Re: [tor-relays] Help! TOR Relat dead after upgrading Ubuntu to 18.04
I've had a similar situation in the past and my problem was that tor was actually running but not functional. Try pidof tor to see if it's running with another user. If yes, you can kill it and restart. Arisbe On 9/19/2018 10:56 AM, Felix wrote: Hi Ben Am 19.09.2018 um 13:56 schrieb Ben Riley: So I type 'tor' and get Sep 19 21:34:24.819 [notice] Tor 0.3.4.8 (git-5da0e95e4871a0a1) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0g, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3. Sep 19 21:34:24.819 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Sep 19 21:34:24.819 [notice] Read configuration file "/etc/tor/torrc". Sep 19 21:34:24.823 [notice] Based on detected system memory, MaxMemInQueues is set to 2862 MB. You can override this by setting MaxMemInQueues by hand. Sep 19 21:34:24.824 [notice] Scheduler type KIST has been enabled. Sep 19 21:34:24.824 [notice] Opening Socks listener on 127.0.0.1:9050 First listener to port 9050 for localhost Sep 19 21:34:24.824 [notice] Opening Control listener on 127.0.0.1:9051 Sep 19 21:34:24.824 [notice] Opening OR listener on 0.0.0.0:9001 Sep 19 21:34:24.824 [notice] Opening Directory listener on 0.0.0.0:9050 Second listener to port 9050 for all ips Sep 19 21:34:24.824 [warn] Could not bind to 0.0.0.0:9050: Address already in use. Is Tor already running?-- Your torrc wants tor to expect both socks AND directory requests at port 9050. Only one can. Check the torrc file and move the Dirport to 9030. Restart tor and check the log again if it works better. Somewhere should be the entry "Self-testing indicates your DirPort is reachable from the outside. Excellent." Same for Orport. If you dont't need socks you can change it to . I hope I got you right. Good luck! [] https://www.torproject.org/docs/tor-manual.html.en -- One person's moral compass is another person's face in the dirt. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Possible problem with NYX
Thanks for this added info--it helps. On 9/4/2018 9:36 AM, Damian Johnson wrote: Hi arisbe. This isn't as concerning as you seem to think. As Nathaniel mentions it's simple to get this information, Nyx is simply attempting to scrub it cuz... well, it's ethically and legally the right thing to do. Nyx's 'should this be scrubbed' check is pretty simple [1]. Inbound addresses are scrubbed if... 1. You're configured to accept user traffic (ie. you set BridgeRelay in your torrc or have receive the Guard flag). [2] 2. The connection doesn't belong to a another tor relay. [3] Does the relay show relay information such as a fingerprint? If so then it shouldn't be scrubbed. If it doesn't and you've set BridgeRelay in your torrc then please let us know on... https://trac.torproject.org/projects/tor/wiki/doc/nyx/bugs Thanks! -Damian (author of nyx and stem) [1] https://gitweb.torproject.org/nyx.git/tree/nyx/panel/connection.py#n230 [2] https://gitweb.torproject.org/stem.git/tree/stem/control.py [3] In particular, we check if the address/port is in the consensus. On Mon, Sep 3, 2018 at 1:13 PM, arisbe wrote: Hello ops, Today I noticed something on NYX that I find disturbing. Page 2 (list of inbound/outbound connections) showed me the IP address of an inbound connection on one of my bridges! Not the authority. This is crazy as these are indicated as :port for the users protection! I have never seen this before and haven't seen it since. Of course, on low usage bridges, the connection IP address can possibly be disseminated from netstat but that's not the point. It's my sense that this should never happen. I get chills imagining this happening on a guard relay operated by an antagonist ! ! I'm using the default NYX configuration on Ubuntu server 18.04.1 LTS, Tor 0.3.3.9. Arisbe -- One person's moral compass is another person's face in the dirt. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- One person's moral compass is another person's face in the dirt. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] SSH login attempts
Hello Marcus, On an ongoing basis, most of my relays get up to 4000 attempts each day. It's standard practice I guess! Many, many are from just a few IP addresses. The rest are just a few per IP address. Occasionally, I will go beyond the fail2ban "ban" and block an IP address in iptables via ufw. I then unblock that IP address in a week or two. I set fail2ban for long blocks maybe up to 12 hours (43000-seconds). So, harden your operating system as best you can. SSH works but disable the password entry, X11, etc. if possible. This is always safe if your provider has a dashboard for you to use as a secondary access to the server. I change my SSH port number but that only slows the professionals my minutes or seconds. Remember to change the fail2ban SSH port number if you do that. Your host provider should have DDoS protection for his/her entire plant. And don't sweat it! Learn from the experiences. On 9/4/2018 5:35 AM, Marcus Wahle wrote: Dear all, Since 14:00 my logs (middle node) are spamed with around 100 faild ssh login attemps from different ips. Is there anybody else affected? Best regards Marcus ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- One person's moral compass is another person's face in the dirt. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Multi node management programs/platforms?
For me, 8. On 9/3/2018 8:42 PM, I wrote: How many relays do you do that to? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- One person's moral compass is another person's face in the dirt. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Possible problem with NYX
Hello ops, Today I noticed something on NYX that I find disturbing. Page 2 (list of inbound/outbound connections) showed me the IP address of an inbound connection on one of my bridges! Not the authority. This is crazy as these are indicated as :port for the users protection! I have never seen this before and haven't seen it since. Of course, on low usage bridges, the connection IP address can possibly be disseminated from netstat but that's not the point. It's my sense that this should never happen. I get chills imagining this happening on a guard relay operated by an antagonist ! ! I'm using the default NYX configuration on Ubuntu server 18.04.1 LTS, Tor 0.3.3.9. Arisbe -- One person's moral compass is another person's face in the dirt. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
Children should be seen and not herd. The opposite goes for Tor relays. Arisbe On 8/30/2018 2:11 PM, Nathaniel Suchy wrote: So this exit node is censored by Turkey. That means any site blocked in Turkey is blocked on the exit. What about an exit node in China or Syria or Iraq? They censor, should exits there be allowed? I don't think they should. Make them relay only, (and yes that means no Guard or HSDir flags too) situation A could happen. The odds might not be in your favor. Don't risk that! Cordially, Nathaniel Suchy On Thu, Aug 30, 2018 at 3:25 PM grarpamp <grarp...@gmail.com> wrote: This particular case receiving mentions for at least a few months... D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 The relay won't [likely] be badexited because neither it nor its upstream is shown to be doing anything malicious. Simple censorship isn't enough. And except for such limited censorship, the nodes are otherwise fully useful, and provide a valuable presence inside such regions / networks. Users, in such censoring regimes, that have sucessfully connected to tor, already have free choice of whatever exits they wish, therefore such censorship is moot for them. For everyone else, and them, workarounds exist such as,,, https://onion.torproject.org/ http://yz7lpwfhhzcdyc5y.onion/ search engines, sigs, vpns, mirrors, etc Further, whatever gets added to static exitpolicy's might move out from underneath them or the censor, the censor may quit, or the exit may fail to maintain the exitpolicy's. None of which are true representation of the net, and are effectively censorship as result of operator action even though unintentional / delayed. Currently many regimes do limited censorship like this, so you'd lose all those exits too for no good reason, see... https://ooni.torproject.org/ https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country And arbitrarily hamper spirits, tactics, and success of volunteer resistance communities and operators in, and fighting, such regimes around the world. And if the net goes chaotic, majority of exits will have limited visibility, for which exitpolicy / badexit are hardly manageable solutions either, and would end up footshooting out many partly useful yet needed exits as well. If this situation bothers users, they can use... SIGNAL NEWNYM, New Identity, or ExcludeExitNodes. They can also create, maintain and publish lists of whatever such classes of nodes they wish to determine, including various levels of trust, contactability, verification, ouija, etc... such that others can subscribe to them and Exclude at will. They can further publish patches to make tor automatically read such lists, including some modes that might narrowly exclude and route stream requests around just those lists of censored destination:exit pairings. Ref also... https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit In the subect situations, you'd want to show that it is in fact the exit itself, not its upstream, that is doing the censorship. Or that if fault can't be determined to the upstream or exit, what would be the plausible malicious benefit for an exit / upstream to block a given destination such that a badexit is warranted... a) Frustrate and divert off 0.001% of Turk users smart enough to use tor, chancing through tor client random exit selection of your blocking exit, off to one of the workarounds that you're equally unlikely to control and have ranked, through your exit vs one of the others tor has open? b) Prop up weird or otherwise secretly bad nodes on the net, like the hundreds of other ones out there, for which no badexit or diverse subscription servic
Re: [tor-relays] Shutdown by ISP / Hoster? [was Albania]
That's good advice--I appreciate you messaging that. Is unfortunate that I'm in Seattle USA and Albania Hosting is not. Keep up the positive thoughts! On 8/15/2018 6:31 PM, grarpamp wrote: When these ISP's give their shutdowns and excuses, regardless of size of ISP, you could in turn... - Offer to work there, they probably need the help, and you get something from the experience. - Start your own, customers probably need the services, and would be willing to pay. Why vote with only your own customer dollars, when you can add your brain and voice into the production. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Albania Hosting suspended my two relays
Greetings Tor Users, I wanted to pass along the death of two of my relays, one was a fallback directory and one exit, both on VPS hardware operated by Albania Hosting sh. a. I successfully operated the guard/middle node for three years without an abuse report. [0] Based on that success, I asked and was granted permission to operate an exit relay. [1] That relay went six months before the first abuse report. I responded to the first report promptly reviewing logs, checking for intrusion, etc. The second abuse report got me suspended. Both abuse reports were of the automated type. I did not see the second report until after suspension and by requesting it be forwarded. In the second instance there was reported one ftpd attack attempt over a period of 3600 seconds. Apparently, no further attempts were made. I was the first Tor relay in Albania and the first Tor exit relay as well so I'm very sad that this will end. I think the issue with Albania Hosting was not so much the automated abuse reports but the inconvenience dealing with me. To quote a recent Hosting email: "Actually we will not fight with such abuses, it is really not worth any penny." So, RIP... [0] TorNodeAlbania D3E5EDDBE5159388704D6785BE51930AAFACEC6F [1] TorExitAlbania 516D1B9E22484202322828D8CAC30325030017E2 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Nyx 2.0.4-4 on armhf - Python3 error
So, where do we find distutils? It doesn't load with apt-get install or pip install on either ubuntu or debian. What dicroty is it in? On 7/27/2018 11:50 AM, Damian Johnson wrote: Hi Paul. Distutils should be a python builtin. Per chance did you compile python yourself? If so then that can sometimes exclude modules we expect to be there (like compression libs). On Fri, Jul 27, 2018 at 8:57 AM, Paul wrote: I try to run Nyx on Linux 4.9.80-Re4son-v7+ #1 SMP Thu Apr 26 17:45:16 CDT 2018 armv7l getting following after start: Traceback (most recent call last): File "/usr/bin/nyx", line 11, in load_entry_point('nyx==2.0.4', 'console_scripts', 'nyx')() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 476, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2700, in load_entry_point return ep.load() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2318, in load return self.resolve() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2324, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "/usr/lib/python3/dist-packages/nyx/__init__.py", line 46, in import distutils.spawn ModuleNotFoundError: No module named 'distutils.spawn' Could somebody show me a way to solve this and get Nyx running? Thanks Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Something strange noticed on tor metrics
Upgrading the Tor distros took two of my bridges down. They were operational and tor --version reported the upgrade but NYX showed I was not current. Metrics deleted my bridges until I got them working properly. It took several restarts to make things happy. Strangely, several bridges had no problems. On 7/27/2018 4:40 PM, Keifer Bly wrote: Hello, So today I w as checking my relay on tor metrics https://metrics.torproject.org/networksize.html I noticed something strange, according to the graph, the number of bridges seems to have suddenly completely dropped to zero (the bridges line just after “2018-07”) and now slowly climbing back up. I am wondering did something happen that knocked all of the bridges offline? It seemed strange so I just thought I would report. Thank you. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge relays should upgrade to use the new bridge authority
The other issue is why these two bridges don't show up on Tor Metrics. Hamlet and Othello On 7/23/2018 1:02 AM, nusenu wrote: arisbe: On 7/22/2018 11:59 PM, nusenu wrote: arisbe: Two of my bridges (not all) show the same response: hamlet@v3460:~$ tor --version Tor version 0.3.3.9 (git-ca1a436fa8e53a32). hamlet@v3460:~$ Thanks for looking at this discrepancy. is NYX showing the same version? nyx shows the old Tor that was upgraded Tor 0.3.1.9 if not: did you restart tor after upgrading? When I saw the version discrepancy and also noticed no metrics data, I restarted Tor and then went further and rebooted linux. Everything stayed the same. I see users on both bridges and also see Bifroest communicating with both. if nyx still says you run 0.3.1.9 and NOT 0.3.3.9 - even after a restart than you might want to look into your tor installations and PATHs ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge relays should upgrade to use the new bridge authority
On 7/22/2018 11:59 PM, nusenu wrote: arisbe: Two of my bridges (not all) show the same response: hamlet@v3460:~$ tor --version Tor version 0.3.3.9 (git-ca1a436fa8e53a32). hamlet@v3460:~$ Thanks for looking at this discrepancy. is NYX showing the same version? nyx shows the old Tor that was upgraded Tor 0.3.1.9 if not: did you restart tor after upgrading? When I saw the version discrepancy and also noticed no metrics data, I restarted Tor and then went further and rebooted linux. Everything stayed the same. I see users on both bridges and also see Bifroest communicating with both. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge relays should upgrade to use the new bridge authority
Two of my bridges (not all) show the same response: hamlet@v3460:~$ tor --version Tor version 0.3.3.9 (git-ca1a436fa8e53a32). hamlet@v3460:~$ Thanks for looking at this discrepancy. On 7/22/2018 12:36 AM, nusenu wrote: When I check with tor --version, I get a reply that is the current software please paste the output of that command ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge relays should upgrade to use the new bridge authority
Hello tor-relay folks, I'm confused--not a new thing but likely that this group can help this time. After Roger's email below, I updated my Tor bridges to current. Strangely, NYX reports that they are the "un-recommended" release. When I check with tor --version, I get a reply that is the current software. Additionally, my bridges don't display when I enter their hashed footprint into Tor Metrix. They always have before. What goes on? Arisbe On 7/14/2018 1:33 PM, Roger Dingledine wrote: Hi folks! If you run a bridge relay, please upgrade -- so your bridge address can resume being given out to censored users, and so your stats can resume being included in the metrics pages. We just put out new releases (0.2.9.16, 0.3.2.11, 0.3.3.9, 0.3.4.5-rc) that retire the old bridge authority and start using a new one. The new bridge authority is "Serge", and it is operated by George from the Tor BSD Diversity project: https://lists.torproject.org/pipermail/tor-announce/2018-July/000162.html If for whatever reason you can't upgrade yet, you can also manually switch to advertising your bridge descriptor to the new bridge authority by using this torrc line: AlternateBridgeAuthority Serge orport=9001 bridge 66.111.2.131:9030 BA44 A889 E64B 93FA A2B1 14E0 2C2A 279A 8555 C533 Thanks! --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] IPv6 and bridges
Hello to you all, Question: Is there a point to adding IPv6 addresses to the ORPorts of my bridges? Will they then operate somewhat in the fashion of guards without published metrics? Any info would be helpful. Arisbe ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Problem implementing IPv6 and NYX info
Thank you Roman for quick reply. I had typo on ORPort address that but just in this email. My ISP at home and work does not pass Ipv6 so I am not able to ping/trace. I think I don't have the resources to work this problem to satisfactory conclusion so I'm still looking for suggestions. Your advice regarding working out the IPv6 problem before integrating Tor was wise. That is the direction I will take. On 7/1/2018 11:34 AM, Roman Mamedov wrote: Hello, In /etc/network/interfaces you set your IP to address 2a06:1700:0:1b:: which is equivalent of 2a06:1700:0:1b:0:0:0:0, or also 2a06:1700:0:1b::0. But then in torrc you use: ORPort [2a06:1700:0:1b::1]:9001 From your configs, this is your upstream gateway IP, not IP of your actual machine. So this configuration is incorrect. Also generally it is adviced against using the all-zeroes IP (which you chose), it has some special properties and some software may not support it properly. Assuming the entire /64 is assigned to you by the host and the gateway is ..::1 in it, it's a fine idea to use ..::2, or just whatever IP other than the ..::0. Finally though, neither your gateway nor your machine at its present IP seem to be reachable from the Internet at the moment. Verify that IPv6 works properly with ping/trace/curl/wget before trying to use it with more complex apps such as Tor. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Problem implementing IPv6 and NYX info
This year I've modified most of my exit relays to function as IPv6 in/out. The process was easy with the exception of two [0], [1]. I requested and received an IPv6 address, netmask and gateway from these ISPs. I then modified my /etc/network/interfaces file as follows leaving the IPv4 lines in tack: iface eth0 IPv6 static address 2a06:1700:0:1b:: netmask 64 gateway 2a06:1700:0:1b::1 ip addr shows the IPv6 address as global. I added a single line to torrc following the IPv4 line: ORPort 9001 ORPort [2a06:1700:0:1b::1]:9001 After a restart, both relays ramped up to a volume of connections where I was comfortable that the changes were good. Visiting them 12 hours later I find connections in the few hundred and no flags. About half of the connections were from non-Tor servers. The Tor daemon was running and had a PID. Logs showed the relay operational and nothing peculiar. Tor metrics shows the relay as down. I've commented out the IPv6 ORPort line to get both of these exits going again. The procedure I outlined has worked four other times for me. So what gives? Can anyone steer me toward the problem? And, finally, a quick question: Does NYX display incoming and outgoing IPv6 relay information? I assume ARM does not. Arisbe [0] [4061C553CA88021B8302F0814365070AAE617270] [1] [9B31F1F1C1554F9FFB3455911F82E818EF7C7883] ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] A general question for relay operators
Hello George and all, When I was learning to implement Tor I had difficulty wading through the web pages for information. Some pages were obsolete, some poorly maintained (think Tor flow or good/bad hosting companies). The Tor manual is just a huge list of Tor terminology with no aids to help find things. The Tor project site has no site map. I still occasionally have the same problems when I try to find something. I found this very discouraging as I tried to grow my first Tor node without a live person to help me. I can imagine how daunting this would be to someone also trying to learn linux. Hey, thanks so much for asking. I appreciate your interest. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new Tor exit
Hello Jordan, Thanks so much for the reminder. I think I am caught up as far as family fingerprints in torrc. But I'll check them all. On 3/14/2018 11:23 PM, Jordan wrote: Hi Arisbe, Thanks for running relays! If you're running multiple relays (as you've suggested) it's important to run then under the same family, see https://www.torproject.org/docs/faq.html.en#MultipleRelays. In regards to new relay usage, see https://blog.torproject.org/lifecycle-new-relay On 03/14/2018 11:03 PM, Arisbe wrote: Hello all, I rolled out a new Tor exit [0] this morning West Coast U.S. time. It's special to me because I've negotiated the trust of a host company in Albania. I was the first Tor relay in that country and now I'm the first exit relay there. This trust took me a year to establish. I run a number of relays-both exit and non-exit. I run a dozen bridges for people that need the ISP connectivity. I host classes in Southwest Washington State to teach ordinary people how to be safe while they're on the internet. I teach high-school pupils how to set up and operate Tor relays. Here is my problem: The aforementioned relay has been on for nearly 24-hours and not a single user has frequented my doorsteps. I have had seven of the nine authorities parked in this node for most of the time but no inbound connections (except for those referenced and two hackers) and no outbound or exit connections. There is nothing technically wrong with the installation so what gives. I this an issue of administrative paperwork? While I am very supportive of Tor, I am not with unlimited patience. I have a job, wife and kids and money pit house to maintain. Thanks for giving me a bit of advice to make this guy blossom. If I don't understand, I apologize to all. Arisbe [0] 516D1B9E22484202322828D8CAC30325030017E2 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new Tor exit
I appreciate the reminder. I think we are okay. Arisbe On 3/14/2018 11:23 PM, Jordan wrote: Hi Arisbe, Thanks for running relays! If you're running multiple relays (as you've suggested) it's important to run then under the same family, see https://www.torproject.org/docs/faq.html.en#MultipleRelays. In regards to new relay usage, see https://blog.torproject.org/lifecycle-new-relay On 03/14/2018 11:03 PM, Arisbe wrote: Hello all, I rolled out a new Tor exit [0] this morning West Coast U.S. time. It's special to me because I've negotiated the trust of a host company in Albania. I was the first Tor relay in that country and now I'm the first exit relay there. This trust took me a year to establish. I run a number of relays-both exit and non-exit. I run a dozen bridges for people that need the ISP connectivity. I host classes in Southwest Washington State to teach ordinary people how to be safe while they're on the internet. I teach high-school pupils how to set up and operate Tor relays. Here is my problem: The aforementioned relay has been on for nearly 24-hours and not a single user has frequented my doorsteps. I have had seven of the nine authorities parked in this node for most of the time but no inbound connections (except for those referenced and two hackers) and no outbound or exit connections. There is nothing technically wrong with the installation so what gives. I this an issue of administrative paperwork? While I am very supportive of Tor, I am not with unlimited patience. I have a job, wife and kids and money pit house to maintain. Thanks for giving me a bit of advice to make this guy blossom. If I don't understand, I apologize to all. Arisbe [0] 516D1B9E22484202322828D8CAC30325030017E2 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new Tor exit
Holy Cow! The new Toe exit I just crabbed about just took off. My apologies everyone! (23:39 PDT) Arisbe On 3/14/2018 11:03 PM, Arisbe wrote: Hello all, I rolled out a new Tor exit [0] this morning West Coast U.S. time. It's special to me because I've negotiated the trust of a host company in Albania. I was the first Tor relay in that country and now I'm the first exit relay there. This trust took me a year to establish. I run a number of relays-both exit and non-exit. I run a dozen bridges for people that need the ISP connectivity. I host classes in Southwest Washington State to teach ordinary people how to be safe while they're on the internet. I teach high-school pupils how to set up and operate Tor relays. Here is my problem: The aforementioned relay has been on for nearly 24-hours and not a single user has frequented my doorsteps. I have had seven of the nine authorities parked in this node for most of the time but no inbound connections (except for those referenced and two hackers) and no outbound or exit connections. There is nothing technically wrong with the installation so what gives. I this an issue of administrative paperwork? While I am very supportive of Tor, I am not with unlimited patience. I have a job, wife and kids and money pit house to maintain. Thanks for giving me a bit of advice to make this guy blossom. If I don't understand, I apologize to all. Arisbe [0] 516D1B9E22484202322828D8CAC30325030017E2 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] new Tor exit
Hello all, I rolled out a new Tor exit [0] this morning West Coast U.S. time. It's special to me because I've negotiated the trust of a host company in Albania. I was the first Tor relay in that country and now I'm the first exit relay there. This trust took me a year to establish. I run a number of relays-both exit and non-exit. I run a dozen bridges for people that need the ISP connectivity. I host classes in Southwest Washington State to teach ordinary people how to be safe while they're on the internet. I teach high-school pupils how to set up and operate Tor relays. Here is my problem: The aforementioned relay has been on for nearly 24-hours and not a single user has frequented my doorsteps. I have had seven of the nine authorities parked in this node for most of the time but no inbound connections (except for those referenced and two hackers) and no outbound or exit connections. There is nothing technically wrong with the installation so what gives. I this an issue of administrative paperwork? While I am very supportive of Tor, I am not with unlimited patience. I have a job, wife and kids and money pit house to maintain. Thanks for giving me a bit of advice to make this guy blossom. If I don't understand, I apologize to all. Arisbe [0] 516D1B9E22484202322828D8CAC30325030017E2 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Cloud question
Thank you for the information. It's very helpful. On 3/10/2018 5:41 AM, Gary wrote: Hello, On 10 March 2018 at 04:48, Arisbe <ari...@cni.net> wrote: Simple question: Do Tor middle relays and bridges work on cloud systems? I use AWS, I and it is fine, they also have a fat internet connection :-). Amazon have EC2 and Lightsail. EC2 is more for hosting many servers/VM's, Lightsail is basically the same thing but a bit easier to use. AWS have a years free trial, but I think its limited to 30GB data transfer a month. I have never received any abuse emails relating to tor, and looking through Atlas/Relay Search there appears to be others using AWS as well. One thing to watch out for Data Usage, make sure you set accountingmax in torrc. They get many SSH login attempts - On EC2 take the time to set up Security Groups correctly and on Lightsail you can simply disable access to port 22, re enabling it only when you want to connect. I have tried the other big cloud providers. Microsoft Azure plays better with Linux then you might expect but is far from perfect. Google Cloud is just far too complicated for running one or two VM's, but all three have free trial periods. Make the most of these to find a service you like, remembering to set accountingmax in torrc to avoid getting a fat data bill at the end of the month. There are also other providers, of course they vary from very tor friendly to not at all and from cheap expensive. Hope this helps. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Cloud question
Gentlemen / Ladies, Simple question: Do Tor middle relays and bridges work on cloud systems? Thanks for the intelligence. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] bridge behavior question
Hello all, I have run a number of Tor nodes for five years but I started adding a few bridges last year. I have one bridge recently installed on a lease VPS that has not reported a single inbound connection in over 40 days (except for Bifroest hanging out). I see up to 4 outbound connections and usually see between 4 and 14 circuits. The IP tables are correct and torrc is copied from successful bridges except for IP address. The Tor version is 0.2.9.14 and the OS is debian 9.0 (stretch). I'm running obfs4proxy. I set ORPort 9001 and ORPort [IPv6]:9001. Tor | Metrics reports Advertised Bandwidth = 8.0 KiB/s for this bridge. Tor | Metrics reports Advertised Bandwidth for another working bridge I have with the same hosting company at 598.7 KiB/s. I suspect this variation is due to lack of connections by the unused bridge. I loaded a speed checker and it reported 72-Mb/s. Can anyone give me some steerage to help me get this bridge productive? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] bridge questions
Hello Tor users, I have several quick question: Can bridges use an IPv6 ORPort? Is there any advantage to adding this to my bridges? Has anyone actually seen IPv6 connections on a bridge? Thanks for the feedback... ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Increased cpu usage
I'm getting increased cpu usage also. On some VPSs I've had to reduce bandwidth a little. On 1/17/2018 2:50 AM, Florentin Rochet wrote: Hello, I upgraded 4 exits yesterday and apart from one of them suffering a DDoS, I don't observe any large CPU increase. Maybe your upgrade coincides with the recent overload of create cells? https://trac.torproject.org/projects/tor/ticket/24716 Worth to keep an eye on it, anyway. Best, Florentin On 2018-01-17 11:30, r1610091651 wrote: Hi AFter upgrade from 3.1.9 to 3.2.9, I've noticed that the cpu usage doubled for same throughput / conditions. Is anyone else seeing that too? Regards ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] nyx no connections shown
I installed nyx on several on my smaller non-exit/guard relays. I'm hopeful this will replace the problems I have with arm but I'm finding a number of issues: 1) nyx is way slow to start up. Sometimes taking 20 seconds to come visible. The contacts page (page 2) does come up eventually but sometimes takes 10 minutes; 2) the inbound and outbound connections on page two are listed by IP only and not sorted by inbound/outbound; 3) IP addresses do not have country identification but rather all just have (??); 4) nyx rejects some of the options in nyxrc. Specifically, I had to # out tor_chroot, color_override and logged_events. I had to specifically enter options for connection_order as nyx did not recognize the default value. nyx did not recognize the values for logged_ events or config_order when typed in; 5) There is no man page for nyx. Thanks so much for your effort on this project. I'm sorry to be the bearer of a bad feedback. Don't kill the messenger! On 1/15/2018 11:55 AM, Uli wrote: Hi Steffen do you tried any other monitoring tool? the onion box or something else, maybe. perhaps this will give us a hint, if nyx or tor is buggy ... greetings Uli Am 15.01.2018 um 20:40 schrieb TorGate: Hi again, the same issue again. after couple of times, no connections shown on page 2 in nyx. connection is via ssh. (FreeBSD 11.1-RELEASE) Tor 0.3.1.9 (recommended) hm no ideas ? :-) regards Steffen Am 14.01.2018 um 21:01 schrieb TorGate: is working again :-) Am 14.01.2018 um 16:39 schrieb TorGate : I have also restartet tor but isnt working. There are no connections shown. system is freebsd and py2.7 Ideas ??? Am 14.01.2018 um 12:26 schrieb TorGate : Hi, i have 2 new relais running and have also installed nyx. When i go to the page 2 in nyx is there no connection. But my network show me over 4000 tor connections . What is the issue with nyx on my torservers ? TorGate torgate(at)linux-hus.dk ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays TorGate torgate(at)linux-hus.dk ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Fwd: Re: Become a Fallback Directory Mirror
Both of my relays listed below have the Dirport enabled on port 9030. Forwarded Message Subject: Re: [tor-relays] Become a Fallback Directory Mirror Date: Wed, 20 Dec 2017 17:49:49 -0800 From: Arisbe <ari...@cni.net> To: teor <teor2...@gmail.com> Hello Tim, You have two of my relays as fallback directories already. I have two others located in Moldova that meet your requirements. They are at a very understanding host and relays are not in danger of cancellation. Please check: [178.17.174.14], hashed fingerprint: B06F093A3D4DFAD3E923F4F28A74901BD4F74EB1 [178.17.170.156], hashed fingerprint: 41C59606AFE1D1AA6EC6EF6719690B856F0B6587 My personal thanks for your efforts on behalf of the Tor project. Happy holidays, Larry Brandt On 12/20/2017 3:50 PM, teor wrote: Dear Relay Operators, Do you want your relay to be a Tor fallback directory mirror? Will it have the same address and port for the next 2 years? Just reply to this email with your relay's fingerprint. If your relay is on the current list, you don't need to do anything. If you're asking: Q: What's a fallback directory mirror? Fallback directory mirrors help Tor clients connect to the network. For more details, see [1]. Q: Is my relay on the current list? Search [2] and [3] for your relay fingerprint or IP address and port. [2] is the current list of fallbacks in Tor. [3] is used to create the next list of fallbacks. Q: What do I need to do if my relay is on the list? Keep the same IP address, keys, and ports. Email tor-relays if the relay's details change. Q: Can my relay be on the list next time? We need fast relays that will be on the same IP address and port for 2 years. Reply to this email to get on the list, or to update the details of your relay. Once or twice a year, we run a script to choose about 150-200 relays from the potential list [3] for the list in Tor [2]. Q: Why didn't my relay get on the list last time? We check a relay's uptime, flags, and speed [4]. Sometimes, a relay might be down when we check. That's ok, we will check it again next time. It's good to have some new relays on the list every release. That helps tor clients, because blocking a changing list is harder. Q: What about the current relay DDoS? We don't think the DDoS will have much impact on the fallback list. If your relay is affected, please: * make sure it has enough available file descriptors, and * set MaxMemInQueues to the amount of RAM you have available per tor instance (or maybe a few hundred MB less). We're also working on some code changes. See [5] for more details. [1]: https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors [2]: https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc [3]: https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist [4]: https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_2017-05-16-0815-09cd78886.log [5]: https://lists.torproject.org/pipermail/tor-relays/2017-December/013881.html -- Tim / teor PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] warning messages
Hello All, In recent weeks I have noticed some warning messages on several of my VPS relays [1], [2]. "20:48:48.000 [warn] Tried to establish rendezvous on non-ORcircuit with purpose Acting as rendevous (pending)" I get these in modest numbers as (97 hidden). Is this a characteristic of the guard relay abuse issue? Thanks for some advice. [1] 9B31F1F1C1554F9FFB3455911F82E818EF7C7883 [2] B06F093A3D4DFAD3E923F4F28A74901BD4F74EB1 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Metrics issue
I looked up my relays and bridges on Atlas using their nickname, IP address or fingerprint. I bookmarked these look-ups so that I could easily access the Atlas data for my nodes going forward. I took the same tack with Tor|Metrics: I navigated Home>>Services>>Relay Search>>(node ID) This route works for my relays and I am able to, once again, bookmark each for convenience. However, this does not work for my bridges. They give me an error message. I'm wondering if there is another route to them or if the data for bridges is simply missing. Thanks for the help with this, Arisbe On 11/24/2017 11:31 PM, teor wrote: On 25 Nov 2017, at 17:36, Arisbe <ari...@cni.net> wrote: In the immediate past I monitored both my relays and my bridges through atlas. So, now with Tor Metrics, I don't see my bridges. Am I doing something wrong or are they not in the data base? How do you search for your relays and bridges? T ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Metrics issue
On 25 Nov 2017, at 17:36, Arisbe <ari...@cni.net> wrote: In the immediate past I monitored both my relays and my bridges through atlas. So, now with Tor Metrics, I don't see my bridges. Am I doing something wrong or are they not in the data base? How do you search for your relays and bridges? T On 11/24/2017 11:31 PM, teor wrote: On 25 Nov 2017, at 17:36, Arisbe <ari...@cni.net> wrote: In the immediate past I monitored both my relays and my bridges through atlas. So, now with Tor Metrics, I don't see my bridges. Am I doing something wrong or are they not in the data base? How do you search for your relays and bridges? T ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Atlas is now Relay Search!
Hello All, I use to review my bridges as well as my relays on Atlas. Now I don't find my bridges on nyx. Is this something I'm doing wrong? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor-arm failure
Hello people, I'm not a python programmer so I need some help with a problem. I have a number of Tor nodes and some bridges. Occasionally, when I install tor_arm I get a divide by zero message as follows: Exception in thread Thread-69: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner selt.run() File "/usr/share/arm/util/sysTools.py", line 517, in runnewValues["cpuAvg"] = total CpuTime / uptime ZeroDivisionError: integer division or modulo by zero Exception in thread Thread-70 .. I'm running debian jessie in this most recent example. 2 G memory, 20 G hdd. This is a bridge with only some daily use but typically 10-12 circuits. Does someone have experience debugging this problem? Thanks! ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 100K circuit request per minute for hours killed my relay
I was under the impression that HidServDirectoryV2 was an obsolete config option. I run 0.2.9.11 On 7/21/2017 3:42 AM, Scott Bennett wrote: Vortwrote: Your message prompted me to check logs, and on one relay I see the following: Similar thing for me: Jul 19 00:08:27.000 [notice] Circuit handshake stats since last time: 3571/3571 TAP, 41180/41180 NTor. Jul 19 06:08:27.000 [notice] Circuit handshake stats since last time: 2054/2054 TAP, 29181/29181 NTor. Jul 19 12:08:28.000 [notice] Circuit handshake stats since last time: 2773/2773 TAP, 26497/26497 NTor. Jul 19 18:08:28.000 [notice] Circuit handshake stats since last time: 3970/3970 TAP, 31344/31344 NTor. Jul 20 00:08:28.000 [notice] Circuit handshake stats since last time: 4096/4096 TAP, 41730/41730 NTor. Jul 20 06:08:28.000 [notice] Circuit handshake stats since last time: 18285/18285 TAP, 54102/54102 NTor. Jul 20 12:08:28.000 [notice] Circuit handshake stats since last time: 61136/61386 TAP, 378196/378339 NTor. Jul 20 18:08:29.000 [notice] Circuit handshake stats since last time: 73297/73688 TAP, 566708/566892 NTor. Jul 21 00:08:29.000 [notice] Circuit handshake stats since last time: 67165/67830 TAP, 572685/572851 NTor. Jul 21 06:08:29.000 [notice] Circuit handshake stats since last time: 31988/32138 TAP, 521455/521536 NTor. Jul 21 12:08:29.000 [notice] Circuit handshake stats since last time: 5523/5523 TAP, 222378/222432 NTor. Also there are too much "[warn] assign_to_cpuworker failed. Ignoring." lines in the logs. This sort of thing has been going on for many years. I used to refer to it as "mobbing". As nearly as I was ever able to determine, the behavior is an unintended consequence of hidden services. I found that I could greatly reduce the frequency of occurrence, but *not* to zero, by setting HidServDirectoryV2 0 in my torrc file. My tentative conclusion was that the majority of these events are cases in which a relay has been selected as an HSDir to which a hidden service descriptor has been posted for a very popular hidden service, so by refusing to be a hidden service directory mirror, those cases can be eliminated. I never had a very satisfying hypothesis to explain the remaining minority of cases. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor CPU usage
Sorry, I didn't read on No CPU masking in place. Then too, its hard to tell if this is 2 CPUs or hyperthreading. As you suggest, I will try commenting out CPUsNum 2. Sorry about two emails. Larry B On 6/29/2017 6:11 PM, teor wrote: On 30 Jun 2017, at 04:52, Arisbe <ari...@cni.net> wrote: I have a small Tor exit relay (VPS) running at +90% CPU capacity. What version of Tor? Has this only happened recently? Did you upgrade your Tor version? Are you running a caching DNS server? Memory usage is negligible. I am unable to launch ARM as the single CPU cannot process both Tor and arm. Traffic is mostly high for a small node. I have CPUsNum set at 2 in my torrc from its original setup. Have you tried removing this from your torrc? However, pidstat 5 -p shows that only 1 CPU is employed. lscpu shows that the VPS is allotted 2 cpus. 2 cores, or hyperthreading on the same core? Do you have any CPU masking options set? Tor uses threads, rather than using multiple processes. CPU speed is around 2.44 M. I'm hoping someone has some experience with this issue and can give me advice. This is what I'd expect for a relay. Cryptography is expensive. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor CPU usage
Thank you Tim for your response. I am running Tor 0.2.9.11 on ubuntu linux. I have not implemented a caching DNS at this point and may not do so. I'm not sure how this problem progressed but I notices that arm was slower and more difficult to call up in recent weeks. This is not an old exit. It's been running about 10 weeks. A recent back down of bandwidth did little to resolve the problem. I get the sense that Tor will not use the second CPU since I tried to reset the server recently. nothing else on the VPS uses more that 0.8% of CPU. Unlikely that it will help but the fingerprint of this relay is B06F093A3D4DFAD3E923F4F28A74901BD4F74EB1 Torexitmoldova. Thanks so much for your interest. Larry On 6/29/2017 6:11 PM, teor wrote: On 30 Jun 2017, at 04:52, Arisbe <ari...@cni.net> wrote: I have a small Tor exit relay (VPS) running at +90% CPU capacity. What version of Tor? Has this only happened recently? Did you upgrade your Tor version? Are you running a caching DNS server? Memory usage is negligible. I am unable to launch ARM as the single CPU cannot process both Tor and arm. Traffic is mostly high for a small node. I have CPUsNum set at 2 in my torrc from its original setup. Have you tried removing this from your torrc? However, pidstat 5 -p shows that only 1 CPU is employed. lscpu shows that the VPS is allotted 2 cpus. 2 cores, or hyperthreading on the same core? Do you have any CPU masking options set? Tor uses threads, rather than using multiple processes. CPU speed is around 2.44 M. I'm hoping someone has some experience with this issue and can give me advice. This is what I'd expect for a relay. Cryptography is expensive. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor CPU usage
I have a small Tor exit relay (VPS) running at +90% CPU capacity. Memory usage is negligible. I am unable to launch ARM as the single CPU cannot process both Tor and arm. Traffic is mostly high for a small node. I have CPUsNum set at 2 in my torrc from its original setup. However, pidstat 5 -p shows that only 1 CPU is employed. lscpu shows that the VPS is allotted 2 cpus. CPU speed is around 2.44 M. I'm hoping someone has some experience with this issue and can give me advice. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Fwd: 2017-06-07 15:37: 65 new tor exits in 30 minutes
To All, Seems like none of us have the time to research these events or those before. If people can't play by written and unwritten rules regarding Tor contact info, family members, etc. and they 'could' be a danger to anonymity, why does Tor bother with them? If people are sincere about helping the Tor network, they will express that in their offers--otherwise, as in this situation, they should be removed until sufficient information is provided. Arisbe Forwarded Message Subject: [tor-relays] 2017-06-07 15:37: 65 new tor exits in 30 minutes Date: Wed, 07 Jun 2017 19:41:00 + From: nusenu <nusenu-li...@riseup.net> Reply-To: tor-relays@lists.torproject.org To: tor-relays@lists.torproject.org DocTor [1] made me look into this. _All_ 65 relays in the following table have the following characteristics: (not shown in the table to safe some space) - OS: Linux - run two instances per IP address (the number of relays is only odd because in one case they created 3 keys per IP) - ORPort: random - DirPort: disabled - Tor Version: 0.2.9.10 - ContactInfo: None - MyFamily: None - Joined the Tor network between 2017-06-07 15:37:32 and 2017-06-07 16:08:54 (UTC) - Exit Policy summary: {u'reject': [u'25', u'119', u'135-139', u'445', u'563', u'1214', u'4661-4666', u'6346-6429', u'6699', u'6881-6999']} - table is sorted by colmns 3,1,2 (in that order) - Group diversity: - 20 distinct autonomous systems - 18 distinct countries https://gist.githubusercontent.com/nusenu/81337aed747ea5c7dec57899b0e27e94/raw/c7e0c4538e4f424b4cc529f3c2b1cabf6a5df579/2017-06-07_tor_network_65_relays_group.txt Relay fingerprints are at the bottom of this file. This list of relays is NOT identical to the one from DocTor (even though the number is identical (65)): [1] https://lists.torproject.org/pipermail/tor-consensus-health/2017-June/007968.html https://twitter.com/nusenu_/status/872536564647198720 -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] exit relay consensus weight
Hello relay ops, I just made an interesting observation that I thought I would share. Yesterday I started a VPS exit relay at a well known hosting company in Moldova [0]. Within 24 hours I saw the consensus weight exceed 1. The relay is bandwidth limited to 10 MiB/s. Not that I'm complaining! So it begs the question: Is there not enough exit relays on the Tor network? Arisbe [0] B06F093A3D4DFAD3E923F4F28A74901BD4F74EB1 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor and CIA leak
Is there anything in the CIA documents that Wikileaks posted relating to hacking Tor? What about email providers like riseup.net? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] I have an Alleged family member
Thank you T. I forgot to out the # beginning the line. I'm stupid! On 2/28/2017 12:36 PM, teor wrote: On 1 Mar 2017, at 07:31, Arisbe <ari...@cni.net> wrote: If you look at [0] on atlas, the fingerprint is listed under Properties as it should be. But if you look down to Family Members, it lists the same fingerprint as Alleged Family members. Strange! I think you are looking at the wrong Atlas page. As Pascal said, on [1], I see: Family Members Effective family members: (none) Alleged family members: (none) Unless you specify the same family on 04C095E0DAB8C28BC433677C4AE8F65CB7D7083C, it will appear as an "Alleged family member" everywhere else. [1]: https://atlas.torproject.org/#details/04C095E0DAB8C28BC433677C4AE8F65CB7D7083C T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] I have an Alleged family member
If you look at [0] on atlas, the fingerprint is listed under Properties as it should be. But if you look down to Family Members, it lists the same fingerprint as Alleged Family members. Strange! Several months ago, as I was growing my Tor relay inventory, I picked up on someone's post here that I should just keep a file of fingerprints that I can paste into each node as my count grew. I found it to save time, so each of my nodes' torrc also contain their own fingerprint. Only [0] reacts this way. On 2/28/2017 10:26 AM, Pascal Terjan wrote: On 28 February 2017 at 17:32, Arisbe <ari...@cni.net> wrote: Hello all, I run a variety of Tor relays--most on VPS hosts. I recently added a small relay and updated my family members. Strangely, this last relay is tagged as an "alleged family member," even on itself [0]. It has been like this for over a month. I can't detect a typo. Any suggestions? What do you mean "even on itself"? https://atlas.torproject.org/#details/04C095E0DAB8C28BC433677C4AE8F65CB7D7083C doesn't list any family member, alleged or not Did you set MyFamily on it (and reload if you did so after starting it)? [0] 04C095E0DAB8C28BC433677C4AE8F65CB7D7083C ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] I have an Alleged family member
Hello all, I run a variety of Tor relays--most on VPS hosts. I recently added a small relay and updated my family members. Strangely, this last relay is tagged as an "alleged family member," even on itself [0]. It has been like this for over a month. I can't detect a typo. Any suggestions? [0] 04C095E0DAB8C28BC433677C4AE8F65CB7D7083C ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Uptime missing from Arm
Thanks for the effort to improve Arm (now Nyx). I've only tried NYX with the default config file but I don't see the file descriptors enabled. Did we lose this data? arisbe On 1/13/2017 11:43 AM, Damian Johnson wrote: Thx Damian for this ! Please you give some useful commands to install and use it ? I'll be happy to try your tool! Many thx :) % git clone https://git.torproject.org/stem.git % cd stem % sudo python setup.py install % cd .. % git clone https://git.torproject.org/nyx.git % cd nyx % sudo python setup.py install ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] DoS from my tor guard VPS
One of my tor guard relays is a medium size VPS operating in the Czech Republic. It's been up and stable for several years. Several weeks ago I was notified that my VPS was a source of UDP DoS traffic. It was shut down. Logs showed no intrusions. I installed a different instance of linux, changed my SSH port, added fail2ban and even installed clamav. I did not make changes to the tor exit policy. Then, this week I received the following: "Hello, surveillance system detected a disproportionate outgoing DoS traffic on your VPS torexitcz and then our network under a DDoS attack. Your server torexitcz has been stopped. This is another problem with your VPS. Your service will be terminated. Thanks for understanding." Can anyone offer an opinion as to how my relay was used for DoS? How can I avoid this in the future? My goal, as always is to provide stable nodes to the tor network while protecting myself and my VPS supplier. 4061C553CA88021B8302F0814365070AAE617270 185.100.85.101 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor bridge and obfs4proxy
Thank you Tim and Christian, A little type that didn't reveal itself. I'm going now. Thanks again, Arisbe On 9/4/2016 7:18 PM, teor wrote: On 5 Sep 2016, at 11:49, Arisbe <ari...@cni.net> wrote: I need someone's bridge experience. I had an HD crash and lost one of my Tor bridges. So, I'm rebuilding on a leased VPS. First I tried with Debian 8 and then with ubuntu 16.04 when Debian didn't work. With both operating systems I get a warning message when I start Tor. Tor is the latest version as is obfs4proxy: Sep 04 13:39:41.641 [warn] Strange ServerTransportPlugin type 'obfs4' Sep 04 13:39:41.641 [warn] Failed to parse/validate config: Invalid server transport line. See logs for details. There are no log entries. Apparently Tor starts without the proxy. I have configured torrc as follows: ServerTransportPlugin obfs3 obfs4 exec /usr/bin/obfs4proxy ExtORPort auto /usr/bin/ does contain the obfs4proxy file. Does anyone know my problem? Is there a 'tell-all' explanation of obfs4proxy? >From the tor manual page: ServerTransportPlugin transport exec path-to-binary [options] The Tor relay launches the pluggable transport proxy in path-to-binary using options as its command-line options, and expects to receive proxied client traffic from it. You're only allowed one space-separated transport name for "transport", you have two: "obfs3" and "obfs4". Tim Thanks, Arisbe ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor bridge and obfs4proxy
I need someone's bridge experience. I had an HD crash and lost one of my Tor bridges. So, I'm rebuilding on a leased VPS. First I tried with Debian 8 and then with ubuntu 16.04 when Debian didn't work. With both operating systems I get a warning message when I start Tor. Tor is the latest version as is obfs4proxy: Sep 04 13:39:41.641 [warn] Strange ServerTransportPlugin type 'obfs4' Sep 04 13:39:41.641 [warn] Failed to parse/validate config: Invalid server transport line. See logs for details. There are no log entries. Apparently Tor starts without the proxy. I have configured torrc as follows: ServerTransportPlugin obfs3 obfs4 exec /usr/bin/obfs4proxy ExtORPort auto /usr/bin/ does contain the obfs4proxy file. Does anyone know my problem? Is there a 'tell-all' explanation of obfs4proxy? Thanks, Arisbe ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] #torstrike
Okay, so I've been concerned about the safety of at-risk Tor users since all this shit broke. New employees at the organizational structure serving as the main accuser, an all new board with interrelationships and motivation unknown, grenades rolled under office doors and all of the rest leaves a bad taste in my mouth. I cannot, at this time, recommend to a third world citizen, that (s)he trust the Tor network. I hope that changes. The issue is whether or not someone new in the Tor organization will, accidentally or intentionally, put third world users at risk. I cannot trust an all-new board. Tor needs to be on their best behavior in order for me to re-establish trust in the organization. As a retired corporate manager I've seen these problems before. I have several suggestions that I feel are must-do tasks for the Tor Project: 1) Secure an independent investigator to look into the allegations against Jacob. Either demonstrate that he is not an honorable employee or reinstate him. No one should trust anonymous claims that can ruin his career. If Jacob is guilty, he should be prosecuted; 2) Board member should be open, accessible and available to employees and node operators. Their background and motivation for being a director of the Tor Project should be disseminated. There interrelationship with other board members should be known; 3) As one of the founders of Tor, Roger should openly discuss these and all issues in a public manner (on the web page, webinar, magazine article, etc.); 4) An organizational plan should be placed in the employment manual that puts significant distance between coding employees and directors; 5) Employees and directors should not operate nor have access to authority servers. I've operated a number of exits and guards for several years now (including, as far as I know, the only Tor node in Albania). [1] I will leave these operational for now but I expect changes in this unprofessionally operated 501c3. [1] A827646DD0F8B92A9963789529CEE3141FF74761 4061C553CA88021B8302F0814365070AAE617270 C80DF89B21FF932DEC0D7821F679B6C79E1449C3 9B31F1F1C1554F9FFB3455911F82E818EF7C7883 D3E5EDDBE5159388704D6785BE51930AAFACEC6F ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback
Many ISPs change IP addresses on a regular basis. This seems to be the center of your problem as the other issues can be worked out with a little effort. To our advantage, IPSs are regularly requested by users to assign a permanent IP address for game operators. Try calling your ISP and asking for an assigned IP and not a NAT or re-assignable address. Work the other issues out in a single evening. Good luck. On 2/25/2016 8:15 PM, torser...@datakanja.de wrote: Hello, i have been running a new relay for a short time period now and would like to bring to your attention the issues faced, that finally led me to refrain from keeping this up any longer: * Documentation was ok (on torproject.org) and the installation (using deb on ubuntu) was easy. * It took quite some time to understand the implications (opening ports in the router, hazarding security to my computers, as i was - to this date - relying on the routers firewall working) - This job of mine basically got delayed until later, when i would have learned, what is needed in that respect. * Next, i noticed a frequent (daily) behavior of the Tor server dropping traffic to around zero. Inspecting this, let me to understand, my provider was disconnecting me and reassigning a new IP on a daily basis, which took some time to propagate. Even worse: It did not propagate on its own, i needed to restart the tor service to reinitialise... * Asking in the online channel, i was guided to change my "Nickname" torrc config to match the dyndns entry corresponding to my server. * But this never made it to the directories, thus forcing me to manually restart Tor on a daily basis in order to force the changing IP address into them. * Finally, i was told, this behavior would be disruptive to the network, i therefore brought the service down for good, wasting the bandwith, i was willing to spend, for the near future. :-) * Ok, otherwise, i would have to pay additional fees to rent a server off-site with a permanent IP, but that would be giving more, than what was easily affordable, as my machine is running 24/7 and the connections open anyway. Thus Tor doesnt seem to be able to absorb the kind of bandwith, i was willing to share long time. This is leaving a sad taste on me, who is pretty much interested in privacy, anonymosity, which led me to avoid the mailing lists with a durable email-address. But just using a read-only one wouldnt allow me to post to the list. That is why i created this one temporarily, just to let you know about my experiences... NewTorKidOnTheBlock (this was the name of my Tor relay) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays