest available kernels, and > aren't in the list of vulnerable relays, however they still show high > values for TCPSYNChallenge: > > > > $ ansible tor -a 'bash -c "netstat -s | grep -i challenge"' -b > --ask-become-pass > > lon | SUCCESS | rc=0 >> > TCPChallengeACK: 14197 > TCPSYNChallenge: 2926 > > fra | SUCCESS | rc=0 >> > TCPChallengeACK: 12907 > TCPSYNChallenge: 3461 > > > > $ ansible tor -a 'bash -c "cat /etc/lsb-release && uname -rv"' -b > --ask-become-pass > > fra | SUCCESS | rc=0 >> > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=14.04 > DISTRIB_CODENAME=trusty > DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS" > 3.13.0-101-generic #148-Ubuntu SMP Thu Oct 20 22:08:32 UTC 2016 > > lon | SUCCESS | rc=0 >> > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=14.04 > DISTRIB_CODENAME=trusty > DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS" > 3.13.0-101-generic #148-Ubuntu SMP Thu Oct 20 22:08:32 UTC 2016 > > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] network scan results for CVE-2016-5696 / rfc 5961
On a Debian 8 updated relay too : # netstat -s | grep -i challenge TCPChallengeACK: 19497 TCPSYNChallenge: 12991 Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux Something else for being sure ? Le 17/11/2016 à 20:24, Univibe a écrit : > $ ansible tor -a 'bash -c "netstat -s | grep -i challenge"' -b > --ask-become-pass > > lon | SUCCESS | rc=0 >> > TCPChallengeACK: 14197 > TCPSYNChallenge: 2926 > > fra | SUCCESS | rc=0 >> > TCPChallengeACK: 12907 > TCPSYNChallenge: 3461 -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] obfs4 - how to from source
Thx Tim for this help ! No problem if you don't know how to easily solve it ;) The first step about exact command lines to type is now solved, and now it's something else about go (may be). Have to find why my system isn"t compiling this code! Thx for your help. If I find something interesting, no problem about writing a quick paper "how to" ;) Good luck, thx! signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] obfs4 - how to from source
> Please run the following commands as the normal user petrusko: > > mv /home/petrusko/gocode /home/petrusko/gocode.old > mkdir /home/petrusko/gocode > export GOPATH=/home/petrusko/gocode > go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy > > What does it say when you run those commands? > > Tim Thx! It looks like better, Here is the result of the last command line : $ go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy # github.com/dchest/siphash gocode/src/github.com/dchest/siphash/blocks_arm.s:2 5a: No such file or directory: textflag.h # golang.org/x/crypto/poly1305 gocode/src/golang.org/x/crypto/poly1305/sum_arm.s:8 5a: No such file or directory: textflag.h There is new content inside the /home/petrusko/gocode ... I see /pkg + /src inside. -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] obfs4 - how to from source
Thx Tim for help. Now I'm using another user than root... But I'm still in a black hole (+headache), sadly without finding any document about how using this "go" software + obfs4 :'( Sooory, I'm not really nice with source compiling... :s _go help gopath :_ [...] Each directory listed in GOPATH must have a prescribed structure: The src/ directory holds source code. The path below 'src' determines the import path or executable name. The pkg/ directory holds installed package objects. As in the Go tree, each target operating system and architecture pair has its own subdirectory of pkg (pkg/GOOS_GOARCH). [...] But I don't see any /src or /pkg in the downloaded git folder ? _Here the content downloaded :_ $ dir -R /home/petrusko/obfs4/ obfs4/: ChangeLog common docLICENSE obfs4proxy README.mdtransports obfs4/common: csranddrbg log ntor probdist replayfilter socks5 uniformdh obfs4/common/csrand: csrand.go obfs4/common/drbg: hash_drbg.go obfs4/common/log: log.go obfs4/common/ntor: ntor.go ntor_test.go obfs4/common/probdist: weighted_dist.go weighted_dist_test.go obfs4/common/replayfilter: replay_filter.go replay_filter_test.go obfs4/common/socks5: args.go args_test.go rfc1929.go socks5.go socks_test.go obfs4/common/uniformdh: uniformdh.go uniformdh_test.go obfs4/doc: obfs4proxy.1 obfs4-spec.txt obfs4/obfs4proxy: obfs4proxy.go proxy_http.go proxy_socks4.go pt_extras.go termmon.go termmon_linux.go obfs4/transports: base meekliteobfs2 obfs3 obfs4 scramblesuit transports.go obfs4/transports/base: base.go obfs4/transports/meeklite: base.go meek.go obfs4/transports/obfs2: obfs2.go obfs4/transports/obfs3: obfs3.go obfs4/transports/obfs4: framing handshake_ntor.go handshake_ntor_test.go obfs4.go packet.go statefile.go obfs4/transports/obfs4/framing: framing.go framing_test.go obfs4/transports/scramblesuit: base.go conn.go handshake_ticket.go handshake_uniformdh.go hkdf_expand.go signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] obfs4 - how to from source
Hey! Coming here to take some good tips about obfs4 compil from source... Not enough time since http://archives.seul.org/or/relays/Jul-2016/msg00101.html Now it's ok to try another time ! On the Raspbian set up, I've started with : apt-get install git golang-go golang-go.crypto-dev golang-go.net-dev golang-goptlib-dev golang-ed25519-dev golang-siphash-dev After this, with /root/ account : go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy Result is : *package git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy: cannot download, $GOPATH not set. For more details see: go help gopath* I've tried many things, GOPATH=/home/petrusko and may be GOPATH=/home/petrusko/obfs4 Tried too to clone git with /git clone https://git.torproject.org/pluggable-transports/obfs4.git /And now I'm lost with this GOPATH problem ! Is there a wiki explaining how to compil/install this obfs4proxy from source. I've found nothing about it... From readme, I don't understand this... To build: `go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy` To install: Copy `$GOPATH/bin/obfs4proxy` to a permanent location (Eg: `/usr/local/bin`) Many thx for help :) -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] proper way to insert PGP key in torrc?
I think with Consensus = 7, not all people on Earth will go though this relay, no problem ! And I'm pretty sure a lot of people "use a new circuit" when surfing is slow... it's so easy to change relays used. So for me it's cool to have fun with a home relay (sooo cheap with a dev board like a spare RPi not used for example), to understand how it's working, how to set up correctly everything, before going in wild with a serious server directly wired to the web without a home router protecting everything, full access to everyone ;) No problem for me, "consensus weight" is here to regulate usage of this relay ;) Thx for adding a relay, and spending time for this ;) Univibe : > > He's running a relay because what he believe and it's fun > > without hurting nobody. -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Interrogated by Finnish police for alleged idendity crimes, fraud and attempts of fraud
Agree, trying to explain why people like Tor operators and/or volunteers on WGC are giving time, network/cpu computing, money... to preserve and help human rights, health... can be a good way. Trying to show them what the Tor network is, why, the goal... the easiest possible, because many of them are not geeks. Good luck... Julien ROBIN : > In all those cases, my words are honest and true; as we shouldn't be > ashamed of participating to projects aiming to a better word and more > freedom, but shouldn't be happy of misuses, my personal preference is > to be understanding and true. I also tell them that I'm participating, > with my computers, to others scientific projects like World Community > Grid (explaining it's about cancer research and a lot of others > subjects) : It can be seen as "not related" but it is, as that's the > way we are volunteers to the Tor Network ! -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Haha ok! Nice hard work so ;) Good luck for next update ! (hope it will be ok for a long time!) Le 26/10/2016 à 09:30, Markus Koch a écrit : > I did it like a real man, just me hands and putty without any bash scripts > and these modern devil tools! > > markus > > > Sent from my iPad > >> On 26 Oct 2016, at 09:18, John Ricketts <j...@quintex.com> wrote: >> >> I feel you Markus, I did 24. I wrote a bash script to >> update/upgrade/reboot. >> >>> On Oct 26, 2016, at 02:17, Markus Koch <niftybu...@googlemail.com> wrote: >>> >>> 32 relays updated (Debian + Tor compiled to latest version) >>> >>> I am getting too old for this without a server management system >>> >>> Markus >>> >>> >>> >>> >>> 2016-10-25 23:48 GMT+02:00 nusenu <nus...@openmailbox.org>: >>>> just a reminder since most of the tor network (including some of the >>>> biggest operators) still runs vulnerable relays >>>> >>>> https://blog.torproject.org/blog/tor-0289-released-important-fixes >>>> >>>> >>>> Since 2/3 directory authorities removed most vulnerable versions from >>>> their 'recommended versions' you should see a log entry if you run >>>> outdated versions (except if you run 0.2.5.12). >>>> >>>> >>>> It is not possible to reliable determine the exact CW fraction >>>> affected[1] due to the fact that patches were released that didn't >>>> increase tor's version number. >>>> Therefore it is also possible that you get log entries even if you run a >>>> patched version (IMHO this hasn't been handled in the most professional >>>> way). >>>> >>>> >>>> Update instructions >>>> >>>> Debian/Ubuntu >>>> == >>>> >>>> make sure you use the Torproject repository: >>>> https://www.torproject.org/docs/debian.html.en >>>> >>>> (you can also use the debian repository but the Torproject's repo will >>>> provide you with the latest releases) >>>> >>>> >>>> aptitude update && aptitude install tor >>>> >>>> >>>> CentOS/RHEL/Fedora >>>> === >>>> >>>> yum install --enablerepo=epel-testing tor >>>> >>>> >>>> FreeBSD >>>> >>>> >>>> pkg update >>>> pkg upgrade >>>> >>>> OpenBSD >>>> === >>>> >>>> pkg_add -u tor >>>> >>>> >>>> Windows >>>> >>>> >>>> No updated binaries available for this platform yet. >>>> >>>> >>>> >>>> >>>> [1] as of 2016-10-25 18:00 (onionoo data) >>>> conservative estimate >>>> -- >>>> (counts only 0.2.8.9 and 0.2.9.4-alpha as patched) >>>> 31% CW fraction patched >>>> >>>> optimistic estimate >>>> --- >>>> (additionally assumes every non-Windows running 0.2.4.27, 0.2.5.12, >>>> 0.2.6.10, 0.2.7.6 that restarted since 2016-10-17 is patched): >>>> 43% CW fraction patched >>>> >>>> >>>> ___ >>>> tor-relays mailing list >>>> tor-relays@lists.torproject.org >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>> >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Handmade scripts to update everybody ? (a little curious ;) Markus Koch : > I am getting too old for this without a server management system -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] cryptsetup some folders
Right, it's so easy and quick to duplicate a SD card with this hardware, by only unplugging it from the board... If it's not stored under your bed, it can be useful :p And 2nd, it can be a cool challenge to make it working ? To understand how those security softwares and how to config them nicely is really cool. It's always good to make your head thinking about a new way you don't know ;) And exploring some new things you never seen working... and sharing informations you found with others by trying to make it work. By this way, if I become more friendly with encrypting data and system with this test, it will be useful for future RPi installs, like mail servers and other stuff to secure by encrypting personal data... hosting some friends backups for example... Thx ;) Duncan Guthrie : > Disk encryption only prevents physical access - are you at risk of this? -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] cryptsetup some folders
Absolutely interested ! with pleasure :) Will it be a link, or a file...? if you prefer sending it directly to this mail address... Thx in advance ;) Mirimir : > I have a how-to guide, if you're interested. -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] cryptsetup some folders
Many thx for your contribution, thx to you 2 :) I was thinking too about the full disk encryption. No problem to backup/restore current files. Sadly Raspbian, and many others OS for the RPi, have not many options like x86 when you set up the system. That's why it can be hard to understand how to proceed with a running system, harder than set up a fresh Debian with the main useful menu with "use full disk encryption" option ;) I'll read the links in your previous mail, it will be helpful. Thx for your lights, to all ;) -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] cryptsetup some folders
Hey all, I'm planning to customise a RPi with Raspbian already running, and using cryptsetup (LUKS) to have a partition more secure for some reasons... So the goal is to move some existing sensitive folders to this new encrypted partition. Some sym-links will be used for those directories. About Tor, if I'm not wrong, those directories can be moved to this encrypted partition : /var/lib/tor : so I'm planning to move /var... So at final, planning to move : /home /var /tmp (why not swap file ?) Any suggestions and master's thoughts are welcome :) -- Petrusko EBE23AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Linux kernel vulnerability
I don't know if it's possible to load a new kernel without rebooting... But I think people who doesn't want to reboot because feared of a bad reboot, loose SSH or anything else... If OS's teams are updating a system for security, I prefer a bad reboot (backups are done before!) than a system with a lot of security holes, sick of botnets or sending spams every seconds, a Tor relay controlled by bad hands... :s On other servers (debian/raspbian) I usually use "apticron", it sends everyday mails to root or another ad...@domain.com, with summary about updates available for the host. > but I still need to manually reboot to apply kernel upgrades. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Linux kernel vulnerability
https://security-tracker.debian.org/tracker/CVE-2016-5195 Remember, to know your current debian linux kernel : uname -a If your kernel is not up to date : apt-get update && apt-get dist-upgrade && reboot I : > Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the > Linux Kernel > > http://dirtycow.ninja/ -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommendation for DUMB COMPUTING devices for Tor Relays
I can confirm "rpi-update" usually works fine to update firmware. But don't forget to run this command sometimes by hand, no auto-update during the system /apt-get upgrade/ > firmware of RPi can be changed: https://github.com/Hexxeh/rpi-update / > https://github.com/Hexxeh/rpi-firmware -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Smallest, cheapest, lightest computer for tor relay
RPi 2/3 if I'm not wrong are around 3 Watts (fanless) An old P4... For sure it's not lower than 60 Watts power consumption And if he wants to run only a Tor relay, advantage to have Windows OS is relative ;) Not really agree... But agree about cpu speed ;) I don't remember, RPi v3 has the famous AES-NI that make everything faster for Tor ? :s 17/10/2016 14:18, Neel Chauhan : > The disadvantage of the PC approach is space and higher power > consumption, but the advantage is that you can use *BSD and Windows, > and can possibly take advantage of faster speeds. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?
# chattr +i /etc/resolv.conf Exact it works fine :) Le 17/10/2016 à 09:49, Peter Palfrader a écrit : > On Sun, 16 Oct 2016, Jesse V wrote: > >> The dnscrypt repository on Github has a list of public DNS servers. I >> point my Unbound instance at one of them > Your unbound should probably just be recursive itself instead of relying > on open 3rd party nameservers. > > (As for /etc/resolv.conf, I usually just put nameserver 127.0.0.1 in > there and chattr +i the file so it doesn't get munged by whatever magic > is current this year.) -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?
Thx for this share. But I'm not sure how Unbound is "speaking" with the roots DNS servers... Somewhere I've read that DNS queries can be forwarded by a "man in the middle", and the server operator can't be sure about this :s An ISP is able to do it with your "private server" hosted behind your ISP's router... I see DNSsec to crypt DNS queries from a client to a server, but for sure it's not possible to use it with roots DNS servers... 16/10/2016 22:02, Tristan : > TL;DR, if I understand how Tor relays work, Unbound (or any local DNS > server) should see a request for example.com <http://example.com> > coming from localhost or 127.0.0.1. It answers the request, stores it > in cache just in case, rinse and repeat. The machine running the exit > relay is the one that makes the DNS request, so the only thing you'd > get from looking at the DNS cache would be a "Top 100 Websites This > Tor Relay Visits" sort of list. > > From what I could find, a DNS cache contains the hostname and its > associated IP address, nothing more. From what I understand, even if a > DNS cache saved the source of the request, it should save "127.0.0.1" > or "localhost" as the source, since exit nodes are the source of the > request, and simply forward the response back to the client. > > I couldn't find anything specific about Unbound, but it seems like > there isn't a proper way to read the DNS cache anyway unless you can > somehow decode the binary file. I suppose if you know the specific > cache file, you could copy it to a different machine with Unbound > installed, and possibly extract data from that, but this theory > assumes the cache is saved to the hard drive, and it's probably only > stored in RAM. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?
Is there a way to know "who" has made this DNS query by reading the cache ? May be you can know there are 30 people have looked for google.com during the last 5 minutes, but "who" has made those DNS queries looks like difficult ? (I'm not an expert on hacking :p ) 16/10/2016 21:28, Tristan : > Unbound does cache DNS entries, but there was also serious discussion > about whether or not the cache is a privacy risk/anonymity leak, but I > feel it's worth the trade-off since public DNS servers do the same thing. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?
Humm, I've not checked on the torproject website, tuto how to build a relay/exit... It can be nice to link a tutorial : how to set up quickly and easily a DNS resolver to increase privacy ? May be exit operators can understand it's not really a big job to apt-get install unbound (an example) and use root DNS servers. I've always read using root DNS is not very good for speed... but if I'm not wrong Unbound (and others) have a cache ? 16/10/2016 12:52, Toralf Förster : > Adding different nameserver= lines to /etc/resolv.conf than 8.8.8.8 > shouldn't be a big thing, or ? -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.
Little update : No more "ESTABLISH_RENDEZVOUS" logged since this day... 07/10/2016 08:09, Petrusko : > x2 too on a non-exit relay : > Oct 06 13:35:22.000 (UTC+2) > > But nothing a 2nd relay process on the same machine... -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.
x2 too on a non-exit relay : Oct 06 13:35:22.000 (UTC+2) But nothing a 2nd relay process on the same machine... 06/10/2016 18:29, Logforme : > I had 3 today on my non-exit relay. Can't remember seeing them before. Maybe > they are new in 0.2.8.8? > Times are UTC+2 > > Oct 06 09:14:03.000 [warn] > Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS. > Oct 06 14:08:13.000 [warn] Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS. > Oct 06 14:08:14.000 [warn] Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] "Potentially dangerous relay groups"
In torrc, an idea...?? *MyFamily http://mydomain.org/myfamily.txt* So > there will be only 1 list to update / maintain by the operator(s). Ctrl+F to find if a fingerprint is already here (for lazy guyz)... if not, Ctrl-V to add the new fingerprint, if Atlas shows a down fingerprint, Ctrl+F too... then /service tor reload/ to eat the new txt file? > One list is much easier. > > Robert -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Strange difference between rx and tx traffic
I remember when I've set up vnstat on a Raspberry Pi hosted in a DataCenter, without Tor... only a webserver + NTP were available And I saw a lot of RX Megabytes, that's why I've set up NTOP to monitor eth0. It was a lot of broadcast/multicast, ex: 224.0.0.0 + others friends for sure on the same router in the datacenter (many IPs around) On an exit, I think "ntop" will take a lot of resources ? It can monitor every ports, and show you who is speaking with your server, which ports, etc... About Unbound: a quick add if I'm not wrong : -- dnscrypt enabled by : unbound-control-setup -- Check config to find an error : unbound-checkconf /etc/unbound/unbound.conf -- Automatic downloading root file to use root DNS servers, with crontab -e : 00 5 * * 1 wget ftp://ftp.internic.net/domain/named.cache -O /etc/unbound/root.hints && /etc/init.d/unbound restart (every week at 5:00, the 1st day (monday) it will download the file, then restart the Unbound service to eat the new file) -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)
It was a middle relay, not an exit > Guard or exit? -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)
On my last relay, the bandwidth max rate was set up to 20Mbits/s up+down, and no problem about this "1TB traffic" after 2 months with full bandwidth used ;) Sooo many TB were forwarded during those months without any mail or bottleneck on VPS router's side ;) > 1 TB traffic :( -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)
Hey, Since 1-2 months I'm using a VPS on this provider, don't want to advertise here, but only share my little experience: https://www.pcextreme.com/aurora/compute Starting price is 3€/month for a virtual machine - 20G SSD - 512 RAM - (Have to check bandwidth... hosted in a datacenter, so...) Bandwidth : fairly use... For a relay, never got a mail from them. About an exit, I don't know. I've imported a debian.iso in the web-interface, and possible to boot a custom install. Or of course you can use VPS templates... > Well, if $5 a month is high for you, I don't know what to say. > -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)
No way to "add" an image .iso with the web interface ? > D.O. has images for Debian (8.5, 7.11), Ubuntu (16.04.1, 14.04.5, > 12.04.5), but no Gentoo. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Closing a relay, to move/upgrade, identity question ?
Hey, Planning to close, then re-build a relay. (1st time I'm testing it on the whole system!) Some useful informations here about : https://www.torproject.org/docs/faq.html.en#UpgradeOrMove I think it's useful to stay on the same "identity"... But if the new torrc will use others TCP ports, will it be a mess ? No problem for me if this (new) relay will not have the same identity has before. But it will be nice to retore Atlas old graphs ;) If I'm paranoiac, and if this current relay has been corrupted, I think it's better to start a clean identity without the old keys ? Thx for your lights ;) -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Cheapest HW to get 20Mbit?
> Up to two per IP. Hu? it's sad for people having several CPU... :s -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Cheapest HW to get 20Mbit?
Hey, Tor process is only mono-cpu, so if you have RPi v2 or v3, the full quad core will not be used 100% by 1 Tor process. On this list I've already read it's possible to launch several Tor processes, so all cpu x4 cores can be used at same time. About hardware, I don't know if the RPi can go to 20Mbit with 1 process (or 4). Let's try ;) > Hi > Since a few months back I have two RPi running Tor relays and delivering > about 1Mbit each of peak throughput. Now my ISP has increased my max upload > speed and I am looking to contribute more, somewhere in the 20Mbit range or > possibly more. > > But what hardware do I need? Has anyone written down a list of minimum > requirements to get a certain throughout? > > I have tried to google, but failed. > > Sincerely > Daniel Armyr. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [tor-dev] Some information about Tor relays
May be some numbers here... about Tor network in general https://metrics.torproject.org/ > > We hope to have an estimate about computation capacity of Tor relays. > For instance, how many circuits a relay can maintain when its CPU is > driven to about 100%? On average, how many circuits are maintained by > a busy guard and what the CPU utilization is. These kinds of > information would be really helpful. > -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor not running since last Debian update
Hey, The process is not running ? Or is it running behind without behind connected to Tor network ? What is there the log ? /var/log/tor/log(for example) > Hi > > So I think 2 days ago I updated tor on my debian stable machine and > since then it's seen as not running anymore. It should be a relay. > > And locally it doesn't listen on port 9050, so it's not even a client > now. My torrc hasn't changed. > > What's going on? Any config changes I missed? > > thanks > > martin -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tiny computers (RPi-like) for exit nodes?
Sometimes it can because of a bad/cheap power supply... Not the ARM-Pi or the OS :s > Hi, used to run a Banana PI with Debian as a TOR Relay. This is not > recommendable since the system froze after a while. Although this could just > be my system that is unstable. > > but from my experience I can not recommend it. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] relay on a vps not exclusively used for tor?
Woo I've quickly googled this "grsecurity" patch, it looks like not so easy to apply on a Debian Stable kernel... (that's why I've never seen something like your log on my side...) https://wiki.debian.org/grsecurity Thx for sharing this kernel option, and this experience. But if I understand well, a user from the IP address 5.79.67.47 has tried to execute system commands after beeing connected successfully to your boinc instance ? > On 08/21/2016 09:33 PM, Petrusko wrote: > > CPU is not used 100% all the time, so there is Boinc running behind to > > help worldcommunitygrid.org against cancer, ebola, zika... > > There was an unclear situation related to BOINC at my former exit > relay [1], so I banned BOINC from an Tor relay. > > > [1] https://www.zwiebeltoralf.de/torserver/cep2/index.html -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] relay on a vps not exclusively used for tor?
Hey! Thx for adding a relay ;) About my vps relay, there's a webserver running behind with munin to monitor/graph everything. (only my home IP is able to connect to this webserver) CPU is not used 100% all the time, so there is Boinc running behind to help worldcommunitygrid.org against cancer, ebola, zika... This vps is helping for Tor network (human rights and freedom)(sharing network) + human health at same time (sharing cpu) Server is now 95% used for some good things on my opinion. I think those softwares running behind are safe? and are not against Tor security? Having a little owncloud for you on your vps can't be a bad on my opinion, if you always update softwares and OS... If I'm not wrong, an admin will always say 1 task = 1 server... Other notices are welcome ;) > Hi, > > I'm planning to get myself a small VPS for simple things like > calendar-synching and backup of important data. Since these things are > very light on resource-usage, I thought about putting a tor relay > (non-exit) on the server, so it does something useful instead of idling > most of the time. > > Is this advisable, or are there reasons why I shouldn't put a relay on a > server that is used simultaneously by other things? > > Thanks for your advice! > -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] obfs4 - git how to ?
> Through out any of this, did it occur for you to look at the > `README.md` file in the directory you cloned? > > To build: > `go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy` > > To install: > Copy `$GOPATH/bin/obfs4proxy` to a permanent location (Eg: `/usr/local/bin`) Thx all for your answers (sry for this answer 1 month after...) Rah, I've just understood why I'm having this problem with "permission denied", after copying the folder obfs4proxy cloned from git, in the /usr/bin/obfs4proxy Is it source folder I'm downloading from git ?! So _I've to build obfs4proxy_ with "go" and all others dependencies listed ?! So "go" is a program used to build ?! Ouch, I'm not sure how to find this program in the distribution I'm using (Raspbian) Sry for being noob!!! totally noob ;) But it's nice to learn everyday... Thx ;) -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DoS on my non-exit relay? Or just oversensitive DoS "protection"?
Oops, forgot to say on my middle relay, 5MB/s up/down, TCP sockets is usually between 3000 and 4000.. Le 10/08/2016 à 10:57, Petrusko a écrit : > Hey, > > Since last ddos subject here, I've added a graph on my Munin node. > The graph will show the number of TCP connections used, and I think it > can be useful to see if there are some spikes = may be DoS attacks...? > So if you have Munin running on your relay, it can be activated by > creating a symlink "/etc/munin/plugins/tcp" to > "/usr/share/munin/plugins/tcp" > > > > Le 10/08/2016 à 09:39, Sebastian Niehaus a écrit : >> I am not sure whether it really looks like a DoS attack or if is just >> many "normal" tor packets hammering on the small server which are >> misunderstood as a DoS. > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DoS on my non-exit relay? Or just oversensitive DoS "protection"?
Hey, Since last ddos subject here, I've added a graph on my Munin node. The graph will show the number of TCP connections used, and I think it can be useful to see if there are some spikes = may be DoS attacks...? So if you have Munin running on your relay, it can be activated by creating a symlink "/etc/munin/plugins/tcp" to "/usr/share/munin/plugins/tcp" Le 10/08/2016 à 09:39, Sebastian Niehaus a écrit : > I am not sure whether it really looks like a DoS attack or if is just > many "normal" tor packets hammering on the small server which are > misunderstood as a DoS. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit relay funding
Haha yes! T-shirts are a good way to start conversations with people who don't really know what is this "onion" !? And be proud to wear it ! :p Registration is open ?!! ;p Le 04/08/2016 à 17:26, I a écrit : > Hear Hear, Roger and Petrusko, > > Nonetheless, I would like the promised t-shirts before next year. > > Robert -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit relay funding
And I think a lot of users doesn't know what is there "behind". As always in computer's world... Now I'm able to explain quickly (what I've understood) this network to some friends/family, who were using Tor a long time ago before I've started to have fun with contributing a little to the network. How many people around us know how 'it's working", how many are thinking about that, are interested to know ? They are connecting the smartphone to Mc Do's wifi, and are happy to read Facebook... receive emails... etc. But how it's possible to make it work ? They don't care about that, /"it's working and it's cool !"/ They don't know what is a NAS at their work, what is an IP, what is domain with AD, why those IT guys are sooo boring with those passwords (they don't love our pet's name as password... rah!!). Now my friends/family have quickly understood how "normal people" can contribute to Tor, but I'm sure some months after /"it's working and it's cool !"/. Nothing more. And I think a lot of "little" operators like me are doing this by loving computer's world (linux, network, dev,...), having fun to investigate why it's not working nice, or try to make it better, and of course understand the need to have an "underground" network for all the reasons we know. It's cool to contribute, and if it can help censored people, and if it's better for privacy to the others, it's beautiful ! The day I'll not be able to have some time/money to make nodes working, I'll sadly "poweroff" them, and thank all people (devs, operators, mailing lists...) for their work, to have this package working easily with this support ! apt-get install tor - nano torrc (bridge/relay/exit to contribute)- service tor restart - it's working. Nice? If it's not working, the community is here. Nice! Thanks. -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] obfs4 - git how to ?
Trying to use obfs4 from git on a test bridge : With "root" user: cd /home/TEST git clone https://git.torproject.org/pluggable-transports/obfs4.git ln -s /home/TEST/obfs4/obfs4proxy /usr/bin/obfs4proxy torrc file : [...] ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed ServerTransportListenAddr obfs4 0.0.0.0:48001 In the log when starting Tor : [...] [warn] Could not launch managed proxy executable at '/usr/bin/obfs4proxy' ('Permission denied'). [...] Tor is still working and is connected to the network... Humm, I think I've not understand how to use this source, and how to manage it ?! Thx for you help :) -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] dns request capitalization, tor and unbound
> It shouldn't affect unbound's ability to cache anything. However, I > personally think it is inappropriate to run a DNS cache on an exit > node, because that preserves a record on the exit node of what people > are using it for. > > zw Hey, I'm not an Unbound expert, I think Unbound doesn't log any DNS queries...? What I know is only statistics can be given with the command "unbound-control stats", only numbers are shown. In my unbound.conf, the only log config lines are : logfile: "/var/log/unbound.log" use-syslog: no And this /var/log/unbound.log doesn't exist on my system... Is there way to see DNS queries made by users ? For me, about privacy, it's not necessary a problem about "knowing what are doing your Tor users", because if it's not you, it will be your DNS resolvers... As read before, a lot of Tor exists are using Google DNS :p (I think it's lol about privacy!) So the bad guy will know the DNS queries, but he doesn't know who has made it (only exit IP is shown ?), so privacy is safe ? -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge torrc custom + socks
Thx Tim for validating this torrc configuration, before deploying it. Ok, I'll remove those 2 lines. (but it can be helpful for Tor network on fast bridges ?) About stats, I see Atlas and Globe can give informations when you know the Bridge's name... I was thinking they were only useful for relays/exits... Nice! >> AuthoritativeDirectory 1 >> BridgeAuthoritativeDir 1 > You really don't want these two lines, they make your relay try to be an > authoritative directory. > > -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor-arm
This package is usually running fine for me... Le 16/06/2016 à 12:07, Cristian Consonni a écrit : > 2016-06-16 3:00 GMT+02:00 grarpamp <grarp...@gmail.com>: >> On 6/14/16, NotRandom Someone <not.hidden.per...@gmail.com> wrote: >>> What do you think about using tor-arm ? >> https://gitweb.torproject.org/nyx.git/ >> >> Arm now known as Nyx. > On my node (running with Debian Jesse as OS) I have installed this package: > https://packages.debian.org/jessie/tor-arm > > Is this ok or is it deprecated and I should install something else? And how? > > Thank you. > > Cristian > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DDOS
Now trying the TCP plugin in Munin... It looks like useful to watch later/archive on a graph all TCP connections. Not 100% logging those attacks, but if those bad guys are using TCP I think it will be shown here... Here an example on my relay, graph activated ~24h ago : Le 14/06/2016 à 14:59, Petrusko a écrit : Hey, Little noob question inside :) If possible to learn quickly how to detect a DDOS attack ? I got Munin running behind, can it be useful with the "netstat" and "firewall throughput" plugins graphs to see it ? So if the server is attacked, I think it will show some big spikes in those graphs...? Thx ;) ps: I'll try to find some things about this subject, np! Le 14/06/2016 07:03, Markus Koch a écrit : 4 of my 5 tor servers are under a incoming DDOS attack. Am I the only one or is anyone else feeling the "love"? Markus ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DDOS
Thx all for those useful tools, time to try some ;) About the main subject, nothing about DDOS on my node... (no mails, no spikes on my graphs) Thx Le 14/06/2016 à 19:49, Steven Jones a écrit : > iftop might be better to see > > On Tue, Jun 14, 2016 at 8:59 AM, Petrusko <petru...@riseup.net > <mailto:petru...@riseup.net>> wrote: > > Hey, > > Little noob question inside :) > If possible to learn quickly how to detect a DDOS attack ? > > I got Munin running behind, can it be useful with the "netstat" and > "firewall throughput" plugins graphs to see it ? > So if the server is attacked, I think it will show some big spikes in > those graphs...? > > Thx ;) > > ps: I'll try to find some things about this subject, np! > > > > Le 14/06/2016 07:03, Markus Koch a écrit : > > 4 of my 5 tor servers are under a incoming DDOS attack. Am I the > only > > one or is anyone else feeling the "love"? > > > > Markus > > ___ > > tor-relays mailing list > > tor-relays@lists.torproject.org > <mailto:tor-relays@lists.torproject.org> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > -- > Petrusko > PubKey EBE23AE5 > C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > <mailto:tor-relays@lists.torproject.org> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DDOS
Hey, Little noob question inside :) If possible to learn quickly how to detect a DDOS attack ? I got Munin running behind, can it be useful with the "netstat" and "firewall throughput" plugins graphs to see it ? So if the server is attacked, I think it will show some big spikes in those graphs...? Thx ;) ps: I'll try to find some things about this subject, np! Le 14/06/2016 07:03, Markus Koch a écrit : > 4 of my 5 tor servers are under a incoming DDOS attack. Am I the only > one or is anyone else feeling the "love"? > > Markus > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor is Interrupting (?) OpenSSL Version Mismatch
Happy to read this! And thx for sharing this solution ;) Le 11/06/2016 à 20:11, SuperSluether a écrit : > Fixed it! And I feel like I'm going crazy. If I'm reading the logs > correctly, Tor is signaling readiness to systemd /1 hundredth of a > second (0.01)/ past the 120s limit. I changed the limit to 300s in the > tor@default.service file, and all is well. > > Thanks Peter, you really steered me in the right direction. I should > probably start checking logs first when something stops working... > > On 06/11/2016 09:50 AM, SuperSluether wrote: >> Ok maybe I spoke too soon. After running rpi-update and rebooting, >> it's still having trouble starting. I'll poke around and see if I can >> find anything. Worst case scenario, I don't have enough RAM and need >> to turn something off, which means I'm wasting everyone's time with >> this. >> >> On 06/11/2016 09:35 AM, SuperSluether wrote: >>> I have the Raspberry Pi Model B 2, which has an ARM7 processor. As >>> such, I am able to use the official Debian repository without issue. >>> Current version of Tor is 0.2.7.6-1~d80.jessie+1. Systemd is at >>> version 215-17+deb8u4. >>> >>> I poked around in syslog, and found this: >>> >>> systemd[1]: tor@default.service start operation timed out. Terminating. >>> >>> After increasing the systemd timeout (from 90s to 300s) Tor is >>> running properly. Thanks for the help! I'm guessing this happened >>> because I just have too much running on this thing. (Plex Media >>> Server, Deluge BitTorrent Client, Tor) >>> >>> On 06/11/2016 03:13 AM, Peter Palfrader wrote: >>>> On Fri, 10 Jun 2016, SuperSluether wrote: >>>> >>>>> After rebooting my Raspberry Pi for a few updates, Tor is not working >>>>> properly. From the logs, >>>>> >>>>> [warn] OpenSSL version from headers does not match the version >>>>> we're running >>>>> with. If you get weird crashes, that might be why. (Compiled with >>>>> 100010bf: >>>>> OpenSSL 1.0.1k 8 Jan 2015; running with 1000114f: OpenSSL 1.0.1t >>>>> 3 May >>>>> 2016). >>>>> >>>>> Everything else in the log looks normal, but right after bootstrap >>>>> 85% >>>>> (finishing handshake with first hop) it says this: >>>>> >>>>> [notice] Interrupt: we have stopped accepting new connections, and >>>>> will shut >>>>> down in 30 seconds. Interrupt again to exit now. >>>> You did not say where you got your tor from. I assume you are using >>>> some version (or fork) of the debian package. Which one? >>>> >>>> At a guess, your system is too slow to start tor within the default >>>> timeout of the systemd service. Try raising the timeout. (Which >>>> systemd version are you using?) >>>> >>> >> > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor is Interrupting (?) OpenSSL Version Mismatch
So yes, your RPi is using the Tor repo ;) deb http://deb.torproject.org/torproject.org jessie main deb-src http://deb.torproject.org/torproject.org jessie main my sources.list got this only line : deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi I've to check with my 2nd RPi + Tor repo... Sadly not enough time for now, may be this evening... Le 11/06/2016 à 14:40, pa011 a écrit : > Hi Petrusko, > > yes I read this "Raspbian is not Debian" > > my /etc/apt/sources.list looks like this: > > deb http://archive.raspbian.org/raspbian jessie main contrib non-free > deb-src http://archive.raspbian.org/raspbian jessie main contrib non-free > deb http://ftp.debian.org/debian jessie main > deb http://deb.torproject.org/torproject.org jessie main > deb-src http://deb.torproject.org/torproject.org jessie main > > Thanks > > > Am 11.06.2016 um 14:17 schrieb Petrusko: >> Hey! >> >> I see in your logs the Tor 0.2.7.6 (git-605ae665009853bd) is used. >> >> This Tor version is running fine on my _Debian_ relay, 'cause I've set >> up the _Tor repo_ in the /etc/apt/sources.list >> >> But on _Raspbian_, I'm not sure if using the Tor repo is 100% ok... :s >> https://www.torproject.org/docs/debian.html.en#ubuntu : >> << *Raspbian is not Debian.* These packages will be confusingly broken >> for Raspbian users, since Raspbian called their architecture armhf but >> Debian already has an armhf.>> >> >> May be I'm wrong... >> I've to try Tor repo on a 2nd RPi I've got for spare, to be sure... >> Are you using the Tor repo as I guess ? and Raspbian 8 jessie ? >> >> Raspbian repo are ok, not as updated as the Tor repo, but it's working ;) >> >> >> >> Le 11/06/2016 à 13:32, pa011 a écrit : >>> Same problem here today after several updates... >>> rpi-update doesn’t solve the issue unfortunately >>> log-file looks like this: >>> >>> Jun 11 13:20:50.000 [notice] Clean shutdown finished. Exiting. >>> Jun 11 13:20:53.000 [notice] Tor 0.2.7.6 (git-605ae665009853bd) opening >>> log file. >>> Jun 11 13:20:52.462 [warn] OpenSSL version from headers does not match >>> the version we're running with. If you get weird crashes, that might be >>> why. (Compiled $ with with 100010bf: OpenSSL 1.0.1k 8 Jan 2015; running >>> with 1000114f: OpenSSL 1.0.1t 3 May 2016). >>> >>> Jun 11 13:20:53.423 [notice] Tor v0.2.7.6 (git-605ae665009853bd) running >>> on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8. >>> >>> Jun 11 13:20:56.000 [notice] Bootstrapped 0%: Starting >>> Jun 11 13:20:58.000 [notice] Bootstrapped 5%: Connecting to directory server >>> Jun 11 13:22:54.000 [notice] Bootstrapped 80%: Connecting to the Tor network >>> Jun 11 13:22:54.000 [notice] Signaled readiness to systemd >>> Jun 11 13:22:54.000 [notice] Bootstrapped 85%: Finishing handshake with >>> first hop >>> Jun 11 13:22:54.000 [notice] Interrupt: we have stopped accepting new >>> connections, and will shut down in 30 seconds. Interrupt again to exit now. >>> Jun 11 13:23:24.000 [notice] Clean shutdown finished. Exiting. >>> >>> >>> >>> >>> Am 11.06.2016 um 11:45 schrieb Petrusko: >>>> apt-get install rpi-update >>> >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor is Interrupting (?) OpenSSL Version Mismatch
Hey! I see in your logs the Tor 0.2.7.6 (git-605ae665009853bd) is used. This Tor version is running fine on my _Debian_ relay, 'cause I've set up the _Tor repo_ in the /etc/apt/sources.list But on _Raspbian_, I'm not sure if using the Tor repo is 100% ok... :s https://www.torproject.org/docs/debian.html.en#ubuntu : << *Raspbian is not Debian.* These packages will be confusingly broken for Raspbian users, since Raspbian called their architecture armhf but Debian already has an armhf.>> May be I'm wrong... I've to try Tor repo on a 2nd RPi I've got for spare, to be sure... Are you using the Tor repo as I guess ? and Raspbian 8 jessie ? Raspbian repo are ok, not as updated as the Tor repo, but it's working ;) Le 11/06/2016 à 13:32, pa011 a écrit : > Same problem here today after several updates... > rpi-update doesn’t solve the issue unfortunately > log-file looks like this: > > Jun 11 13:20:50.000 [notice] Clean shutdown finished. Exiting. > Jun 11 13:20:53.000 [notice] Tor 0.2.7.6 (git-605ae665009853bd) opening > log file. > Jun 11 13:20:52.462 [warn] OpenSSL version from headers does not match > the version we're running with. If you get weird crashes, that might be > why. (Compiled $ with with 100010bf: OpenSSL 1.0.1k 8 Jan 2015; running > with 1000114f: OpenSSL 1.0.1t 3 May 2016). > > Jun 11 13:20:53.423 [notice] Tor v0.2.7.6 (git-605ae665009853bd) running > on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8. > > Jun 11 13:20:56.000 [notice] Bootstrapped 0%: Starting > Jun 11 13:20:58.000 [notice] Bootstrapped 5%: Connecting to directory server > Jun 11 13:22:54.000 [notice] Bootstrapped 80%: Connecting to the Tor network > Jun 11 13:22:54.000 [notice] Signaled readiness to systemd > Jun 11 13:22:54.000 [notice] Bootstrapped 85%: Finishing handshake with > first hop > Jun 11 13:22:54.000 [notice] Interrupt: we have stopped accepting new > connections, and will shut down in 30 seconds. Interrupt again to exit now. > Jun 11 13:23:24.000 [notice] Clean shutdown finished. Exiting. > > > > > Am 11.06.2016 um 11:45 schrieb Petrusko: >> apt-get install rpi-update > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor is Interrupting (?) OpenSSL Version Mismatch
If it can give some informations: My RPi updated, with Raspbian repo used for the system + Tor : tor --version Tor version 0.2.5.12 (git-3731dd5c3071dcba) openssl version OpenSSL 1.0.1t 3 May 2016 (looks like your!) I got no lines like yours in my log file... Humm, I remember some bugs with openssl and RPi firmware... not sure about the versions... It has been solved after a "rpi-update". If not recognized : apt-get install rpi-update then reboot. Le 11/06/2016 à 04:42, SuperSluether a écrit : > After rebooting my Raspberry Pi for a few updates, Tor is not working > properly. From the logs, > > [warn] OpenSSL version from headers does not match the version we're > running with. If you get weird crashes, that might be why. (Compiled > with 100010bf: OpenSSL 1.0.1k 8 Jan 2015; running with 1000114f: > OpenSSL 1.0.1t 3 May 2016). > > Everything else in the log looks normal, but right after bootstrap 85% > (finishing handshake with first hop) it says this: > > [notice] Interrupt: we have stopped accepting new connections, and > will shut down in 30 seconds. Interrupt again to exit now. > > What do I do now? I have all the latest updates installed on this > system, including the latest (stable) version of Tor. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] TOR router install without access to root
Nice to know Tor can run without any root account! Thx all Le 25/05/2016 à 11:41, n...@cock.li a écrit : > Markus Koch: >> possible or do I have to ask my hosting company for the install on a >> shared server? > I think it would not be recommended on a shared server for reasons > ranging from less-private privkeys to a company that sells shared > hosting probably wont be letting you run a relay in the first place. > But yes, tor should be able to run fine without root. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] TOR router install without access to root
Like a portable version so ? Windows, Linux, which operating system are you using ? On Linux world, I'm usually using Debian and as I know you will need a root access to the server. It will create a debian-tor group, write into the system... Or if your user is in the "sudo" group, it can be ok. On windows, I'm not sure if there's a portable version of Tor... portable = no need to install Le 25/05/2016 10:03, Markus Koch a écrit : > possible or do I have to ask my hosting company for the install on a > shared server? > > Markus > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Monitoring multiple relays
Exact, it can be a useful tool. All the servers you own can be shown in a list, and several tools to manage them like some VPS management where you got everything on the same place. I see some operators launching several Tor instances to use many cpu cores, so it can be nice to have something like this on the same server. For people who know murmurd (Mumble server, voip), there's a tool to manage your server(s), it's easy to set up a new instance for example... To have a look http://yulli.cleanvoice.ru/ I think this tool can be an example for Tor! But Mumble is listening on a special port to accept this kind of tool, Tor too if I'm not wrong... Sadly, I'm not a dev ! If it can give a nice idea to someone ;) Le 24/05/2016 19:04, Xza a écrit : > Hello, > > I have a couple relays / exits running. > Now my question is : how do you manage them is there any dashboard or CLI > tools to manage them ( statistics, ect.. ) > I know the cli tool specially for Tor "arm" > Thanks alot. > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays