Re: [tor-relays] Help! TOR Relat dead after upgrading Ubuntu to 18.04

[arisbe]

I've had a similar situation in the past and my problem was that tor was 
actually running but not functional.  Try pidof tor to see if it's 
running with another user.  If yes, you can kill it and restart.


Arisbe


On 9/19/2018 10:56 AM, Felix wrote:

Hi Ben

Am 19.09.2018 um 13:56 schrieb Ben Riley:

So I type 'tor' and get
Sep 19 21:34:24.819 [notice] Tor 0.3.4.8 (git-5da0e95e4871a0a1) running on
Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0g, Zlib 1.2.11, Liblzma
5.2.2, and Libzstd 1.3.3.
Sep 19 21:34:24.819 [notice] Tor can't help you if you use it wrong! Learn
how to be safe at https://www.torproject.org/download/download#warning
Sep 19 21:34:24.819 [notice] Read configuration file "/etc/tor/torrc".
Sep 19 21:34:24.823 [notice] Based on detected system memory,
MaxMemInQueues is set to 2862 MB. You can override this by setting
MaxMemInQueues by hand.
Sep 19 21:34:24.824 [notice] Scheduler type KIST has been enabled.
Sep 19 21:34:24.824 [notice] Opening Socks listener on 127.0.0.1:9050

First listener to port 9050 for localhost


Sep 19 21:34:24.824 [notice] Opening Control listener on 127.0.0.1:9051
Sep 19 21:34:24.824 [notice] Opening OR listener on 0.0.0.0:9001
Sep 19 21:34:24.824 [notice] Opening Directory listener on 0.0.0.0:9050

Second listener to port 9050 for all ips


Sep 19 21:34:24.824 [warn] Could not bind to 0.0.0.0:9050: Address already
in use. Is Tor already running?--

Your torrc wants tor to expect both socks AND directory requests at port
9050. Only one can.

Check the torrc file and move the Dirport to 9030. Restart tor and check
the log again if it works better. Somewhere should be the entry
"Self-testing indicates your DirPort is reachable from the outside.
Excellent." Same for Orport. If you dont't need socks you can change it
to .

I hope I got you right. Good luck!

[] https://www.torproject.org/docs/tor-manual.html.en



--
One person's moral compass is another person's face in the dirt.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Possible problem with NYX

[arisbe]

Thanks for this added info--it helps.


On 9/4/2018 9:36 AM, Damian Johnson wrote:

Hi arisbe. This isn't as concerning as you seem to think. As Nathaniel
mentions it's simple to get this information, Nyx is simply attempting
to scrub it cuz... well, it's ethically and legally the right thing to
do. Nyx's 'should this be scrubbed' check is pretty simple [1].
Inbound addresses are scrubbed if...

1. You're configured to accept user traffic (ie. you set BridgeRelay
in your torrc or have receive the Guard flag). [2]
2. The connection doesn't belong to a another tor relay. [3]

Does the relay show relay information such as a fingerprint? If so
then it shouldn't be scrubbed. If it doesn't and you've set
BridgeRelay in your torrc then please let us know on...

https://trac.torproject.org/projects/tor/wiki/doc/nyx/bugs

Thanks! -Damian (author of nyx and stem)

[1] https://gitweb.torproject.org/nyx.git/tree/nyx/panel/connection.py#n230
[2] https://gitweb.torproject.org/stem.git/tree/stem/control.py
[3] In particular, we check if the address/port is in the consensus.


On Mon, Sep 3, 2018 at 1:13 PM, arisbe  wrote:

Hello ops,

Today I noticed something on NYX that I find disturbing.  Page 2 (list of
inbound/outbound connections) showed me the IP address of an inbound
connection on one of my bridges!  Not the authority. This is crazy as these
are indicated as :port for the users protection!  I have never
seen this before and haven't seen it since.  Of course, on low usage
bridges, the connection IP address can possibly be disseminated from netstat
but that's not the point.  It's my sense that this should never happen.  I
get chills imagining this happening on a guard relay operated by an
antagonist ! !

I'm using the default NYX configuration on Ubuntu server 18.04.1 LTS, Tor
0.3.3.9.

Arisbe

--
One person's moral compass is another person's face in the dirt.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


--
One person's moral compass is another person's face in the dirt.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] SSH login attempts

[arisbe]

Hello Marcus,

On an ongoing basis, most of my relays get up to 4000 attempts each 
day.  It's standard practice I guess!  Many, many are from just a few IP 
addresses.  The rest are just a few per IP address. Occasionally, I will 
go beyond the fail2ban "ban" and block an IP address in iptables  via 
ufw.  I then unblock that IP address in a week or two.  I set fail2ban 
for long blocks maybe up to 12 hours (43000-seconds).


So, harden your operating system as best you can.  SSH works but disable 
the password entry, X11, etc. if possible.  This is always safe if your 
provider has a dashboard for you to use as a secondary access to the 
server.  I change my SSH port number but that only slows the 
professionals my minutes or seconds.  Remember to change the fail2ban 
SSH port number if you do that.  Your host provider should have DDoS 
protection for his/her entire plant.


And don't sweat it!  Learn from the experiences.


On 9/4/2018 5:35 AM, Marcus Wahle wrote:

Dear all,

Since 14:00 my logs (middle node) are spamed with around 100 faild ssh login 
attemps from different ips.
Is there anybody else affected?

Best regards
Marcus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


--
One person's moral compass is another person's face in the dirt.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Multi node management programs/platforms?

[arisbe]

  
  
For me, 8.


On 9/3/2018 8:42 PM, I wrote:


  
  
   How many relays do you do that to?
  
  


  
  
  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



-- 
One person's moral compass is another person's face in the dirt.
  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Possible problem with NYX

[arisbe]

Hello ops,

Today I noticed something on NYX that I find disturbing.  Page 2 (list 
of inbound/outbound connections) showed me the IP address of an inbound 
connection on one of my bridges!  Not the authority. This is crazy as 
these are indicated as :port for the users protection!  I have 
never seen this before and haven't seen it since.  Of course, on low 
usage bridges, the connection IP address can possibly be disseminated 
from netstat but that's not the point.  It's my sense that this should 
never happen.  I get chills imagining this happening on a guard relay 
operated by an antagonist ! !


I'm using the default NYX configuration on Ubuntu server 18.04.1 LTS, 
Tor 0.3.3.9.


Arisbe

--
One person's moral compass is another person's face in the dirt.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

[arisbe]

  
  
Children should be seen and not herd.  The opposite goes for Tor
relays.
Arisbe

On 8/30/2018 2:11 PM, Nathaniel Suchy
  wrote:


  
  So this exit node is censored by Turkey. That means
any site blocked in Turkey is blocked on the exit. What about an
exit node in China or Syria or Iraq? They censor, should exits
there be allowed? I don't think they should. Make them relay
only, (and yes that means no Guard or HSDir flags too) situation
A could happen. The odds might not be in your favor. Don't risk
that!


Cordially,
Nathaniel Suchy
  
  
  
On Thu, Aug 30, 2018 at 3:25 PM grarpamp <grarp...@gmail.com>
  wrote:

This
  particular case receiving mentions for at least a few
  months...
  D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov
  185.125.33.114
  
  The relay won't [likely] be badexited because neither it nor
  its upstream is
  shown to be doing anything malicious. Simple censorship isn't
  enough.
  And except for such limited censorship, the nodes are
  otherwise fully
  useful, and provide a valuable presence inside such regions /
  networks.
  
  Users, in such censoring regimes, that have sucessfully
  connected
  to tor, already have free choice of whatever exits they wish,
  therefore
  such censorship is moot for them.
  
  For everyone else, and them, workarounds exist such as,,,
  https://onion.torproject.org/
  http://yz7lpwfhhzcdyc5y.onion/
  search engines, sigs, vpns, mirrors, etc
  
  Further, whatever gets added to static exitpolicy's might move
  out
  from underneath them or the censor, the censor may quit, or
  the exit
  may fail to maintain the exitpolicy's. None of which are true
  representation
  of the net, and are effectively censorship as result of
  operator action
  even though unintentional / delayed.
  
  Currently many regimes do limited censorship like this,
  so you'd lose all those exits too for no good reason, see...
  https://ooni.torproject.org/
  https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country
  
  And arbitrarily hamper spirits, tactics, and success of
  volunteer
  resistance communities and operators in, and fighting, such
  regimes
  around the world.
  
  And if the net goes chaotic, majority of exits will have
  limited visibility,
  for which exitpolicy / badexit are hardly manageable solutions
  either,
  and would end up footshooting out many partly useful yet
  needed
  exits as well.
  
  
  If this situation bothers users, they can use... SIGNAL
  NEWNYM,
  New Identity, or ExcludeExitNodes.
  
  They can also create, maintain and publish lists of whatever
  such
  classes of nodes they wish to determine, including various
  levels
  of trust, contactability, verification, ouija, etc... such
  that others
  can subscribe to them and Exclude at will.
  They can further publish patches to make tor automatically
  read such lists, including some modes that might narrowly
  exclude
  and route stream requests around just those lists of censored
  destination:exit pairings.
  
  Ref also...
  https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit
  https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit
  
  
  In the subect situations, you'd want to show that it is in
  fact
  the exit itself, not its upstream, that is doing the
  censorship.
  
  Or that if fault can't be determined to the upstream or exit,
  what
  would be the plausible malicious benefit for an exit /
  upstream
  to block a given destination such that a badexit is
  warranted...
  
  a) Frustrate and divert off 0.001% of Turk users smart enough
  to
  use tor, chancing through tor client random exit selection of
  your
  blocking exit, off to one of the workarounds that you're
  equally
  unlikely to control and have ranked, through your exit vs one
  of the others tor has open?
  
  b) Prop up weird or otherwise secretly bad nodes on the net,
  like the hundreds of other ones out there, for which no
  badexit
  or diverse subscription servic

Re: [tor-relays] Shutdown by ISP / Hoster? [was Albania]

[arisbe]

That's good advice--I appreciate you messaging that.  Is unfortunate 
that I'm in Seattle USA and Albania Hosting is not.


Keep up the positive thoughts!


On 8/15/2018 6:31 PM, grarpamp wrote:

When these ISP's give their shutdowns and excuses,
regardless of size of ISP, you could in turn...

- Offer to work there, they probably need the help,
and you get something from the experience.
- Start your own, customers probably need the services,
and would be willing to pay.

Why vote with only your own customer dollars,
when you can add your brain and voice into the
production.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Albania Hosting suspended my two relays

[arisbe]

Greetings Tor Users,

I wanted to pass along the death of two of my relays, one was a fallback 
directory and one exit, both on VPS hardware operated by Albania Hosting 
sh. a.  I successfully operated the guard/middle node for three years 
without an abuse report. [0]  Based on that success, I asked and was 
granted permission to operate an exit relay.  [1]  That relay went six 
months before the first abuse report.  I responded to the first report 
promptly reviewing logs, checking for intrusion, etc.  The second abuse 
report got me suspended.  Both abuse reports were of the automated 
type.  I did not see the second report until after suspension and by 
requesting it be forwarded.  In the second instance there was reported 
one ftpd attack attempt over a period of 3600 seconds.  Apparently, no 
further attempts were made.


I was the first Tor relay in Albania and the first Tor exit relay as 
well so I'm very sad that this will end.  I think the issue with Albania 
Hosting was not so much the automated abuse reports but the 
inconvenience dealing with me.  To quote a recent Hosting email: 
"Actually we will not fight with such abuses, it is really not worth any 
penny."


So, RIP...

[0] TorNodeAlbania  D3E5EDDBE5159388704D6785BE51930AAFACEC6F

[1] TorExitAlbania  516D1B9E22484202322828D8CAC30325030017E2

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Nyx 2.0.4-4 on armhf - Python3 error

[arisbe]

So, where do we find distutils?  It doesn't load with apt-get install or 
pip install on either ubuntu or debian.  What dicroty is it in?



On 7/27/2018 11:50 AM, Damian Johnson wrote:

Hi Paul. Distutils should be a python builtin. Per chance did you
compile python yourself? If so then that can sometimes exclude modules
we expect to be there (like compression libs).


On Fri, Jul 27, 2018 at 8:57 AM, Paul  wrote:

I try to run Nyx on  Linux 4.9.80-Re4son-v7+ #1 SMP Thu Apr 26 17:45:16 CDT 
2018 armv7l getting following after start:


Traceback (most recent call last):
   File "/usr/bin/nyx", line 11, in 
 load_entry_point('nyx==2.0.4', 'console_scripts', 'nyx')()
   File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 476, 
in load_entry_point
 return get_distribution(dist).load_entry_point(group, name)
   File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2700, 
in load_entry_point
 return ep.load()
   File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2318, 
in load
 return self.resolve()
   File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2324, 
in resolve
 module = __import__(self.module_name, fromlist=['__name__'], level=0)
   File "/usr/lib/python3/dist-packages/nyx/__init__.py", line 46, in 
 import distutils.spawn
ModuleNotFoundError: No module named 'distutils.spawn'


Could somebody show me a way to solve this and get Nyx running?

Thanks  Paul



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Something strange noticed on tor metrics

[arisbe]

  
  
Upgrading the Tor distros took two of my bridges down.  They were
  operational and tor --version reported the upgrade but NYX showed
  I was not current.  Metrics deleted my bridges until I got them
  working properly.  It took several restarts to make things happy.
Strangely, several bridges had no problems.


On 7/27/2018 4:40 PM, Keifer Bly wrote:


  
  
  
  
 
Hello,
 
So today I w as checking my relay on tor
  metrics https://metrics.torproject.org/networksize.html
 
I noticed something strange, according to
  the graph, the number of bridges seems to have suddenly
  completely dropped to zero (the bridges line just after
  “2018-07”) and now slowly climbing back up. I am wondering did
  something happen that knocked all of the bridges offline? It
  seemed strange so I just thought I would report.
 
Thank you.
  
  
  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Bridge relays should upgrade to use the new bridge authority

[arisbe]

  
  
The other issue is why these two bridges don't show up on Tor
  Metrics.
Hamlet and Othello


On 7/23/2018 1:02 AM, nusenu wrote:


  

arisbe:

  


On 7/22/2018 11:59 PM, nusenu wrote:


  
arisbe:

  
Two of my bridges (not all) show the same response:

hamlet@v3460:~$ tor --version
Tor version 0.3.3.9 (git-ca1a436fa8e53a32).
hamlet@v3460:~$

Thanks for looking at this discrepancy.

  
  is NYX showing the same version?


 nyx shows the old Tor that was upgraded Tor 0.3.1.9


  if not: did you restart tor after upgrading?



 When I saw the version discrepancy and also noticed no metrics data, I 
restarted Tor and then went further and rebooted linux. Everything stayed the same.
 I see users on both bridges and also see Bifroest communicating with both.


  
  
if nyx still says you run 0.3.1.9 and NOT 0.3.3.9 - even after a restart than you might
want to look into your tor installations and PATHs


  
  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Bridge relays should upgrade to use the new bridge authority

[arisbe]

  
  



On 7/22/2018 11:59 PM, nusenu wrote:


  

arisbe:

  
Two of my bridges (not all) show the same response:

hamlet@v3460:~$ tor --version
Tor version 0.3.3.9 (git-ca1a436fa8e53a32).
hamlet@v3460:~$

Thanks for looking at this discrepancy.

  
  
is NYX showing the same version?


    nyx shows the old Tor that was upgraded Tor 0.3.1.9  

  if not: did you restart tor after upgrading?

  

    When I saw the version discrepancy and also noticed no metrics
data, I restarted Tor and then went further and rebooted linux. 
Everything stayed the same.
    I see users on both bridges and also see Bifroest communicating
with both.


  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Bridge relays should upgrade to use the new bridge authority

[arisbe]

  
  
Two of my bridges (not all) show the same response:
hamlet@v3460:~$ tor --version
Tor version 0.3.3.9 (git-ca1a436fa8e53a32).
hamlet@v3460:~$

Thanks for looking at this discrepancy.


On 7/22/2018 12:36 AM, nusenu wrote:


  
When I check with tor --version, I get a reply that is the current software

  
  

please paste the output of that command


  
  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Bridge relays should upgrade to use the new bridge authority

[arisbe]

Hello tor-relay folks,

I'm confused--not a new thing but likely that this group can help this 
time.  After Roger's email below, I updated my Tor bridges to current.  
Strangely, NYX reports that they are the "un-recommended" release.  When 
I check with tor --version, I get a reply that is the current software.  
Additionally, my bridges don't display when I enter their hashed 
footprint into Tor Metrix.  They always have before.


What goes on?

Arisbe


On 7/14/2018 1:33 PM, Roger Dingledine wrote:

Hi folks!

If you run a bridge relay, please upgrade -- so your bridge address can
resume being given out to censored users, and so your stats can resume
being included in the metrics pages.

We just put out new releases (0.2.9.16, 0.3.2.11, 0.3.3.9, 0.3.4.5-rc)
that retire the old bridge authority and start using a new one. The new
bridge authority is "Serge", and it is operated by George from the Tor
BSD Diversity project:
https://lists.torproject.org/pipermail/tor-announce/2018-July/000162.html

If for whatever reason you can't upgrade yet, you can also manually
switch to advertising your bridge descriptor to the new bridge authority
by using this torrc line:

AlternateBridgeAuthority Serge orport=9001 bridge 66.111.2.131:9030 BA44 A889 
E64B 93FA A2B1 14E0 2C2A 279A 8555 C533

Thanks!
--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] IPv6 and bridges

[arisbe]

Hello to you all,

Question:  Is there a point to adding IPv6 addresses to the ORPorts of 
my bridges?  Will they then operate somewhat in the fashion of guards 
without published metrics?


Any info would be helpful.

Arisbe

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Problem implementing IPv6 and NYX info

[arisbe]

Thank you Roman for quick reply.  I had typo on ORPort address that but 
just in this email.  My ISP at home and work does not pass Ipv6 so I am 
not able to ping/trace.  I think I don't have the resources to work this 
problem to satisfactory conclusion so I'm still looking for suggestions.
Your advice regarding working out the IPv6 problem before integrating 
Tor was wise.  That is the direction I will take.



On 7/1/2018 11:34 AM, Roman Mamedov wrote:

Hello,

In /etc/network/interfaces you set your IP to


      address 2a06:1700:0:1b::

which is equivalent of 2a06:1700:0:1b:0:0:0:0, or also 2a06:1700:0:1b::0.

But then in torrc you use:


      ORPort [2a06:1700:0:1b::1]:9001

 From your configs, this is your upstream gateway IP, not IP of your actual
machine. So this configuration is incorrect.

Also generally it is adviced against using the all-zeroes IP (which you
chose), it has some special properties and some software may not support it
properly.

Assuming the entire /64 is assigned to you by the host and the gateway
is ..::1 in it, it's a fine idea to use ..::2, or just whatever IP other than
the ..::0.

Finally though, neither your gateway nor your machine at its present IP seem to
be reachable from the Internet at the moment. Verify that IPv6 works properly
with ping/trace/curl/wget before trying to use it with more complex apps such
as Tor.



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Problem implementing IPv6 and NYX info

[arisbe]

This year I've modified most of my exit relays to function as IPv6 
in/out.  The process was easy with the exception of two [0], [1].  I 
requested and received an IPv6 address, netmask and gateway from these 
ISPs.  I then modified my /etc/network/interfaces file as follows 
leaving the IPv4 lines in tack:


iface eth0 IPv6 static

    address 2a06:1700:0:1b::

    netmask 64

    gateway 2a06:1700:0:1b::1

ip addr shows the IPv6 address as global.  I added a single line to 
torrc following the IPv4 line:


    ORPort 9001

    ORPort [2a06:1700:0:1b::1]:9001

After a restart, both relays ramped up to a volume of connections where 
I was comfortable that the changes were good.  Visiting them 12 hours 
later I find connections in the few hundred and no flags.  About half of 
the connections were from non-Tor servers. The Tor daemon was running 
and had a PID.  Logs showed the relay operational and nothing peculiar.  
Tor metrics shows the relay as down.  I've commented out the IPv6 ORPort 
line to get both of these exits going again.  The procedure I outlined 
has worked four other times for me.  So what gives?  Can anyone steer me 
toward the problem?


And, finally, a quick question:  Does NYX display incoming and outgoing 
IPv6 relay information?  I assume ARM does not.


Arisbe

[0]  [4061C553CA88021B8302F0814365070AAE617270]

[1]  [9B31F1F1C1554F9FFB3455911F82E818EF7C7883]


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] A general question for relay operators

[arisbe]

Hello George and all,

When I was learning to implement Tor I had difficulty wading through the 
web pages for information.  Some pages were obsolete, some poorly 
maintained (think Tor flow or good/bad hosting companies).  The Tor 
manual is just a huge list of Tor terminology with no aids to help find 
things.  The Tor project site has no site map.  I still occasionally 
have the same problems when I try to find something.  I found this very 
discouraging as I tried to grow my first Tor node without a live person 
to help me.  I can imagine how daunting this would be to someone also 
trying to learn linux.


Hey, thanks so much for asking.  I appreciate your interest.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new Tor exit

[Arisbe]

Hello Jordan,

Thanks so much for the reminder.  I think I am caught up as far as 
family fingerprints in torrc.  But I'll check them all.




On 3/14/2018 11:23 PM, Jordan wrote:

Hi Arisbe,

Thanks for running relays! If you're running multiple relays (as 
you've suggested) it's important to run then under the same family, 
see https://www.torproject.org/docs/faq.html.en#MultipleRelays.


In regards to new relay usage, see 
https://blog.torproject.org/lifecycle-new-relay



On 03/14/2018 11:03 PM, Arisbe wrote:

Hello all,

I rolled out a new Tor exit [0] this morning West Coast U.S. time.  
It's special to me because I've negotiated the trust of a host 
company in Albania.  I was the first Tor relay in that country and 
now I'm the first exit relay there.  This trust took me a year to 
establish.  I run a number of relays-both exit and non-exit.  I run a 
dozen bridges for  people that need the ISP connectivity.  I host 
classes in Southwest Washington State to teach ordinary people how to 
be safe while they're on the internet.  I teach high-school pupils 
how to set up and operate Tor relays.


Here is my problem:  The aforementioned relay has been on for nearly 
24-hours and not a single user has frequented my doorsteps.  I have 
had seven of the nine authorities parked in this node for most of the 
time but no inbound connections (except for those referenced and two 
hackers)  and no outbound or exit connections.  There is nothing 
technically wrong with the installation so what gives.  I this an 
issue of administrative paperwork?  While I am very supportive of 
Tor, I am not with unlimited patience.  I have a job, wife and kids 
and money pit house to maintain.


Thanks for giving me a bit of advice to make this guy blossom. If I 
don't understand, I apologize to all.


Arisbe

[0]  516D1B9E22484202322828D8CAC30325030017E2

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new Tor exit

[Arisbe]

I appreciate the reminder.  I think we are okay.

Arisbe


On 3/14/2018 11:23 PM, Jordan wrote:

Hi Arisbe,

Thanks for running relays! If you're running multiple relays (as 
you've suggested) it's important to run then under the same family, 
see https://www.torproject.org/docs/faq.html.en#MultipleRelays.


In regards to new relay usage, see 
https://blog.torproject.org/lifecycle-new-relay



On 03/14/2018 11:03 PM, Arisbe wrote:

Hello all,

I rolled out a new Tor exit [0] this morning West Coast U.S. time.  
It's special to me because I've negotiated the trust of a host 
company in Albania.  I was the first Tor relay in that country and 
now I'm the first exit relay there.  This trust took me a year to 
establish.  I run a number of relays-both exit and non-exit.  I run a 
dozen bridges for  people that need the ISP connectivity.  I host 
classes in Southwest Washington State to teach ordinary people how to 
be safe while they're on the internet.  I teach high-school pupils 
how to set up and operate Tor relays.


Here is my problem:  The aforementioned relay has been on for nearly 
24-hours and not a single user has frequented my doorsteps.  I have 
had seven of the nine authorities parked in this node for most of the 
time but no inbound connections (except for those referenced and two 
hackers)  and no outbound or exit connections.  There is nothing 
technically wrong with the installation so what gives.  I this an 
issue of administrative paperwork?  While I am very supportive of 
Tor, I am not with unlimited patience.  I have a job, wife and kids 
and money pit house to maintain.


Thanks for giving me a bit of advice to make this guy blossom. If I 
don't understand, I apologize to all.


Arisbe

[0]  516D1B9E22484202322828D8CAC30325030017E2

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new Tor exit

[Arisbe]

Holy Cow!  The new Toe exit I just crabbed about just took off. My 
apologies everyone! (23:39 PDT)


Arisbe

On 3/14/2018 11:03 PM, Arisbe wrote:

Hello all,

I rolled out a new Tor exit [0] this morning West Coast U.S. time.  
It's special to me because I've negotiated the trust of a host company 
in Albania.  I was the first Tor relay in that country and now I'm the 
first exit relay there.  This trust took me a year to establish.  I 
run a number of relays-both exit and non-exit.  I run a dozen bridges 
for  people that need the ISP connectivity.  I host classes in 
Southwest Washington State to teach ordinary people how to be safe 
while they're on the internet.  I teach high-school pupils how to set 
up and operate Tor relays.


Here is my problem:  The aforementioned relay has been on for nearly 
24-hours and not a single user has frequented my doorsteps.  I have 
had seven of the nine authorities parked in this node for most of the 
time but no inbound connections (except for those referenced and two 
hackers)  and no outbound or exit connections.  There is nothing 
technically wrong with the installation so what gives.  I this an 
issue of administrative paperwork?  While I am very supportive of Tor, 
I am not with unlimited patience.  I have a job, wife and kids and 
money pit house to maintain.


Thanks for giving me a bit of advice to make this guy blossom. If I 
don't understand, I apologize to all.


Arisbe

[0]  516D1B9E22484202322828D8CAC30325030017E2

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] new Tor exit

[Arisbe]

Hello all,

I rolled out a new Tor exit [0] this morning West Coast U.S. time.  It's 
special to me because I've negotiated the trust of a host company in 
Albania.  I was the first Tor relay in that country and now I'm the 
first exit relay there.  This trust took me a year to establish.  I run 
a number of relays-both exit and non-exit.  I run a dozen bridges for  
people that need the ISP connectivity.  I host classes in Southwest 
Washington State to teach ordinary people how to be safe while they're 
on the internet.  I teach high-school pupils how to set up and operate 
Tor relays.


Here is my problem:  The aforementioned relay has been on for nearly 
24-hours and not a single user has frequented my doorsteps.  I have had 
seven of the nine authorities parked in this node for most of the time 
but no inbound connections (except for those referenced and two 
hackers)  and no outbound or exit connections.  There is nothing 
technically wrong with the installation so what gives.  I this an issue 
of administrative paperwork?  While I am very supportive of Tor, I am 
not with unlimited patience.  I have a job, wife and kids and money pit 
house to maintain.


Thanks for giving me a bit of advice to make this guy blossom. If I 
don't understand, I apologize to all.


Arisbe

[0]  516D1B9E22484202322828D8CAC30325030017E2

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Cloud question

[Arisbe]

  
  
Thank you for the information.  It's very helpful.


On 3/10/2018 5:41 AM, Gary wrote:


  
Hello,



  On 10 March 2018 at 04:48, Arisbe <ari...@cni.net>
wrote:

  Simple question:  Do Tor middle relays and bridges work on
  cloud systems?



I use AWS, I and it is fine, they also have a fat
  internet connection :-). Amazon have EC2 and Lightsail.
  EC2 is more for hosting many servers/VM's, Lightsail is
  basically the same thing but a bit easier to use. AWS have
  a years free trial, but I think its limited to 30GB data
  transfer a month.


I have never received any abuse emails relating to tor,
  and looking through Atlas/Relay Search there appears to be
  others using AWS as well.


One thing to watch out for Data Usage, make sure you
  set accountingmax in torrc. They get many SSH login
  attempts - On EC2 take the time to set up Security Groups
  correctly and on Lightsail you can simply disable access
  to port 22, re enabling it only when you want to connect.


I have tried the other big cloud providers. Microsoft
  Azure plays better with Linux then you might expect but is
  far from perfect. Google Cloud is just far too complicated
  for running one or two VM's, but all three have free trial
  periods. Make the most of these to find a service you
  like, remembering to set accountingmax in torrc to avoid
  getting a fat data bill at the end of the month.


There are also other providers, of course they vary
  from very tor friendly to not at all and from cheap
  expensive.


Hope this helps. 






  

  
  
  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Cloud question

[Arisbe]

Gentlemen / Ladies,

Simple question:  Do Tor middle relays and bridges work on cloud systems?

Thanks for the intelligence.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] bridge behavior question

[Arisbe]

Hello all,

I have run a number of Tor nodes for five years but I started adding a 
few bridges last year.  I have one bridge recently installed on a lease 
VPS that has not reported a single inbound connection in over 40 days 
(except for Bifroest hanging out).  I see up to 4 outbound connections 
and usually see between 4 and 14 circuits.


The IP tables are correct and torrc is copied from successful bridges 
except for IP address.  The Tor version is 0.2.9.14 and the OS is debian 
9.0 (stretch).  I'm running obfs4proxy.  I set ORPort 9001 and ORPort 
[IPv6]:9001.


Tor | Metrics reports Advertised Bandwidth = 8.0 KiB/s for this bridge.  
Tor | Metrics reports Advertised Bandwidth for another working bridge I 
have with the same hosting company at 598.7 KiB/s.  I suspect this 
variation is due to lack of connections by the unused bridge.  I loaded 
a speed checker and it reported 72-Mb/s.


Can anyone give me some steerage to help me get this bridge productive?



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] bridge questions

[Arisbe]

Hello Tor users,

I have several quick question:  Can bridges use an IPv6 ORPort? Is there 
any advantage to adding this to my bridges?  Has anyone actually seen 
IPv6 connections on a bridge?


Thanks for the feedback...

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Increased cpu usage

[Arisbe]

  
  


I'm getting increased cpu usage also.  On some VPSs I've had to
  reduce bandwidth a little.



On 1/17/2018 2:50 AM, Florentin Rochet
  wrote:


  
  Hello,
  I upgraded 4 exits yesterday and apart from one of them
suffering a DDoS, I don't observe any large CPU increase.
  Maybe your upgrade coincides with the recent overload of create
cells? https://trac.torproject.org/projects/tor/ticket/24716 
  Worth to keep an eye on it, anyway.
  
  Best,
  Florentin
  On 2018-01-17 11:30, r1610091651
wrote:
  
  

Hi
  
  
  AFter upgrade from 3.1.9 to 3.2.9, I've noticed that the
cpu usage doubled for same throughput / conditions. Is
anyone else seeing that too?
  
  
  Regards




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

  
  
  
  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] nyx no connections shown

[Arisbe]

  
  
I installed nyx on several on my smaller non-exit/guard relays. 
  I'm hopeful this will replace the problems I have with arm but I'm
  finding a number of issues:
1)  nyx is way slow to start up.  Sometimes taking 20 seconds to
  come visible.  The contacts page (page 2) does come up eventually
  but sometimes takes 10 minutes;
2)  the inbound and outbound connections on page two are listed
  by IP only and not sorted by inbound/outbound;
3)  IP addresses do not have country identification but rather
  all just have (??); 

4)  nyx rejects some of the options in nyxrc.  Specifically, I
  had to # out tor_chroot, color_override and logged_events.  I had
  to specifically enter options for connection_order as nyx did not
  recognize the default value.  nyx did not recognize the values for
  logged_ events or config_order when typed in;
5)  There is no man page for nyx.  

Thanks so much for your effort on this project.  I'm sorry to be
  the bearer of a bad feedback.  Don't kill the messenger!


On 1/15/2018 11:55 AM, Uli wrote:


  
  Hi Steffen
  
  do you tried any other monitoring tool?
the onion box or something else, maybe.
perhaps this will give us a hint, if nyx or tor is buggy ...
  
  greetings
  Uli
  
  Am 15.01.2018 um 20:40 schrieb
TorGate:
  
  

Hi again, the same issue again.
after couple of times, no connections shown on
  page 2 in nyx.
connection is via ssh.



  (FreeBSD 11.1-RELEASE)     
  Tor 0.3.1.9 (recommended)
  
  
  hm no ideas ? :-)
  
  
  regards Steffen
  

  Am 14.01.2018 um 21:01 schrieb TorGate :
  
  

is
  working again :-)
  

  Am 14.01.2018 um 16:39 schrieb
TorGate :
  
  

I have also
  restartet tor but isnt working.
  There are no connections shown.
  
  
  system is freebsd and py2.7
  
  
  Ideas ???

  
Am 14.01.2018 um 12:26
  schrieb TorGate :


  
  Hi, i have 2 new relais
running and have also installed nyx.
When i go to the page
  2 in nyx is there no connection.
But my network show me
  over 4000 tor connections .


What is the issue with
  nyx on my torservers ?

  
TorGate
torgate(at)linux-hus.dk



  
  

  
___
  tor-relays mailing list
  tor-relays@lists.torproject.org
  https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

  



  TorGate
  torgate(at)linux-hus.dk
  
  
  


  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
  

  
  
  

[tor-relays] Fwd: Re: Become a Fallback Directory Mirror

[Arisbe]

  
  
Both of my relays listed below have the Dirport enabled on port
  9030.  


  
   Forwarded Message 
  

  
Subject:

Re: [tor-relays] Become a Fallback Directory Mirror
  
  
Date: 
Wed, 20 Dec 2017 17:49:49 -0800
  
  
From: 
Arisbe <ari...@cni.net>
  
  
To: 
teor <teor2...@gmail.com>
  

  
  
  
  
  Hello Tim,
  You have two of my relays as fallback directories already.  I
have two others located in Moldova that meet your requirements. 
They are at a very understanding host and relays are not in
danger of cancellation.  Please check:
  [178.17.174.14], hashed fingerprint: 
B06F093A3D4DFAD3E923F4F28A74901BD4F74EB1
  [178.17.170.156],  hashed fingerprint: 
41C59606AFE1D1AA6EC6EF6719690B856F0B6587
  My personal thanks for your efforts on behalf of the Tor
project.  
  
  Happy holidays,
  Larry Brandt
  
  
  On 12/20/2017 3:50 PM, teor wrote:
  
  
Dear Relay Operators,

Do you want your relay to be a Tor fallback directory mirror?
Will it have the same address and port for the next 2 years?
Just reply to this email with your relay's fingerprint.

If your relay is on the current list, you don't need to do anything.

If you're asking:

Q: What's a fallback directory mirror?

Fallback directory mirrors help Tor clients connect to the network.
For more details, see [1].

Q: Is my relay on the current list?

Search [2] and [3] for your relay fingerprint or IP address and port.
[2] is the current list of fallbacks in Tor.
[3] is used to create the next list of fallbacks.

Q: What do I need to do if my relay is on the list?

Keep the same IP address, keys, and ports.
Email tor-relays if the relay's details change.

Q: Can my relay be on the list next time?

We need fast relays that will be on the same IP address and port for 2
years. Reply to this email to get on the list, or to update the details
of your relay.

Once or twice a year, we run a script to choose about 150-200 relays
from the potential list [3] for the list in Tor [2].

Q: Why didn't my relay get on the list last time?

We check a relay's uptime, flags, and speed [4]. Sometimes, a relay might
be down when we check. That's ok, we will check it again next time.

It's good to have some new relays on the list every release. That helps
tor clients, because blocking a changing list is harder.

Q: What about the current relay DDoS?

We don't think the DDoS will have much impact on the fallback list.

If your relay is affected, please:
* make sure it has enough available file descriptors, and
* set MaxMemInQueues to the amount of RAM you have available per tor
  instance (or maybe a few hundred MB less).

We're also working on some code changes. See [5] for more details.

[1]: https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors
[2]: https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc
[3]: https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist
[4]: https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_2017-05-16-0815-09cd78886.log
[5]: https://lists.torproject.org/pipermail/tor-relays/2017-December/013881.html

--
Tim / teor

PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n






___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

  
  

  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] warning messages

[Arisbe]

Hello All,

In recent weeks I have noticed some warning messages on several of my 
VPS relays [1], [2].


"20:48:48.000 [warn] Tried to establish rendezvous on non-ORcircuit with 
purpose Acting as rendevous (pending)"


I get these in modest numbers as (97 hidden).  Is this a characteristic of the 
guard relay abuse issue?

Thanks for some advice.

[1]  9B31F1F1C1554F9FFB3455911F82E818EF7C7883
[2]  B06F093A3D4DFAD3E923F4F28A74901BD4F74EB1

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor Metrics issue

[Arisbe]

I looked up my relays and bridges on Atlas using their nickname, IP 
address or fingerprint.  I bookmarked these look-ups so that I could 
easily access the Atlas data for my nodes going forward.


I took the same tack with Tor|Metrics:  I navigated 
Home>>Services>>Relay Search>>(node ID)


This route works for my relays and I am able to, once again, bookmark 
each for convenience.  However, this does not work for my bridges.  They 
give me an error message.  I'm wondering if there is another route to 
them or if the data for bridges is simply missing.


Thanks for the help with this,

Arisbe


On 11/24/2017 11:31 PM, teor wrote:

On 25 Nov 2017, at 17:36, Arisbe <ari...@cni.net> wrote:

In the immediate past I monitored both my relays and my bridges through atlas.  
So, now with Tor Metrics, I don't see my bridges. Am I doing something wrong or 
are they not in the data base?

How do you search for your relays and bridges?

T
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor Metrics issue

[Arisbe]

  
  
On 25 Nov 2017, at 17:36, Arisbe <ari...@cni.net> wrote:

In the immediate past I monitored both my relays and my bridges through atlas.  So, now with Tor Metrics, I don't see my bridges. Am I doing something wrong or are they not in the data base?

How do you search for your relays and bridges?

T

On 11/24/2017 11:31 PM, teor wrote:

  

  
On 25 Nov 2017, at 17:36, Arisbe <ari...@cni.net> wrote:

In the immediate past I monitored both my relays and my bridges through atlas.  So, now with Tor Metrics, I don't see my bridges. Am I doing something wrong or are they not in the data base?

  
  
How do you search for your relays and bridges?

T
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Atlas is now Relay Search!

[Arisbe]

Hello All,

I use to review my bridges as well as my relays on Atlas.  Now I don't 
find my bridges on nyx.  Is this something I'm doing wrong?



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor-arm failure

[Arisbe]

Hello people,

I'm not a python programmer so I need some help with a problem. I have a 
number of Tor nodes and some bridges.  Occasionally, when I install 
tor_arm I get a divide by zero message as follows:


Exception in thread Thread-69: Traceback (most recent call last):

File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner 
selt.run()


File "/usr/share/arm/util/sysTools.py", line 517, in 
runnewValues["cpuAvg"] = total CpuTime / uptime


ZeroDivisionError: integer division or modulo by zero

Exception in thread Thread-70 ..

I'm running debian jessie in this most recent example.  2 G memory, 20 G 
hdd.  This is a bridge with only some daily use but typically 10-12 
circuits.


Does someone have experience debugging this problem?

Thanks!


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] 100K circuit request per minute for hours killed my relay

[Arisbe]

I was under the impression that HidServDirectoryV2 was an obsolete 
config option.  I run 0.2.9.11



On 7/21/2017 3:42 AM, Scott Bennett wrote:

Vort  wrote:


Your message prompted me to check logs, and on one relay I see the following:

Similar thing for me:

Jul 19 00:08:27.000 [notice] Circuit handshake stats since last time: 3571/3571 
TAP, 41180/41180 NTor.
Jul 19 06:08:27.000 [notice] Circuit handshake stats since last time: 2054/2054 
TAP, 29181/29181 NTor.
Jul 19 12:08:28.000 [notice] Circuit handshake stats since last time: 2773/2773 
TAP, 26497/26497 NTor.
Jul 19 18:08:28.000 [notice] Circuit handshake stats since last time: 3970/3970 
TAP, 31344/31344 NTor.
Jul 20 00:08:28.000 [notice] Circuit handshake stats since last time: 4096/4096 
TAP, 41730/41730 NTor.
Jul 20 06:08:28.000 [notice] Circuit handshake stats since last time: 
18285/18285 TAP, 54102/54102 NTor.
Jul 20 12:08:28.000 [notice] Circuit handshake stats since last time: 
61136/61386 TAP, 378196/378339 NTor.
Jul 20 18:08:29.000 [notice] Circuit handshake stats since last time: 
73297/73688 TAP, 566708/566892 NTor.
Jul 21 00:08:29.000 [notice] Circuit handshake stats since last time: 
67165/67830 TAP, 572685/572851 NTor.
Jul 21 06:08:29.000 [notice] Circuit handshake stats since last time: 
31988/32138 TAP, 521455/521536 NTor.
Jul 21 12:08:29.000 [notice] Circuit handshake stats since last time: 5523/5523 
TAP, 222378/222432 NTor.

Also there are too much "[warn] assign_to_cpuworker failed. Ignoring." lines in 
the logs.


  This sort of thing has been going on for many years.  I used to refer
to it as "mobbing".  As nearly as I was ever able to determine, the behavior
is an unintended consequence of hidden services.  I found that I could greatly
reduce the frequency of occurrence, but *not* to zero, by setting

HidServDirectoryV2 0

in my torrc file.  My tentative conclusion was that the majority of these
events are cases in which a relay has been selected as an HSDir to which
a hidden service descriptor has been posted for a very popular hidden service,
so by refusing to be a hidden service directory mirror, those cases can be
eliminated.  I never had a very satisfying hypothesis to explain the remaining
minority of cases.


   Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at sdf.org   *xor*   bennett at freeshell.org  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor CPU usage

[Arisbe]

  
  
Sorry, I didn't read on
No CPU masking in place.  Then too, its hard to tell if this is 2
  CPUs or hyperthreading.  

As you suggest, I will try commenting out CPUsNum 2.  

Sorry about two emails.
Larry B


On 6/29/2017 6:11 PM, teor wrote:


  

  
On 30 Jun 2017, at 04:52, Arisbe <ari...@cni.net> wrote:

I have a small Tor exit relay (VPS) running at +90% CPU capacity.

  
  
What version of Tor?
Has this only happened recently?
Did you upgrade your Tor version?
Are you running a caching DNS server?


  
 Memory usage is negligible.  I am unable to launch ARM as the single CPU cannot process both Tor and arm.  Traffic is mostly high for a small node.

I have CPUsNum set at 2 in my torrc from its original setup.

  
  
Have you tried removing this from your torrc?


  
However, pidstat 5 -p  shows that only 1 CPU is employed.  lscpu shows that the VPS is allotted 2 cpus.

  
  
2 cores, or hyperthreading on the same core?
Do you have any CPU masking options set?

Tor uses threads, rather than using multiple processes.


  
CPU speed is around 2.44 M.

I'm hoping someone has some experience with this issue and can give me advice.

  
  
This is what I'd expect for a relay.
Cryptography is expensive.

T
--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org



  
  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor CPU usage

[Arisbe]

  
  
Thank you Tim for your response.  I am running Tor 0.2.9.11 on
  ubuntu linux.  I have not implemented a caching DNS at this point
  and may not do so.  I'm not sure how this problem progressed but I
  notices that arm was slower and more difficult to call up in
  recent weeks.  This is not an old exit.  It's been running about
  10 weeks.  A recent back down of bandwidth did little to resolve
  the problem.
I get the sense that Tor will not use the second CPU since I
  tried to reset the server recently.  nothing else on the VPS uses
  more that 0.8% of CPU.
Unlikely that it will help but the fingerprint of this relay is 

B06F093A3D4DFAD3E923F4F28A74901BD4F74EB1
Torexitmoldova.

Thanks so much for your interest.
Larry


On 6/29/2017 6:11 PM, teor wrote:


  

  
On 30 Jun 2017, at 04:52, Arisbe <ari...@cni.net> wrote:

I have a small Tor exit relay (VPS) running at +90% CPU capacity.

  
  
What version of Tor?
Has this only happened recently?
Did you upgrade your Tor version?
Are you running a caching DNS server?


  
 Memory usage is negligible.  I am unable to launch ARM as the single CPU cannot process both Tor and arm.  Traffic is mostly high for a small node.

I have CPUsNum set at 2 in my torrc from its original setup.

  
  
Have you tried removing this from your torrc?


  
However, pidstat 5 -p  shows that only 1 CPU is employed.  lscpu shows that the VPS is allotted 2 cpus.

  
  
2 cores, or hyperthreading on the same core?
Do you have any CPU masking options set?

Tor uses threads, rather than using multiple processes.


  
CPU speed is around 2.44 M.

I'm hoping someone has some experience with this issue and can give me advice.

  
  
This is what I'd expect for a relay.
Cryptography is expensive.

T
--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org



  
  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor CPU usage

[Arisbe]

I have a small Tor exit relay (VPS) running at +90% CPU capacity.  
Memory usage is negligible.  I am unable to launch ARM as the single CPU 
cannot process both Tor and arm.  Traffic is mostly high for a small node.


I have CPUsNum set at 2 in my torrc from its original setup. However, 
pidstat 5 -p  shows that only 1 CPU is employed.  lscpu shows that 
the VPS is allotted 2 cpus.  CPU speed is around 2.44 M.


I'm hoping someone has some experience with this issue and can give me 
advice.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Fwd: 2017-06-07 15:37: 65 new tor exits in 30 minutes

[Arisbe]

  
  
To All, 

Seems like none of us have the time to research these events or
  those before.  If people can't play by written and unwritten rules
  regarding Tor contact info, family members, etc. and they 'could'
  be a danger to anonymity, why does Tor bother with them?  If
  people are sincere about helping the Tor network, they will
  express that in their offers--otherwise, as in this situation,
  they should be removed until sufficient information is provided.
Arisbe


  
   Forwarded Message 
  

  
Subject:

[tor-relays] 2017-06-07 15:37: 65 new tor exits in 30
  minutes
  
  
Date: 
Wed, 07 Jun 2017 19:41:00 +
  
  
From: 
nusenu <nusenu-li...@riseup.net>
  
  
Reply-To:

tor-relays@lists.torproject.org
  
  
To: 
tor-relays@lists.torproject.org
  

  
  
  
  DocTor [1] made me look into this.



_All_ 65 relays in the following table have the following characteristics:
(not shown in the table to safe some space)

- OS: Linux
- run two instances per IP address (the number of relays is only odd
because in one case they created 3 keys per IP)
- ORPort: random
- DirPort: disabled
- Tor Version: 0.2.9.10
- ContactInfo: None
- MyFamily: None
- Joined the Tor network between 2017-06-07 15:37:32 and 2017-06-07
16:08:54 (UTC)
- Exit Policy summary: {u'reject': [u'25', u'119', u'135-139', u'445',
u'563', u'1214', u'4661-4666', u'6346-6429', u'6699', u'6881-6999']}
- table is sorted by colmns 3,1,2 (in that order)


- Group diversity:
 - 20 distinct autonomous systems
 - 18 distinct countries

https://gist.githubusercontent.com/nusenu/81337aed747ea5c7dec57899b0e27e94/raw/c7e0c4538e4f424b4cc529f3c2b1cabf6a5df579/2017-06-07_tor_network_65_relays_group.txt



Relay fingerprints are at the bottom of this file.

This list of relays is NOT identical to the one from DocTor (even though
the number is identical (65)):
[1]
https://lists.torproject.org/pipermail/tor-consensus-health/2017-June/007968.html

https://twitter.com/nusenu_/status/872536564647198720


-- 
https://mastodon.social/@nusenu
https://twitter.com/nusenu_




  



signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] exit relay consensus weight

[Arisbe]

Hello relay ops,

I just made an interesting observation that I thought I would share.  
Yesterday I started a VPS exit relay at a well known hosting company in 
Moldova [0]. Within 24 hours I saw the consensus weight exceed 1.  
The relay is bandwidth limited to 10 MiB/s.  Not that I'm complaining!


So it begs the question:  Is there not enough exit relays on the Tor 
network?


Arisbe


[0]  B06F093A3D4DFAD3E923F4F28A74901BD4F74EB1

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor and CIA leak

[Arisbe]

Is there anything in the CIA documents that Wikileaks posted relating to 
hacking Tor?

What about email providers like riseup.net?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] I have an Alleged family member

[Arisbe]

  
  
Thank you T.  I forgot to out the # beginning the line.  I'm
  stupid!


On 2/28/2017 12:36 PM, teor wrote:


  

  
On 1 Mar 2017, at 07:31, Arisbe <ari...@cni.net> wrote:

If you look at [0] on atlas, the fingerprint is listed under Properties as it should be.  But if you look down to Family Members, it lists the same fingerprint as Alleged Family members. Strange!

  
  
I think you are looking at the wrong Atlas page.

As Pascal said, on [1], I see:

Family Members
Effective family members:
(none)
Alleged family members:
(none)

Unless you specify the same family on
04C095E0DAB8C28BC433677C4AE8F65CB7D7083C, it will appear as an "Alleged
family member" everywhere else.

[1]: https://atlas.torproject.org/#details/04C095E0DAB8C28BC433677C4AE8F65CB7D7083C

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org





  
  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] I have an Alleged family member

[Arisbe]

If you look at [0] on atlas, the fingerprint is listed under Properties 
as it should be.  But if you look down to Family Members, it lists the 
same fingerprint as Alleged Family members. Strange!


Several months ago, as I was growing my Tor relay inventory, I picked up 
on someone's post here  that I should just keep a file of fingerprints 
that I can paste into each node as my count grew. I found it to save 
time, so each of my nodes' torrc also contain their own fingerprint.  
Only [0] reacts this way.




On 2/28/2017 10:26 AM, Pascal Terjan wrote:

On 28 February 2017 at 17:32, Arisbe <ari...@cni.net> wrote:

Hello all,
I run a variety of Tor relays--most on VPS hosts.  I recently added a small
relay and updated my family members.  Strangely, this last relay is tagged
as an "alleged family member," even on itself [0]. It has been like this for
over a month.  I can't detect a typo.
Any suggestions?


What do you mean "even on itself"?

https://atlas.torproject.org/#details/04C095E0DAB8C28BC433677C4AE8F65CB7D7083C
doesn't list any family member, alleged or not

Did you set MyFamily on it (and reload if you did so after starting it)?


[0]  04C095E0DAB8C28BC433677C4AE8F65CB7D7083C
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] I have an Alleged family member

[Arisbe]

Hello all,
I run a variety of Tor relays--most on VPS hosts.  I recently added a 
small relay and updated my family members.  Strangely, this last relay 
is tagged as an "alleged family member," even on itself [0]. It has been 
like this for over a month.  I can't detect a typo.

Any suggestions?

[0]  04C095E0DAB8C28BC433677C4AE8F65CB7D7083C
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Uptime missing from Arm

[Arisbe]

Thanks for the effort to improve Arm (now Nyx).  I've only tried NYX 
with the default config file but I don't see the file descriptors 
enabled.  Did we lose this data?


arisbe


On 1/13/2017 11:43 AM, Damian Johnson wrote:

Thx Damian for this !
Please you give some useful commands to install and use it ?

I'll be happy to try your tool!
Many thx :)

% git clone https://git.torproject.org/stem.git
% cd stem
% sudo python setup.py install
% cd ..

% git clone https://git.torproject.org/nyx.git
% cd nyx
% sudo python setup.py install
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] DoS from my tor guard VPS

[Arisbe]

One of my tor guard relays is a medium size VPS operating in the Czech 
Republic.  It's been up and stable for several years.  Several weeks ago 
I was notified that my VPS was a source of UDP DoS traffic.  It was shut 
down.  Logs showed no intrusions.


I installed a different instance of linux, changed my SSH port, added 
fail2ban and even installed clamav.  I did not make changes to the tor 
exit policy.  Then, this week I received the following:


"Hello,
surveillance system detected a disproportionate outgoing DoS traffic on 
your VPS torexitcz and then our network under a DDoS attack. Your server 
torexitcz has been stopped. This is another problem with your VPS. Your 
service will be terminated.

Thanks for understanding."

Can anyone offer an opinion as to how my relay was used for DoS? How can 
I avoid this in the future?  My goal, as always is to provide stable 
nodes to the tor network while protecting myself and my VPS supplier.


4061C553CA88021B8302F0814365070AAE617270
185.100.85.101


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor bridge and obfs4proxy

[Arisbe]

  
  
Thank you Tim and Christian,
A little type that didn't reveal itself.  I'm going now.
Thanks again, Arisbe


On 9/4/2016 7:18 PM, teor wrote:


  

  
On 5 Sep 2016, at 11:49, Arisbe <ari...@cni.net> wrote:

I need someone's bridge experience.  I had an HD crash and lost one of my Tor bridges.  So, I'm rebuilding on a leased VPS.  First I tried with Debian 8 and then with ubuntu 16.04 when Debian didn't work.  With both operating systems I get a warning message when I start Tor.  Tor is the latest version as is obfs4proxy:

Sep 04 13:39:41.641 [warn] Strange ServerTransportPlugin type 'obfs4'
Sep 04 13:39:41.641 [warn] Failed to parse/validate config: Invalid server transport line. See logs for details.

There are no log entries.  Apparently Tor starts without the proxy.  I have configured torrc as follows:

ServerTransportPlugin obfs3 obfs4 exec /usr/bin/obfs4proxy

ExtORPort auto

/usr/bin/ does contain the obfs4proxy file.

Does anyone know my problem?  Is there a 'tell-all' explanation of obfs4proxy?

  
  
>From the tor manual page:

ServerTransportPlugin transport exec path-to-binary [options]
   The Tor relay launches the pluggable transport proxy in
   path-to-binary using options as its command-line options, and
   expects to receive proxied client traffic from it.

You're only allowed one space-separated transport name for "transport", you have two: "obfs3" and "obfs4".

Tim


  

Thanks, Arisbe


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

  
  
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org







  
  
  
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tor bridge and obfs4proxy

[Arisbe]

I need someone's bridge experience.  I had an HD crash and lost one of 
my Tor bridges.  So, I'm rebuilding on a leased VPS.  First I tried with 
Debian 8 and then with ubuntu 16.04 when Debian didn't work.  With both 
operating systems I get a warning message when I start Tor.  Tor is the 
latest version as is obfs4proxy:


Sep 04 13:39:41.641 [warn] Strange ServerTransportPlugin type 'obfs4'
Sep 04 13:39:41.641 [warn] Failed to parse/validate config: Invalid 
server transport line. See logs for details.


There are no log entries.  Apparently Tor starts without the proxy.  I 
have configured torrc as follows:


ServerTransportPlugin obfs3 obfs4 exec /usr/bin/obfs4proxy

ExtORPort auto

/usr/bin/ does contain the obfs4proxy file.

Does anyone know my problem?  Is there a 'tell-all' explanation of 
obfs4proxy?


Thanks, Arisbe


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] #torstrike

[Arisbe]

  
  
Okay, so I've been concerned about the safety of at-risk Tor users
since all this shit broke.  New employees at the organizational
structure serving as the main accuser, an all new board with
interrelationships and motivation unknown, grenades rolled under
office doors and all of the rest leaves a bad taste in my mouth.  I
cannot, at this time, recommend to a third world citizen, that (s)he
trust the Tor network.  I hope that changes.

The issue is whether or not someone new in the Tor organization
will, accidentally or intentionally, put third world users at risk. 
I cannot trust an all-new board.  Tor needs to be on their best
behavior in order for me to re-establish trust in the organization. 


As a retired corporate manager I've seen these problems before.  I
have several suggestions that I feel are must-do tasks for the Tor
Project:
1)  Secure an independent investigator to look into the allegations
against Jacob.  Either demonstrate that he is not an honorable
employee or reinstate him.  No one should trust anonymous claims
that can ruin his career.  If Jacob is guilty, he should be
prosecuted;
2)  Board member should be open, accessible and available to
employees and node operators.  Their background and motivation for
being a director of the Tor Project should be disseminated.  There
interrelationship with other board members should be known;
3)  As one of the founders of Tor, Roger should openly discuss these
and all issues in a public manner (on the web page, webinar,
magazine article, etc.);
4)  An organizational plan should be placed in the employment manual
that puts significant distance between coding employees and
directors;
5)  Employees and directors should not operate nor have access to
authority servers.

I've operated a number of exits and guards for several years now
(including, as far as I know, the only Tor node in Albania). [1]  I
will leave these operational for now but I expect changes in this
unprofessionally operated 501c3.

[1]

   

  A827646DD0F8B92A9963789529CEE3141FF74761
  


  4061C553CA88021B8302F0814365070AAE617270
  


  C80DF89B21FF932DEC0D7821F679B6C79E1449C3
  


  9B31F1F1C1554F9FFB3455911F82E818EF7C7883
  


  D3E5EDDBE5159388704D6785BE51930AAFACEC6F
  

  

  

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback

[Arisbe]

Many ISPs change IP addresses on a regular basis.  This seems to be the 
center of your problem as the other issues can be worked out with a 
little effort.  To our advantage, IPSs are regularly requested by users 
to assign a permanent IP address for game operators.  Try calling your 
ISP and asking for an assigned IP and not a NAT or re-assignable 
address.  Work the other issues out in a single evening.


Good luck.


On 2/25/2016 8:15 PM, torser...@datakanja.de wrote:

Hello,

i have been running a new relay for a short time period now and would
like to bring to your attention the issues faced, that finally led me to
refrain from keeping this up any longer:

   * Documentation was ok (on torproject.org) and the installation (using
 deb on ubuntu) was easy.
   * It took quite some time to understand the implications (opening
 ports in the router, hazarding security to my computers, as i was -
 to this date - relying on the routers firewall working) - This job
 of mine basically got delayed until later, when i would have
 learned, what is needed in that respect.
   * Next, i noticed a frequent (daily) behavior of the Tor server
 dropping traffic to around zero. Inspecting this, let me to
 understand, my provider was disconnecting me and reassigning a new
 IP on a daily basis, which took some time to propagate. Even worse:
 It did not propagate on its own, i needed to restart the tor service
 to reinitialise...
   * Asking in the online channel, i was guided to change my "Nickname"
 torrc config to match the dyndns entry corresponding to my server.
   * But this never made it to the directories, thus forcing me to
 manually restart Tor on a daily basis in order to force the changing
 IP address into them.
   * Finally, i was told, this behavior would be disruptive to the
 network, i therefore brought the service down for good, wasting the
 bandwith, i was willing to spend, for the near future. :-)
   * Ok, otherwise, i would have to pay additional fees to rent a server
 off-site with a permanent IP, but that would be giving more, than
 what was easily affordable, as my machine is running 24/7 and the
 connections open anyway. Thus Tor doesnt seem to be able to absorb
 the kind of bandwith, i was willing to share long time.

This is leaving a sad taste on me, who is pretty much interested in
privacy, anonymosity, which led me to avoid the mailing lists with a
durable email-address. But just using a read-only one wouldnt allow me
to post to the list. That is why i created this one temporarily, just to
let you know about my experiences...

NewTorKidOnTheBlock
(this was the name of my Tor relay)


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays