Re: [tor-relays] New relay questions

[trinity pointard]

Hi,

First thanks for operating a new relay and welcome 

> The logs report success and the Relay Search shows my relay (Nickname: 
> code9nRelay) running but the advertised bandwidth is 0 B/s.
> It’s been running for 13 hours or so and I see a new relay that has been 
> running for 1 hour has an advertised bandwidth of 12MiB/s.

Your relay being brand new, it has not yet been measured : the network
(and your relay itself) has no idea how much bandwidth it's able to
handle. During the
following days, it will get little to no attention from most clients
until it gets better known. For more information on the lifecycle of
new relays, I recommend
reading https://blog.torproject.org/lifecycle-of-a-new-relay/ .
As for the relay you looked at, maybe it restarted recently, but it's
likely to be known for some time, and there are good estimations of
its available bandwidth.

> I had my email address as my first contact then my GPG fingerprint as a 
> second contact but the fingerprint is displayed not the email.  Now I have it 
> all on one line with the email address first.

There can be only one contact info for a relay. So yeah, you should
indeed put everything in a single line.

> Which brings me to my main question; when I run systemctl restart tor@default 
> shouldn’t the new settings in the torrc file be used from that point on?  
> Because they don’t seem to be.
>  I have run it after making the changes above and the old settings are still 
> shown on the Relay Search page.  Ie  0KB/s and my GPG fingerprint showing as 
> my email address.
>  If this restart doesn’t reset the torrc then what does?  Or is it just a 
> matter of waiting for the new info to be taken up?

metrics.torproject.org doesn't get informations in real time. First
your changes in configuration needs to make it into the consensus,
which is an hourly process, and then data has to flow a bit
around. It's not abnormal for metrics.tpo to only get updated an hour
or two after you made your changes (fwiw, it currently shows both your
email and GPG fingerprint).

Regards,

trinity-1686a


On Thu, 15 Dec 2022 at 13:03, code9n via tor-relays
 wrote:
>
>
> Hi Relay Operators,
>
>   I am trying to run a non exit relay for the first time and have some 
> questions:
>
>  FYI, I have 2 virtual CPU s and 1.256 GB RAM with ‘unlimited’ bandwidth on a 
> rented VPS running Debian 11.
>
>   The logs report success and the Relay Search shows my relay (Nickname: 
> code9nRelay) running but the advertised bandwidth is 0 B/s.
>   It’s been running for 13 hours or so and I see a new relay that has been 
> running for 1 hour has an advertised bandwidth of 12MiB/s.
>
>   I did set the bandwidth to 100KB/s, then 200KB/s  but now it’s just set to 
> run the defaults.  Ie  Nothing is set.
>
>   I had my email address as my first contact then my GPG fingerprint as a 
> second contact but the fingerprint is displayed not the email.  Now I have it 
> all on one line with the email address first.
>
> Which brings me to my main question; when I run systemctl restart tor@default 
> shouldn’t the new settings in the torrc file be used from that point on?  
> Because they don’t seem to be.
>   I have run it after making the changes above and the old settings are still 
> shown on the Relay Search page.  Ie  0KB/s and my GPG fingerprint showing as 
> my email address.
>   If this restart doesn’t reset the torrc then what does?  Or is it just a 
> matter of waiting for the new info to be taken up?
>
>   Any one have any thoughts or advice, please?
>
>  Pete
>
>
>   Here are the recent logs:
>
> Dec 14 20:05:31.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 10 
> circuits open. I've sent 188.82 MB and received 168.28 MB. I've received 
> 14629 connections on IPv4 and 1847 on IPv6. I've made 171 connections with 
> IPv4 and 8 with IPv6.
> Dec 14 20:05:31.000 [notice] While not bootstrapping, fetched this many 
> bytes: 3951317 (server descriptor fetch); 944 (server descriptor upload); 
> 358850 (consensus network-status fetch); 49621 (microdescriptor fetch)
> Dec 14 20:05:31.000 [notice] Average packaged cell fullness: 95.570%. TLS 
> write overhead: 16%
> Dec 14 20:05:31.000 [notice] Circuit handshake stats since last time: 0/0 
> TAP, 37259/37259 NTor.
> Dec 14 20:05:31.000 [notice] Since startup we initiated 0 and received 0 v1 
> connections; initiated 0 and received 0 v2 connections; initiated 0 and 
> received 0 v3 connections; initiated 0 and received 0 v4 connections; 
> initiated 60 and received 16368 v5 connections.
> Dec 14 20:05:31.000 [notice] Heartbeat: DoS mitigation since startup: 0 
> circuits killed with too many cells, 0 circuits rejected, 0 marked addresses, 
> 0 marked addresses for max queue, 0 same address concurrent connections 
> rejected, 0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 
> rejected.
> Dec 15 02:05:31.000 [notice] Heartbeat: Tor's uptime is 12:00 hours, with 3 
> circuits open. I've sent 375.23 MB 

Re: [tor-relays] New relay questions

[Richie]

Hi, Pete,

won't have too much answers (and maybe the bandwith settings from your 
torrc-file would help). Did you set RelayBandwithRate or "only" 
BandwithRate?


Reloading torrc-settings is better made via
pkill -sighup tor
since it does not restart the service (disconnecting everyone in the 
process) but just loads the new config.


Email/GPG Settings should have no effect on anything.

Greetz
Richie

Am 15.12.22 um 10:56 schrieb code9n via tor-relays:


Hi Relay Operators,

   I am trying to run a non exit relay for the first time and have some 
questions:


  FYI, I have 2 virtual CPU s and 1.256 GB RAM with ‘unlimited’ 
bandwidth on a rented VPS running Debian 11.


   The logs report success and the Relay Search shows my relay 
(Nickname: code9nRelay) running but the advertised bandwidth is 0 B/s.
   It’s been running for 13 hours or so and I see a new relay that has 
been running for 1 hour has an advertised bandwidth of 12MiB/s.


   I did set the bandwidth to 100KB/s, then 200KB/s  but now it’s just 
set to run the defaults.  Ie  Nothing is set.


   I had my email address as my first contact then my GPG fingerprint as 
a second contact but the fingerprint is displayed not the email.  Now I 
have it all on one line with the email address first.


Which brings me to my main question; when I run *systemctl restart 
tor@default* shouldn’t the new settings in the torrc file be used from 
that point on?  Because they don’t seem to be.
   I have run it after making the changes above and the old settings are 
still shown on the Relay Search page.  Ie  0KB/s and my GPG fingerprint 
showing as my email address.
   If this restart doesn’t reset the torrc then what does?  Or is it 
just a matter of waiting for the new info to be taken up?


       Any one have any thoughts or advice, please?

      Pete


   Here are the recent logs:

Dec 14 20:05:31.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 
10 circuits open. I've sent 188.82 MB and received 168.28 MB. I've 
received 14629 connections on IPv4 and 1847 on IPv6. I've made 171 
connections with IPv4 and 8 with IPv6.
Dec 14 20:05:31.000 [notice] While not bootstrapping, fetched this many 
bytes: 3951317 (server descriptor fetch); 944 (server descriptor 
upload); 358850 (consensus network-status fetch); 49621 (microdescriptor 
fetch)
Dec 14 20:05:31.000 [notice] Average packaged cell fullness: 95.570%. 
TLS write overhead: 16%
Dec 14 20:05:31.000 [notice] Circuit handshake stats since last time: 
0/0 TAP, 37259/37259 NTor.
Dec 14 20:05:31.000 [notice] Since startup we initiated 0 and received 0 
v1 connections; initiated 0 and received 0 v2 connections; initiated 0 
and received 0 v3 connections; initiated 0 and received 0 v4 
connections; initiated 60 and received 16368 v5 connections.
Dec 14 20:05:31.000 [notice] Heartbeat: DoS mitigation since startup: 0 
circuits killed with too many cells, 0 circuits rejected, 0 marked 
addresses, 0 marked addresses for max queue, 0 same address concurrent 
connections rejected, 0 connections rejected, 0 single hop clients 
refused, 0 INTRODUCE2 rejected.
Dec 15 02:05:31.000 [notice] Heartbeat: Tor's uptime is 12:00 hours, 
with 3 circuits open. I've sent 375.23 MB and received 326.98 MB. I've 
received 32711 connections on IPv4 and 3289 on IPv6. I've made 306 
connections with IPv4 and 14 with IPv6.
Dec 15 02:05:31.000 [notice] While not bootstrapping, fetched this many 
bytes: 8221506 (server descriptor fetch); 944 (server descriptor 
upload); 766467 (consensus network-status fetch); 80676 (microdescriptor 
fetch)
Dec 15 02:05:31.000 [notice] Average packaged cell fullness: 94.792%. 
TLS write overhead: 18%
Dec 15 02:05:31.000 [notice] Circuit handshake stats since last time: 
0/0 TAP, 37813/37813 NTor.
Dec 15 02:05:31.000 [notice] Since startup we initiated 0 and received 0 
v1 connections; initiated 0 and received 0 v2 connections; initiated 0 
and received 0 v3 connections; initiated 0 and received 0 v4 
connections; initiated 88 and received 35765 v5 connections.
Dec 15 02:05:31.000 [notice] Heartbeat: DoS mitigation since startup: 0 
circuits killed with too many cells, 0 circuits rejected, 0 marked 
addresses, 0 marked addresses for max queue, 0 same address concurrent 
connections rejected, 0 connections rejected, 0 single hop clients 
refused, 0 INTRODUCE2 rejected.

Dec 15 02:31:35.000 [notice] Performing bandwidth self-test...done.

……...


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New relay questions

[code9n via tor-relays]

Hi Relay Operators,

I am trying to run a non exit relay for the first time and have some questions:

FYI, I have 2 virtual CPU s and 1.256 GB RAM with ‘unlimited’ bandwidth on a 
rented VPS running Debian 11.

The logs report success and the Relay Search shows my relay (Nickname: 
code9nRelay) running but the advertised bandwidth is 0 B/s.
It’s been running for 13 hours or so and I see a new relay that has been 
running for 1 hour has an advertised bandwidth of 12MiB/s.

I did set the bandwidth to 100KB/s, then 200KB/s but now it’s just set to run 
the defaults. Ie Nothing is set.

I had my email address as my first contact then my GPG fingerprint as a second 
contact but the fingerprint is displayed not the email. Now I have it all on 
one line with the email address first.

Which brings me to my main question; when I run systemctl restart tor@default 
shouldn’t the new settings in the torrc file be used from that point on? 
Because they don’t seem to be.
I have run it after making the changes above and the old settings are still 
shown on the Relay Search page. Ie 0KB/s and my GPG fingerprint showing as my 
email address.
If this restart doesn’t reset the torrc then what does? Or is it just a matter 
of waiting for the new info to be taken up?

Any one have any thoughts or advice, please?

Pete

Here are the recent logs:

Dec 14 20:05:31.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 10 
circuits open. I've sent 188.82 MB and received 168.28 MB. I've received 14629 
connections on IPv4 and 1847 on IPv6. I've made 171 connections with IPv4 and 8 
with IPv6.
Dec 14 20:05:31.000 [notice] While not bootstrapping, fetched this many bytes: 
3951317 (server descriptor fetch); 944 (server descriptor upload); 358850 
(consensus network-status fetch); 49621 (microdescriptor fetch)
Dec 14 20:05:31.000 [notice] Average packaged cell fullness: 95.570%. TLS write 
overhead: 16%
Dec 14 20:05:31.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 
37259/37259 NTor.
Dec 14 20:05:31.000 [notice] Since startup we initiated 0 and received 0 v1 
connections; initiated 0 and received 0 v2 connections; initiated 0 and 
received 0 v3 connections; initiated 0 and received 0 v4 connections; initiated 
60 and received 16368 v5 connections.
Dec 14 20:05:31.000 [notice] Heartbeat: DoS mitigation since startup: 0 
circuits killed with too many cells, 0 circuits rejected, 0 marked addresses, 0 
marked addresses for max queue, 0 same address concurrent connections rejected, 
0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Dec 15 02:05:31.000 [notice] Heartbeat: Tor's uptime is 12:00 hours, with 3 
circuits open. I've sent 375.23 MB and received 326.98 MB. I've received 32711 
connections on IPv4 and 3289 on IPv6. I've made 306 connections with IPv4 and 
14 with IPv6.
Dec 15 02:05:31.000 [notice] While not bootstrapping, fetched this many bytes: 
8221506 (server descriptor fetch); 944 (server descriptor upload); 766467 
(consensus network-status fetch); 80676 (microdescriptor fetch)
Dec 15 02:05:31.000 [notice] Average packaged cell fullness: 94.792%. TLS write 
overhead: 18%
Dec 15 02:05:31.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 
37813/37813 NTor.
Dec 15 02:05:31.000 [notice] Since startup we initiated 0 and received 0 v1 
connections; initiated 0 and received 0 v2 connections; initiated 0 and 
received 0 v3 connections; initiated 0 and received 0 v4 connections; initiated 
88 and received 35765 v5 connections.
Dec 15 02:05:31.000 [notice] Heartbeat: DoS mitigation since startup: 0 
circuits killed with too many cells, 0 circuits rejected, 0 marked addresses, 0 
marked addresses for max queue, 0 same address concurrent connections rejected, 
0 connections rejected, 0 single hop clients refused, 0 INTRODUCE2 rejected.
Dec 15 02:31:35.000 [notice] Performing bandwidth self-test...done.

……...___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay has a problem - Additional info about net config

[Fran via tor-relays]

Hey Olaf,

I'd try the following:

- restart tor
- restart whole server
- try setting:

Address  107.189.14.123

in torrc.

I have no experience with nyx and if it displays logs from tor or if
some unicorns are in between, so maybe take a look if the logs written 
by tor itself differ from the nyx ones.


The "Address '::1'" is surprising when not having IPv6 enabled at all 
(which is also supported by the "ip a" output).


Best,
 fran



On 2/12/22 22:03, Olaf Grimm wrote:


Here info about netconfig. In the INFO messages is a part of 'Could not 
get local interface IP address."

A mystical thing.

root@localhost:~# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
group default qlen 1000

     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast 
state UP group default qlen 1000

     link/ether 00:16:03:e5:d6:a0 brd ff:ff:ff:ff:ff:ff
     altname enp0s3
     altname ens3
     inet 107.189.14.123/24 brd 107.189.14.255 scope global dynamic eth0
    valid_lft 2583814sec preferred_lft 2583814sec
root@localhost:~#



Am 12.02.22 um 20:43 schrieb Olaf Grimm:

Hello Tor community!

I have some identical new relays, but only one of them has a problem.
My intention was an IPv6 problem, so there ist IPV6 diabled at all.

Fingerprint:
3F1AE2170CAD31B5694BD9052A2A29E5793BDC1F
IP:  107.189.14.123

Ports open: 22, 80, 9001

Test from outside by scanner: ok
UFW firewall open ports set to: 22, 80, 9001

torrc: No IPv6 configuration enabled.

The same configuration about all relays.

With Nyx I can see built circuits, but the relay does not appear in 
the metrics, but other relays already show strong traffic.


Debian system updates are possible, the HTTP frontpage is displayed at 
the given IP address, DNS 'unbound' ok because updates are possible.

Unbound is set to 127.0.0.1 only.


Here some logs from Nyx (copy like displayed):

  11:18:41 [INFO] find_my_address(): Unable to find our IP address.

  11:18:41 [INFO] address_can_be_used(): Address '::1' is a private IP 
address. Tor relays that use the default DirAuthorities must have 
public IP addresses.


  11:18:41 [INFO] tor_getaddrinfo(): (Sandbox) getaddrinfo succeeded.

  11:18:41 [INFO] get_address_from_interface(): Could not get local 
interface IP address.


  11:18:41 [INFO] get_interface_address6_via_udp_socket_hack(): 
connect() failed: Cannot assign requested address


  11:18:41 [INFO] address_can_be_used(): Address '::' is a private IP 
address. Tor relays that use the default DirAuthorities must have 
public IP addresses.


  11:18:41 [INFO] get_address_from_config(): No Address option found 
in configuration.


  11:18:39 [INFO] update_consensus_router_descriptor_downloads(): 0 
router descriptors downloadable. 0 delayed; 6795 present (0 of those 
were in old_routers); 0 would_reject; 0 wouldnt_use; 0 in

    progress.


I can not find what is wrong, but I see "::" what is IPv6.
In Debian /etc/sysctl.conf IPv6 is disabled.

net.ipv6.conf.all.disable_ipv6 = 1


Can you help me? Please check the IP in the consensus. Blocked?

Olaf

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New relay has a problem - Additional info about net config

[Olaf Grimm]

Here info about netconfig. In the INFO messages is a part of 'Could not 
get local interface IP address."

A mystical thing.

root@localhost:~# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast 
state UP group default qlen 1000

link/ether 00:16:03:e5:d6:a0 brd ff:ff:ff:ff:ff:ff
altname enp0s3
altname ens3
inet 107.189.14.123/24 brd 107.189.14.255 scope global dynamic eth0
   valid_lft 2583814sec preferred_lft 2583814sec
root@localhost:~#



Am 12.02.22 um 20:43 schrieb Olaf Grimm:

Hello Tor community!

I have some identical new relays, but only one of them has a problem.
My intention was an IPv6 problem, so there ist IPV6 diabled at all.

Fingerprint:
3F1AE2170CAD31B5694BD9052A2A29E5793BDC1F
IP:  107.189.14.123

Ports open: 22, 80, 9001

Test from outside by scanner: ok
UFW firewall open ports set to: 22, 80, 9001

torrc: No IPv6 configuration enabled.

The same configuration about all relays.

With Nyx I can see built circuits, but the relay does not appear in the 
metrics, but other relays already show strong traffic.


Debian system updates are possible, the HTTP frontpage is displayed at 
the given IP address, DNS 'unbound' ok because updates are possible.

Unbound is set to 127.0.0.1 only.


Here some logs from Nyx (copy like displayed):

  11:18:41 [INFO] find_my_address(): Unable to find our IP address.

  11:18:41 [INFO] address_can_be_used(): Address '::1' is a private IP 
address. Tor relays that use the default DirAuthorities must have public 
IP addresses.


  11:18:41 [INFO] tor_getaddrinfo(): (Sandbox) getaddrinfo succeeded.

  11:18:41 [INFO] get_address_from_interface(): Could not get local 
interface IP address.


  11:18:41 [INFO] get_interface_address6_via_udp_socket_hack(): 
connect() failed: Cannot assign requested address


  11:18:41 [INFO] address_can_be_used(): Address '::' is a private IP 
address. Tor relays that use the default DirAuthorities must have public 
IP addresses.


  11:18:41 [INFO] get_address_from_config(): No Address option found in 
configuration.


  11:18:39 [INFO] update_consensus_router_descriptor_downloads(): 0 
router descriptors downloadable. 0 delayed; 6795 present (0 of those 
were in old_routers); 0 would_reject; 0 wouldnt_use; 0 in

    progress.


I can not find what is wrong, but I see "::" what is IPv6.
In Debian /etc/sysctl.conf IPv6 is disabled.

net.ipv6.conf.all.disable_ipv6 = 1


Can you help me? Please check the IP in the consensus. Blocked?

Olaf

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New relay has a problem - Re-used IP blocked in consensus?

[Olaf Grimm]

Hello Tor community!

I have some identical new relays, but only one of them has a problem.
My intention was an IPv6 problem, so there ist IPV6 diabled at all.

Fingerprint:
3F1AE2170CAD31B5694BD9052A2A29E5793BDC1F
IP:  107.189.14.123

Ports open: 22, 80, 9001

Test from outside by scanner: ok
UFW firewall open ports set to: 22, 80, 9001

torrc: No IPv6 configuration enabled.

The same configuration about all relays.

With Nyx I can see built circuits, but the relay does not appear in the 
metrics, but other relays already show strong traffic.


Debian system updates are possible, the HTTP frontpage is displayed at 
the given IP address, DNS 'unbound' ok because updates are possible.

Unbound is set to 127.0.0.1 only.


Here some logs from Nyx (copy like displayed):

 11:18:41 [INFO] find_my_address(): Unable to find our IP address.

 11:18:41 [INFO] address_can_be_used(): Address '::1' is a private IP 
address. Tor relays that use the default DirAuthorities must have public 
IP addresses.


 11:18:41 [INFO] tor_getaddrinfo(): (Sandbox) getaddrinfo succeeded.

 11:18:41 [INFO] get_address_from_interface(): Could not get local 
interface IP address.


 11:18:41 [INFO] get_interface_address6_via_udp_socket_hack(): 
connect() failed: Cannot assign requested address


 11:18:41 [INFO] address_can_be_used(): Address '::' is a private IP 
address. Tor relays that use the default DirAuthorities must have public 
IP addresses.


 11:18:41 [INFO] get_address_from_config(): No Address option found in 
configuration.


 11:18:39 [INFO] update_consensus_router_descriptor_downloads(): 0 
router descriptors downloadable. 0 delayed; 6795 present (0 of those 
were in old_routers); 0 would_reject; 0 wouldnt_use; 0 in

   progress.


I can not find what is wrong, but I see "::" what is IPv6.
In Debian /etc/sysctl.conf IPv6 is disabled.

net.ipv6.conf.all.disable_ipv6 = 1


Can you help me? Please check the IP in the consensus. Blocked?

Olaf
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay

[William Pate]

I'll increase it. I have two running from home, so I don't want to eat up too 
much bandwidth, but I left the config at the default rate until certain it was 
working. :)

William Pate
willp...@pm.me
512-947-3311
inadequate.net

‐‐‐ Original Message ‐‐‐
On Friday, March 27, 2020 5:09 AM, teor  wrote:

> Thanks!
>
> Looks like a small bandwidth rate, did you really mean
> 300 kilobytes per second?
>
> T
>
> --
> teor
> --
>
>> On 26 Mar 2020, at 04:59, William Pate  wrote:
>
>> 
>> Set up another relay (this time on Raspberry Pi 4): 
>> https://metrics.torproject.org/rs.html#details/BD187CF1B44A84EC7DD1BC2AC9C4F7DE23D16619
>>
>> William Pate
>> willp...@pm.me
>> 512-947-3311
>> inadequate.net
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay

[teor]

Thanks!

Looks like a small bandwidth rate, did you really mean
300 kilobytes per second?

T

-- 
teor
--


> On 26 Mar 2020, at 04:59, William Pate  wrote:
> 
> 
> Set up another relay (this time on Raspberry Pi 4): 
> https://metrics.torproject.org/rs.html#details/BD187CF1B44A84EC7DD1BC2AC9C4F7DE23D16619
> 
> William Pate
> willp...@pm.me
> 512-947-3311
> inadequate.net
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New relay

[William Pate]

Set up another relay (this time on Raspberry Pi 4): 
https://metrics.torproject.org/rs.html#details/BD187CF1B44A84EC7DD1BC2AC9C4F7DE23D16619

William Pate
willp...@pm.me
512-947-3311
inadequate.net___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[teor]

Hi,

> On 21 Feb 2020, at 20:21, Mario Costa  wrote:
> 
> Just reporting back after some time. Today I noticed that my relay running 
> at home with a dynamic IP got a guard flag again. So it’s totally possible 
> for a relay to become a guard even after the authorities notice that it has a 
> dynamic IP address.It must be noted though that the IP address didn’t change 
> since it lost the guard flag the first time.
> 
> It looks like I had it wrong when I concluded that after the first IP change 
> the relay wouldn’t became a guard anymore.
> 
> For reference, the relay fingerprint is 
> F942EE73F1B8E39125F617FA85E80E4C9E540A2E.

The guard flag depends on uptime and bandwidth.
(IP address changes create downtime and reset bandwidth.)

I really wouldn't worry about it too much.

Clients have multiple guards, they'll switch to another one if yours goes down.

T


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[Mario Costa]

Just reporting back after some time. Today I noticed that my relay running at 
home with a dynamic IP got a guard flag again. So it’s totally possible for a 
relay to become a guard even after the authorities notice that it has a dynamic 
IP address.It must be noted though that the IP address didn’t change since it 
lost the guard flag the first time.

It looks like I had it wrong when I concluded that after the first IP change 
the relay wouldn’t became a guard anymore.

For reference, the relay fingerprint is 
F942EE73F1B8E39125F617FA85E80E4C9E540A2E.

-m

> Il giorno 27 gen 2020, alle ore 15:15, Mario Costa  
> ha scritto:
> 
> Torix,
> 
> This is really useful. I forced an IP change and the relay lost the guardian 
> flag. I guess that now the authorities know that it’s running on a dynamic IP 
> connection and won’t assign a guard flag anymore. I was really surprised when 
> the relay became a guard in about a week of uptime.
> 
> By the way, I didn’t set a traffic limit. Hope this doesn’t upset my ISP, but 
> my little RPi is happily talking with almost 4000 peers :)
> 
> -m
> 
>> Il giorno 27 gen 2020, alle ore 14:41, to...@protonmail.com ha scritto:
>> 
>> Dear Mario,
>> 
>> In almost 2 years I've been running a middle relay from home, I have had 
>> about 15 ip changes.  One time they came and replaced my equipment and it 
>> was down about 5 hours.  It started back up with about 6 connections, but 
>> was back at a full 3000 in a few hours.  I've never had a guard flag, even 
>> with my current 3+months tor uptime with the same ip address.  I only run a 
>> terabyte a month through it, so maybe that's too little, though it does have 
>> the fast flag.
>> 
>> The first 6 or 8 months before a new tor version came out, there was a lot 
>> more traffic than I wanted to handle, just to keep under my ISP's radar, so 
>> I had the config set up to turn off tor when the daily limit was reached, 
>> usually between 8 and 10 pm.  Then it would start up again after midnight.  
>> I asked if this was still worth it, and the gurus said yes.  So I'd say that 
>> a few ip changes are going to be small potatoes compared to turning the 
>> relay off for hours every night.
>> 
>> So glad you are running a relay.  "A chicken in every pot, and a relay in 
>> every house."
>> 
>> --torix
>> 
>> 
>> Sent with ProtonMail Secure Email.
>> 
>> ‐‐‐ Original Message ‐‐‐
>> On Thursday, January 23, 2020 2:19 PM, Mario Costa  
>> wrote:
>> 
>>> Hello,
>>> 
>>> I started a new relay at home. I was really surprised to see it gain a 
>>> Guard flag in about a week since it first came online. My first relay (on a 
>>> VPS) became a Guard well over a month after I set it up. How can I assess 
>>> what was different this time?
>>> 
>>> Also, I’m wondering what will happen when the dynamic IP changes. Sooner or 
>>> later I’ll have a power outage or restart the modem. Last time my IP 
>>> changed it happened overnight for no evident reason. Will this relay lose 
>>> its flags? Is a really with a dynamic IP address useful at all?
>>> 
>>> Cheers,
>>> 
>>> -m
>>> 
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[Mario Costa]

Torix,

This is really useful. I forced an IP change and the relay lost the guardian 
flag. I guess that now the authorities know that it’s running on a dynamic IP 
connection and won’t assign a guard flag anymore. I was really surprised when 
the relay became a guard in about a week of uptime.

By the way, I didn’t set a traffic limit. Hope this doesn’t upset my ISP, but 
my little RPi is happily talking with almost 4000 peers :)

-m

> Il giorno 27 gen 2020, alle ore 14:41, to...@protonmail.com ha scritto:
> 
> Dear Mario,
> 
> In almost 2 years I've been running a middle relay from home, I have had 
> about 15 ip changes.  One time they came and replaced my equipment and it was 
> down about 5 hours.  It started back up with about 6 connections, but was 
> back at a full 3000 in a few hours.  I've never had a guard flag, even with 
> my current 3+months tor uptime with the same ip address.  I only run a 
> terabyte a month through it, so maybe that's too little, though it does have 
> the fast flag.
> 
> The first 6 or 8 months before a new tor version came out, there was a lot 
> more traffic than I wanted to handle, just to keep under my ISP's radar, so I 
> had the config set up to turn off tor when the daily limit was reached, 
> usually between 8 and 10 pm.  Then it would start up again after midnight.  I 
> asked if this was still worth it, and the gurus said yes.  So I'd say that a 
> few ip changes are going to be small potatoes compared to turning the relay 
> off for hours every night.
> 
> So glad you are running a relay.  "A chicken in every pot, and a relay in 
> every house."
> 
> --torix
> 
> 
> Sent with ProtonMail Secure Email.
> 
> ‐‐‐ Original Message ‐‐‐
> On Thursday, January 23, 2020 2:19 PM, Mario Costa  
> wrote:
> 
>> Hello,
>> 
>> I started a new relay at home. I was really surprised to see it gain a Guard 
>> flag in about a week since it first came online. My first relay (on a VPS) 
>> became a Guard well over a month after I set it up. How can I assess what 
>> was different this time?
>> 
>> Also, I’m wondering what will happen when the dynamic IP changes. Sooner or 
>> later I’ll have a power outage or restart the modem. Last time my IP changed 
>> it happened overnight for no evident reason. Will this relay lose its flags? 
>> Is a really with a dynamic IP address useful at all?
>> 
>> Cheers,
>> 
>> -m
>> 
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[John Csuti]

That is exactly what will happen you will become a normal middle relay

Thanks,
John Csuti
‭(216) 236-3309‬
https://www.coolcomputers.info/

> On Jan 27, 2020, at 8:18 AM, Mario Costa  wrote:
> 
> Thanks Jonathan,  mpan and John.
> 
> I still don’t understand what happens when the authorities see that my IP is 
> dynamic. Will they prevent the relay from becoming a guard?
> 
> I didn’t know about the DoS problem, that’s something I didn’t experience yet 
> with my other, older relay. Maybe not being and exit helps.
> 
> Cheers,
> 
> -m
> 
> 
>> Il giorno 27 gen 2020, alle ore 02:57, Jonathan Marquardt 
>>  ha scritto:
>> 
>>> On Thu, Jan 23, 2020 at 03:19:52PM +0100, Mario Costa wrote:
>>> Also, I’m wondering what will happen when the dynamic IP changes. Sooner or 
>>> later I’ll have a power outage or restart the modem. Last time my IP 
>>> changed 
>>> it happened overnight for no evident reason. Will this relay lose its 
>>> flags? 
>>> Is a really with a dynamic IP address useful at all?
>> 
>> If your IP address doesn't change every day but only every now and then then 
>> yes, it's definitely a useful relay.
>> 
>> Should the IP address change too often, your relay might loose its "guard" 
>> or 
>> even "stable" flag but I recommend you just see what will happen.
>> 
>> I have a relay (6B185DEEB249E4BA6182ECA077530C45E98A6C5F) that's also just 
>> running at home with a dynamic IP address and it still has its "Stable" flag.
>> -- 
>> OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3
>>https://www.parckwart.de/pgp_key
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
>>> Il giorno 27 gen 2020, alle ore 07:24, mpan  ha 
>>> scritto:
>>> 
>>> Is a really with a dynamic IP address useful at all?
>> I’m running a node like that for over 5 years. Currently it is a guard
>> too. The IP address is relatively stable and the major interruptions are
>> due to kernel/tor upgrades or modem losing connection without the
>> address change. Even after those it recovers pretty fast. Unless you are
>> expecting to see downtime a few times a week, go ahead. The node is also
>> useful even if it is not having the guard flag yet.
>> 
>> However, if you’re planning to run a node from your home, consider a
>> few things. Forget about running an exit node: you will experience a
>> heavy overblocking and hostility. And any node will bring some level of
>> harassment, because ignorance is widespread. A second thing is that from
>> time to time someone is trying to DoS nodes. In those 5 years I’ve seen
>> a few of those, so I assume the average is like once per year of
>> operation. Just accept the inevitable reality of running a node at home:
>> there will be a day or a week in which you will observe thousands
>> connections coming to your PC, all cores suddenly running at 100%
>> without no apparent reason  Treat it as a way to gain experience.
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> 
>> Il giorno 27 gen 2020, alle ore 07:46, John Csuti 
>>  ha scritto:
>> 
>> The stable flag refers to your fingerprint being up for long lived circuits. 
>> Being on a dynamic up won’t change that. So in principle the stable flag 
>> means that the server is up and reach able for most of the time no matter 
>> what the address or IP may be.
>> 
>> Thanks,
>> John Csuti
>> 
 On Jan 26, 2020, at 11:37 PM, Jonathan Marquardt  wrote:
>>> 
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[torix]

Dear Mario,

In almost 2 years I've been running a middle relay from home, I have had about 
15 ip changes.  One time they came and replaced my equipment and it was down 
about 5 hours.  It started back up with about 6 connections, but was back at a 
full 3000 in a few hours.  I've never had a guard flag, even with my current 
3+months tor uptime with the same ip address.  I only run a terabyte a month 
through it, so maybe that's too little, though it does have the fast flag.

The first 6 or 8 months before a new tor version came out, there was a lot more 
traffic than I wanted to handle, just to keep under my ISP's radar, so I had 
the config set up to turn off tor when the daily limit was reached, usually 
between 8 and 10 pm.  Then it would start up again after midnight.  I asked if 
this was still worth it, and the gurus said yes.  So I'd say that a few ip 
changes are going to be small potatoes compared to turning the relay off for 
hours every night.

So glad you are running a relay.  "A chicken in every pot, and a relay in every 
house."

--torix


Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Thursday, January 23, 2020 2:19 PM, Mario Costa  
wrote:

> Hello,
>
> I started a new relay at home. I was really surprised to see it gain a Guard 
> flag in about a week since it first came online. My first relay (on a VPS) 
> became a Guard well over a month after I set it up. How can I assess what was 
> different this time?
>
> Also, I’m wondering what will happen when the dynamic IP changes. Sooner or 
> later I’ll have a power outage or restart the modem. Last time my IP changed 
> it happened overnight for no evident reason. Will this relay lose its flags? 
> Is a really with a dynamic IP address useful at all?
>
> Cheers,
>
> -m
>
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[Mario Costa]

Thanks Jonathan,  mpan and John.

I still don’t understand what happens when the authorities see that my IP is 
dynamic. Will they prevent the relay from becoming a guard?

I didn’t know about the DoS problem, that’s something I didn’t experience yet 
with my other, older relay. Maybe not being and exit helps.

Cheers,

-m


> Il giorno 27 gen 2020, alle ore 02:57, Jonathan Marquardt  
> ha scritto:
> 
> On Thu, Jan 23, 2020 at 03:19:52PM +0100, Mario Costa wrote:
>> Also, I’m wondering what will happen when the dynamic IP changes. Sooner or 
>> later I’ll have a power outage or restart the modem. Last time my IP changed 
>> it happened overnight for no evident reason. Will this relay lose its flags? 
>> Is a really with a dynamic IP address useful at all?
> 
> If your IP address doesn't change every day but only every now and then then 
> yes, it's definitely a useful relay.
> 
> Should the IP address change too often, your relay might loose its "guard" or 
> even "stable" flag but I recommend you just see what will happen.
> 
> I have a relay (6B185DEEB249E4BA6182ECA077530C45E98A6C5F) that's also just 
> running at home with a dynamic IP address and it still has its "Stable" flag.
> -- 
> OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3
> https://www.parckwart.de/pgp_key
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


> Il giorno 27 gen 2020, alle ore 07:24, mpan  ha scritto:
> 
>> Is a really with a dynamic IP address useful at all?
>  I’m running a node like that for over 5 years. Currently it is a guard
> too. The IP address is relatively stable and the major interruptions are
> due to kernel/tor upgrades or modem losing connection without the
> address change. Even after those it recovers pretty fast. Unless you are
> expecting to see downtime a few times a week, go ahead. The node is also
> useful even if it is not having the guard flag yet.
> 
>  However, if you’re planning to run a node from your home, consider a
> few things. Forget about running an exit node: you will experience a
> heavy overblocking and hostility. And any node will bring some level of
> harassment, because ignorance is widespread. A second thing is that from
> time to time someone is trying to DoS nodes. In those 5 years I’ve seen
> a few of those, so I assume the average is like once per year of
> operation. Just accept the inevitable reality of running a node at home:
> there will be a day or a week in which you will observe thousands
> connections coming to your PC, all cores suddenly running at 100%
> without no apparent reason  Treat it as a way to gain experience.
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



> Il giorno 27 gen 2020, alle ore 07:46, John Csuti 
>  ha scritto:
> 
> The stable flag refers to your fingerprint being up for long lived circuits. 
> Being on a dynamic up won’t change that. So in principle the stable flag 
> means that the server is up and reach able for most of the time no matter 
> what the address or IP may be.
> 
> Thanks,
> John Csuti
> 
>> On Jan 26, 2020, at 11:37 PM, Jonathan Marquardt  wrote:
>> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[Mario Costa]

Hey David,

I don’t have unattended upgrades enabled since it’s a server I regularly access 
for other purposes, but I don’t see how this relates to a guardian relay 
running with a dynamic IP. Maybe you replied to the wrong message? :)

-m

> Il giorno 25 gen 2020, alle ore 02:04, David Poulsen  
> ha scritto:
> 
> hi m,
> did you use the docs about Part 3:
> 
> https://community.torproject.org/relay/setup/guard/debianubuntu/updates/
> 
> 3. Automatically reboot
> 
> If you want to automatically reboot add the following at the the end of the 
> file /etc/apt/apt.conf.d/50unattended-upgrades:
> 
>Unattended-Upgrade::Automatic-Reboot "true";
> 
> - or do i misunderstand something?
> 
> Regards
> David
> 
> Sent with ProtonMail Secure Email.
> 
> ‐‐‐ Original Message ‐‐‐
> On Thursday, January 23, 2020 2:19 PM, Mario Costa  
> wrote:
> 
>> Hello,
>> 
>> I started a new relay at home. I was really surprised to see it gain a Guard 
>> flag in about a week since it first came online. My first relay (on a VPS) 
>> became a Guard well over a month after I set it up. How can I assess what 
>> was different this time?
>> 
>> Also, I’m wondering what will happen when the dynamic IP changes. Sooner or 
>> later I’ll have a power outage or restart the modem. Last time my IP changed 
>> it happened overnight for no evident reason. Will this relay lose its flags? 
>> Is a really with a dynamic IP address useful at all?
>> 
>> Cheers,
>> 
>> -m
>> 
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[John Csuti]

The stable flag refers to your fingerprint being up for long lived circuits. 
Being on a dynamic up won’t change that. So in principle the stable flag means 
that the server is up and reach able for most of the time no matter what the 
address or IP may be.

Thanks,
John Csuti

> On Jan 26, 2020, at 11:37 PM, Jonathan Marquardt  wrote:
> 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[mpan]

> Is a really with a dynamic IP address useful at all?
  I’m running a node like that for over 5 years. Currently it is a guard
too. The IP address is relatively stable and the major interruptions are
due to kernel/tor upgrades or modem losing connection without the
address change. Even after those it recovers pretty fast. Unless you are
expecting to see downtime a few times a week, go ahead. The node is also
useful even if it is not having the guard flag yet.

  However, if you’re planning to run a node from your home, consider a
few things. Forget about running an exit node: you will experience a
heavy overblocking and hostility. And any node will bring some level of
harassment, because ignorance is widespread. A second thing is that from
time to time someone is trying to DoS nodes. In those 5 years I’ve seen
a few of those, so I assume the average is like once per year of
operation. Just accept the inevitable reality of running a node at home:
there will be a day or a week in which you will observe thousands
connections coming to your PC, all cores suddenly running at 100%
without no apparent reason  Treat it as a way to gain experience.



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[David Poulsen]

hi m,
did you use the docs about Part 3:

https://community.torproject.org/relay/setup/guard/debianubuntu/updates/

3. Automatically reboot

If you want to automatically reboot add the following at the the end of the 
file /etc/apt/apt.conf.d/50unattended-upgrades:

Unattended-Upgrade::Automatic-Reboot "true";

- or do i misunderstand something?

Regards
David

Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Thursday, January 23, 2020 2:19 PM, Mario Costa  
wrote:

> Hello,
>
> I started a new relay at home. I was really surprised to see it gain a Guard 
> flag in about a week since it first came online. My first relay (on a VPS) 
> became a Guard well over a month after I set it up. How can I assess what was 
> different this time?
>
> Also, I’m wondering what will happen when the dynamic IP changes. Sooner or 
> later I’ll have a power outage or restart the modem. Last time my IP changed 
> it happened overnight for no evident reason. Will this relay lose its flags? 
> Is a really with a dynamic IP address useful at all?
>
> Cheers,
>
> -m
>
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay on dynamic IP address

[Jonathan Marquardt]

On Thu, Jan 23, 2020 at 03:19:52PM +0100, Mario Costa wrote:
> Also, I’m wondering what will happen when the dynamic IP changes. Sooner or 
> later I’ll have a power outage or restart the modem. Last time my IP changed 
> it happened overnight for no evident reason. Will this relay lose its flags? 
> Is a really with a dynamic IP address useful at all?

If your IP address doesn't change every day but only every now and then then 
yes, it's definitely a useful relay.

Should the IP address change too often, your relay might loose its "guard" or 
even "stable" flag but I recommend you just see what will happen.

I have a relay (6B185DEEB249E4BA6182ECA077530C45E98A6C5F) that's also just 
running at home with a dynamic IP address and it still has its "Stable" flag.
-- 
OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3
 https://www.parckwart.de/pgp_key


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New relay on dynamic IP address

[Mario Costa]

Hello,

I started a new relay at home. I was really surprised to see it gain a Guard 
flag in about a week since it first came online. My first relay (on a VPS) 
became a Guard well over a month after I set it up. How can I assess what was 
different this time?

Also, I’m wondering what will happen when the dynamic IP changes. Sooner or 
later I’ll have a power outage or restart the modem. Last time my IP changed it 
happened overnight for no evident reason. Will this relay lose its flags? Is a 
really with a dynamic IP address useful at all?

Cheers,

-m
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay by the Chaos Computer Club Vienna (C3W)

[John Ricketts]

Awesome, thanks for yet another relay! :-)

> On Jan 23, 2020, at 05:38, MacLemon  wrote:
> 
> Hi!
> 
> I just wanted to convey some happy news:
> 
> The Chaos Computer Club Vienna[0] (C3W, Vienna/Austria) just launched their 
> second relay. We're still working on tweaking the bandwidth announcements.
> 
> Of course feedback to our relay setup is highly welcome and if you have 
> questions, I'm happy to answer them.
> 
> Feel free to poke around the metrics[1].
> 
> Best regards
> MacLemon
> 
> 
> [0]:https://c3w.at/ "Chaos Computer Club Vienna"
> [1]:https://metrics.torproject.org/rs.html#search/C3W "C3W Relay Overview, 
> Tor Metrics"
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New Relay by the Chaos Computer Club Vienna (C3W)

[MacLemon]

Hi!

I just wanted to convey some happy news:

The Chaos Computer Club Vienna[0] (C3W, Vienna/Austria) just launched their 
second relay. We're still working on tweaking the bandwidth announcements.

Of course feedback to our relay setup is highly welcome and if you have 
questions, I'm happy to answer them.

Feel free to poke around the metrics[1].

Best regards
MacLemon


[0]:https://c3w.at/ "Chaos Computer Club Vienna"
[1]:https://metrics.torproject.org/rs.html#search/C3W "C3W Relay Overview, Tor 
Metrics"


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay in USA: bridge or middle relay?

[teor]

Hi,

> On 31 Oct 2019, at 10:04, ECAN - Matt Westfall  wrote:
> 
> hah, mine is -=severely=- under utilized..
> 
> NO CPU Load: https://puu.sh/EyX6N/81a5d5c76e.png
> 
> 4 Mbps of throughput 2 Mbps each way or only ~ 20Mbps ea way: 
> https://puu.sh/EyX7F/b7885ce635.png
> 
> Plenty of bandwidth: https://puu.sh/EyX9O/65334af451.png
> 
> ...
> 
> I realize that "false advertising of bandwidth to abuse the network 
> protocols"  has impacted the "consensus weight" assigned to various nodes.
> 
> But there -definitely- needs to be a more intelligent system developed for 
> determining this.
> 
> I just proved that I have 2 GIGABITS of bandwidth HUNDREDS to other 
> countries, but there is 20 MegaBits flowing through my relay, lol.

The speed tests you ran are not Tor traffic. It's not even clear if they
are TCP or TLS.

Tor users run Tor clients, just like the bandwidth authorities do.

Here are 5 speed tests with actual Tor clients to your relay:
https://consensus-health.torproject.org/consensus-health-2019-10-30-23-00.html#C9FD236FDE28003315BD8C96EE94BC58D85FBACF

Comcast is well-known for bad peering, and slowing down particular
protocols. Search the list archives for details.

Here are some steps you can take to try to improve the speed of your
relay:
https://trac.torproject.org/projects/tor/wiki/doc/MyRelayIsSlow

Let us know how you go!

T

--
teor
--



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay in USA: bridge or middle relay?

[ECAN - Matt Westfall]

hah, mine is -=severely=- under utilized..

NO CPU Load: https://puu.sh/EyX6N/81a5d5c76e.png

4 Mbps of throughput 2 Mbps each way or only ~ 20Mbps ea way: 
https://puu.sh/EyX7F/b7885ce635.png


Plenty of bandwidth: https://puu.sh/EyX9O/65334af451.png

Even to Germany: https://puu.sh/EyXbI/33cb46ac55.png

Even to Brazil: https://www.speedtest.net/result/8719378576

Even to London: https://puu.sh/EyXk4/f86e74e856.png

I realize that "false advertising of bandwidth to abuse the network 
protocols"  has impacted the "consensus weight" assigned to various 
nodes.


But there -definitely- needs to be a more intelligent system developed 
for determining this.


I just proved that I have 2 GIGABITS of bandwidth HUNDREDS to other 
countries, but there is 20 MegaBits flowing through my relay, lol.


Thanks,




Matt Westfall
President & CIO
ECAN Solutions, Inc.
Everything Computers and Networks
804.592.1672

-- Original Message --
From: "teor" 
To: tor-relays@lists.torproject.org
Sent: 10/22/2019 4:53:25 AM
Subject: Re: [tor-relays] New relay in USA: bridge or middle relay?


Hi,


 On 8 Oct 2019, at 22:07, Isaac Grover, Aileron I.T.  
wrote:

 Good morning from Wisconsin,

 After reading about how middle relays in the USA go largely underutilized, and 
having quietly run my own middle relay for several years, would it be more 
beneficial to the network to launch several new bridges instead of more middle 
relays?


Good question.

Very few tor relays are actually under-utilised.

Many operators expect 100% utilisation, but low-latency protocols work
best around 10% utilisation. We're currently at 30%.

So feel free to deploy a middle, and if it's fast and stable enough,
it might become a guard.

Some bridges are kept in reserve. Others are handed out using less
popular methods. So feel free to deploy multiple bridges on the same
IP address or subnet.

T

--
teor
--
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay in USA: bridge or middle relay?

[teor]

Hi,

> On 8 Oct 2019, at 22:07, Isaac Grover, Aileron I.T.  
> wrote:
> 
> Good morning from Wisconsin,
> 
> After reading about how middle relays in the USA go largely underutilized, 
> and having quietly run my own middle relay for several years, would it be 
> more beneficial to the network to launch several new bridges instead of more 
> middle relays?

Good question.

Very few tor relays are actually under-utilised.

Many operators expect 100% utilisation, but low-latency protocols work
best around 10% utilisation. We're currently at 30%.

So feel free to deploy a middle, and if it's fast and stable enough,
it might become a guard.

Some bridges are kept in reserve. Others are handed out using less
popular methods. So feel free to deploy multiple bridges on the same
IP address or subnet.

T

--
teor
--



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New relay in USA: bridge or middle relay?

[Isaac Grover, Aileron I.T.]

Good morning from Wisconsin,

After reading about how middle relays in the USA go largely underutilized, and 
having quietly run my own middle relay for several years, would it be more 
beneficial to the network to launch several new bridges instead of more middle 
relays?

Make your day great,
Isaac Grover, Senior I.T. Consultant
Aileron I.T. - " Because #ProactiveIsBetter "

O: 715-377-0440, F:715-690-1029, W: www.aileronit.com
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New Relay: ShawnWebb01

[Shawn Webb]

Hey all,

A few days ago, I put up a new relay on a PC Engines device running
HardenedBSD 13-CURRENt/amd64:

https://metrics.torproject.org/rs.html#details/57869F7458002476F6AC78F7A61C960CBA94497F

I should update ContactInfo soon to reflect the ContactInfo format
nusenu would like relays to use.

IPv4 address of the relay comes from Verizon FiOS and IPv6 comes from
Hurricane Electric's TunnelBroker.

Please let me know if you have any questions, comments, or concerns.

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is.a.hacker.sx
GPG Key ID:  0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay operator here

[alkyl]

Can you elaborate on the bandwidth issues? If it had anything to do with
the host, please add a note to the GoodBadISPs page[0].

[0] https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs

alkyl

privatesociety Tor:
> Thanks for your answers and the kind words! One relay had to be cancelled
> because of bandwith issues, but five are still a nice number. Maybe the UK
> one will be replaced by an NL dedicated server with 100 mbit uplink. All
> servers are then also IPv6 compatible (four are already since today). :)
> 
> Colin Childs  schrieb am Fr. 18. Mai 2018 um 03:30:
> 
>> Hi Privatesociety,
>>
>> Thank you for setting up these relays and contributing to the Tor network!
>> I look forward to working with you in the future.
>>
>> In the #tor-relays IRC channel, there are a number of TorServers people,
>> as well as people from partner organizations. There are also a number of us
>> on this mailing list. Are you looking specifically to contribute to
>> TorServers, or are you hoping to team up with a local partner organization
>> / found your own partner org?
>>
>> If you’re unsure, I’d be happy to talk with you about options (as would
>> other TS people, I’m sure). As Nusenu mentioned though, it would be helpful
>> to know where you are based out of.
>>
>> Thanks, talk soon!
>>
>> On May 17, 2018, at 2:08 PM, privatesociety Tor 
>> wrote:
>>
>> Hello tor relay community!
>> I‘d like to introduce six new relays, which are operated by
>> privatesociety, a community of people, which fighting for privacy based in
>> europe. The six relays provide a capacity of around 300 mbit/s (total) and
>> are hosted on networks, which aren‘t much used - so better for the tor
>> community. I hope we are working great together. :)
>>
>> Look at meetrics for more details:
>>
>> https://metrics.torproject.org/rs.html#search/family:7AF3F4E88A5AE224DB775732A52731C8E54208A6
>>
>>
>> Anyway: We are maybe setting up an exit in the future, but for this we‘d
>> like to join forces with other exit operators like TORSERVERS.net to have
>> better connections in case of problems. Does anyone have contacts, which
>> could be helpful?
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay operator here

[privatesociety Tor]

Thanks for your answers and the kind words! One relay had to be cancelled
because of bandwith issues, but five are still a nice number. Maybe the UK
one will be replaced by an NL dedicated server with 100 mbit uplink. All
servers are then also IPv6 compatible (four are already since today). :)

Colin Childs  schrieb am Fr. 18. Mai 2018 um 03:30:

> Hi Privatesociety,
>
> Thank you for setting up these relays and contributing to the Tor network!
> I look forward to working with you in the future.
>
> In the #tor-relays IRC channel, there are a number of TorServers people,
> as well as people from partner organizations. There are also a number of us
> on this mailing list. Are you looking specifically to contribute to
> TorServers, or are you hoping to team up with a local partner organization
> / found your own partner org?
>
> If you’re unsure, I’d be happy to talk with you about options (as would
> other TS people, I’m sure). As Nusenu mentioned though, it would be helpful
> to know where you are based out of.
>
> Thanks, talk soon!
>
> On May 17, 2018, at 2:08 PM, privatesociety Tor 
> wrote:
>
> Hello tor relay community!
> I‘d like to introduce six new relays, which are operated by
> privatesociety, a community of people, which fighting for privacy based in
> europe. The six relays provide a capacity of around 300 mbit/s (total) and
> are hosted on networks, which aren‘t much used - so better for the tor
> community. I hope we are working great together. :)
>
> Look at meetrics for more details:
>
> https://metrics.torproject.org/rs.html#search/family:7AF3F4E88A5AE224DB775732A52731C8E54208A6
>
>
> Anyway: We are maybe setting up an exit in the future, but for this we‘d
> like to join forces with other exit operators like TORSERVERS.net to have
> better connections in case of problems. Does anyone have contacts, which
> could be helpful?
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay operator here

[Colin Childs]

Hi Privatesociety,

Thank you for setting up these relays and contributing to the Tor network! I 
look forward to working with you in the future.

In the #tor-relays IRC channel, there are a number of TorServers people, as 
well as people from partner organizations. There are also a number of us on 
this mailing list. Are you looking specifically to contribute to TorServers, or 
are you hoping to team up with a local partner organization / found your own 
partner org? 

If you’re unsure, I’d be happy to talk with you about options (as would other 
TS people, I’m sure). As Nusenu mentioned though, it would be helpful to know 
where you are based out of.

Thanks, talk soon!

> On May 17, 2018, at 2:08 PM, privatesociety Tor  
> wrote:
> 
> Hello tor relay community!
> I‘d like to introduce six new relays, which are operated by privatesociety, a 
> community of people, which fighting for privacy based in europe. The six 
> relays provide a capacity of around 300 mbit/s (total) and are hosted on 
> networks, which aren‘t much used - so better for the tor community. I hope we 
> are working great together. :)
> 
> Look at meetrics for more details: 
> https://metrics.torproject.org/rs.html#search/family:7AF3F4E88A5AE224DB775732A52731C8E54208A6
>  
> 
> 
> Anyway: We are maybe setting up an exit in the future, but for this we‘d like 
> to join forces with other exit operators like TORSERVERS.net to have better 
> connections in case of problems. Does anyone have contacts, which could be 
> helpful?
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay operator here

[nusenu]

Hi privatesociety,

thanks for spreading your relays across multiple countries and ASes.

privatesociety Tor:
> Anyway: We are maybe setting up an exit in the future, but for this we‘d
> like to join forces with other exit operators like TORSERVERS.net to have
> better connections in case of problems. Does anyone have contacts, which
> could be helpful?

it makes sense to include your country if you seek (legal support) contacts

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New relay operator here

[privatesociety Tor]

Hello tor relay community!
I‘d like to introduce six new relays, which are operated by privatesociety,
a community of people, which fighting for privacy based in europe. The six
relays provide a capacity of around 300 mbit/s (total) and are hosted on
networks, which aren‘t much used - so better for the tor community. I hope
we are working great together. :)

Look at meetrics for more details:
https://metrics.torproject.org/rs.html#search/family:7AF3F4E88A5AE224DB775732A52731C8E54208A6

Anyway: We are maybe setting up an exit in the future, but for this we‘d
like to join forces with other exit operators like TORSERVERS.net to have
better connections in case of problems. Does anyone have contacts, which
could be helpful?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay

[teor]

On 19 Feb 2018, at 03:41, Gary  wrote:

>> Right now I only see 2 on jaffacakemonster2 and 1 on jaffacakemonster.
>> Seeing 3 would be weird, because in order for a pair of relays to be in
>> the same family, they must both list each other in their torrcs.
> 
> My family thing has settled now, I think this was because I changed the name 
> from "jaffacakemonster" to "jaffacakemonster1", havnt looking the Atlas bug 
> too much I guess its because it took a few hours for the changed names to 
> ripple through.

You can avoid depending on nicknames by configuring MyFamily using fingerprints.

Other people can also set up relays with the name "jaffacakemonster1", so
fingerprints are best.

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay

[Roger Dingledine]

On Sun, Feb 18, 2018 at 04:41:42PM +, Gary wrote:
> My 2nd relay has a dirport set, 9030, it does not seem to be listed as a
> dir authority yet, is this again because of the new relay thing (wait a few
> weeks for it to be measured)?

Two answers:

(1) If you set AccountingMax, or if you have a low enough bandwidth rate,
then your relay will opt to not advertise its DirPort. It looks like your
bandwidth rate is tiny, so that's probably it. There is a log message
as Tor starts that informs you it's making this choice.

(2) The phrase you want is "dir mirror" or "dir server". The directory
authorities play a different role, which you can read about here:
https://www.torproject.org/docs/faq#KeyManagement

Thanks for running relays! (And, please consider making them bigger. :)

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay

[Gary]

Hi thanks for getting back to me.


> Right now I only see 2 on jaffacakemonster2 and 1 on jaffacakemonster.
> Seeing 3 would be weird, because in order for a pair of relays to be in
> the same family, they must both list each other in their torrcs.
>

My family thing has settled now, I think this was because I changed the
name from "jaffacakemonster" to "jaffacakemonster1", havnt looking the
Atlas bug too much I guess its because it took a few hours for the changed
names to ripple through.

My 2nd relay has a dirport set, 9030, it does not seem to be listed as a
dir authority yet, is this again because of the new relay thing (wait a few
weeks for it to be measured)?

Thanks.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay

[nusenu]

Matt Traudt:
> It's 0 because you're a new relay and haven't been measured yet.

The advertised bandwidth is not 0 because this is an unmeasured
relay, most unmeasured relays have a non-zerro adv. bw. 
example:
https://atlas.torproject.org/#details/773E813FDDBFC985B3D436CF669B572601C00FC3

Only the consensus_weight is capped at 20 for unmeasured relays.

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay

[nusenu]

nusenu:
>> . My family on Atlas - the little numbers in brackets are not all the
>> same, I only run two relays, however on the listings it reports sometimes
>> two sometimes three. Are you meant to include "yourself" in the torrc or
>> only other relays??
> 
> recently I reported a bug in that part of atlas which resulted in incorrect 
> numbers shown
> in these brackets.
> 
> The maintainer of atlas fixed it, you should no longer see 
> incorrect numbers.

oh it appears the fix is not actually working as it should, I'll reopen that 
the bug

> 
> https://trac.torproject.org/projects/tor/ticket/25034
> https://trac.torproject.org/projects/tor/ticket/25241
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay

[nusenu]

> . My family on Atlas - the little numbers in brackets are not all the
> same, I only run two relays, however on the listings it reports sometimes
> two sometimes three. Are you meant to include "yourself" in the torrc or
> only other relays??

recently I reported a bug in that part of atlas which resulted in incorrect 
numbers shown
in these brackets.

The maintainer of atlas fixed it, you should no longer see 
incorrect numbers.

https://trac.torproject.org/projects/tor/ticket/25034
https://trac.torproject.org/projects/tor/ticket/25241
-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay

[Matt Traudt]

On 2/16/18 08:11, Gary wrote:
> Hello.
> 
> I recently set up a new relay, jaffacakemonster2, I would be grateful if
> someone could answer some questions for me.
> 
> 1. The bandwidth on Atlas is listed as "0". Is this a wait a few
> days/new relay issue or a configuration issue. I was surprised to find
> exit relays are default now, I hope I didn't disable too much so to speak.
> 

It's 0 because you're a new relay and haven't been measured yet.

All you need to do to stop being an exit is "ExitRelay 0" in your torrc.
What else did you disable?

> 2. My family on Atlas - the little numbers in brackets are not all the
> same, I only run two relays, however on the listings it reports
> sometimes two sometimes three. Are you meant to include "yourself" in
> the torrc or only other relays??
> 

Relays can include themselves in their MyFamily. It doesn't hurt and
doesn't cause issues.

Right now I only see 2 on jaffacakemonster2 and 1 on jaffacakemonster.
Seeing 3 would be weird, because in order for a pair of relays to be in
the same family, they must both list each other in their torrcs.

Thank you for running a relay. If you haven't read this blog post yet,
you may want to.

https://blog.torproject.org/lifecycle-new-relay

Matt
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New Relay

[Gary]

Hello.

I recently set up a new relay, jaffacakemonster2, I would be grateful if
someone could answer some questions for me.

1. The bandwidth on Atlas is listed as "0". Is this a wait a few days/new
relay issue or a configuration issue. I was surprised to find exit relays
are default now, I hope I didn't disable too much so to speak.

2. My family on Atlas - the little numbers in brackets are not all the
same, I only run two relays, however on the listings it reports sometimes
two sometimes three. Are you meant to include "yourself" in the torrc or
only other relays??

Thanks.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject

[nusenu]

> Speaking of which, I do wonder what the thoughts are on this idea. I
> would like to have two derivatives of the cloud package, one for
> novices and one for those who do not consider themselves novices. The
> novice package will be centrally managed by Puppet, so all the user
> has to do is spin up an instance, updates will be handled by the
> master.

So your image will include a puppet master? Or do you intent to run a single 
master
(under your control) to control other people's relays? (I hope you are not 
proposing that.)


> The non-novice package will be managed by chef. My main question is
> what are the thoughts on using Puppet? Would that be an acceptable
> solution for a non-novice solution or is that too much of a risk?



-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject

[nusenu]

Conrad Rockenhaus:
> I noticed this when I started it up. It appears that the version of
> Tor on EPEL is out of date. I’ll build it out of source to fix it.
> I’ll probably have to do that for the Cloud solution as well since
> the lifecycle of EPEL is normally behind.

0.2.9.14 reached stable ~16 hours ago 
(generally a EPEL package stays in testing for 2 weeks before reaching stable)
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97efaab7e7

If you do not want to build yourself you can enable the EPEL testing repo
to get updates faster.
If timely tor updates is a top priority, you might want to choose another OS.

Also please enable auto updates on your images so we avoid having lots of 
outdated
relays on the network.

https://trac.torproject.org/projects/tor/wiki/OperatorsTips/RPMUpdates#CentOSandRHEL

- please automate the process of setting a proper MyFamily configuration
- please ensure that relays have a meaningful ContactInfo set 


please do not forget to set MyFamily on all your relays
https://atlas.torproject.org/#details/A5C6D2EBCCA77D0B09364DD6B75FEC817AF977FA

teor wrote:
> I also wonder if there's a way of giving people a BSD image option
> as well.

Yes, BSD images would be great!


IMHO the biggest drawback with AWS is bw cost - which is a 
lot more expensive than most other hosters. With the same kind of
money operators would be able to push a lot more traffic if they choose an
unmetered hoster. From a cost point of view I would advise against AWS.


thanks for your efforts

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject

[Gary Smith]

Hello.

I use AWS to test the alpha release, on the free tier. If you dont mind me
asking, I am interested to know what you are doing to avoid a bill Amazon
bill at the end of the month.

I think I had about 30GB data transfer or so & a few other things and they
sent me a bill for USD 0.70 ish (not at lot I know lol), but potentially it
could be in the thousands of dollars or more if you are not careful. Is
there a region that is "best" to use? AWS' internet is pretty fast, I
transfered a file from 12GB file from Google Drive using Chrome in the VM
in about 15 or so seconds.

Also I noted that there are many entries in /var/log/auth.log that many
people try to connect via SSH (username byebye is a popular one for some
reason), more connection attempts than my home internet connection gets
perhaps

Many Thanks.

On Wed, Dec 20, 2017 at 2:35 PM, Conrad Rockenhaus 
wrote:

>
>
> On Dec 20, 2017, at 5:01 AM, teor  wrote:
>
>
> On 20 Dec 2017, at 20:59, Conrad Rockenhaus  wrote:
>
> ConradsAWSRelay was started back up on a new AWS instance running Amazon
> Linux and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I
> have upgraded to Tor 0.3.1.9…. I had issues with getting the libevent
> development header dependencies resolved on Amazon Linux so I just compiled
> it on Red Hat and brought it over. More than likely I overlooked something
> and caused a cascade of failures from there, anyway, it’s up.
>
> Additionally, I brought up ConradsAWSExit, 
> 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A,
> to help out with that area. I may bandwidth limit this one depending on
> load,  I will have to wait and see how much traffic it gets since I don’t
> have unlimited $$$ to allocate to my new hobby :).
>
>
> Yes, running nodes at AWS can be expensive.
> I'm also interested to see what abuse complaints you get.
>
>
> I’m mainly running this stuff on AWS because AWS is my playground for the
> new Cloud based solution I’m working on, just because I can start instances
> up with Amazon Linux, FreeBSD, Debian, etc. I am interested to see what the
> abuse process is as well. I will ensure that the costs are controlled so
> I’m not out of pocket too much.
>
> Eventually the permanent home will be moved to the new cabinet I’m going
> to be renting at a datacenter near my home.
>
>
> If someone could take another look and provide me any
> feedback/constructive criticism about these two nodes, I would greatly
> appreciate it.
>
>
> Since you control multiple relays, please set MyFamily on all of them:
>
> MyFamily fingerprint1,fingerprint2
>
> This is important because they are in different IPv4 /16s.
> (It will be even more important if one has the Guard flag, and the other
> has the Exit flag.)
>
>
> Done, should see it in atlas within the hour.
>
>
> Does AWS have native IPv6 yet?
>
> If so, please set on both relays:
>
> ORPort [IPv6]:Port
>
> And on the Exit:
>
> IPv6Exit 1
>
> You could connect to IPv6 using a nearby free tunnel service
> (Hurricane Electric is good, and has good peering with AWS),
> but this is not as fast or reliable as native IPv6.
>
> But as a learning experience, it's a good way to get IPv6.
>
>
> I see that AWS does have native IPv6, but I have to get it enabled on my
> VPC before I can get these two instances up on IPv6. I will let y’all know
> when that’s done.
>
>
> Thank you for everyone’s advise! I also appreciate the input regarding
> the revitalization of the Cloud project again. Another person has also
> volunteered to assist in the project so hopefully things should start
> moving here pretty soon!
>
>
> That's exciting.
> It would be great for people to be able to choose between multiple
> providers. Free VPSs are a great way to learn how to set up a relay.
>
> The biggest issue with the cloud image was that it wasn't kept up
> to date. I wonder if there's a way of doing that automatically.
>
> I also wonder if there's a way of giving people a BSD image option
> as well.
>
>
> My intent with the new cloud image architecture is to provide a
> multi-arch, portable, fast, and secure solution that will deploy tor
> relays. Another person has volunteered to assist me with this so with three
> people working on this I do hope that we will be able to keep things up to
> date, but my main goal is to have that somewhat automated.
>
> Speaking of which, I do wonder what the thoughts are on this idea. I would
> like to have two derivatives of the cloud package, one for novices and one
> for those who do not consider themselves novices. The novice package will
> be centrally managed by Puppet, so all the user has to do is spin up an
> instance, updates will be handled by the master.
>
> The non-novice package will be managed by chef. My main question is what
> are the thoughts on using Puppet? Would that be an acceptable solution for
> a non-novice solution or is that too much of a risk?
>
> Thanks,
>
> Conrad
>
>
> T
> 

Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject

[teor]

> On 20 Dec 2017, at 20:59, Conrad Rockenhaus  wrote:
> 
> ConradsAWSRelay was started back up on a new AWS instance running Amazon 
> Linux and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I have 
> upgraded to Tor 0.3.1.9…. I had issues with getting the libevent development 
> header dependencies resolved on Amazon Linux so I just compiled it on Red Hat 
> and brought it over. More than likely I overlooked something and caused a 
> cascade of failures from there, anyway, it’s up.
> 
> Additionally, I brought up ConradsAWSExit, 
> 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A, to help out with that area. I may 
> bandwidth limit this one depending on load,  I will have to wait and see how 
> much traffic it gets since I don’t have unlimited $$$ to allocate to my new 
> hobby :).

Yes, running nodes at AWS can be expensive.
I'm also interested to see what abuse complaints you get.

> If someone could take another look and provide me any feedback/constructive 
> criticism about these two nodes, I would greatly appreciate it.

Since you control multiple relays, please set MyFamily on all of them:

MyFamily fingerprint1,fingerprint2

This is important because they are in different IPv4 /16s.
(It will be even more important if one has the Guard flag, and the other
has the Exit flag.)

Does AWS have native IPv6 yet?

If so, please set on both relays:

ORPort [IPv6]:Port

And on the Exit:

IPv6Exit 1

You could connect to IPv6 using a nearby free tunnel service
(Hurricane Electric is good, and has good peering with AWS),
but this is not as fast or reliable as native IPv6.

But as a learning experience, it's a good way to get IPv6.

> Thank you for everyone’s advise! I also appreciate the input regarding the 
> revitalization of the Cloud project again. Another person has also 
> volunteered to assist in the project so hopefully things should start moving 
> here pretty soon!

That's exciting.
It would be great for people to be able to choose between multiple
providers. Free VPSs are a great way to learn how to set up a relay.

The biggest issue with the cloud image was that it wasn't kept up
to date. I wonder if there's a way of doing that automatically.

I also wonder if there's a way of giving people a BSD image option
as well.

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject

[Conrad Rockenhaus]

Hello,

ConradsAWSRelay was started back up on a new AWS instance running Amazon Linux 
and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I have upgraded 
to Tor 0.3.1.9…. I had issues with getting the libevent development header 
dependencies resolved on Amazon Linux so I just compiled it on Red Hat and 
brought it over. More than likely I overlooked something and caused a cascade 
of failures from there, anyway, it’s up.

Additionally, I brought up ConradsAWSExit, 
1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A, to help out with that area. I may 
bandwidth limit this one depending on load,  I will have to wait and see how 
much traffic it gets since I don’t have unlimited $$$ to allocate to my new 
hobby :).

If someone could take another look and provide me any feedback/constructive 
criticism about these two nodes, I would greatly appreciate it.

Thank you for everyone’s advise! I also appreciate the input regarding the 
revitalization of the Cloud project again. Another person has also volunteered 
to assist in the project so hopefully things should start moving here pretty 
soon!

Thanks,

Conrad

> On Dec 19, 2017, at 9:02 PM, Conrad Rockenhaus  wrote:
> 
> 
> 
>> On Dec 19, 2017, at 8:55 PM, teor > > wrote:
>> 
>> 
>> On 20 Dec 2017, at 13:28, Conrad Rockenhaus > > wrote:
>> 
>>> Howdy,
>>> 
>>> Early this morning (3 AM CST) I brought a non-exit relay named 
>>> “ConradsAWSRelay” online. I would appreciate it if someone would take an 
>>> objective look at it to see if the relay is fast enough and bringing useful 
>>> services to the tor network.
>> 
>> Please upgrade your relay to the latest Tor version:
>> https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html
>>  
>> 
>> 
> 
> I noticed this when I started it up. It appears that the version of Tor on 
> EPEL is out of date. I’ll build it out of source to fix it. I’ll probably 
> have to do that for the Cloud solution as well since the lifecycle of EPEL is 
> normally behind. I’ll fix this now.
> 
>> Your relay might take a few weeks to be used:
>> https://blog.torproject.org/lifecycle-new-relay 
>> 
> I completely forgot about that. Thank you for reminding me :D.
> 
>> 
>>> Additionally, I know that people have been working on ansible solutions 
>>> regarding the installation of tor and what not, but that being said, I’m 
>>> working on an AWS specific solution to replace the previous Cloud 
>>> torproject that we had years ago. I will keep everyone in the loop, but I 
>>> think its time that we have a cloud specific solution for rolling out tor.
>> 
>> Thanks!
>> It would be great to have this again.
> 
> I’m making progress and will advise all when I hit certain points so I can 
> get feedback. I would like this new solution to have significant community 
> input so I have all of my i’s dotted and my t’s crossed.
> 
> Thanks,
> 
> Conrad
> 
>> 
>> T
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject

[Conrad Rockenhaus]

> On Dec 19, 2017, at 8:55 PM, teor  wrote:
> 
> 
> On 20 Dec 2017, at 13:28, Conrad Rockenhaus  > wrote:
> 
>> Howdy,
>> 
>> Early this morning (3 AM CST) I brought a non-exit relay named 
>> “ConradsAWSRelay” online. I would appreciate it if someone would take an 
>> objective look at it to see if the relay is fast enough and bringing useful 
>> services to the tor network.
> 
> Please upgrade your relay to the latest Tor version:
> https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html 
> 
> 

I noticed this when I started it up. It appears that the version of Tor on EPEL 
is out of date. I’ll build it out of source to fix it. I’ll probably have to do 
that for the Cloud solution as well since the lifecycle of EPEL is normally 
behind. I’ll fix this now.

> Your relay might take a few weeks to be used:
> https://blog.torproject.org/lifecycle-new-relay 
> 
I completely forgot about that. Thank you for reminding me :D.

> 
>> Additionally, I know that people have been working on ansible solutions 
>> regarding the installation of tor and what not, but that being said, I’m 
>> working on an AWS specific solution to replace the previous Cloud torproject 
>> that we had years ago. I will keep everyone in the loop, but I think its 
>> time that we have a cloud specific solution for rolling out tor.
> 
> Thanks!
> It would be great to have this again.

I’m making progress and will advise all when I hit certain points so I can get 
feedback. I would like this new solution to have significant community input so 
I have all of my i’s dotted and my t’s crossed.

Thanks,

Conrad

> 
> T
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay Online/Working on AWS Cloud Torproject

[teor]

> On 20 Dec 2017, at 13:28, Conrad Rockenhaus  wrote:
> 
> Howdy,
> 
> Early this morning (3 AM CST) I brought a non-exit relay named 
> “ConradsAWSRelay” online. I would appreciate it if someone would take an 
> objective look at it to see if the relay is fast enough and bringing useful 
> services to the tor network.

Please upgrade your relay to the latest Tor version:
https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html

Your relay might take a few weeks to be used:
https://blog.torproject.org/lifecycle-new-relay

> Additionally, I know that people have been working on ansible solutions 
> regarding the installation of tor and what not, but that being said, I’m 
> working on an AWS specific solution to replace the previous Cloud torproject 
> that we had years ago. I will keep everyone in the loop, but I think its time 
> that we have a cloud specific solution for rolling out tor.

Thanks!
It would be great to have this again.

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New Relay Online/Working on AWS Cloud Torproject

[Conrad Rockenhaus]

Howdy,

Early this morning (3 AM CST) I brought a non-exit relay named 
“ConradsAWSRelay” online. I would appreciate it if someone would take an 
objective look at it to see if the relay is fast enough and bringing useful 
services to the tor network.

Additionally, I know that people have been working on ansible solutions 
regarding the installation of tor and what not, but that being said, I’m 
working on an AWS specific solution to replace the previous Cloud torproject 
that we had years ago. I will keep everyone in the loop, but I think its time 
that we have a cloud specific solution for rolling out tor.

Thanks,

Conrad Rockenhaus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay Operator: Hostname

[Sebastian Hoffmann]

Hi!
Is it running at OVH?
They don't allow running any kind of anonymizing services on their VPS or 
dedicated servers, as written in their terms and conditions ?!

-- Sebastian 


> Am 21.02.2017 um 06:16 schrieb co...@awakening.io:
> 
> Hello!
> 
> I have just started up a new exit node using nusenu's wonderful Ansible
> scripts (thank you kindly).
> 
> I would like the hostname to be public, I wonder if I have misconfigured
> as the hostname does not display here:
> 
> https://torstatus.blutmagie.de/router_detail.php?FP=b0a8f23372309d3589e70bd3c2e48c5b6fc3ec36
> 
> I have the following in my configuration:
> 
>ORPort 198.100.159.72:9000
>DirPort 198.100.159.72:9001
>Address tor-exit-01.awakening.io
> 
> Any thoughts?
> 
> - Colin
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New Relay Operator: Hostname

[Roman Mamedov]

On Mon, 20 Feb 2017 21:16:38 -0800
co...@awakening.io wrote:

> I would like the hostname to be public, I wonder if I have misconfigured
> as the hostname does not display here:
> 
> https://torstatus.blutmagie.de/router_detail.php?FP=b0a8f23372309d3589e70bd3c2e48c5b6fc3ec36
> 
> I have the following in my configuration:
> 
> ORPort 198.100.159.72:9000
> DirPort 198.100.159.72:9001
> Address tor-exit-01.awakening.io
> 
> Any thoughts?

The hostname is taken from reverse DNS (aka PTR record) of the IP address, but
in your case:

$ host 198.100.159.72
Host 72.159.100.198.in-addr.arpa. not found: 3(NXDOMAIN)

The owner of that IP address has to set the reverse DNS record, or in your
case, it's likely you can set that yourself via a function in your hoster's
(OVH) control panel.

In any case, you don't need the "Address" line with hostname in torrc.

-- 
With respect,
Roman
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New Relay Operator: Hostname

[colin]

Hello!

I have just started up a new exit node using nusenu's wonderful Ansible
scripts (thank you kindly).

I would like the hostname to be public, I wonder if I have misconfigured
as the hostname does not display here:

https://torstatus.blutmagie.de/router_detail.php?FP=b0a8f23372309d3589e70bd3c2e48c5b6fc3ec36

I have the following in my configuration:

ORPort 198.100.159.72:9000
DirPort 198.100.159.72:9001
Address tor-exit-01.awakening.io

Any thoughts?

- Colin


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Chad MILLER]

* Green Dream  [2016-08-30 21:39:34 -0700]:
chad> 1) anyone can create packages for others without review, 2) security 

is better


These two concepts seem fundamentally at odds. Perhaps I have
misunderstood you. How would unreviewed code be better for security?



Good question. It's better because it was beyond terrible before. 
"Security" means nothing without a lot of context, but maybe we can agree 
it means enforcement of some policy.


When you run a program in this packaging scheme, it is confined to a 
specific set of syscalls (seccomp), used in a specific few ways (apparmor), 
and through some mounting of filesystem images that don't even implement 
write() (squashfs) and bind mounts, it appears to itself to be the only 
program installed on an otherwise barebones linux machine with almost 
nothing writable execept a few data directories that it's informed of at 
run time. No matter what else is installed, it can't do much about it, and 
if it tries to get uppity, the kernel will likely slay it.


It gets access to previous versions of its data, so it could clobber that.  

The packages I have here request "network bind" and "network" permissions, 
so a bad program could create sockets. (Which is nothing to sniff at!)


It could also steal resources like CPU time or RAM.

But it can never look in your ~/.gnupg/ dir or grab your scanner or wipe 
your yubikey or turn on your camera or whatever, as another program, rogue 
or compromised, could do. None of that even seems to exist.


This is a packaging system with dense policy built-in, and it's enforced so 
pretty much the only thing software can see is its own belly-button.


Reviewed code is great, but large swaths of code on our machines has had 
one or fewer very interested persons look at every line. And one line is 
all it takes to be catastrophic. Better to treat every program as guilty 
and untrustworthy. Design for untrustability instead of hoping for 
diligence.


Snap is not perfect, and it's not my baby, but I admire it.

--
Chad Miller
chad.org
c2c3 0e6c a4ce d49e 79cf   06c61 a806 deac 3042 0066


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Chad MILLER]

News: Package is at Tor 0.2.8.7, which was released yesterday.


* Roger Dingledine  [2016-08-25 00:33:14 -0400]:

Nice idea!

Other people here have very valid points about the security and
maintability side of things, but I'll add another point: It looks like the
conservative defaults you mention are a BandwidthRate and BandwithBurst
of 75 KBytes. That tiny level of rate limiting basically ensures that none 
of these relays will ever get the Fast flag, so they will never be used by 
actual users. 


I had that same thought a few days ago. Thank you for the note. That's just 
the kind of feedback I wanted.


http://bazaar.launchpad.net/~privacy-squad/+junk/tor-middle-relay-snap/revision/45



I wonder if your project would be better at producing bridges?
https://www.torproject.org/docs/faq#RelayOrBridge
Especially since you could include obfs4 (or even more!) support as part
of the bundle.


If you look at the atlas list, you'll see that about 1 out of four are 
bridges. At startup, it generates keys, and then uses the fingerprint to 
decide whether to volunteer to be a bridge relay for the rest of its life.


Built in are the obfs4 plugins, and also the firewall helper, and nyx/arm.  
Your "more!" intrigues me, though. Private mail?


--
Chad Miller
chad.org
c2c3 0e6c a4ce d49e 79cf   06c61 a806 deac 3042 0066


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Roger Dingledine]

On Wed, Aug 24, 2016 at 09:47:56AM -0400, Chad MILLER wrote:
> I made a tor-middle-relay package, so the TVs, Wifi Routers,
> Toasters, Self-driving Cars, Phones... of the world that are running
> that new kind of Ubuntu (or other OS that implements this package
> system!) can also help the Tor network.
>[...]
> Once you have it installed, try
> $ sudo /snap/bin/tor-middle-relay.configure
> to bump up your bandwidth limit over the conservative defaults.

Nice idea!

Other people here have very valid points about the security and
maintability side of things, but I'll add another point: It looks like the
conservative defaults you mention are a BandwidthRate and BandwithBurst
of 75 KBytes.

That tiny level of rate limiting basically ensures that none of these
relays will ever get the Fast flag, so they will never be used by
actual users.

The current recommendation on
https://www.torproject.org/docs/tor-relay-debian is to allow at least
250 KBytes/s each way. And even those will be tiny and rarely used
compared to the bigger relays.

I wonder if your project would be better at producing bridges?
https://www.torproject.org/docs/faq#RelayOrBridge
Especially since you could include obfs4 (or even more!) support as part
of the bundle.

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Aeris]

> Ubuntu/Debian doesn't have the latest version of Tor. You should use the
> official repository: https://www.torproject.org/docs/debian.html.en

I already use this repo for all my relays :)

<3,
-- 
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Aeris]

> Currently not on Xenial and Jessie (even in backport). ><

Don’t match 2.8.6 too :

snap
ba16ce2958119a238d7931e709f30e932938218f
ubuntu yakkety tor_0.2.8.6-3ubuntu1_amd64.deb
5839f7b8bdc74cc26c829452d458d5c797ff3666
official tor tor_0.2.8.6-3_amd64.deb
6f2f4118b69420882022b526b956d65dc22a0b12
official tor xenial tor_0.2.8.6-3~xenial+1_amd64.deb
98677a0bfd0d3c22f342b44b824ba4d03f8facd3

IMO, if you rebuild from scratch, you have to achieve reproductible build, to 
allow post-build verification (and so, trustability of your snap).

<3,
-- 
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Tristan]

Ubuntu/Debian doesn't have the latest version of Tor. You should use the
official repository: https://www.torproject.org/docs/debian.html.en

On Aug 24, 2016 12:50 PM, "Aeris"  wrote:

> > Aeris, I should be worried if any of those matched. Did you know 0.2.8 is
> > out?
>
> Currently not on Xenial and Jessie (even in backport). ><
>
> <3,
> --
> Aeris
> Individual crypto-terrorist group self-radicalized on the digital Internet
> https://imirhil.fr/
>
> Protect your privacy, encrypt your communications
> GPG : EFB74277 ECE4E222
> OTR : 5769616D 2D3DAC72
> https://café-vie-privée.fr/ 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Aeris]

> Aeris, I should be worried if any of those matched. Did you know 0.2.8 is
> out?

Currently not on Xenial and Jessie (even in backport). ><

<3,
-- 
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Chad MILLER]

* Aeris  [2016-08-24 19:25:31 +0200]:


much less an untrusted tor package


For information, the tor binary inside the snap doesn’t match any official
upstream I can find…

SHA1
Snap
ba16ce2958119a238d7931e709f30e932938218f
Xenial (tor_0.2.7.6-1ubuntu1_amd64.deb)
997b717acaf2077708beba39a05adb30c014dfb2
Debian Jessie backports (tor_0.2.7.6-1~bpo8+1_amd64.deb)
cd63c5e01481a2b195bcb23c3d96dd81fb4f722d
Tor project repo (tor_0.2.7.6-dev-20160824T140713Z-1_amd64.deb)
f64cf21322c26372457cffcb7aeb97dd7768b697
Tor project repo (tor_0.2.7.6-dev-20160824T140713Z-1~d70.wheezy+1_amd64.deb)
6ba3b089029c1ae77ffcfb8fe2ee39335066b98a
Tor project repo (tor_0.2.7.6-dev-20160824T140713Z-1~xenial+1_amd64.deb)
8a2387c986ae98df7b2b78463aa6104ae5ebd080



Aeris, I should be worried if any of those matched. Did you know 0.2.8 is out?


--
Chad Miller
chad.org
c2c3 0e6c a4ce d49e 79cf   06c61 a806 deac 3042 0066


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Aeris]

> much less an untrusted tor package

For information, the tor binary inside the snap doesn’t match any official 
upstream I can find…

SHA1
Snap
ba16ce2958119a238d7931e709f30e932938218f
Xenial (tor_0.2.7.6-1ubuntu1_amd64.deb) 
997b717acaf2077708beba39a05adb30c014dfb2
Debian Jessie backports (tor_0.2.7.6-1~bpo8+1_amd64.deb)
cd63c5e01481a2b195bcb23c3d96dd81fb4f722d
Tor project repo (tor_0.2.7.6-dev-20160824T140713Z-1_amd64.deb)
f64cf21322c26372457cffcb7aeb97dd7768b697
Tor project repo (tor_0.2.7.6-dev-20160824T140713Z-1~d70.wheezy+1_amd64.deb)
6ba3b089029c1ae77ffcfb8fe2ee39335066b98a
Tor project repo (tor_0.2.7.6-dev-20160824T140713Z-1~xenial+1_amd64.deb)
8a2387c986ae98df7b2b78463aa6104ae5ebd080

<3,
-- 
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Sean Greenslade]

On Wed, Aug 24, 2016 at 05:33:43PM +0200, Jan Vidar Krey wrote:
> On Wed, Aug 24, 2016, at 16:43, Aeris wrote:
> > > 2) security is better
> > 
> > Sorry to say that, but : no. It’s very weaker than plain old Debian
> > package.
> > 
> 
> This is a matter of perspective on the "security" definition.
> 
> The snaps does run in a separate container group, so it does have
> some more layers of isolation to the rest of the system.
> This means it is probably better to install an untrusted snap
> than adding another untrusted APT source repository for your
> system.

That's great, except you _really_ shouldn't be installing an untrusted
_anything_ on your system, much less an untrusted tor package. And
implying that this system magically makes untrusted things safe and
suitable for install on a working machine is in my opinion a terrible
precedent to set. A malicious tor install can do plenty of harm even if
it was fully isolated from the rest of the machine.

If something is untrusted, don't install it. Period.

--Sean

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Aeris]

> This is a matter of perspective on the "security" definition.

Yep of course :P

For desktop-purpose, snap can eventually be interresting. You only put 
yourself at risk.
For server-purpose, you also put your users at risk, and in case of Tor, it’s 
very safer for them to run Tor with at least OpenSSL & Tor up-to-date, and so 
to use and follow official upstream release.

<3,
-- 
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Jan Vidar Krey]

On Wed, Aug 24, 2016, at 16:43, Aeris wrote:
> > 2) security is better
> 
> Sorry to say that, but : no. It’s very weaker than plain old Debian
> package.
> 

This is a matter of perspective on the "security" definition.

The snaps does run in a separate container group, so it does have
some more layers of isolation to the rest of the system.
This means it is probably better to install an untrusted snap
than adding another untrusted APT source repository for your
system.

Otherwise I agree with the library security updating problem.

-jv

-- 
  Jan Vidar Krey
  janvi...@extatic.org
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay package for Ubuntu 16.04+

[Aeris]

> 2) security is better

Sorry to say that, but : no. It’s very weaker than plain old Debian package.

Currently, your snap embeds :
libevent
openssl
pthreads
libasan2
libubsan
python 2.7
python-torctl
tor-arm
tor

Any security change on one of those embeded libraries require *you* rebuild 
and upload a new snap to fix the problem. This is very problematic for at 
least openssl (very frequent security fix) and tor/torctl/tor-arm (now, *you* 
need to follow every official releases of those 3 parts and deliver a new snap 
each time).

On a plain old Debian package, a security change impacts only *one* package 
(not *all* apps) and require only *the maintainer* of the lib package (not 
*all* apps ones) to rebuild and deploy. And this fixes *every* other package 
using this lib without extra step.

Snap, docker and more generally all packaging system embeding libs inside are 
just a nightmare in terms of security update.

<3
-- 
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] new relay package for Ubuntu 16.04+

[Chad MILLER]

tl;dr: $ sudo apt install snapd; sudo snap install tor-middle-relay


Hi.

Ubuntu has been working on a new kind of software package* that aims for 
isolation from the rest of the system, so 1) anyone can create packages for 
others without review, 2) security is better, and 3) it can be the basis 
for lots of supposedly single-purpose systems like cars, watches, home 
security systems, etc. The packages work for desktop and server too.


The upshot is that soon, they hope, many devices will run the miniature
Ubuntu plus the single package that makes the device do what it does to act 
like that device. If the mfr doesn't restrict it, we users can add other 
things that they never intended to make our device do more. Your

Wifi Router could also be your print server. Why not?

I made a tor-middle-relay package, so the TVs, Wifi Routers, Toasters, 
Self-driving Cars, Phones... of the world that are running that new kind of 
Ubuntu (or other OS that implements this package system!) can also help the 
Tor network.


The code that enables that new package system is already in Ubuntu 16.04 
LTS, so even existing desktops and servers can already use it.


So, if you use Ubuntu 16.04 LTS, this should get you a Tor relay

$ sudo apt install snapd
$ sudo snap install tor-middle-relay

(The ARMHF architecture has an open bug where the new package security 
rejects the "personality" syscall that Tor calls, so ARMHF doesn't work out 
of the box right now.)


Once you have it installed, try
$ sudo /snap/bin/tor-middle-relay.configure
to bump up your bandwidth limit over the conservative defaults.

There are a few dozen users already.  
https://atlas.torproject.org/#search/UbuntuCore

I'd be happy to have an explosion of devices all over the world.

Please send bug-reports privately, not to this list.

- chad



* https://developer.ubuntu.com/en/snappy/
 http://snapcraft.io/


--
Chad Miller
chad.org
c2c3 0e6c a4ce d49e 79cf   06c61 a806 deac 3042 0066


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay - not working right

[Bruce Ganton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



On 15-10-13 01:47 PM, Green Dream wrote:
> Hi. Thanks for running a relay.

Thank you both for answering me.  The relay's nickname is "ClydeBoy"
and is listed on blutmagie so I presume is on Atlas & Globe.  I have a
"normal" flag and "running".  The website now shows a bandwidth of 1.

However, some preliminary items I probably have wrong.  The only way I
can stop tor is ps -Al | grep tor and then kill .  Is there not a
more elegant way?

Also, if I start it as su: root it runs as root.  If I start it "tor"
as me it runs as me.  There is a user listed in the password file of
debian-tor but I am not sure how or if it is being used.  How should
tor be started and who should it be running as?

The current /var/log/tor/log (fresh, new) has nothing in it??

Bruce Ganton

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJWHnv5AAoJEAnfV8n5U7IzX0gH+waKd75Dx71OE9VaujJR9Qgu
LxsOgvxqb60AWb4G2q/Bhswpy9tSl9PWEklCOyv55NswXRRkYA+Ac+sNATCY8QUb
qs+FlZ4lXMrtVq2Kpec5ixpw9ZV013ucx/ZK7cDQdF3AM/8jXGUMiP/i4y37BDUc
aI61+QLAZAX9MTGIaRa2LRkuV/oG/xF8esM/7s1zggNCfNradE90PfaxClj8Yoj1
WuRWSlMMcOp0+w93w277bzFRumQQE1Nu3Qoj5VVuMwGjXrWOHAKCYHEYsXm1quWG
9rtytAt1/ndUcJU9gUUMfKuHQfSZnOZEp6nK4/nhWUjnfnah2mcts8bj39vThYY=
=rZ0o
-END PGP SIGNATURE-


0xF953B233.asc
Description: application/pgp-keys


0xF953B233.asc.sig
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay - not working right

[Bruce Ganton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



On 15-10-14 10:18 AM, Green Dream wrote:
> ClydeBoy is listed three times on Atlas. It appears to be running
> from the same server, as the IP/port are the same for all 3 nodes,
> however the fingerprint is different for each instance on Atlas:

I was able to identify two tor processes running and killed them both.
 I then used your recommended way of starting tor.  Now the log filed
is being filled with good stuff and ARM is behaving as I am used to.
FWIW, I googled around quite a bit and never noticed specific
instructions on stopping tor.  So thanks for giving me the magic bullet.

> 
> I'm guessing that during your testing and config changes, the
> existing Tor processes weren't getting killed and so you wound up
> with multiple Tor processes fighting for attention and resources.
> That's not going to work very well. ;-)
> 
> I'm not sure how you installed Tor. For Ubuntu or Debian, I
> normally follow the instructions here:
> 
> https://www.torproject.org/docs/debian.html.en#ubuntu

Yes, these are the directions I followed.  In fact I installed Debian
just so I could use option 1 as it seemed preferable.  I was
reasonably careful with this; how wrong can you go with sudo apt-get
install?  However, I have learned from hard experience to never be too
cocky about having everything done right. :-)


Bruce Ganton
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJWHpW6AAoJEAnfV8n5U7Izf94H/2b2/z/TJ/nx1fhx3AETJSei
/p1EUENFx2Whf74hgBwOhkWFonFwKJ3BAle5rFa//R77GSginU9x4YzSEXZXQNYY
o3+5reGDV7BKOnOVzHDs1fHUJ20yv73wjPso9f4IU+8xoSVUFGuiTe9L8q5HcHSQ
FTb6lkLsE+VTqck4VEg+a71rL9VjfeR3Z4GYobmJB5GB/tjbZ/bZ7ZqIpcMvpy+w
tyJ0DWKOcBJxHNigUniITX42qDeWJNqUnQvVqhjh7IW7DznjKTnGlMQq1y9zFgzM
bzOUPaU5V1ZdWIlpThXpzWb/inFHe+6SJ0U7BIxx9gZZBHOQxD1KG1nXygeNMgQ=
=y0cH
-END PGP SIGNATURE-


0xF953B233.asc
Description: application/pgp-keys


0xF953B233.asc.sig
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay - not working right

[Green Dream]

Pardon the bad copy/paste in the last email. The third listing on Atlas is:

https://atlas.torproject.org/#details/3FE1025A1E779CAFD21F593AC200C7447703343D
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay - not working right

[Green Dream]

ClydeBoy is listed three times on Atlas. It appears to be running from the
same server, as the IP/port are the same for all 3 nodes, however the
fingerprint is different for each instance on Atlas:

https://atlas.torproject.org/#details/68F162C50F22205FB3B728ACE67470B17D7430D6
https://atlas.torproject.org/#details/53C1C1A27F9CD0A87383FB473ABD7E8D4378F703
https://atlas.torproject.org/#details/53C1C1A27F9CD0A87383FB473ABD7E8D4378F703

I'm guessing that during your testing and config changes, the existing Tor
processes weren't getting killed and so you wound up with multiple Tor
processes fighting for attention and resources. That's not going to work
very well. ;-)

I'm not sure how you installed Tor. For Ubuntu or Debian, I normally follow
the instructions here:

https://www.torproject.org/docs/debian.html.en#ubuntu

If you go this route, you should wind up with Tor installed as a proper
service, which can then be controlled via the standard methods, like:

  sudo service tor start
  sudo service tor stop
  sudo service tor restart

This will also take care of running the Tor process as the debian-tor user.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay - not working right

[Green Dream]

Hi. Thanks for running a relay.

> For several days now its bandwidth, according to ARM, is in the
> bits/second and there seems to be some problem reading its own
> torrc file.  Also, while it had four connections for a while, there are
> none now.

Regarding the low bandwidth and a low number of connections, this could be
typical for a new relay. Reference
https://blog.torproject.org/blog/lifecycle-of-a-new-relay

> [ARM NOTICE] Read last day of bandwidth history from state file
> (-7502 seconds is missing)

This is normal in my experience. Arm is trying to read your node's
bandwidth history to populate the graphs with data collected before you
started Arm. I don't know why it fails, but you can squelch it by adding
the following config line to ~/.arm/armrc (or wherever you keep your armrc
file):

  features.graph.bw.prepopulate false

> [ARM WARN] The torrc differs frm what tor's using.  You an issue a
> sighup to reload the torrc values by pressing x.

Pretty much what it sounds like; you edited torrc after starting up Arm. To
bring in the chages such that Arm is in sync, just press 'x' in Arm twice
and it will issue a HUP signal to the Tor process, which reloads the config.

> [ARM NOTICE] Tor is preventing system utiliites like netstat and lsof
> from working.  This means arm can't provide you with connection
> information

You need to add the following to /etc/tor/torrc if you want to utilize all
the features of Arm:

  DisableDebuggerAttachment 0

It's disabled by default for security (with a value of '1'), so think
carefully before doing this. It "reduces security by enabling debugger
attachment to the Tor process. This can be used by an adversary to extract
keys." (Quoting from https://trac.torproject.org/projects/tor/ticket/13880).
If you do enable the deubgger attachment for Arm, make sure your control
port is locked down (not reachable from the Internet or from other hosts
you don't control, etc.)

It does seem a little odd you're still at 0 bandwidth with no connections.
Without more data, it's hard to say what else might be going wrong (if
anything). What does /var/log/tor/log have to say? There should be some
lines in there that indicate if it's reachable from the internet.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay not recognised by weathermap

[Sharif Olorin]

Cool; I've been meaning to see if I could lend a hand with any of the
Tor-related codebases, I'll take a look into it and see if I can help
out when I get some time.

Sharif

-- 
PGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New relay not recognised by weathermap

[Sharif Olorin]

Hi all,

I configured a new relay[0] yesterday, and recently tried to sign up for
the Weathermap[1], wherein I get a could not locate a Tor node with
that fingerprint error message. The node's definitely been up for more
than an hour, and Atlas can see it[2]. Is this expected behaviour, or
might it indicate an issue with my configuration? I've checked
everything on the potential problems list - the node does exist, the
fingerprint is correct, it's been up for more than an hour, hasn't been
down for over a year, and running a recent (0.2.5.11) version of Tor.

Thanks,
Sharif

[0] dendrocyte.wiredlaboratories.com.au/03B5C7B81CA56DF3CCC31FDA8032A7763B8B50B4
[1] https://weather.torproject.org/subscribe/
[2] 
https://atlas.torproject.org/#details/03B5C7B81CA56DF3CCC31FDA8032A7763B8B50B4

-- 
PGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay not recognised by weathermap

[Sebastian Urbach]

On March 31, 2015 12:41:42 AM Sharif Olorin s...@tesser.org wrote:

Hi Sharif,


Hi all,

I configured a new relay[0] yesterday, and recently tried to sign up for
the Weathermap[1], wherein I get a could not locate a Tor node with
that fingerprint error message. The node's definitely been up for more
than an hour, and Atlas can see it[2]. Is this expected behaviour, or
might it indicate an issue with my configuration? I've checked
everything on the potential problems list - the node does exist, the
fingerprint is correct, it's been up for more than an hour, hasn't been
down for over a year, and running a recent (0.2.5.11) version of Tor.


It can take a while, just try again in the next 24-48 hours. Don't worry 
right now.




Thanks,
Sharif

[0] 
dendrocyte.wiredlaboratories.com.au/03B5C7B81CA56DF3CCC31FDA8032A7763B8B50B4

[1] https://weather.torproject.org/subscribe/
[2] 
https://atlas.torproject.org/#details/03B5C7B81CA56DF3CCC31FDA8032A7763B8B50B4


--
PGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57



--
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




--
Sincerely yours / Sincères salutations / M.f.G.

Sebastian Urbach

-
Religion is fundamentally opposed to
everything I hold in veneration - courage,
clear thinking, honesty, fairness, and,
above all, love of the truth.
-
Henry Louis Mencken (1880 - 1956),
American journalist, essayist, magazine
editor, satirist and critic.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay not recognised by weathermap

[Sebastian Urbach]

On March 31, 2015 1:12:21 AM Sharif Olorin s...@tesser.org wrote:

Hi,


 It can take a while, just try again in the next 24-48 hours. Don't worry
 right now.

Ah, thanks, good to know. Might it be worth updating the fingerprint not
found page to say a few days rather than an hour? The current
version seems to imply that it's expected to be working inside that
timeframe.


From what i understand we are a bit short of weather developers at the 

moment ...

It should work in the mentioned timeframe but i think that's not going to 
happen until the code is reviewed and maintained. The weather issues are 
well known.


--
Sincerely yours / Sincères salutations / M.f.G.

Sebastian Urbach

-
Religion is fundamentally opposed to
everything I hold in veneration - courage,
clear thinking, honesty, fairness, and,
above all, love of the truth.
-
Henry Louis Mencken (1880 - 1956),
American journalist, essayist, magazine
editor, satirist and critic.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay not recognised by weathermap

[Sharif Olorin]

 It can take a while, just try again in the next 24-48 hours. Don't worry 
 right now.

Ah, thanks, good to know. Might it be worth updating the fingerprint not
found page to say a few days rather than an hour? The current
version seems to imply that it's expected to be working inside that
timeframe.

Sharif

-- 
PGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] New relay not recognised gy weathermap

[Sebastian Urbach]

Sharuf,

I completely forgot to welcome you and thank you for running a relay !

So, welcome and i hope you stay for quite a while :-)
--
Sincerely yours / Sincères salutations / M.f.G.

Sebastian Urbach

-
Religion is fundamentally opposed to
everything I hold in veneration - courage,
clear thinking, honesty, fairness, and,
above all, love of the truth.
-
Henry Louis Mencken (1880 - 1956),
American journalist, essayist, magazine
editor, satirist and critic.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay operator. Basic security practices?

[JusticeRage]

This email ( link to the blog post ) was powted a while ago on the Full 
Disclosure mailing list. Some of the advice only applies to Desktop computers, 
but I find it's still a very good read in the general case. 

-- 
Justicerage 

???- Original Message - 
From: Joshua Rogers megaman...@gmail.com 
To: fulldisclos...@seclists.org 
Sent: Saturday, June 14, 2014 7:22:14 PM 
Subject: [FD] Securing Ubuntu-Desktop From the Bad-Guys, and the Good-Guys. 

?Securing Ubuntu-Desktop From the Bad-Guys, and the Good-Guys. 


Securing your Ubuntu Desktop OS from intruders 

Recently I have become interested in securing my laptop from predators 
such as hackers, thieves, and law enforcement. 
To do this, I've explored various programs to run; and how to run them, 
without interrupting usability by the average user. 

In this blog we'll be running through vectors of attacks that one could 
use to gain access to your unencrypted data. 


Before starting, the following must be known: 

1. The author of this article is currently running Ubuntu 14.04 
LTS(Trusty), and all commands and patches work on it for the author. The 
author accepts no liability when it comes to these commands/patches 
being run by other users; this is purely informational. 
2. It is assumed Full-Disk-Encryption is being used. 
3. It is assumed your $HOME directory is encrypted using ecryptfs, with 
filenames encrypted. This can be checked using the command 
`ecryptfs-verify -h -e' 
4. It is assumed you do not have the evil program called Java, or any of 
its counterparts like IcedTea, etc. installed. 


When you're told to run the program 'Nano', you can use vim,vi,emacs, 
etc. Nano is purely the text editor that I use. To exit out of Nano, you 
press control-x. 






FireWire attacks 


Firewire has for awhile been known to allow attackers to gain access to 
a computer's Physical memor[RAM], and enable the attacker to grab the 
encryption key used for devices that are mounted. 
The most obvious method of defeating this attack is by not compiling the 
kernel with any firewire modules included, but for the sake of this 
article, I'll include methods of mitigation. After all, some Ubuntu 
users probably wouldn't be able to compile their own kernel every update. 

To mitigate the risks with firewire, we will disable them in a blacklist 
file in modprobe.d. 

1. Open up /etc/modprobe.d/blacklist-firewire.conf by running `sudo nano 
/etc/modprobe.d/blacklist-firewire.conf' 
2. Remove the contents(or comment everything out) and replace it with 
the following: 
? 
http://blog.internot.info/2014/06/securing-ubuntu-desktop-from-bad-guys.html# 
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 

|# Prevent automatic loading of firewire module(s).| 

|blacklist ohci1394| 
|blacklist sbp2| 
|blacklist dv1394| 
|blacklist raw1394| 
|blacklist video1394| 

|blacklist firewire-ohci| 
|blacklist firewire-sbp2| 
|blacklist firewire-core| 
|blacklist firewire-net| 
|blacklist firewire-serial| 

|# Prevent manual loading of firewire module(s).| 

|install ohchi1394 false| 
|install sbp2 false| 
|install dv1394 false| 
|install raw1394 false| 
|install video1394 false| 

|install firewire-ohci false| 
|install firewire-sbp2 false| 
|install firewire-core false| 
|install firewire-net false| 
|install firewire-serial false| 


This will 1. blacklist all the firewire modules from starting at boot, 
and 2. prevent loading of firewire through forceful techniques. 

After doing this, you *must* run `sudo update-initramfs -k all -u' for 
it to take effect on next boot. 





Hardening Firefox 




The abilities of web-browsers are not only astounding, but also 
extremely vulnerable. With 0-day exploits being found for nearly 
everything, the bad guys are always looking for ways to exploit your 
browser. 
Methods used to exploit browsers are usually split up into two parts: 
exploiting the actual browser, and exploiting addon(such as Adblock and 
Acrobat Reader). 


Using the method I describe should mitigate most, if not all techniques 
involved in the exploitation of Firefox, and addons used. 


Most services when installed create a user for themselves, where they 
cannot escape from without some sort of local root kernel exploit. 
Unlike services, firefox is normally run at the same permissions as the 
user running it, which entails an attacker to be able to gain the same 
permissions of the user. With access, an attacker could record the 
keystrokes of the user, and wait until they run 'sudo' to gain root 
access(or, god forbid, somebody has nopasswd enabled on their account.) 

By creating a user specifically for firefox, we lock it into its own 
folder where it [shouldn't be able to] escape. 



First off, we want to create our new user called 'firefox'. 

1. Run 'sudo adduser --system --quiet --shell /bin/false --group 
--disabled-password --disabled-login firefox' in the terminal. 



The commandline(and 

[tor-relays] New relay operator. Basic security practices?

[relay_acab]

Hello all. I'm running a new relay, relayacab, at apexy in DE on a 
minimal Debian 7 OS. Is there a best practices guide for basic security 
setup? This is my first time operating a remote machine, running a 
relay, and having any public service to harden. So I'd really like to 
take this opportunity to do this the right way and continue on a 
productive path in supporting the tor network.

Thanks!
+-- relayacab
+-- 
https://atlas.torproject.org/#details/18002B828F1E9237B616DE8C8968F4E6C7520BB4

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay operator. Basic security practices?

[C S]

You may wish to revise your guide to better SSH.

https://stribika.github.io/2015/01/04/secure-secure-shell.html

Particularly, running it through a Tor HS.

Other ideal reading is the BetterCrypto guide:
https://bettercrypto.org/static/applied-crypto-hardening.pdf

Cheers



On Wed, Mar 4, 2015 at 11:36 AM, Libertas liber...@mykolab.com wrote:
 On 03/04/2015 02:05 PM, relay_a...@openmailbox.org wrote:
 Hello all. I'm running a new relay, relayacab, at apexy in DE on a
 minimal Debian 7 OS. Is there a best practices guide for basic security
 setup? This is my first time operating a remote machine, running a
 relay, and having any public service to harden. So I'd really like to
 take this opportunity to do this the right way and continue on a
 productive path in supporting the tor network.
 Thanks!
 +-- relayacab

 I wrote this recently:

 https://gist.github.com/plsql/49e642d5bce835df2946

 Thanks so much for considering security! It's a very important and often
 neglected aspect of Tor relay operation.

 Let me know what you think of the document.

 Libertas


 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] New relay operator. Basic security practices?

[relay_acab]

I wrote this recently:

https://gist.github.com/plsql/49e642d5bce835df2946

Thanks so much for considering security! It's a very important and 
often

neglected aspect of Tor relay operation.

Let me know what you think of the document.

Libertas


I just started to look at it, but it seems to be EXACTLY what I was 
looking for. Thank you so much!

+-- relayacab
+--
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] new relay - large variation in consensus weight

[Abhiram Chintangal]

Hello all,

I am running a middle relay on a digital ocean [1] for roughly about a
month now.

While the process has been fairly straight forward, in the last few days I
have noticed a large variation in the relays consensus weight. Right now it
is close 1000 a few days before it was 300.

Is this regular behaviour?

Cheers!

-- 
Abhiram Chintangal

[1]:
https://atlas.torproject.org/#details/3045303283D4EAF74C8FA053054C691BB451AACA
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] new relay acting strange

[Viktor Haaksman]

Hi.

Are you sure that the Tor process is still running and the ORport is still
reachable? It seems like there were two Tor processes running on the same
VPS with different fingerprints but on the same port (which is not
possible. You can run two processes on the same IP address, but you have to
assign different ORports for both Tor instances). Was this your set-up, or
did you recently delete your old fingerprint and let Tor generate a new
one? That might explain the duplicate entry in the consensus database.
Could you post an excerpt of the log file(s) from for example the past day?

Kind regards,
Viktor


2014-02-27 5:24 GMT+01:00 Athena Lester windywil...@safe-mail.net:

 Hello,
 This is the first tor relay I have set up, it has been running for going
 on 4 days. I was waiting for the 3 day lag period I have read about but
 still no activity, besides the 30 MBs or so per day. It is running on my
 vps located in the Netherlands. The thing that is strange is when I search
 for windywillow on the atlas it finds two relays, same ip's, same ports.
 the thing is they both say that the server has been down for the last 3
 days when it has been running and recieving a trickle of activity with no
 adverse log entries. I noticed a day ago that I lost the Valid flag.
 nothing has changed as far as know since it was valid so I'm at a loss.
  Here are the links to the two atlas pages.  Any help would be appreciated.


 https://atlas.torproject.org/#details/F51A8E6C811D3C8F2436BE0029E95E67CB0DF3D0


 https://atlas.torproject.org/#details/90B97451822C0881C0652A7DA7430A73BCAF3769


 ---
 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] new relay acting strange

[Athena Lester]

Hello,
This is the first tor relay I have set up, it has been running for going on 4 
days. I was waiting for the 3 day lag period I have read about but still no 
activity, besides the 30 MBs or so per day. It is running on my vps located in 
the Netherlands. The thing that is strange is when I search for windywillow 
on the atlas it finds two relays, same ip's, same ports. the thing is they both 
say that the server has been down for the last 3 days when it has been running 
and recieving a trickle of activity with no adverse log entries. I noticed a 
day ago that I lost the Valid flag. nothing has changed as far as know since 
it was valid so I'm at a loss.  Here are the links to the two atlas pages.  Any 
help would be appreciated.

https://atlas.torproject.org/#details/F51A8E6C811D3C8F2436BE0029E95E67CB0DF3D0

https://atlas.torproject.org/#details/90B97451822C0881C0652A7DA7430A73BCAF3769


---
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays