Re: [tor-relays] [Event] Relay Operators Meetup - May 21, 2022 @ 1900 UTC
Are the notes for this meeting available? I was not able to make it but i would like to read up on what was talked about On 5/21/2022 8:29 PM, gus wrote: Hello! The Tor Relay Operator is happening today in ~30 minutes! Here is our agenda: * Announcements: * EOL work (GeKo) * DemHack.ru hackathon (Gus) * MCH event (Gus) * Torservers updates * New Tor version support policy (network team - ahf): https://lists.torproject.org/pipermail/tor-announce/2022-May/000241.html * Malicious relays and the health of the Tor network: https://blog.torproject.org/malicious-relays-health-tor-network/ (GeKo) * Congestion control release (0.4.7.7):https://blog.torproject.org/congestion-contrl-047/ (ahf) * Expectations for Relay Operators: https://gitlab.torproject.org/tpo/community/team/-/wikis/Expectations-for-Relay-Operators (Gus) * Q * Next Meetup o/ gus On Thu, May 05, 2022 at 12:19:42AM -0300, gus wrote: Hello relay operators, The next Tor relay operator meetup will happen on Saturday, May 21 @ 1900 UTC. Where: BigBlueButton - https://tor.meet.coop/gus-og0-x74-dzn No need for a registration or anything else, just use the room-link above. We're working on the agenda here: https://pad.riseup.net/p/tor-relay-meetup-may-2022-keep Everyone is free to bring up additional questions or topics at the meeting itself. Please share with your friends, social media and other mailing lists! cheers, Gus -- The Tor Project Community Team Lead ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays OpenPGP_0xCA87BA4E77B9CA6F.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Relay Operator Meetup (Saturday, March 5th @ 2000 UTC)
Hi, Georg Koppen: ## Meetup notes March 5 Thank you for sending the meetup notes Georg. With Russia blocking most western media outlets and Facebook etc. I was expecting an uptick in traffic but I saw nothing... Is Tor not well enough known maybe? Sanctions against Russia, EU council regulation 2022/350 (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32022R0350) - Article 2f: It shall be prohibited for operators to broadcast or to enable, facilitate or otherwise contribute to broadcast ... certain media - Article 12: It shall be prohibited to participate, knowingly and intentionally, in activities the object or effect of which is to circumvent prohibitions How such a blocking order could be potentially implemented? Are VPNs also block these websites to EU citizens? -Vasilis -- PGP Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 PGP Public Key: https://keys.openpgp.org/vks/v1/by-fingerprint/8FD5CF5F39FC03EBB38274705FBF70B1D1260162 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [Event] Tor relays operators meetup, 08/11/2019 @ Mundo B, Brussels
Thanks to everyone for attending. The notes of the meetup can be found here: https://trac.torproject.org/projects/tor/wiki/org/meetings/BrusselsMeetupNov25 Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Public key: https://keys.openpgp.org/vks/v1/by-fingerprint/8FD5CF5F39FC03EBB38274705FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] [Event] Tor relays operators meetup, 08/11/2019 @ Mundo B, Brussels
Dear Tor friends and relay operators, On Friday 8th of November 2019, a Tor relay operators meetup will take place at Mundo B in Belgium. When: Friday, November 8th, 2019 Time: 18:00 (6:00 PM) Where: Mundo B, Rue d'Edimbourg 26, Brussels, Belgium (in a room upstairs) OSM: https://www.openstreetmap.org/way/139078492#map=17/50.83787/4.36425 Event link: https://blog.torproject.org/events/tor-meetup-brussels Hope to see many of you there. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Public key: https://keys.openpgp.org/vks/v1/by-fingerprint/8FD5CF5F39FC03EBB38274705FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unutilized bandwidth
Hi Matt, First of all thank you for running relays. Matt Westfall: > I kind of have the same problem, I have a gigabit relay setup too, > > https://metrics.torproject.org/rs.html#details/B1B10104EB72A1FBBF6687B05F1915D87D00DBDE > > > The consensus weight varies wildly and never seems to get very high. > > I'm even running on 443 and 80 > > the replies I got before were basically is what it is and I mean we're still > helping the network by running a node, Your relay got disconnected some times ago, you could see this on the 6-month graph of your relay illustrated in the history section of relay search on Tor metrics. Usually when a relay has been stable for some time it should be using all available bandwidth, failure to do so may indicate that a server/network problem. Also Alec's relay (89094DFA4158C7A1583EC3A332CDCBC74A28CC0E9) advertised bandwidth increased to 21.45 MiB/s (was 12 MiB/s 5 days ago). I hope this helps. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unutilized bandwidth
Hi Alec, Alec Larsen: > For the past month, I have been operating an exit node ( > 89094DFA4158C7A1583EC3A332CDCBC74A28CC0E ) from UnitedIX in Chicago, IL, US. > The server has a dedicated gigabit port, and I had hoped to be able to relay > around 200 TB of traffic per month, but for some reason my advertised > bandwidth has been hovering at just 12 MiB/s since the first few days. It takes some time for relay traffic to ramp up, this is especially true for guard relays but to a lesser extend also for exit relays. To understand this process, read about the lifecycle of a new relay [1]: https://blog.torproject.org/lifecycle-new-relay. [1] https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#Torrelaylifecycle Thank you for running relay(s). Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relay operators meetup, 25/05/2019 @ RADIX hacklab, Athens
Hi, The public notes of the event can be found here: https://trac.torproject.org/projects/tor/wiki/org/meetings/AthensMeetupMay19 Thanks to everyone for joining. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor relay operators meetup, 25/05/2019 @ RADIX hacklab, Athens
Dear Tor friends and relay operators, Next Saturday (25.05.2019) a Tor relay operators meetup will take place at RADIX hacklab in Athens. When: Saturday, May 25th, 2019 Time: 19:00 / 7:00 PM Where: Kaniggos 34 & Stournari, Athens 10682, Greece Event link: https://radix.one/en/2019-05-18-tor-meetup/ Hope to see many of you there. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay operators meetup Valencia (28.03.2019)
Dear Tor friends and relay operators, Tomorrow (28.03.2019) a relay operators meetup will take place at HackerspaceVLC. When: Thursday, March 28th, 2019 Time: 18:30 Where: Hackerspace Valencia Calle Francisco Martínez, 19, Bajo CP 46020, Valencia (Benimaclet), España Map coordinates: https://www.openstreetmap.org/?mlat=39.48828=-0.35839#map=19/39.48828/-0.35839=N Event link: https://blog.torproject.org/events/tor-meetup-valencia Hope to see many of you there! Cheers, ~Vasilis ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay operators meetup Lisbon (23.02.2019)
Dear Tor friends and relay operators, Tomorrow (23.02.2019) a relay operators meetup will take place at Block cafe, Berlin. When: Saturday, February 23rd, 2019 Time: 15:00 / 3:00 PM Where: Block Cafe, Rua Latino Coelho 63, 1st floor, 1050-133, Lisbon, Portugal Event link: https://privacylx.org/en/events/tormeetup3/ Hope to see many of you there! Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor meetup @ Onionspace, Berlin
Dear Tor friends and relay operators, Tomorrow (02.02.2019) a relay operators meetup will take place at Onionspace, Berlin. When: Saturday, February 2nd, 2019 Time: 16:00 / 4:00 PM Where: Gottschedstrasse 4, Entrance 4, 13357 Berlin (U Nauener Platz) Event link: https://blog.torproject.org/events/tor-meetup-berlin Hope to see many of you there! Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] community team highlights: Relay Advocacy
teor: > Hi, > >> On 14 Jan 2019, at 11:37, Vasilis wrote: >> >> Signed PGP part >> teor: >>> Colin also asked relay operators to opt-in as fallback directory mirrors >>> (in the last half of 2018). In December, he helped rebuild the fallback >>> directory mirror list. >> >> Thank you for working on this. >> >> The fallback directory mirrors are being checked daily by the OONI probe TCP >> connect test that runs by default from many probes around the world. It >> currently tests the TCP connectivity (successful connection: true/false) of >> the >> directory authorities and bridges. >> >> This list lives on the ooni-resources repository [1] it will be really neat >> if >> one can drop a notification or open a ticket so that this list gets updated. > > We rebuilt the list at end of 2018, then I was distracted by the holidays. > > I just did the tor-relays announcement, and emailed metrics for Relay Search: > https://trac.torproject.org/projects/tor/wiki/doc/UpdatingFallbackDirectoryMirrors#ATypicalRelease > > Telling OONI is on our list, and I made a ticket for next time: > https://trac.torproject.org/projects/tor/ticket/29093 > > It would be slightly easier for us to cc OONI on the tor-relays email. > Is there a mailing list we could use? > > We don't mind opening GitHub tickets, if that's easier for you. Opening an issue (ticket) on ooni-resources Github repository (https://github.com/OpenObservatory/ooni-resources/issues) seems the best option, as it's OONI's main bug tracker and most OONI people watch that space. Thanks! ~Vasilis signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor irc
Hi deadcow, dead...@tuta.io: > i needed som fast help i tried IRC started well and when iv got help a= > nd pasted the whole torrc file ... bot kicked me out i cant log in ive got = > this answer You have been kicked from the IRC because you tried to send a very big chunk of text (torrc file), you 'll be better using a paste service such as the Debian pastezone (https://paste.debian.net). > how do i get back to the chat ? ive never used irc :( You can use an IRC client to connect to (ircs://irc.oftc.net:6697) or OFTC's webchat (https://www.oftc.net/WebChat). You can find more information on OFTC's website (https://www.oftc.net/). > anyway tha question was about bridge. > i've started but i have no logs and dont know what is wrong. VPN is off. > > end of torrc > > #Bridge config > RunAsDaemon 1 > ORPort 9001 > BridgeRelay 1 > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > # For a fixed obfs4 port (i.e. 9002), uncomment the following line. > #ServerTransportListenAddr obfs4 0.0.0.0:9002 > # Local communication port between Tor and obfs4. Always set this to "auto"= > . "Ext" means > # "extended", not "external". Don't try to set a specific port number, nor = > listen on 0.0.0.0. > ExtORPort auto Your torrc file doesn't seem right, please have a look at the Tor relay guide technical setup (https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#Parttwo:technicalsetup) and the platform specific intstructions on how to setup a relay (https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#PlatformspecificInstructions) Also logs are your friend you should be able to figure out possible configuration by reading the logfiles of your system (by default syslog). Please send more specific information about your system and ita underlying distribution/operating system running. Hope this helps. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Torservers relay family decreased?
Hi, nusenu: > > Moritz Bartl: >> On 08.09.2018 22:19, Paul wrote: >>> i am glad that somebody else got notice and i agree, suspecting >>> something nasty (or highly unusual) is going on. There was a discussion >>> about that in Berlin in July already >>> https://trac.torproject.org/projects/tor/wiki/org/meetings/BerlinRelayOperatorsMeetupJul18 >>> but no public follow-up since then. >> >> It's weird because nobody asked us, whereas the IP assignments clearly >> point to us (and the meeting even happened in a space I am responsible >> for)... > > > I noted the same thing on 2018-07-25 as well: > https://lists.torproject.org/pipermail/tor-relays/2018-July/015759.html > > maybe a...@torproject.org (author of the wiki page) can clarify? Usually when a person organize a meetup it has the role of collecting/taking notes as the author of this wiki page did. I cannot speak for the people that made the comments/inquiries and that's why we have this list and many more communication channels (such as IRC). Regarding the IP assignments we had a talk at #torservers as well as private chats. I think Moritz clarified the IP assignments situation already. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay operators meetup part #2 @ Onionspace, Berlin
Hi, You can find the (public) meetup notes here: https://trac.torproject.org/projects/tor/wiki/org/meetings/BerlinRelayOperatorsMeetupAug18 Thanks to everyone coming to the meetup. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay operators meetup part #2 @ Onionspace, Berlin
Dear Tor friends and relay operators, Next Saturday (25/08/18) a follow-up relay operators meetup will take place at Onionspace, Berlin. The meetup will start at 16:00 and depending on the weather we may move afterwards to the garden. When: Saturday, August 25th, 2018 Start Time: 16:00 / 4:00 PM Where: Gottschedstrasse 4, Entrance 4, 13357 Berlin (U Nauener Platz), Onionspace Map: https://www.openstreetmap.org/#map=18/52.54978/13.36991 Event link: https://blog.torproject.org/events/tor-friends-and-relay-operators-meetup-2-qbi-vasilis-and-others-onionspace-berlin Hope to see many of you there. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay operators meetup @ Onionspace, Berlin (in solidarity with Torservers)
Hello, Thanks everyone for attending. The (shareable) notes of the meetup can be found here: https://trac.torproject.org/projects/tor/wiki/org/meetings/BerlinRelayOperatorsMeetupJul18 A follow up meetup will take place in Berlin during August, in case you would like to join feel free to submit your suitable date and time on the poll (anonymous entries are allowed): https://www.systemli.org/poll/#/poll/ZBd5UDeTv6/participation?encryptionKey=CfN4AV4buBqwxL4mmEXlwMtzgbMINEXUA7P7Phbj Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FYI: Subpoena Received
Hi IPfail, "IPfail (Tor Admin)": > The one I received seemed very reasonable in language and scope, and came > with contact information for someone with a title that implied that they work > specifically on "cyber crimes". I am currently anticipating that this will be > a non-event. > > Either way, I wanted to share this event with the relay community since one > of the questions that I had when first starting out was how much > "administrative overhead" could be expected as a result of operating relays. Thank you for reporting this to the mailing list. In case there is a resolution that you can publicly share it may be useful for current or upcoming relay operators/servers in US. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Trying to set up a relay at home, but get no connections
Hi, Gunnar Wolf: > I guess my nest step will be to talk to their end-user > service. It's... Well, it's very very very much not fun to sit by the > phone for ~30 minutes to have them repeat to me to use only a > reasonably new Windows version and make sure I don't have a virus :-P > But I will try. Did anything come out from the support service? > I'm thinking, although this bridges into a different project, whether > this should be covered by the OONI tests (for which I also run a probe). Looking at the TCP connect test results may shed some more light. BTw thank you for running relay(s) and probe(s). Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relay marked as hibernating?
Hi Nathaniel, Nathaniel Suchy (Lunorian): > The Tor relay > https://metrics.torproject.org/rs.html#details/B0BF533DA3BC09DEEB4AF2BEC16FA21063216FE4 > of mine is marked as hibernating however I have not set a bandwidth > limit. Any idea on why this is happening? Your relay seems to be running and valid thus not hibernating: https://consensus-health.torproject.org/consensus-health-2018-04-29-08-00.html#B0BF533DA3BC09DEEB4AF2BEC16FA21063216FE4 Thank you for running relays. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DigitalOcean bandwidth billing changes
Hi, pikami: > Does anyone know where I should move my relay? > I can't afford to spend a lot of money, I can only do 5$ a month. Have a look at https://lowendtalk.com/categories/offers they usually have good offers in various locations. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question on relay allowed downtime
Hi, Keifer Bly: > So recently I had an uptime of about 3-4 days but then I had to restart my > computer to install an operating system update (the OS in question being Mac > OS X High Sierra). I know I am not to worry about what flags I have as long > as I am not a bad relay, but am curious, what is the allowed downtime the > network allows to do things like install operating system updates, etc, > without significantly impacting time between failures? In general it's much better to run an updated relay and take as much time is needed for operating system updates. You can read Tor's protocol specification section that describe how directory authorities choose which flags to apply to routers (relays) [1]. For more information on the topic you can read related discussions in tor relay threads [2], [3]. [1] https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2426 [2] https://lists.torproject.org/pipermail/tor-relays/2017-January/011826.html [3] https://lists.torproject.org/pipermail/tor-relays/2014-December/005896.html Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running relays in universities? Exit nodes, perhaps? Please share your experience!
Hi, Gunnar Wolf: >1. This assignation is not factible because the Tor network is not > compatible with the Acceptable Usage Policies of RedUNAM, being > this infrastructure oriented to the service of institutional > goals. > >2. While the Tor network can have reseearch purposes, due to its > nature and the hiding of IPv4 addresses and anonymous > connectivity, it is susceptible to be used by third parties from > outside the University with purposes conflicting with those > specified in item 1, without any possibility of control or > regulation from the University's part or from your project. In most universities there is a person/entity that can override many if not all possible "restrictions" in order for a project to continue/start successfully. I suggest you to find these persons that can override these "controls" and convince how difficult (or impossible?) is to continue/start your research project without hosting Tor relays. Persistence usually helps, paying a weekly visit to the people responsible and asking them for the next steps or how you can help to move this forward. >3. Even more so: The Tor network, due to its definition and > structure, can potentially incorporate third people with > malicious or even delictive intentions, which would affect not > only the computers or networks in your Institute or all of the > University, but also networks outside the institution's control Another idea will be to do a general Tor presentation at the UNAM university. The date should be based on the the availability or favored date/time of the responsible(s) for the network policies (RedUNAM) and the persons that have the special override powers Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor relay software automatic updates
Hi, Keifer Bly: > I am running my tor relay “torland” on Mac OS X via this guide here > https://www.torproject.org/docs/tor-doc-osx.html.en > > I am wondering, is there a way to configure the tor relaying software to > automatically check for software updates and install them automatically if > there are any? Automatic software updates depend on the package manager or the installation method of the tor package. Homebrew seems to have an (auto?) upgrade option called `cask upgrade`. Hope this helps. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] No stable flag from 6 out of 9?
Hi Ole, Ole Rydahl: > I'll be patient! (It took a while to obtain the stable flag from my wife > too.) /Ole It seems that your relay has gained the stable flag, can you please re-enable IPv6 connectivity so that we can find if that was the issue? Thanks, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay down again
Hi, smichel0: > Former my relay was connected via a powerline adapter and I often had > connection problems. > > Then I connected it directlia via a LAN to the router and it worked for 3 > days. This morning it was down again since 6 h (no traffic, no flags but the > netbook still said that there is a internet connection). > > I tried to restart the relay but that didn't work, so I rebooted the hole > machine and now the relay is up again (Nick: SMichel). Perhaps hardware issues? > I tried to check the logs, but that didn't help me. I suppose that the > connection problem or whatever will persist. Are you sure that your router is able to handle thousands of connections? Thank you for running relays! Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Browser and Relay
Hi, Gary: > I wish to know if it is possible to have Tor Browser use my relay for > traffic instead of its own client on start up. It is possible but will most probably reduce significantly your anonymity as you will always connect to your relay and not the guard relay that you should be connecting instead. > At the moment if you change the proxy settings to your relay after startup > 1) an observer would of noticed the specific Tor Browser traffic AND the > relay 2) Tor Browser checks settings upon startup and if the proxy server > setting is changed (eg 127.0.0.1:9050 instead of 127.0.0.1:9150) then it > will refuse to start up. This isnt necessary a problem as you can just > re-install / re-extract the bundle but upon start up you are still left > with the default setting / specific Tor Browser traffic again. > > I am aware extra bytes will show up on relay search, is this better than > not using Tor for my use at all? I don't exactly understand what you are trying to do, perhaps this resource may be useful to you: https://tor.stackexchange.com/questions/4637/how-to-tell-my-tor-browser-to-use-a-certain-relay-as-entry-point Hope this helps. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ansible-relayor, how to ?
Hi Paul, Paul: > Am 25.02.2017 um 09:34 schrieb nusenu: >> >> https://medium.com/@nusenu/deploying-tor-relays-with-ansible-6612593fa34d >> > > I like to use ansible as well - one question: > > ~/ansible/hosts: > > [relays] > relay1.example.com > relay2.example.com > > Do/can I place the IP address of my servers there or do only domain names > work? It's perfectly OK to use IP addresses in Ansible's host inventory. However you should be using the same hostname as the one set in your SSH config file (usually under ~/.ssh/config). Ansible documentation should get you started [1]. [1] http://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] No stable flag from 6 out of 9?
Hi, > The router typically has a low load - at present < 0.2, while serving 4000+ > connections - 27% of the maximum 16384 connections. It reports 70 Mbyte free > memory. Once a month or less it reports a ddos attach. I have stressed the > router by sending a burst - 56 Mbyte/s - fragmented 64 kbyte pings. It > generates a load of 4 but everything else appear to work as expected. Below > is > the repeated sequence in the log from the router [...] > /Ole Can't seem to find anything obvious in logs. It seems that sometimes IPv6 connectivity/routing may not be that ideal but this is just an attempt (of mine) to find out what's wrong and I can be completely wrong. Would you like to "experiment" by temporarily disabling your IPv6 address and report back if you see any changes? Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Hello relay operator aahana*
Dear relay operator, I noticed that you added 6 relays [1], thank you! Please be sure to set the `MyFamily` configuration parameter on all your relays [1], so Tor clients are not at risk of using your relays in multiple positions in a single circuit [2], [3]. Thank you for running Tor relays. [0] https://nusenu.github.io/OrNetRadar/2018/03/28/a4 [1] https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#ImportantifyourunmorethanoneTorinstance [2] https://hackernoon.com/some-tor-relays-you-might-want-to-avoid-5901597ad821 [3] https://nusenu.github.io/OrNetStats/endtoend-correlation-groups Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Decommissioning (middle) relay
Hi relay operator wsmith6079, tor-relays: > In case anyone is keeping an eye on things or otherwise monitoring > relays, I have just decommissioned the relay "wsmith6079" (with > fingerprint 01AE002B4E60AE5A8FF40FDB67260F85AB0878AE) within the last > several minutes. > > This relay has been in service for a little over two years but, > unfortunately, it's time has come. Thank you for supporting the Tor network. May I ask why you are discontinuing this relay. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] No stable flag from 6 out of 9?
(Moving email communication to tor-relays) Hi Ole, Ole Rydahl: > My relay nicknamed dobbo appear to be partly in "bad standings" on most of > the consensus authorities.> > I stumbled upon another relay - matlink - with a similar faith. > > I suspect something in my setup to be the culprit. The only thing in the > log that looks a bit suspicious is a warning about a mismatch in ssl > versions - > "OpenSSL version from headers does not match the version we're running > with". Could you please provide more details of your system, how did you install tor and also the complete log line(s)? This could help to spot potential issues. Your relay seems to be running version 0.3.1.10 it will good to update it to the newest version. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 > Hi Vasilis, > > I have been running a relay since 2013. At first on an openwrt router. Since > it crashed when the load got high, I moved it to my (mail-) server. At > present > I run Fedora 27 and only upgrade Tor, when a new version is offered there. At > present I start it manually after reboot - since doing it via systemctl no > longer works (for me). > > For some long periods mu relay has been un-operational. The latest down > period > was coursed by my non-intentional enabling an ipv6 firewall while claiming it > could be reached by ipv6. > > > > This is what I typically se in the log: > > Mar 22 13:41:09 linux4 Tor[1731]: OpenSSL version from headers does not match > the version we're running with. If you get weird crashes, that might be why. > (Compiled with 1010007f: OpenSSL 1.1.0g 2 Nov 2017; running with 10100 > 07f: OpenSSL 1.1.0g-fips 2 Nov 2017). > Mar 22 13:41:09 linux4 Tor[1731]: Tor 0.3.1.10 (git-e3966d47c7252409) running > on Linux with Libevent 2.0.22-stable, OpenSSL 1.1.0g-fips, Zlib 1.2.11, > Liblzma N/A, and Libzstd N/A. > Mar 22 13:41:09 linux4 Tor[1731]: Tor can't help you if you use it wrong! > Learn how to be safe at https://www.torproject.org/download/download#warning > Mar 22 13:41:09 linux4 Tor[1731]: Read configuration file "/etc/tor/torrc". > Mar 22 13:41:09 linux4 Tor[1731]: Based on detected system memory, > MaxMemInQueues is set to 2048 MB. You can override this by setting > MaxMemInQueues by hand. > Mar 22 13:41:09 linux4 Tor[1731]: Opening Control listener on 127.0.0.1:9051 > Mar 22 13:41:09 linux4 Tor[1731]: Opening OR listener on 0.0.0.0:9001 > Mar 22 13:41:09 linux4 Tor[1731]: Opening OR listener on > [2a05:f6c7:62:1::5]:9002 > Mar 22 13:41:09 linux4 Tor[1731]: Opening Directory listener on 0.0.0.0:9030 > Mar 22 13:41:30 linux4 Tor[1731]: Parsing GEOIP IPv4 file > /usr/share/tor/geoip. > Mar 22 13:41:30 linux4 Tor[1731]: Parsing GEOIP IPv6 file > /usr/share/tor/geoip6. > Mar 22 13:41:33 linux4 Tor[1731]: Your Tor server's identity key fingerprint > is 'dobbo CE1FD7659F2DFE92B883083C0C6C974616D17F3D' > Mar 22 13:41:33 linux4 Tor[1731]: Bootstrapped 0%: Starting > Mar 22 13:43:02 linux4 Tor[1731]: Starting with guard context "default" > Mar 22 13:43:02 linux4 Tor[1731]: Bootstrapped 80%: Connecting to the Tor > network > Mar 22 13:43:03 linux4 Tor[1731]: Guessed our IP address as 185.15.72.62 > (source: 171.25.193.9). > Mar 22 13:43:03 linux4 Tor[1731]: Self-testing indicates your ORPort is > reachable from the outside. Excellent. > Mar 22 13:43:03 linux4 Tor[1731]: Bootstrapped 85%: Finishing handshake with > first hop > Mar 22 13:43:04 linux4 Tor[1731]: Bootstrapped 90%: Establishing a Tor circuit > Mar 22 13:43:06 linux4 Tor[1731]: Tor has successfully opened a circuit. > Looks > like client functionality is working. > Mar 22 13:43:06 linux4 Tor[1731]: Bootstrapped 100%: Done > Mar 22 13:44:03 linux4 Tor[1731]: Self-testing indicates your DirPort is > reachable from the outside. Excellent. Publishing server descriptor. > Mar 22 13:44:05 linux4 Tor[1731]: Performing bandwidth self-test...done. > Mar 22 19:43:02 linux4 Tor[1731]: Heartbeat: Tor's uptime is 5:59 hours, with > 4471 circuits open. I've sent 65.11 GB and received 64.45 GB. > Mar 22 19:43:02 linux4 Tor[1731]: Circuit handshake stats since last time: > 18847/18847 TAP, 193853/193853 NTor. > Mar 22 19:43:02 linux4 Tor[1731]: Since startup, we have initiated 0 v1 > connections, 0 v2 connections, 0 v3 connections, and 4701 v4 connections; and > received 0 v1 connections, 1303 v2 connections, 2699 v3 connections, and 330 > 8 v4 connections. > Mar 22 19:43:02 linux4 Tor[1731]: DoS mitigation since startup: 0 circuits > rejected, 0 marked addresses. 0 connections closed. 103 single hop clients > refused. > Mar 23 01:43
Re: [tor-relays] potential relayor Address bug
Hi, nusenu: >> At time of writing, the VM has 4 cores of Xeon E3-1230 V2 @ 3.30GHz > > I estimate that you should be able to do ~90MByte/s per instance on that CPU May I ask how did you come up with this estimated bandwidth per instance? Thanks! ~Vasilis signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] arm crashes
Hi, smichel0: > This morning nyx was still working but tor was down - now restarting. The Tor daemon (instance) is unrelated to nyx, arm or other software that monitors your Tor relay. In order to verify if the Tor daemon is running on your system you should check the logs usually under '/var/log/syslog'. > Whow can I get rid of the arm-installation? From your previous post it seems that you are running a system with the apt manager, the following command will remove arm from your system (given that you have installed arm via the package manager): apt-get remove tor-arm ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Previous Guard not getting Guard flag back
Hi, Matthew Glennon: > Sorry - that was crass. Thanks for the attempt, but I've read those > documents. Specifically, I'm looking into what has changed, if anything. Is > it just below the threshold of the Weighted Uptime? (e.g. we have enough > Guards?) I asked because I was told that the bwauth issues were holding > people back before (because everyone was unmeasured). Since that was > resolved but still no guard flag, I was becoming curious. No intention to be crass. This is an open mailing with thousands subscribers and perhaps some people may have similar questions or want to find out how relay flags work. As an additional resource the guard probability graphs in Tor metrics relay page of be of help to visually get some indications and for reference (perhaps) compare it to other relays. I hope this may help someone. Sorry again for any confusion and thanks for running relays. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Previous Guard not getting Guard flag back
Hi Matthew, Matthew Glennon: > While I understand that my relay lost the guard flag because of a weekend > of downtime, I would expect that it would get it back after a while of > stable again? Anyone able to shed some light on when it will get the flag > back? > https://metrics.torproject.org/rs.html#details/924B24AFA7F075D059E8EEB284CC400B33D3D036 "Directory authorities assign the Guard flag to relays based on three characteristics: "bandwidth" (they need to have a large enough consensus weight), "weighted fractional uptime" (they need to be working most of the time), and "time known" (to make attacks more expensive, we don't want to give the Guard flag to relays that haven't been around a while first). This last characteristic is most relevant here: on today's Tor network, you're first eligible for the Guard flag on day eight." I will suggest you to read the lifecycle of the new relay post [1], the Guard FAQ [2] and the guard flag section of the directory protocol [3]. [1] https://blog.torproject.org/lifecycle-new-relay [2] https://www.torproject.org/docs/faq#EntryGuards [3] https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2490 Hope this helps. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] arm crashes
Hi, smichel0: > sudo apt-get install nyx > ...List of bundles... ready > ...dependecies... > ...status information... ready > --> E: bundle/packet can't be found Please file a bug with your system OS and other system-specific details so that it can be fixed. The Nyx bug tracker is located here: https://trac.torproject.org/projects/tor/wiki/doc/nyx/bugs Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor program
Hi, Some extra resources: Tor-teachers mailing list archives: - https://lists.torproject.org/pipermail/tor-teachers/ Tor-teachers wiki page: - https://trac.torproject.org/projects/tor/wiki/doc/tor-teachers Material and notes from previous Tor meetups: - https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Projects/GlobalSouth#Events - https://trac.torproject.org/projects/tor/wiki/org/Meetups Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay operators meetup @ CSOA Forte Prenestino, Rome, Italy
Dear relay operators and *Tor people, A number of people will participate this Thursday Thursday 15/03/18, 18:30 @ CSOA Forte Prenestino in Rome, Italy [1]. Hope to see many of you there. [1] https://blog.torproject.org/events/relay-operators-meetup-csoa-forte-prenestino-rome-italy Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests
Hi, *UPDATE** I'm still seeing these warning messages but in a lower frequency: Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [1077 similar message(s) suppressed in last 60 seconds] The defenses seems to be working (?): DoS mitigation since startup: 45482775 circuits rejected, 157 marked addresses. 2187600 connections closed. 993 single hop clients refused. ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] No exit at home !!!
Hi, for this post anon: > Roger say it right: No exit relay at home! > > I write this mail in anon because I had bad experience with that. I had > the experience to get visitors early in the morning from the police > department some months ago. After that I must by new computers... Can you provide us with more details such as country, ISP, what was the resolution of your bad experience (if any). Thanks, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] less than 3 bw auths available: self-measurement (with 10k cap in effect)
Hi, Roger Dingledine: > On Tue, Feb 27, 2018 at 06:47:00PM +, nusenu wrote: >> if your relays behave strangely in terms of bandwidth seen, than this >> might be due to the fact that there are less than 3 bw auth votes available. >> >> If you run a fast relay it is capped to 10k cw. >> >> This affects currently the 857 fastest relays. > > Yep! We had 4 running, but 2 of them had problems, and we need 3 > for the authorities to want to use the values from them. Perhaps it makes sense to do a call and add some more bandwidth authority relays during the upcoming meeting in Rome similar to the Montreal meeting. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests
Hi, Running for more than a week the alpha version 0.3.3.2 (git-7b1d356bdb76607d) the issue seems to be resolved. Heartbeat: Tor's uptime is 7 days 11:59 hours, with 19157 circuits open. I've sent 2372.16 GB and received 2372.27 GB. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests
Roger Dingledine: > On Wed, Feb 21, 2018 at 01:13:00PM +0000, Vasilis wrote: >> I see a number of warning log messages on a dedicated server: >> [WARN] Your computer is too slow to handle this many circuit creation >> requests! > > You get that warning message when there are too many create cells coming > in, and your relay ends up sending back preemptively destroy cells for > some of them. That is, it tries to estimate internally how long it will > take to handle the current queue of create cells, and if the queue gets > so big that the one that just arrived will take several seconds before > it can be processed, Tor just sends back a destroy cell instead, and > gives you this warn. > > The flood of circuits created by the ddos storm will be causing this > sort of warning sometimes. For example, my FreeBogatov relay gets 30-70 > million create requests per 6 hours, and when that number goes over > about 100 million, there are times where it can't keep up. > > (Careful though because the heartbeat message about number of circuits > does not count circuits that come from client connections. That is, the > circuits in the heartbeat count are only circuits that come via other > relays. So non-Guards are giving you a reasonably accurate count, and > Guards are leaving out an unknown number of circuits from their count, > and that unknown number could be quite large.) > > Ultimately, the fix needs to be that more and more relays upgrade to a > version of Tor tht includes the DDoS mitigation. One of the main goals > of the mitigation is not to help *your* relay in particular, since hey > maybe your relay is huge and it can keep up, but rather to slow down the > mass of circuits heading towards *other* relays after yours. > > That is, you need *other* relays to deploy the mitigation in order to > help you. > https://en.wikipedia.org/wiki/Herd_immunity Makes sense great explanation, thank you! Wasn't planning to stop running/administering any of the relays. >> Setting the NumCPUs option to the actual number of CPUs (2) didn't help. > > Are you sure you only have 2 cores? These days each cpu has many cores, > so a system with 2 cpus could easily have 8 cores. It's an old processor with 2 CPU and 1 core per CPU. >> Is this hardware really too old/slow to run a relay on one ethernet Gigabit >> link? > > Well, there are times where it isn't able to keep up. But if you turn > off the relay or turn down its capacity, then it will just increase the > load on the other relays. So I think we shouldn't worry too much about > these warnings during this period of overload. > > Oh, I guess I should ask: are you using 0.3.3.2-alpha or a version with > the ddos mitigation? If not, that's a clear next step. I 'll upgrade to the alpha version and closely monitor its activity. Thanks, ~Vasilis signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests
Hi, I see a number of warning log messages on a dedicated server: [WARN] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [27615 similar message(s) suppressed in last 60 seconds] The relay is running on a dedicated hardware with the following specifications: CPU: Intel(R) Xeon(TM) CPU 3.00GHz RAM: 6G Kernel: Linux 3.16.0-5-amd64 Tor version: 0.3.2.9 flags: Fast, Guard, HSDir, Running, Stable, V2Dir, Valid exit policy: reject *:* Setting the NumCPUs option to the actual number of CPUs (2) didn't help. Is this hardware really too old/slow to run a relay on one ethernet Gigabit link? Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Advocacy, Political & Artistic
Hello Kenneth, Kenneth Freeman: > I've recently touted establishing a Tor exit node at the inaugural Boise > organizing committee of the Democratic Socialists of America.> > The idea was considered esoteric, but such anonymity craft is useful for > activists of all stripes. > > Too, performing artists (neo-burlesque, LGBTQ comics, etc.), punks and > anarchists have also expressed interest in Tor. Thank you for running an exit relay. Anonymity is useful for all creatures. :) > I have been told that Tor is conceptually difficult to wrap your head > around, but these are useful mission fields. Any specifics on what is the conceptually difficulty to Tor? Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] So long and thanks for all the abuse complaints
Hello, Thanks to everyone that operates relays and jungles with the abuse complains. Indeed is a very cumbersome approach and people are getting easily/hard frustrated but at some point people are unfortunately decide that cannot operate any more these relays. From personal experience it really varies from ISP to ISP network and quite often many administrators and NOCs suspend or terminate the network services for a specific server, VM, device when they see abuse alerts even if there are automated (quite often SPAM) email reports. Suggestions: Do you think that it makes sense to co-ordinate and post a blog about the abuse reports, some countermeasures and explanations on why people should _perhaps_ not freak out when they receive automated abuse emails? Going a bit further we can categorize and catalog common automatic abuse emails sent to relays operators and a short explanation of this was counteracted. I'm sure there will be a website that does collect general ISP abuse emails but not only related to Tor relays. Some trac wiki pages were we may integrate this information to: https://www.torservers.net/wiki/abuse/templates https://trac.torproject.org/projects/tor/wiki/OperatorsTips https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs https://trac.torproject.org/projects/tor/wiki/doc/ISPCorrespondence Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New on relays and Tor
Hi Alfredo, Alfredo Bollati: > Hi all I just started investigating and getting involved with Tor project. > I have configured my router to port forwarding on one of its ports. Is > there a way or some steps to follow in order to confirm that my bandwidth > is being used by the relay? This mailing thread may be of use: http://archives.seul.org/or/relays/Aug-2010/msg00034.html Other ways that you can check the bandwidth usage of your relay is Atlas (https://atlas.torproject.org/) where you can search your relay's fingerprint note that the data presented there are not real time but may help to "visualize" easier some tor relay terminologies. Since your relays is new it's bandwidth is not going to be fully utilized read this blog post to find out about the lifecycle of a new relay in Tor: https://blog.torproject.org/lifecycle-new-relay Hope this helps. Thank you for running relays! Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Just got my first Abuse email :-)
Hello, I will suggest to first reply to the abuse email, rather than using a reduced exit policy. Many times ISPs or abuse email senders (even in automated abuse emails) are happy with any response that they can show to their upstream provider or abuse reporter. Dr Gerard Bulger: > So far I have had no abuse emails or complaints after two months on a new > server, using the longer suggested reduced policy list, but I do exclude 80, > which seems safer but limits the role as an exit. But 443 open. I closed > other potential abuse ports such as 22, 8080, 5900. > > It's not the complaints that worry me, but the reaction of the ISP with any > complaints, so best avoided until I can afford to be my own ISP. > > What are the risks of abuse reports in opening up a wide range of high port > numbers as an exit say 20,000-50,000? From: 'https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy' "Since bittorrent clients can be run on any port, and most of them pick random ports, every port you add to your exit policy increases the probability of a bittorrent client using your exit node to connect to a monitored peer that is listening on that port. This means that enabling ranges of ports is especially bad, unfortunately. Each new port adds 1/65535 (or even more if eg. the port numbers listen below are preferred to use for torrent traffic b/c they are well known now) to your risk of getting DMCA takedowns. The privileged ports (1-1024) have a smaller risk of getting DMCA takedowns." Also have a look at the IANA registered ports: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Registered_ports ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor t-shirts
TorGate: > Hi, my relays are coming up in the next month :-) > this relays are 2 vm-machines with the latest debian an the latest stable tor. > But is 25MB bandwith enough to an exit ? 25 Mbit/s or 25 MB/s (whichever you meant) is actually quite good bandwidth for an exit relay look at blutmagie (http://torstatus.blutmagie.de) for some bandwidth stats. Thanks for running relays! ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor t-shirts
Hi, TorGate: > Hi, how can i buy this t-shirt ? By donating to the Torproject: https://donate.torproject.org Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor t-shirts
Hello, During the last Tor meeting I asked some people about the Tor t-shirt situation and the big delays to processing and response and it seems that the situation has been resolved and person eligible for a t-shirt have either been notified or have already received them. Has everyone eligible for a Tor t-shirt got one already? Are there still people that are still waiting? Thank to everyone running/run Tor relays. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Monitoring multiple relays
Hi, DaKnOb: > It depends on what you consider “professional” monitoring. Do you mean > information collected, or how was it collected? By professional monitoring I mean a way to find out in a short time-span what was the reason for a relay that suddenly is disconnected from the Tor network, uses an outdated version of tor, performs badly on the Tor network, runs an outdated OS version, misses security updates or other crucial software that may compromise the Tor relays and subsequently the Tor network. Some important properties of this monitoring system: - Hardware issues: RAID/HD/hardware failures, kernel panic/OOM states - Software issues: OS updates, tor updates, security updates - Network issues: RBLs, IP blocking, upstream network issues - Abuse issues: Monitor of abuse emails per relay/network -sort of ticketing system for operators that are unwilling/don't know/have the capacity to track and respond to abuse emails (that most of the time are automated and just a 'foo' response back) - Legal issues: Initiating a canary-like or similar for relay operators that would like to be reached out when they don't provide any updates. I suspect this to have many false positives but better safe that sorry (quite often you are not allowed to speak openly about a legal issue until this is settled, in this part potential organizations may reach out to help operators) > Is measuring something from the tor process using bash scripts and cron > professional? > Is measuring network traffic using Prometheus and plotting to Grafana > professional? My "professional point of view" will be a system -preferably agent-less- that could ping operators via email and provide alert notifications on an IRC channel. > For a few nodes I control / controlled I measured lots of network info such > as: > > - Network Traffic in / out (b/s) > - Network Packets in / out (p/s) > - Network Flows in / out (f/s) > > And I always run a local resolver, so DNS info too: > > - Query Responses / Second > - Query Latency > - SERVFAILs / Second > > The DNS info was gathered only in one node, as an experiment, since I wasn’t > sure whether it could leak information, and only for a limited amount of > time. I share the same concerns with you so I'm not really interested in measuring DNS responses or collecting long-term stats that may leak sensitive information or potentially used to de-anomymize or compromise in any way (in ways that we don't know yet) the Tor network. ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Monitoring multiple relays
Hello, I'm reopening this thread as I would like to do some "professional" monitoring on my relays and working on a solution that could be helpful to other relay operators running few relays or don't want to go into the hassle of deploying a monitoring system. My idea is to deploy a monitoring system that can support monitoring not only for my relays and friends relays (people who trust me) but also to other relays that have no time or resources to monitor their relays. Any suggestions, thoughts, comments and especially a 'I/we did X and succeed/failed' are greatly appreciated. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] AccountingMax 48 GBytes is not working
Hi, Artur Pędziwilk: >> From: teor2...@gmail.com >> >> It is weird that your traffic figures are 5x the limit. >> We should fix this bug. >> >> Do you know which traffic figure is correct? >> (For example, from your provider's monitoring?) >> >> Did you intend to use the "max" AccountingRule or the "sum" rule? >> >> Does this issue occur after the first day as well? > > The high value is correct from according to other source metrics of metrics. > I intend to use the "max" as whatever comes first I wish to hibernate. The > issue occur randomly with different values of data and different hours but > just before hibernation the sum is that value + correct limit so it really > seems like traffic over obfs4proxy. > Not sure if it is correct to see that as a bug. I learn more, I leave that > public relay without obfs4proxy and I run additional instance just as bridge > relay with obfs4proxy and accounting enabled to check if counting is correct. Great let us know if the issue persists and/or you can reproduce it to the bridge relay that uses obfs4proxy as a ServerTransportPlugin. Thanks for running an extra bridge. :) Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Hi, aeris: > Currently, my server hosting kitten1 and kitten2 (tor guard and fallback > directory) is under seizure since 14/05 11h. Sorry to hear that! Could you please share some more information about the incident? Thanks, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays