Re: [tor-relays] New operator

2019-12-03 Thread teor 
Hi,

> On 25 Nov 2019, at 00:02, David Strappazon  
> wrote:
> 
> I don't know..despite the fact that everthing looks fine to me, i lost the 
> fast and stable flag, sometime tor relay search says the bridge is down and 
> in 11 days nobody connected to my bridge (ecepted me).

That's normal, some bridges are kept in the reserve pool. And others
are assigned to pools that aren't used as much.

If you want more traffic, start another bridge on another port/IP?

T


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New operator

2019-11-24 Thread David Strappazon 
Hi,

Thank for your advices.

Device: Raspberry pi 3B+
OS: Linux kali-pi 4.19.66-Re4son-v7+
Bandwith (tested on the raspberry with speedtest-cli):
- Download: 308.94 Mbit/s
- Upload: 267.11 Mbit/s

torrc file:

RunAsDaemon 1
BridgeRelay 1

Log notice file /var/log/tor/notices.log
#Log debug file /var/log/tor/debug.log
#Log notice syslog
#Log debug stderr

# Replace "TODO1" with a Tor port of your choice.  This port must be externally
# reachable.  Avoid port 9001 because it's commonly associated with Tor and
# censors may be scanning the Internet for this port.
ORPort 4433

ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy

# Replace "TODO2" with an obfs4 port of your choice.  This port must be
# externally reachable and must be different from the one specified for ORPort.
# Avoid port 9001 because it's commonly associated with
# Tor and censors may be scanning the Internet for this port.
ServerTransportListenAddr obfs4 0.0.0.0:1234

# Local communication port between Tor and obfs4.  Always set this to "auto".
# "Ext" means "extended", not "external".  Don't try to set a specific port 
numb er, nor listen on 0.0.0.0.
ExtORPort auto

# Replace "" with your email address so we can contact you 
if  there are problems with your bridge.
# This is optional but encouraged.
ContactInfo ##

# Pick a nickname that you like for your bridge.  This is optional.
Nickname citizenfour

RelayBandwidthRate 3 MB
RelayBandwidthBurst 6 MB

ExitPolicy reject *:*

I don't have "PublishServerDescriptor" in my conf. Should i?

Tor logs (notices.log) look ok:

Nov 23 15:41:35.000 [notice] New control connection opened.
Nov 23 17:45:38.000 [notice] New control connection opened.
Nov 23 20:31:41.000 [notice] Heartbeat: Tor's uptime is 11 days 0:00 hours, 
with 5 circuits open. I've sent 134.74 MB and received 1.01 GB.
Nov 23 20:31:41.000 [notice] Heartbeat: In the last 6 hours, I have seen 1 
unique clients.
Nov 24 02:31:41.000 [notice] Heartbeat: Tor's uptime is 11 days 6:00 hours, 
with 0 circuits open. I've sent 136.02 MB and received 1.01 GB.
Nov 24 02:31:41.000 [notice] Heartbeat: In the last 6 hours, I have seen 0 
unique clients.
Nov 24 08:31:41.000 [notice] Heartbeat: Tor's uptime is 11 days 12:00 hours, 
with 0 circuits open. I've sent 137.11 MB and received 1.02 GB.
Nov 24 08:31:41.000 [notice] Heartbeat: In the last 6 hours, I have seen 0 
unique clients.
Nov 24 14:31:41.000 [notice] Heartbeat: Tor's uptime is 11 days 18:00 hours, 
with 14 circuits open. I've sent 138.59 MB and received 1.02 GB.
Nov 24 14:31:41.000 [notice] Heartbeat: In the last 6 hours, I have seen 0 
unique clients.

Bridge is listed as up on tor relay search:

https://metrics.torproject.org/rs.html#details/9D1CCBE7EEF99FCCA6F767838FA08B23DDFABB3A

Nyx says:

14:49:17 [NOTICE] New control connection opened. [1 duplicate hidden]
x 14:31:41 [NOTICE] Heartbeat: In the last 6 hours, I have seen 0 unique 
clients. [2
x   duplicates hidden]
x 14:31:41 [NOTICE] Heartbeat: Tor's uptime is 11 days 18:00 hours, with 14 
circuits
x   open. I've sent 138.59 MB and received 1.02 GB. [2 duplicates hidden]
xlq November 23, 2019 
qk
xx20:31:41 [NOTICE] Heartbeat: In the last 6 hours, I have seen 1 unique 
clients.  x
xx20:31:41 [NOTICE] Heartbeat: Tor's uptime is 11 days 0:00 hours, with 5 
circuits x
xx  open. I've sent 134.74 MB and received 1.01 GB. [3 duplicates hidden]

etc.

Sometime i see many circuits and "connectons" but right now everything is blank 
or at 0 (bandwith use).
i just shared the connexion from my smartphone to connect to tor with my laptop 
(that the only thing i can do right now). i'm connected to my bridge and can 
browse.
If i download a file ( 1GB) i can see some connections (10 outbound) in nyx and 
the bandwith use increases.

I don't know..despite the fact that everthing looks fine to me, i lost the fast 
and stable flag, sometime tor relay search says the bridge is down and in 11 
days nobody connected to my bridge (ecepted me).

Sent with [ProtonMail](https://protonmail.com) Secure Email.

‐‐‐ Original Message ‐‐‐
Le dimanche 24 novembre 2019 12:17,  a écrit :

>
> On Thursday, November 21, 2019 at 7:29 PM, Mario Costa 
>  wrote:
>
>>
>>
>>> Il giorno 21 nov 2019, alle ore 15:49, Matt Traudt  
>>> ha scritto:
>>>
>>> Thanks for running a bridge.
>>>
>>> Check Tor's logs to make sure it is actually running and doesn't report
>>> issues. Search its hashed fingerprint on
>>> https://metrics.torproject.org/rs.html and make sure it is listed as up.
>>> Verify you did *not* set 'PublishServerDescriptor 0'. Verify you can use
>>> your bridge from outside your home. I once had a residential ISP that
>>> blocked inbound port 80 but not 443.
>>
>> This actually made me realize that my home router would not properly forward 
>> ports 80 and 443 from outside. I could connect to my bridge from the LAN 
>> (even using my external

Re: [tor-relays] New operator

2019-11-24 Thread entensaison 

 
On Thursday, November 21, 2019 at 7:29 PM, Mario Costa 
 wrote:

 

 
Il giorno 21 nov 2019, alle ore 15:49, Matt Traudt 
 ha scritto:


Thanks for running a bridge.

Check Tor's logs to make sure it is actually running and doesn't 
report

issues. Search its hashed fingerprint on
https://metrics.torproject.org/rs.html and make sure it is listed as 
up.
Verify you did *not* set 'PublishServerDescriptor 0'. Verify you can 
use
your bridge from outside your home. I once had a residential ISP 
that

blocked inbound port 80 but not 443.
This actually made me realize that my home router would not properly 
forward ports 80 and 443 from outside. I could connect to my bridge 
from the LAN (even using my external IP) but not from outside. I had 
to change to a non-standard port, unfortunately, because apparently 
80 and 443 are used by the router’s web GUI even if I disabled 
external access to it. That’s a shame because I understand that ports 
80 and 443 are less likely to be blocked by censors.


However, it’s still not clear to me how I can confirm anyone is using 
the bridge.

In the nyx log you see messages like
'In the last X hours we have seen X unique clients' (I don't remember 
the exact wording)

Those are the clients that did use your bridge.
 
When I connect to it, all I see in nyx are OUTBOUND connections and 
not even one inbound connection (maybe that’s by design in order to 
protect connecting users' privacy, I don’t know).

You are probably right.
In the past you could see connecting users in nyx as inbound 
connections without visible IP-address. Now they are not displayed as 
inbound connections any more. The outbound connections that are needed 
for these users are still displayed.

 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New operator

2019-11-21 Thread Mario Costa 


> Il giorno 21 nov 2019, alle ore 15:49, Matt Traudt  ha 
> scritto:
> 
> Thanks for running a bridge.
> 
> Check Tor's logs to make sure it is actually running and doesn't report
> issues. Search its hashed fingerprint on
> https://metrics.torproject.org/rs.html and make sure it is listed as up.
> Verify you did *not* set 'PublishServerDescriptor 0'. Verify you can use
> your bridge from outside your home. I once had a residential ISP that
> blocked inbound port 80 but not 443.

This actually made me realize that my home router would not properly forward 
ports 80 and 443 from outside. I could connect to my bridge from the LAN (even 
using my external IP) but not from outside. I had to change to a non-standard 
port, unfortunately, because apparently 80 and 443 are used by the router’s web 
GUI even if I disabled external access to it. That’s a shame because I 
understand that ports 80 and 443 are less likely to be blocked by censors.

However, it’s still not clear to me how I can confirm anyone is using the 
bridge. When I connect to it, all I see in nyx are OUTBOUND connections and not 
even one inbound connection (maybe that’s by design in order to protect 
connecting users' privacy, I don’t know).



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New operator

2019-11-21 Thread Matt Traudt 
On 11/21/19 09:17, Mario Costa wrote:
> Hello everyone,
> 
> I have some newbie questions and I hope this is the right place to ask them.
> 
> I started operating a relay on my VPS for a bit more than a month and
> everything seems to be going well. I constantly have about 200 outbound
> and 2000 inbound connections, but in nyx I almost never see any
> circuits. What does it mean? Do I see circuits only when someone is
> actually using my relay, i.e. in Tor Browser?
> 

Thanks for supporting the network by running a relay. This is just a
guess. I don't have a relay handy to check for myself.

As a relay, Tor probably doesn't export circuit events when it isn't the
one creating the circuits. While the relay does know that someone is
building a circuit through it and could report this over its control
port to nyx, I don't think it does. If I'm wrong and it does report it,
perhaps nyx is simply not telling you about it because there would be a
*so many* circuits.

Regardless, this isn't indicative of a problem.

> To further support the project I decided to run a bridge at home using a
> Raspberry Pi. How do I know when it is being used? I rarely see any
> traffic. Sometimes I see one outbound connection in nyx and some
> circuits open, but I never see an inbound connection to port 80 (the
> obfs4 port I chose). Why does the bridge have open circuits more often
> than the relay?
> 
Thanks for running a bridge.

Check Tor's logs to make sure it is actually running and doesn't report
issues. Search its hashed fingerprint on
https://metrics.torproject.org/rs.html and make sure it is listed as up.
Verify you did *not* set 'PublishServerDescriptor 0'. Verify you can use
your bridge from outside your home. I once had a residential ISP that
blocked inbound port 80 but not 443.

The circuits you see may be the ones the bridge has made for its own
purposes (e.g. downloading new consensus documents). Your relay probably
had these too sometimes.

If you check and verify that your bridge is running and usable, then
you're simply not getting handed out to clients. This is to be expected
for 1/4 of bridges IIRC in order to save them for a big censorship
event. Even if you *are* getting handed out to clients, AIUI you
shouldn't expect much usage and you probably shouldn't expect constant
usage because there aren't many bridge users.

If Tor hasn't documented the above prominently on its bridge setup
guide, they should. "Why isn't my bridge getting used?" is a FAQ. As
outlined above, there's a lot of possible reasons, and one of them is
"even though you didn't do anything wrong, this is by design."

Matt
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New operator

2019-11-21 Thread Mario Costa 
Hello everyone,

I have some newbie questions and I hope this is the right place to ask them.

I started operating a relay on my VPS for a bit more than a month and 
everything seems to be going well. I constantly have about 200 outbound and 
2000 inbound connections, but in nyx I almost never see any circuits. What does 
it mean? Do I see circuits only when someone is actually using my relay, i.e. 
in Tor Browser?

To further support the project I decided to run a bridge at home using a 
Raspberry Pi. How do I know when it is being used? I rarely see any traffic. 
Sometimes I see one outbound connection in nyx and some circuits open, but I 
never see an inbound connection to port 80 (the obfs4 port I chose). Why does 
the bridge have open circuits more often than the relay?

I couldn’t find any answers online, so I hope to clear things out here.

Regards,

m.
_
GPG fingerprint: 6C3B 0069 30C4 0F16 E5F6 690E 7D2E 100E C3C4 7105 



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays