Re: [tor-relays] Question on bridge hibernation

[Frank Lý via tor-relays]

Your bridge will wake up around the beginning of the accounting period stated 
by `AccountingStart`. Here is more information about it and other related 
configuration options:

https://support.torproject.org/relay-operators/limit-total-bandwidth/

If you do not have `AccountingStart` in your `torrc` file, your bridge will 
stay dormant after reaching the specified `AccountingMax` value you have 
configured. Any inactive Tor relays will be delisted from Tor Metrics after one 
week.

Frank

May 14, 2024, 11:42 PM by keifer@gmail.com:

> Hi,
>
> So for my bridge at 
>
> https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB
>
> Is set to hibernate once it reaches a certain traffic level (this is to 
> prevent massive charges to my VPS). Now that is in hibernation, when will it 
> start again, and how would this effect how it's distributed? Are bridges that 
> are hibernating removed from relay search? Mew to hibernation, thanks.
>
> May 14 18:49:39.000 [notice] Configured to measure statistics. Look for the 
> *-stats files that will first be written to the data directory in 24 hours 
> from now.
> May 14 18:49:39.000 [warn] You are running Tor as root. You don't need to, 
> and you probably shouldn't.
> May 14 18:49:39.000 [notice] Bootstrapped 0% (starting): Starting
> May 14 18:49:47.000 [notice] Starting with guard context "default"
> May 14 18:49:47.000 [notice] Registered server transport 'obfs4' at 
> '[::]:8081'
> May 14 18:49:48.000 [notice] Bandwidth soft limit reached; commencing 
> hibernation. No new connections will be accepted
> May 14 18:49:48.000 [notice] Going dormant. Blowing away remaining 
> connections.
> May 14 18:49:48.000 [notice] Delaying directory fetches: We are hibernating 
> or shutting down.
> --Keifer
>

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question on bridge hibernation

[Keifer Bly]

Hi,

So for my bridge at

https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB

Is set to hibernate once it reaches a certain traffic level (this is to
prevent massive charges to my VPS). Now that is in hibernation, when will
it start again, and how would this effect how it's distributed? Are bridges
that are hibernating removed from relay search? Mew to hibernation, thanks.

May 14 18:49:39.000 [notice] Configured to measure statistics. Look for the
*-stats files that will first be written to the data directory in 24 hours
from now.
May 14 18:49:39.000 [warn] You are running Tor as root. You don't need to,
and you probably shouldn't.
May 14 18:49:39.000 [notice] Bootstrapped 0% (starting): Starting
May 14 18:49:47.000 [notice] Starting with guard context "default"
May 14 18:49:47.000 [notice] Registered server transport 'obfs4' at
'[::]:8081'
May 14 18:49:48.000 [notice] Bandwidth soft limit reached; commencing
hibernation. No new connections will be accepted
May 14 18:49:48.000 [notice] Going dormant. Blowing away remaining
connections.
May 14 18:49:48.000 [notice] Delaying directory fetches: We are hibernating
or shutting down.
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding bandwidth ratio on bridges.torproject.org and a few further, small, (probably related) questions

[meskio]

Quoting telekobold (2023-07-05 17:56:35)
> I'm operating two Tor bridges. When calling bridges.torproject.org, for one 
> of 
> the bridges (set up in March, 2023), there are three outputs:
> - obfs4: functional
> - a bandwidth ratio
> - a "last tested" entry.
> But for my second bridge (set up at the beginning of June 2023), 
> bridges.torproject.org does not output a bandwidth ratio.
> 
> What does this missing bandwidth ratio output mean, since everything else 
> seems to be normal?

The bandwidth ratio is measured by onbasca[0]. Is a ratio of how fast is your 
bridge compared to the rest of bridges, 1 means average (for some definition of 
average), lower than 1 means is slower than others, higher than 1 means is 
faster than others. rdsys uses that ratio to decide if some of the bridges 
should not be distributed.

This is a recent setup (some months) and we are still testing it. It looks like 
some bridges are failing to be tested by onbasca, we need to investigate 
why[1]. 

rdsys will do distribute bridges without a bandwidth ratio, so your bridge 
without it should be distributed normally as long as is functional.


[0] https://gitlab.torproject.org/tpo/network-health/onbasca/
[1] https://gitlab.torproject.org/tpo/network-health/onbasca/-/issues/157


> I am honestly not quite sure to what extent the fingerprint of the bridge is 
> information worth protecting, or whether only the port and IP address need to 
> be protected.

You should keep the fingerprint private, as it can be used to retrieve the port 
and IP of the bridge. But is ok to publish the hashed fingerprint.

> By the way, I also don't understand why my two bridges don't have a higher 
> advertised bandwidth - currently, it's 4.87MiB/s for one and 1.43MiB/s for 
> the 
> other relay. I never got the fast flag for either bridge yet, in contrast to 
> my two "normal" relays. On both servers, at least 1.6GiB/s is available, and 
> a 
> monthly data throughput of several terabytes.

Bridges can not get a 'fast' flag, those flags are only for relays. The flag 
comes from the bandwidth authority, but we don't run one for bridges.

> And, as a last issue, I didn't specify a distribution mechanism for my 
> bridge, 
> in the hope that the most suitable mechanism will be selected automatically. 
> Initially, for one of my bridges (the one for which bridges.torproject.org 
> outputs a bandwidth ratio) the bridge was assigned distribution mechanism 
> "Moat". But suddenly, "None" is displayed under distribution mechanisms at 
> metrics.torproject.org, which means that apparently the bridge is no longer 
> distributed. What could be the reason that the distribution mechanism 
> suddenly 
> changed?

I don't know, as long as your bridge is functional it should have a 
distribution 
mechanism assigned. Do you mind sharing with me the hashed fingerprint of the 
bridge to look at it? (it can be in private)

-- 
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question regarding bandwidth ratio on bridges.torproject.org and a few further, small, (probably related) questions

[telekobold]

Hello together,

I'm operating two Tor bridges. When calling bridges.torproject.org, for 
one of the bridges (set up in March, 2023), there are three outputs:

- obfs4: functional
- a bandwidth ratio
- a "last tested" entry.
But for my second bridge (set up at the beginning of June 2023), 
bridges.torproject.org does not output a bandwidth ratio.


What does this missing bandwidth ratio output mean, since everything 
else seems to be normal? When starting nyx on the relays, I see 
connections there (even more on the bridge with the missing bandwidth 
ratio output), I can connect to both bridges using the Bridge's IP 
addresses and ORPorts via Tor browser, and metrics.torproject.org also 
outputs an advertised bandwidth, which is even much higher (4.87 MiB/s 
at the moment) than for my other bridge (1.43MiB/s at the momemt) for 
which bridges.torproject.org outputs a bandwidth ratio.


The bridges run on virtual servers at the same hoster, but in two 
different countries. Nothing else runs on these virtual servers.


I am honestly not quite sure to what extent the fingerprint of the 
bridge is information worth protecting, or whether only the port and IP 
address need to be protected.


By the way, I also don't understand why my two bridges don't have a 
higher advertised bandwidth - currently, it's 4.87MiB/s for one and 
1.43MiB/s for the other relay. I never got the fast flag for either 
bridge yet, in contrast to my two "normal" relays. On both servers, at 
least 1.6GiB/s is available, and a monthly data throughput of several 
terabytes.


As a further issue, nyx doesn't output (in constrast to my two other 
relays) - not sure if this is a known issue.


And, as a last issue, I didn't specify a distribution mechanism for my 
bridge, in the hope that the most suitable mechanism will be selected 
automatically. Initially, for one of my bridges (the one for which 
bridges.torproject.org outputs a bandwidth ratio) the bridge was 
assigned distribution mechanism "Moat". But suddenly, "None" is 
displayed under distribution mechanisms at metrics.torproject.org, which 
means that apparently the bridge is no longer distributed. What could be 
the reason that the distribution mechanism suddenly changed?


Kind regards
telekobold
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about new log messages after 0.4.7.7 upgrade

[gus]

Hello,

It's nothing serious. We're tracking down this issue here:
https://gitlab.torproject.org/tpo/core/tor/-/issues/40612

Thanks for running & upgrading your bridge!

Gus

On Fri, May 27, 2022 at 03:32:46PM +, wardz via tor-relays wrote:
> Been getting these syslog messages occasionally *after* the 0.4.7.7 upgrade 
> on my bridge:
> 
> --
> May 26 21:00:58 torbridge Tor[ ]: Unexpected path length 4 for exit circuit 66
> 5, purpose 5 [3 similar message(s) suppressed in last 5400 seconds]
> 
> May 26 16:26:17 torbridge kernel: [ ] TCP: eth0: Driver has suspect
> GRO implementation, TCP performance may be compromised.
> --
> 
> Anyone know what they mean and if it's something I should be worried about? 
> Calculated advertised bandwidth seems to be about the same.
> 
> For reference, im running latest Raspbian 64-bit Lite on a Raspberry 4 with 
> latest firmware aswell.
> driver: bcmgenetversion: 5.15.41-v8+
> 
> Sent with [Proton Mail](https://proton.me/) secure email.

> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


-- 
The Tor Project
Community Team Lead


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question about new log messages after 0.4.7.7 upgrade

[wardz via tor-relays]

Been getting these syslog messages occasionally *after* the 0.4.7.7 upgrade on 
my bridge:

--
May 26 21:00:58 torbridge Tor[ ]: Unexpected path length 4 for exit circuit 66
5, purpose 5 [3 similar message(s) suppressed in last 5400 seconds]

May 26 16:26:17 torbridge kernel: [ ] TCP: eth0: Driver has suspect
GRO implementation, TCP performance may be compromised.
--

Anyone know what they mean and if it's something I should be worried about? 
Calculated advertised bandwidth seems to be about the same.

For reference, im running latest Raspbian 64-bit Lite on a Raspberry 4 with 
latest firmware aswell.
driver: bcmgenetversion: 5.15.41-v8+

Sent with [Proton Mail](https://proton.me/) secure email.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about IPv6

[lists]

On Wednesday, November 10, 2021 6:08:47 AM CET xplato via tor-relays wrote:

> I have three relays running Hardened BSD hosted at Frantech. They do not
> offer support for setting up IPv6. I am not sure how to accomplish this and
> wondered if anyone would have insight into setting this up? I have not
> found much in the way of instruction. A resource that provides instructions
> would be much appreciated.

Maybe this helps. A working Debian config @frantec/BuyVM

Login to Stallion: https://manage.buyvm.net/login
-> Networking -> IPv6 -> Assign IPv6 Address(es)
After that you see your gateway under Network Settings
(The settings symbol @bottom right)

Set Reverse DNS if you want for IP and IPv6.

You have to 'Graceful Restart' the KVM if you have changed something in the 
Stallion network config.

/etc/network/interfaces
#

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 104.244.73.193
netmask 255.255.255.255
gateway 104.244.73.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1 107.189.0.68 107.189.0.69
dns-search for-privacy.net

iface eth0 inet6 static
address 2605:6400:0030:f7ca::2
netmask 64
post-up  ip -6 route add 2605:6400:0030::1 dev eth0
post-up  ip -6 route add default via 2605:6400:0030::1
pre-down ip -6 route del default via 2605:6400:0030::1
pre-down ip -6 route del 2605:6400:0030::1 dev eth0
dns-nameservers ::1 2a05:fc84::42 2a05:fc84::43

###

Hint dns-nameservers:
I use unbound as local resolver. IPv4 ns are frantec's and IPv6 ns (Francisco 
has no IPv6 ns) are from Digitale Gesellschaft (CH)
https://www.digitale-gesellschaft.ch/dns/

There is also very good, competent help on IRC #frantec
https://wiki.buyvm.net/doku.php/irc/main
is mirrored to Discord
https://buyvm.net/beware-the-moshbear/


-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about IPv6

[tor-operator--- via tor-relays]

> I have three relays running Hardened BSD hosted at Frantech. They do
> not offer support for setting up IPv6.

By Frantech do you mean buyvm.net ?

If it works the same way as buyvm, your VM should have a single public
IPv6 address. You can request a /48 or /56 prefix to be routed to that
public IPv6.

Or do you actually need help to have it setup on Hardened BSD?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about IPv6

[Jonas via tor-relays]

Does the provider offer IPv6? If not, then there is no further progress 
possible.If they do, this is pretty accurate to get started, 
https://www.vultr.com/docs/configuring-ipv6-on-freebsdJonas--
 Original Message --On Wed, November 10, 2021 at 12:40 AM, xplato via 
tor-relaystor-relays@lists.torproject.org 
wrote:Greetings,I have three relays running Hardened 
BSD hosted at Frantech. They do not offer support for setting up IPv6. I am not 
sure how to accomplish this and wondered if anyone would have insight into 
setting this up? I have not found much in the way of instruction. A resource 
that provides instructions would be much 
appreciated.Kindly,DanSent
 with ProtonMail Secure Email.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question about IPv6

[xplato via tor-relays]

Greetings,

I have three relays running Hardened BSD hosted at Frantech. They do not offer 
support for setting up IPv6. I am not sure how to accomplish this and wondered 
if anyone would have insight into setting this up? I have not found much in the 
way of instruction. A resource that provides instructions would be much 
appreciated.

Kindly,
Dan

Sent with [ProtonMail](https://protonmail.com) Secure Email.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about Tor updates

[Matthew Smith]

Hi Potlatch,

On Fri, 30 Jul 2021, at 02:01, potlatch wrote:
> When I update my ubuntu 20.04.2 LTS (Focal Fossa) I get the following
> message:
>
> Skipping acquire of configured file 'main/binary-i386/Packages' as repository 
> 'https://deb.torproject.org/torproject.org focal InRelease' doesn't support 
> architecture 'i386'

Can you check the output of the `arch` command?  If it doesn't report
x86_64 you might have to reinstall Ubuntu.

If it's x86_64, you need to edit /etc/apt/sources.list (or perhaps a
file in the /etc/apt/sources.list.d directory depending on how you added
the repository), change i386 to amd64 and re-run `apt update`.

Thanks,
Matthew___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question about Tor updates

[potlatch]

Hello Tor people,
I have several Tor relays in a developing country so I suspect their VPS and 
network expertise may be developing as well. When I update my ubuntu 20.04.2 
LTS (Focal Fossa) I get the following message:
Skipping acquire of configured file 'main/binary-i386/Packages' as repository 
'https://deb.torproject.org/torproject.org focal InRelease' doesn't support 
architecture 'i386'
Everything else updates fine. The cpus are AMD Ryzen 5 6-core. I see cpus as 
32-bit and 64-bit. The installation has been working for over 1-year. Did I 
install the wrong Tor? (It's 0.4.5.9) Is there a soft/hardware conflict?
--potlatch

Sent with [ProtonMail](https://protonmail.com/) Secure Email.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question

[Roger Dingledine]

On Sun, Mar 21, 2021 at 03:10:41PM +,  ?? wrote:
> What does it mean "Tor's file descriptor usage is at 90%. If you run
> out Tor will be unable to continue functioning."?

That sounds like a message from nyx:
https://nyx.torproject.org/

It means that your "ulimit -n" is too low.

Typically the Tor package includes an init script that raises
ulimit -n for you. For example:
https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40

So if you are not using a Tor package like the deb, now is the time
to start.

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question

[Андрей Гвоздев]

What does it mean "Tor's file descriptor usage is at 90%. If you run
out Tor will be unable to continue functioning."?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[mick]

On Mon, 21 Dec 2020 00:15:49 +0100
li...@for-privacy.net allegedly wrote:

> On 18.12.2020 17:33, mick wrote:
> 
> > So - you can get a twin core VPS with 2 Gig of RAM and 3500 gig of
> > traffic allowance for less than $20.00 for a /year/. Spend a little 
> > more
> > and you can get 8 gig of traffic.  
> 
> 3500 GB = 1750 GB for a Tor relay. Can be gone in 1-3 days. ;-)
> Traffic is always counted sum in + out
> You may have more fun on a bridge. If you run a relay first, don't
> use the IP later for a bridge!
> 
> 20-30 MiB/s Tor Relay consumes about 40-50 TB of traffic per month a
> few weeks after the 14-day ramp-up phase.:-(
> That is why I am suspicious of some of the 50-90 MiB/s unnamed relays 
> without contact.
> https://metrics.torproject.org/rs.html#search/unnamed%20type:relay%20
> 
> 
> VPN or root server with 20-40 MiB/s unlimited traffic is available
> for EUR 15-30,-/month.

Sure you can get relays with higher traffic allowances, but those tend
to be on ASs which /already/ have high concentrations of Tor relays.
This is not good for diversity. For example, I can (and do) get 20TB of
traffic allowance on my Hetzner relay
(https://metrics.torproject.org/rs.html#details/AE4FAE2EB5DC5D078458F0FCBF2B37F5D73F0868)
but Hetzner already has nearly 450 relays on AS24940 whereas the
Racknerd relay is on Colocrossings's AS36352 which only has 21 relays. 

The OP was considering running a relay at the end of a domestic ADSL
line which is not a good idea. Other respondents suggesting renting a
cheap VPS - I agreed and simply pointed to a (currently very cheap)
alternative. There is a danger that any new Tor relay operator will
pick a supplier which is already over represented. We should attempt to
avoid that if we can.

Tor can be (and in my case is) throttled so that you do not exceed the
ISP's allowance but still provide useable extra bandwidth.

Mick 


-
 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 https://baldric.net/about-trivia
-

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[lists]

On 18.12.2020 17:33, mick wrote:


So - you can get a twin core VPS with 2 Gig of RAM and 3500 gig of
traffic allowance for less than $20.00 for a /year/. Spend a little 
more

and you can get 8 gig of traffic.


3500 GB = 1750 GB for a Tor relay. Can be gone in 1-3 days. ;-)
Traffic is always counted sum in + out
You may have more fun on a bridge. If you run a relay first, don't use 
the IP later for a bridge!


20-30 MiB/s Tor Relay consumes about 40-50 TB of traffic per month a few 
weeks after the 14-day ramp-up phase.:-(
That is why I am suspicious of some of the 50-90 MiB/s unnamed relays 
without contact.

https://metrics.torproject.org/rs.html#search/unnamed%20type:relay%20


VPN or root server with 20-40 MiB/s unlimited traffic is available for 
EUR 15-30,-/month.




--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[mick]

On Thu, 17 Dec 2020 05:36:36 + (UTC)
BRBfGWMz  allegedly wrote:

> Olaf is right
> 
> Get a $ 5 per month VPS
> 
> On Wed, Dec 16, 2020 at 08:28 AM, Olaf Grimm 
> wrote:
> 
> > Hello Amadeus!  

You don't even need to spend that much. Racknerd have been running
promotional deals since black friday. Their current deals can be seen
here https://my.racknerd.com/index.php?rp=/store/holiday-sales-2020

So - you can get a twin core VPS with 2 Gig of RAM and 3500 gig of
traffic allowance for less than $20.00 for a /year/. Spend a little more
and you can get 8 gig of traffic.

I bouught two VPS from them about a month ago and they have confirmed
that they are OK with Tor nodes, but probably NOT exits. (In their words
to me "As long as we will not receive any abuse complaints, then there
should be no problems.") 

Abuse complaints tend to come with exits.

Mick
-
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B
5BAD D312 https://baldric.net/about-trivia
-

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[Thomas]

Although I haven't had a lengthy experience with running a TOR relay, I 
will definitely attest to the fact that even the cheapest $5 VPS with 
low specs and a good distro on board, you can easily operate a relay. As 
for operating one at home, don't operate an exit like Olaf said and 
you'll be okay. Just ensure your node meets the requirements set forth 
on this page. 


Regards,

Thomas

On 12/17/2020 5:36 AM, BRBfGWMz wrote:


Olaf is right

Get a $ 5 per month VPS

On Wed, Dec 16, 2020 at 08:28 AM, Olaf Grimm  wrote:

> Hello Amadeus!

>

> When you talk about a RasPi, I assume you mean a home location.

> Please read the recommendations. Never operate an Exit Relay at home!

> It will be expensive if the wrong people knock on the door.

>

> By the way, for an Exit Relay the bandwidth should already be 10MBit/s

> or better.

>

> Olaf

>

> Am 15.12.20 um 01:44 schrieb Amadeus Ramazotti:

> > hey,

> > partly related to original question:

> > I'm planning to set up a new exit. My very first relay. I'm 
planning to use a small SoC with 2GB ram. Something running on ARM 
like a raspberry pi.


> >

> > Is this feasible or even a good idea?

> >

> > Regards

> >

> >

> > On 14 Dec 2020, at 15:10, to...@protonmail.com wrote:

> >

> > I have several 1 G RAM exits running unbound without a problem. 
They never seem to hit swap, either. On FreeBSD:


> > last pid: 83973; load averages: 0.86, 0.71, 0.62 up 130+15:44:28 
16:02:04


> > 23 processes: 2 running, 21 sleeping

> > CPU: 43.1% user, 0.0% nice, 2.7% system, 5.5% interrupt, 48.6% idle

> > Mem: 101M Active, 734M Inact, 444M Wired, 151M Buf, 210M Free

> > Swap: 512M Total, 512M Free

> >

> > Go for it,

> >

> > --Torix

> >

> >

> >  Original Message 

> >> On Monday, December 14, 2020 1:11 PM,  wrote:

> >>

> >>> On 14.12.2020 13:58, li...@for-privacy.net wrote:

> >>>

> >>> grep VmPeak/proc/$PID/status = 181836 kB

> >> A non exit has less:

> >> grep VmPeak/proc/$PID/status = 57336 kB

> >> tor-proxy-02.for-privacy.net ^^

> >>

> >> 
---


> >>

> >> p_o Ciao Marco!

> >>

> >> Debian GNU/Linux

> >>

> >> It's free software and it gives you freedom!

> >>

> >> tor-relays mailing list

> >> tor-relays@lists.torproject.org

> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

> >

> > ___

> > tor-relays mailing list

> > tor-relays@lists.torproject.org

> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

> > ___

> > tor-relays mailing list

> > tor-relays@lists.torproject.org

> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

>

>

> ___

> tor-relays mailing list

> tor-relays@lists.torproject.org

> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

>



--
Sent using MsgSafe.io 
's 
Free Plan

Private, encrypted, online communication
For everyone. www.msgsafe.io 



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[BRBfGWMz]

Olaf is right

Get a $ 5 per month VPS

On Wed, Dec 16, 2020 at 08:28 AM, Olaf Grimm  wrote:

> Hello Amadeus!

>

> When you talk about a RasPi, I assume you mean a home location.

> Please read the recommendations. Never operate an Exit Relay at home!

> It will be expensive if the wrong people knock on the door.

>

> By the way, for an Exit Relay the bandwidth should already be 10MBit/s

> or better.

>

> Olaf

>

> Am 15.12.20 um 01:44 schrieb Amadeus Ramazotti:

> > hey,

> > partly related to original question:

> > I'm planning to set up a new exit. My very first relay. I'm planning to
> use a small SoC with 2GB ram. Something running on ARM like a raspberry pi.

> >

> > Is this feasible or even a good idea?

> >

> > Regards

> >

> >

> > On 14 Dec 2020, at 15:10, to...@protonmail.com wrote:

> >

> > I have several 1 G RAM exits running unbound without a problem. They never
> seem to hit swap, either. On FreeBSD:

> > last pid: 83973; load averages: 0.86, 0.71, 0.62 up 130+15:44:28 16:02:04

> > 23 processes: 2 running, 21 sleeping

> > CPU: 43.1% user, 0.0% nice, 2.7% system, 5.5% interrupt, 48.6% idle

> > Mem: 101M Active, 734M Inact, 444M Wired, 151M Buf, 210M Free

> > Swap: 512M Total, 512M Free

> >

> > Go for it,

> >

> > \--Torix

> >

> >

> >  Original Message   

> >> On Monday, December 14, 2020 1:11 PM,  wrote:

> >>

> >>> On 14.12.2020 13:58, li...@for-privacy.net wrote:

> >>>

> >>> grep VmPeak/proc/$PID/status = 181836 kB

> >> A non exit has less:

> >> grep VmPeak/proc/$PID/status = 57336 kB

> >> tor-proxy-02.for-privacy.net ^^

> >>

> >>
> \---

> >>

> >> p_o Ciao Marco!

> >>

> >> Debian GNU/Linux

> >>

> >> It's free software and it gives you freedom!

> >>

> >> tor-relays mailing list

> >> tor-relays@lists.torproject.org

> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

> >

> > ___

> > tor-relays mailing list

> > tor-relays@lists.torproject.org

> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

> > ___

> > tor-relays mailing list

> > tor-relays@lists.torproject.org

> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

>

>

> ___

> tor-relays mailing list

> tor-relays@lists.torproject.org

> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

>

\-- Sent using MsgSafe.io's Free Plan Private, encrypted, online communication
For everyone. https://www.msgsafe.io


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[enrollado]

If you're going to run an exit relay from your home, just be aware that there 
is a > 0 chance that law enforcement will show up at your door with a warrant 
(or not) and seize your equipment. All of it, not just the Pi. Depending on 
where you live, they might seize you too.


Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Monday, 14 de December de 2020 19:44, Amadeus Ramazotti 
 wrote:

> hey,
> partly related to original question:
> I'm planning to set up a new exit. My very first relay. I'm planning to use a 
> small SoC with 2GB ram. Something running on ARM like a raspberry pi.
> 

> Is this feasible or even a good idea?
> 

> Regards
> 

> On 14 Dec 2020, at 15:10, to...@protonmail.com wrote:
> 

> I have several 1 G RAM exits running unbound without a problem. They never 
> seem to hit swap, either. On FreeBSD:
> last pid: 83973; load averages: 0.86, 0.71, 0.62 up 130+15:44:28 16:02:04
> 23 processes: 2 running, 21 sleeping
> CPU: 43.1% user, 0.0% nice, 2.7% system, 5.5% interrupt, 48.6% idle
> Mem: 101M Active, 734M Inact, 444M Wired, 151M Buf, 210M Free
> Swap: 512M Total, 512M Free
> 

> Go for it,
> 

> --Torix
> 

> ‐‐‐ Original Message ‐‐‐
> 

> > On Monday, December 14, 2020 1:11 PM, li...@for-privacy.net wrote:
> > 

> > > On 14.12.2020 13:58, li...@for-privacy.net wrote:
> > > grep VmPeak/proc/$PID/status = 181836 kB
> > 

> > A non exit has less:
> > grep VmPeak/proc/$PID/status = 57336 kB
> > tor-proxy-02.for-privacy.net ^^
> > 

> > ╰_╯ Ciao Marco!
> > Debian GNU/Linux
> > It's free software and it gives you freedom!
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



publickey - enrollado@protonmail.ch - 0x5923AD04.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[Olaf Grimm]

Hello Amadeus!

When you talk about a RasPi, I assume you mean a home location.
Please read the recommendations.  Never operate an Exit Relay at home!
It will be expensive if the wrong people knock on the door.

By the way, for an Exit Relay the bandwidth should already be 10MBit/s
or better.

Olaf

Am 15.12.20 um 01:44 schrieb Amadeus Ramazotti:
> hey, 
> partly related to original question: 
> I'm planning to set up a new exit. My very first relay. I'm planning to use a 
> small SoC with 2GB ram. Something running on ARM like a raspberry pi. 
>
> Is this feasible or even a good idea?
>
> Regards
>
>
> On 14 Dec 2020, at 15:10, to...@protonmail.com wrote:
>
> I have several 1 G RAM exits running unbound without a problem.  They never 
> seem to hit swap, either.  On FreeBSD:
> last pid: 83973;  load averages:  0.86,  0.71,  0.62  
> up 130+15:44:28 16:02:04
> 23 processes:  2 running, 21 sleeping
> CPU: 43.1% user,  0.0% nice,  2.7% system,  5.5% interrupt, 48.6% idle
> Mem: 101M Active, 734M Inact, 444M Wired, 151M Buf, 210M Free
> Swap: 512M Total, 512M Free
>
> Go for it,
>
> --Torix
>
>
> ‐‐‐ Original Message ‐‐‐
>> On Monday, December 14, 2020 1:11 PM,  wrote:
>>
>>> On 14.12.2020 13:58, li...@for-privacy.net wrote:
>>>
>>> grep VmPeak/proc/$PID/status = 181836 kB
>> A non exit has less:
>> grep VmPeak/proc/$PID/status = 57336 kB
>> tor-proxy-02.for-privacy.net ^^
>>
>> ---
>>
>> ╰_╯ Ciao Marco!
>>
>> Debian GNU/Linux
>>
>> It's free software and it gives you freedom!
>>
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[newsletter]

Hey,

I run relays with less RAM and it works fine. A problem with a SoC might 
be that the hardware cant "help" with crypto stuff (but I am not sure, 
I've read that somewhere). Also, this sounds like you are planning to 
run an exit from home, which you shouldn't.


Greetings

On 15.12.2020 01:44, Amadeus Ramazotti wrote:

hey,
partly related to original question:
I'm planning to set up a new exit. My very first relay. I'm planning
to use a small SoC with 2GB ram. Something running on ARM like a
raspberry pi.

Is this feasible or even a good idea?

Regards


On 14 Dec 2020, at 15:10, to...@protonmail.com wrote:

I have several 1 G RAM exits running unbound without a problem.  They
never seem to hit swap, either.  On FreeBSD:
last pid: 83973;  load averages:  0.86,  0.71,  0.62
   up 130+15:44:28 16:02:04
23 processes:  2 running, 21 sleeping
CPU: 43.1% user,  0.0% nice,  2.7% system,  5.5% interrupt, 48.6% idle
Mem: 101M Active, 734M Inact, 444M Wired, 151M Buf, 210M Free
Swap: 512M Total, 512M Free

Go for it,

--Torix


‐‐‐ Original Message ‐‐‐

On Monday, December 14, 2020 1:11 PM,  wrote:


On 14.12.2020 13:58, li...@for-privacy.net wrote:

grep VmPeak/proc/$PID/status = 181836 kB


A non exit has less:
grep VmPeak/proc/$PID/status = 57336 kB
tor-proxy-02.for-privacy.net ^^

---

╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[Olaf Grimm]

Hello !

Thank you very much for the large amount of replies.
I have made a test and after less hours of activity I can confirm the
low RAM consumption. There are no problems with 1GB.
'htop' reports 3,1% of RAM usage for 'unbound'. I will now reconfigure
my fleet one by one next days.

Kind regards !
Olaf


Am 14.12.20 um 15:10 schrieb to...@protonmail.com:
> I have several 1 G RAM exits running unbound without a problem.  They never 
> seem to hit swap, either.  On FreeBSD:
> last pid: 83973;  load averages:  0.86,  0.71,  0.62  
> up 130+15:44:28 16:02:04
> 23 processes:  2 running, 21 sleeping
> CPU: 43.1% user,  0.0% nice,  2.7% system,  5.5% interrupt, 48.6% idle
> Mem: 101M Active, 734M Inact, 444M Wired, 151M Buf, 210M Free
> Swap: 512M Total, 512M Free
>
> Go for it,
>
> --Torix
>
>
> ‐‐‐ Original Message ‐‐‐
> On Monday, December 14, 2020 1:11 PM,  wrote:
>
>> On 14.12.2020 13:58, li...@for-privacy.net wrote:
>>
>>> grep VmPeak/proc/$PID/status = 181836 kB
>> A non exit has less:
>> grep VmPeak/proc/$PID/status = 57336 kB
>> tor-proxy-02.for-privacy.net ^^
>>
>> ---
>>
>> ╰_╯ Ciao Marco!
>>
>> Debian GNU/Linux
>>
>> It's free software and it gives you freedom!
>>
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[Amadeus Ramazotti]

hey, 
partly related to original question: 
I'm planning to set up a new exit. My very first relay. I'm planning to use a 
small SoC with 2GB ram. Something running on ARM like a raspberry pi. 

Is this feasible or even a good idea?

Regards


On 14 Dec 2020, at 15:10, to...@protonmail.com wrote:

I have several 1 G RAM exits running unbound without a problem.  They never 
seem to hit swap, either.  On FreeBSD:
last pid: 83973;  load averages:  0.86,  0.71,  0.62
  up 130+15:44:28 16:02:04
23 processes:  2 running, 21 sleeping
CPU: 43.1% user,  0.0% nice,  2.7% system,  5.5% interrupt, 48.6% idle
Mem: 101M Active, 734M Inact, 444M Wired, 151M Buf, 210M Free
Swap: 512M Total, 512M Free

Go for it,

--Torix


‐‐‐ Original Message ‐‐‐
> On Monday, December 14, 2020 1:11 PM,  wrote:
> 
>> On 14.12.2020 13:58, li...@for-privacy.net wrote:
>> 
>> grep VmPeak/proc/$PID/status = 181836 kB
> 
> A non exit has less:
> grep VmPeak/proc/$PID/status = 57336 kB
> tor-proxy-02.for-privacy.net ^^
> 
> ---
> 
> ╰_╯ Ciao Marco!
> 
> Debian GNU/Linux
> 
> It's free software and it gives you freedom!
> 
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[torix]

I have several 1 G RAM exits running unbound without a problem.  They never 
seem to hit swap, either.  On FreeBSD:
last pid: 83973;  load averages:  0.86,  0.71,  0.62
  up 130+15:44:28 16:02:04
23 processes:  2 running, 21 sleeping
CPU: 43.1% user,  0.0% nice,  2.7% system,  5.5% interrupt, 48.6% idle
Mem: 101M Active, 734M Inact, 444M Wired, 151M Buf, 210M Free
Swap: 512M Total, 512M Free

Go for it,

--Torix


‐‐‐ Original Message ‐‐‐
On Monday, December 14, 2020 1:11 PM,  wrote:

> On 14.12.2020 13:58, li...@for-privacy.net wrote:
>
> > grep VmPeak/proc/$PID/status = 181836 kB
>
> A non exit has less:
> grep VmPeak/proc/$PID/status = 57336 kB
> tor-proxy-02.for-privacy.net ^^
>
> ---
>
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you freedom!
>
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[lists]

On 14.12.2020 13:58, li...@for-privacy.net wrote:


grep VmPeak/proc/$PID/status = 181836 kB


A non exit has less:
grep VmPeak/proc/$PID/status = 57336 kB
tor-proxy-02.for-privacy.net ^^

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[lists]

On 14.12.2020 13:27, Toralf Förster wrote:

On 12/14/20 1:15 PM, li...@for-privacy.net wrote:


On both of my exits, unbound occupies 140-145MB RAM.

Hhm, under a hardened stable Gentoo it occupiers 45 MB in RAM (virtual
378MB, but that involves all ever loaded libs before too)


My way may be wrong:

I looked in the 'RES' column in htop.
Hide user threads (shift + H) & close process view (F5)

grep VmPeak/proc/$PID/status = 181836 kB

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[Dmitrii Tcvetkov]

On Sat, 12 Dec 2020 20:37:22 +0100
Olaf Grimm  wrote:

> Hello!
> 
> I would like to activate a local DNS resolver with unbound at the exit
> relays, but I am concerned about the RAM size with 1GB. On an example
> machine I have 2GB RAM and the exit relay occupies 400MB at 22.9 MiB/s
> according to the metrics.
> 
> Does anyone have experience with such values? My smaller exit relays
> only have 1GB of RAM.
> 
> Well, there is still the problem that simply trying it out is not
> possible. If I overrun the RAM and it comes to SWAP activities, then
> already on a local machine almost no access was possible. With a VPS
> this is a no-go.
> 
> Kind regards!
> Olaf

Hi,

My small exit relay 988625BFD9E9B23B35C590250407486F28FF8FFC runs on 1
GiB RAM VPS with local unbound recursive resolver. 

Memory usage looks like this:
Memory: Real: 470M/861M act/tot Free: 110M Cache: 177M Swap: 317M/1049M

In my expirience swap in general is a virtue, of course it might hinder
the overall expirience on specific workloads.

Also usually there is a way to access VPS if it has became
unresponsive, like VNC. IMO you should simply try if you have
non-network access to the VPS.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[Toralf Förster]

On 12/14/20 1:15 PM, li...@for-privacy.net wrote:


On both of my exits, unbound occupies 140-145MB RAM.

Hhm, under a hardened stable Gentoo it occupiers 45 MB in RAM (virtual
378MB, but that involves all ever loaded libs before too)

--
Toralf
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: RAM requirement for an exit relay

[lists]

On 12.12.2020 20:37, Olaf Grimm wrote:

I would like to activate a local DNS resolver with unbound at the exit
relays, but I am concerned about the RAM size with 1GB. On an example
machine I have 2GB RAM and the exit relay occupies 400MB at 22.9 MiB/s
according to the metrics.

Does anyone have experience with such values? My smaller exit relays
only have 1GB of RAM.


On both of my exits, unbound occupies 140-145MB RAM.
https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question: RAM requirement for an exit relay

[Olaf Grimm]

Hello!

I would like to activate a local DNS resolver with unbound at the exit
relays, but I am concerned about the RAM size with 1GB. On an example
machine I have 2GB RAM and the exit relay occupies 400MB at 22.9 MiB/s
according to the metrics.

Does anyone have experience with such values? My smaller exit relays
only have 1GB of RAM.

Well, there is still the problem that simply trying it out is not
possible. If I overrun the RAM and it comes to SWAP activities, then
already on a local machine almost no access was possible. With a VPS
this is a no-go.

Kind regards!
Olaf
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] question

[George]

On 10/2/20 3:05 AM, pri...@safe-mail.net wrote:
> Hello. Why is my Consensus Weight constantly changing? What factors influence 
> its change?
> 
> Thanks in advance for your reply =))

The basic definition is here:

https://metrics.torproject.org/glossary.html#consensus-weight

You can find more detailed information on a public node here, if you
click on the 'detailed page':

https://consensus-health.torproject.org/

HTH.

George
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] question

[prizzz]

Hello. Why is my Consensus Weight constantly changing? What factors influence 
its change?

Thanks in advance for your reply =))
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question on Unanttended Upgrades

[fl4co]

Hi Keifer,

A script generated from that website shows that the Tor Project’s repository 
and GPG key are added to apt, so you’ll get updates for Tor from that 
repository.

In addition to that, if you select  automatic updates the unattended-upgrades 
package will be downloaded and configured with this file: 
https://github.com/flxn/tor-relay-configurator/blob/master/misc/50unattended-upgrades.Debian
 

 (if you chose Debian). As you can see, TorProject is one of the allowed 
origins, so the tor package will be automatically upgraded. Auto-reboot is 
turned-off. However, I believe that when tor is updated with apt it will 
restart itself.

Cheers

--
fl4co

> Il giorno 5 mag 2020, alle ore 22:55, Keifer Bly  ha 
> scritto:
> 
> Hello,
> 
> I am wondering, does using Unattended upgrades on Linux, when relay is 
> configured using this configurator:
> 
> https://tor-relay.co/  
> 
> install tor updates automatically when they are released? Does the relay need 
> to be restarted?
> 
> Thanks very much.
>  
> --Keifer
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question on Unanttended Upgrades

[Keifer Bly]

Hello,

I am wondering, does using Unattended upgrades on Linux, when relay is
configured using this configurator:

https://tor-relay.co/

install tor updates automatically when they are released? Does the relay
need to be restarted?

Thanks very much.

--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about authority clock skew

[Toralf Förster]

On 4/14/20 1:34 AM, Roger Dingledine wrote:
> Using the definitions that "precision" is how many digits you're
> providing, and "accuracy" is how right you are, I'd say that we're giving
> you microsecond precision but not microsecond accuracy. :)
Hehe, the first thing I was teached during my study was to not promise more 
accuracy than actually given ;-)

-- 
Toralf



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about authority clock skew

[torjoy]

Thank you for the clarifications, Roger! So the "how right you are" is not too 
important for all the TOR network?

Luiz


Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
Em Segunda-feira, 13 de Abril de 2020 às 20:34, Roger Dingledine 
 escreveu:

> On Mon, Apr 13, 2020 at 01:41:41PM +, torjoy wrote:
>
> > I was browsing the "Consensus health" page and something let me curious... 
> > What is the importance of the clock skew in the authorities with the 
> > resolution of microseconds?
>
> Sebastian's answer is exactly right.
>
> I've just opened
> https://bugs.torproject.org/33896
> because you're right, there's no way the level of precision that
> consensus-health reports is at all accurate.
>
> > So considering the microssencond accuracy
>
> Using the definitions that "precision" is how many digits you're
> providing, and "accuracy" is how right you are, I'd say that we're giving
> you microsecond precision but not microsecond accuracy. :)
>
> Thanks,
> --Roger
>
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about authority clock skew

[torjoy]

Hi Sebastian,

Good to know! This is just a curiosity that I have. Did you know if some 
cryptographic operations uses high resolution like this (microssecond for 
example) to match or no somethings like certificates on our case (TOR)?

Also, another thing that i'm always asking myself is if here in south america 
isn't interesting that we have some authority. What is the "actual load" and 
problems? I see here most of relays haven't the "real" bandwidth that they can 
really deliver... Is this a measurement problem caused by distance of the 
authorities?

I have here on Brazil three bridges and one relay that i'm operating today.

Thank you for the answer!!

Luiz


Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
Em Segunda-feira, 13 de Abril de 2020 às 19:30, Sebastian Hahn 
 escreveu:

> Hi Luiz,
>
> > On 13. Apr 2020, at 15:41, torjoy south_america_brid...@protonmail.com 
> > wrote:
> > I was browsing the "Consensus health" page and something let me curious... 
> > What is the importance of the clock skew in the authorities with the 
> > resolution of microseconds?
> >  > Brasília).png>
> > Picture: 2020/04/13 - 13:37 UTC
> > Also, how the authorities compare their clocks? Using ntp daemon for 
> > example? I'm asking this here because I work in a time and frequency 
> > reference lab and have two NTP (stratum 1, connected directly to UTC(LRTE) 
> > timescale. And a stratum 2 that is discilplinned with the stratum 1 
> > timeserver). So considering the microssencond accuracy did the keepers of 
> > these authorities care about the time source? Or any time source is ok?
>
> I operate the directory authority gabelmoo. We do not synchronize our clocks 
> amongst ourselves and accuracy of +/- a few seconds is really not important. 
> Every operator does their best to keep the time roughly correct individually, 
> for example gabelmoo uses a site-local NTP server that gets physical time 
> from the German government's time broadcasting service.
>
> The page you're referring to just shows the skew with a lot more digits than 
> can actually be accurately measured. The reason to keep clock skew in check 
> is that if the time differs by more than a few seconds, the voting process 
> can get impacted which in the past has led to consensuses not being created 
> even though enough directory authorities would theoretically be ready for it. 
> Also some directory authorities had some historical trouble with keeping an 
> accurate time due to virtual machine trouble - this was worrisome for relay 
> operators, because they would get (wrong) warnings about a wrong time in 
> their logfile.
>
> Hope that helps
> Sebastian
>
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about authority clock skew

[Roger Dingledine]

On Mon, Apr 13, 2020 at 01:41:41PM +, torjoy wrote:
> I was browsing the "Consensus health" page and something let me curious... 
> What is the importance of the clock skew in the authorities with the 
> resolution of microseconds?

Sebastian's answer is exactly right.

I've just opened
https://bugs.torproject.org/33896
because you're right, there's no way the level of precision that
consensus-health reports is at all accurate.

> So considering the microssencond accuracy

Using the definitions that "precision" is how many digits you're
providing, and "accuracy" is how right you are, I'd say that we're giving
you microsecond precision but not microsecond accuracy. :)

Thanks,
--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about authority clock skew

[Sebastian Hahn]

Hi Luiz,


> On 13. Apr 2020, at 15:41, torjoy  
> wrote:
> I was browsing the "Consensus health" page and something let me curious... 
> What is the importance of the clock skew in the authorities with the 
> resolution of microseconds? 
>  Brasília).png>
>Picture: 2020/04/13 - 13:37 UTC
> 
> Also, how the authorities compare their clocks? Using ntp daemon for example? 
> I'm asking this here because I work in a time and frequency reference lab and 
> have two NTP (stratum 1, connected directly to UTC(LRTE) timescale. And a 
> stratum 2 that is discilplinned with the stratum 1 timeserver). So 
> considering the microssencond accuracy did the keepers of these authorities 
> care about the time source? Or any time source is ok? 

I operate the directory authority gabelmoo. We do not synchronize our clocks 
amongst ourselves and accuracy of +/- a few seconds is really not important. 
Every operator does their best to keep the time roughly correct individually, 
for example gabelmoo uses a site-local NTP server that gets physical time from 
the German government's time broadcasting service.

The page you're referring to just shows the skew with a lot more digits than 
can actually be accurately measured. The reason to keep clock skew in check is 
that if the time differs by more than a few seconds, the voting process can get 
impacted which in the past has led to consensuses not being created even though 
enough directory authorities would theoretically be ready for it. Also some 
directory authorities had some historical trouble with keeping an accurate time 
due to virtual machine trouble - this was worrisome for relay operators, 
because they would get (wrong) warnings about a wrong time in their logfile.

Hope that helps
Sebastian
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question about authority clock skew

[torjoy]

Hello everyone, how are you?

I was browsing the "Consensus health" page and something let me curious... What 
is the importance of the clock skew in the authorities with the resolution of 
microseconds?

   Picture: 2020/04/13 - 13:37 UTC

Also, how the authorities compare their clocks? Using ntp daemon for example? 
I'm asking this here because I work in a time and frequency reference lab and 
have two NTP (stratum 1, connected directly to UTC(LRTE) timescale. And a 
stratum 2 that is discilplinned with the stratum 1 timeserver). So considering 
the microssencond accuracy did the keepers of these authorities care about the 
time source? Or any time source is ok?

Best regards and keep safe!

Luiz___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question

[Jonathan Marquardt]

Hi!

Can you try to run this command as root?

# curl 
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
 | apt-key add -

Let's see if that works.
-- 
OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3
 https://www.parckwart.de/pgp_key


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question

[Rubles]

I tried running a bridge but my systemLog said:

Please upgrade! This version of Tor (0.3.2.10) is not recommended, 
according to the directory authorities. Recommended versions are: 
0.2.9.15,0.2.9.16,0.2.9.17,0.3.5.8,0.4.0.5,0.4.0.6,0.4.1.2-alpha,0.4.1.3-alpha,0.4.1.4-rc,0.4.1.5,0.4.1.6,0.4.1.7,0.4.2.1-alpha,0.4.2.2-alpha,0.4.2.3-alpha


(I used sudo apt-get install tor - on Mint) so I checked out 
https://support.torproject.org/apt/tor-deb-repo/ and when I tried gpg 
--export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - it 
didn't work as it said gpg: WARNING: unsafe ownership on homedir

 gpg: [stdout]: write error: Broken pipe
gpg: build_packet(2) failed: Broken pipe
gpg: key export failed: Broken pipe

Here are some other things it said:

Looks like client functionality is working.
Bootstrapped 100%: Done

Your server has not managed to confirm that its ORPort is reachable. 
Relays do not publish descriptors until their ORPort and DirPort are 
reachable. Please check your firewalls, ports, address, /etc/hosts file, 
etc.


What do I do?

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about Bridges Bandwidth Authority

[Roger Dingledine]

On Wed, Jul 24, 2019 at 07:36:59PM +0300, s7r wrote:
> I'd like to know more details about how exactly the bridge bandwidth
> authority works, and if we use the "weight" of each bridge for anything.

I'll start off by answering some of the questions, and let others
fill in the gaps.

The first answer is that there is no such thing as a bridge bandwidth
authority. There is only the bridge directory authority, Serge, which
collects self-signed bridge descriptors from bridges, checks reachability,
and passes them on to the bridgedb service.

> For example, I have setup 5 obfs4 bridges, with the exact very same
> hardware resources and all on the same network speed of course.

Thanks!

> One of them gets used by clients (say 20-50 unique clients every 6 hours
> or so) while the rest of 4 are not used at all. This usage is not a
> concern for me, as its known bridges take time until they get used,
> depending on which bucket they have been assigned and etc. So I assume
> it's OK at this particular point in their lifetime to be unused by any
> client.

Yep, it is not unusual for bridges to not see much use. As you say this
is due to a variety of factors -- which distribution strategy bridgedb
picks for them, which countries are blocking Tor in what way this week,
whether your IP address has gotten on any blacklists, etc.

> But what I am curious about is, when I search them on RelaySearch, the
> used one has a measured bandwidth of over 2 MiB/s (and has the fast
> flag) while other 3 unused ones have bandwidths of between 50 and 60
> KiB/s (these also have the fast flag) and there is one last one which is
> also not used and has a bandwidth of less than 10 KiB/s that does not
> have the fast flag. (Fast flag missing is also not my problem, I am just
> mentioning it as a side detail).
> 
> Now I know for sure those values are not at all in according to the real
> environment. Each bridge should be at least capable of 3 MiB/s even if
> all 5 are used at the same time at their full speeds. Actually I have
> simulated this, it's not just theoretical.
> 
> Is there anything related to usage, so that the bridge bandwidth
> authority only measures the used bridges? What could have cause such big
> discrepancy in my particular case, any ideas?

These numbers are simply the self-reported bandwidth numbers from the
bridges.

All kinds of relays, including bridge relays, watch how much traffic
they've seen themselves doing, and put the largest burst they've seen
into their relay descriptor (or bridge descriptor in this case).

https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n432

So the bridges that have a bunch of users have had more traffic load,
and thus have a higher burst traffic number to report.

Or to answer it differently, the issue is the other way around from
what you were worried about: it isn't that something is giving one of
your bridges a higher bandwidth value, and thus it has more users. It's
that one of your bridges has more users, so it ends up with a higher
bandwidth value.

> Also, do we use the weight of each bridge in order to determine how much
> % probability it has to be served to a request in the bucket that is
> part of, or we don't use bridge weights for anything at all?

I believe we don't use bridge weights for anything at all.

But I might be wrong about this last part. We've changed our mind several
times over the years about how to handle weighting.  Specifically,
I don't know if the behavior changed with the latest iteration of the
entry guard selection design:
https://gitweb.torproject.org/torspec.git/tree/guard-spec.txt

Hope that helps,
--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about Bridges Bandwidth Authority

[David Poulsen]

We should start making the OS available for small units like Raspberry PI, and 
do not concentrate on large installations.

Newer smartphones should also be able to be used as relays, with unlimited data 
and with 4G (soon 5G) up to 20 Mb download and 5 Mb downloads at the moment, 
where we can put the TAILS OS or Tor Browsers Bundles with orbot features, 
which manually should be connected to public Tor Relays.

Many small units are many untraceable units, large installations are easily 
compromised and indeed very traceable, where their locations also are known!

Regards
David

Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Saturday, July 27, 2019 12:12 PM, s7r  wrote:

> Hello again,
>
> Getting back to this post with an update, see inline:
>
> s7r wrote:
>
> > Hello,
> > I'd like to know more details about how exactly the bridge bandwidth
> > authority works, and if we use the "weight" of each bridge for anything.
> > For example, I have setup 5 obfs4 bridges, with the exact very same
> > hardware resources and all on the same network speed of course.
> > One of them gets used by clients (say 20-50 unique clients every 6 hours
> > or so) while the rest of 4 are not used at all. This usage is not a
> > concern for me, as its known bridges take time until they get used,
> > depending on which bucket they have been assigned and etc. So I assume
> > it's OK at this particular point in their lifetime to be unused by any
> > client.
> > But what I am curious about is, when I search them on RelaySearch, the
> > used one has a measured bandwidth of over 2 MiB/s (and has the fast
> > flag) while other 3 unused ones have bandwidths of between 50 and 60
> > KiB/s (these also have the fast flag) and there is one last one which is
> > also not used and has a bandwidth of less than 10 KiB/s that does not
> > have the fast flag. (Fast flag missing is also not my problem, I am just
> > mentioning it as a side detail).
> > Now I know for sure those values are not at all in according to the real
> > environment. Each bridge should be at least capable of 3 MiB/s even if
> > all 5 are used at the same time at their full speeds. Actually I have
> > simulated this, it's not just theoretical.
> > Is there anything related to usage, so that the bridge bandwidth
> > authority only measures the used bridges? What could have cause such big
> > discrepancy in my particular case, any ideas?
>
> It could be something about this.
> Another bridge just started to get fair usage (say 60 - 80 unique
> clients every 6 hour or so) and it got measured from slightly over 50
> KiB/s to ~4 MiB/s which is actually closer to the reality.
>
> The rest of unused bridges by clients still are reported as ~50 KiB/s
> which is very low.
>
> > Also, do we use the weight of each bridge in order to determine how much
> > % probability it has to be served to a request in the bucket that is
> > part of, or we don't use bridge weights for anything at all?
> > Thanks!
>
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about Bridges Bandwidth Authority

[s7r]

Hello again,

Getting back to this post with an update, see inline:

s7r wrote:
> Hello,
> 
> I'd like to know more details about how exactly the bridge bandwidth
> authority works, and if we use the "weight" of each bridge for anything.
> 
> For example, I have setup 5 obfs4 bridges, with the exact very same
> hardware resources and all on the same network speed of course.
> 
> One of them gets used by clients (say 20-50 unique clients every 6 hours
> or so) while the rest of 4 are not used at all. This usage is not a
> concern for me, as its known bridges take time until they get used,
> depending on which bucket they have been assigned and etc. So I assume
> it's OK at this particular point in their lifetime to be unused by any
> client.
> 
> But what I am curious about is, when I search them on RelaySearch, the
> used one has a measured bandwidth of over 2 MiB/s (and has the fast
> flag) while other 3 unused ones have bandwidths of between 50 and 60
> KiB/s (these also have the fast flag) and there is one last one which is
> also not used and has a bandwidth of less than 10 KiB/s that does not
> have the fast flag. (Fast flag missing is also not my problem, I am just
> mentioning it as a side detail).
> 
> Now I know for sure those values are not at all in according to the real
> environment. Each bridge should be at least capable of 3 MiB/s even if
> all 5 are used at the same time at their full speeds. Actually I have
> simulated this, it's not just theoretical.
> 
> Is there anything related to usage, so that the bridge bandwidth
> authority only measures the used bridges? What could have cause such big
> discrepancy in my particular case, any ideas?

It could be something about this.
Another bridge just started to get fair usage (say 60 - 80 unique
clients every 6 hour or so) and it got measured from slightly over 50
KiB/s to ~4 MiB/s which is actually closer to the reality.

The rest of unused bridges by clients still are reported as ~50 KiB/s
which is very low.

> 
> Also, do we use the weight of each bridge in order to determine how much
> % probability it has to be served to a request in the bucket that is
> part of, or we don't use bridge weights for anything at all?
> 
> Thanks!
> 



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question about Bridges Bandwidth Authority

[s7r]

Hello,

I'd like to know more details about how exactly the bridge bandwidth
authority works, and if we use the "weight" of each bridge for anything.

For example, I have setup 5 obfs4 bridges, with the exact very same
hardware resources and all on the same network speed of course.

One of them gets used by clients (say 20-50 unique clients every 6 hours
or so) while the rest of 4 are not used at all. This usage is not a
concern for me, as its known bridges take time until they get used,
depending on which bucket they have been assigned and etc. So I assume
it's OK at this particular point in their lifetime to be unused by any
client.

But what I am curious about is, when I search them on RelaySearch, the
used one has a measured bandwidth of over 2 MiB/s (and has the fast
flag) while other 3 unused ones have bandwidths of between 50 and 60
KiB/s (these also have the fast flag) and there is one last one which is
also not used and has a bandwidth of less than 10 KiB/s that does not
have the fast flag. (Fast flag missing is also not my problem, I am just
mentioning it as a side detail).

Now I know for sure those values are not at all in according to the real
environment. Each bridge should be at least capable of 3 MiB/s even if
all 5 are used at the same time at their full speeds. Actually I have
simulated this, it's not just theoretical.

Is there anything related to usage, so that the bridge bandwidth
authority only measures the used bridges? What could have cause such big
discrepancy in my particular case, any ideas?

Also, do we use the weight of each bridge in order to determine how much
% probability it has to be served to a request in the bucket that is
part of, or we don't use bridge weights for anything at all?

Thanks!



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about new website

[Keifer Bly]

Ah, found it, thanks. The ticket did not appear when I clicked on the link 
previously, but it is there now. Maybe put a link to the expert bundle back on 
the Tor Project website? Thanks.

--Keifer

From: Georg Koppen
Sent: Friday, April 5, 2019 12:57 AM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Question about new website

Keifer Bly:
> Hi, sorry but I am not able to find it in the directory link. It is still 
> being updated alongside tor browser correct? Thanks.

The tor-win*zip files are contained in the Tor Browser directories, see
e.g.: https://dist.torproject.org/torbrowser/8.0.8/.

Re: the ticket. Not sure what you mean, but
https://trac.torproject.org/projects/tor/ticket/29991 shows the bug for
me (just tested again).

Georg

> --Keifer
> 
> From: Georg Koppen
> Sent: Wednesday, April 3, 2019 12:14 AM
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Question about new website
> 
> Keifer Bly:
>> Hi all, the new website looks nice. I like the look of it. I have one
>> question, where can the tor expert bundle be downloaded from now? Thanks.
> 
> Hm, you are right, it seems it is not possible to download it from our
> website at the moment. I've opened
> https://trac.torproject.org/projects/tor/ticket/29991.
> 
> That said, you can always get if from
> https://dist.torproject.org/torbrowser/.
> 
> Look at the latest stable release folder there and check out the
> respective tor-win*zip file you need.
> 
> Sorry for the inconvenience,
> Georg
> 
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about new website

[Georg Koppen]

Keifer Bly:
> Hi, sorry but I am not able to find it in the directory link. It is still 
> being updated alongside tor browser correct? Thanks.

The tor-win*zip files are contained in the Tor Browser directories, see
e.g.: https://dist.torproject.org/torbrowser/8.0.8/.

Re: the ticket. Not sure what you mean, but
https://trac.torproject.org/projects/tor/ticket/29991 shows the bug for
me (just tested again).

Georg

> --Keifer
> 
> From: Georg Koppen
> Sent: Wednesday, April 3, 2019 12:14 AM
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Question about new website
> 
> Keifer Bly:
>> Hi all, the new website looks nice. I like the look of it. I have one
>> question, where can the tor expert bundle be downloaded from now? Thanks.
> 
> Hm, you are right, it seems it is not possible to download it from our
> website at the moment. I've opened
> https://trac.torproject.org/projects/tor/ticket/29991.
> 
> That said, you can always get if from
> https://dist.torproject.org/torbrowser/.
> 
> Look at the latest stable release folder there and check out the
> respective tor-win*zip file you need.
> 
> Sorry for the inconvenience,
> Georg
> 
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about new website

[Keifer Bly]

Also, the opened ticket only says “No handler matched request to 
/ticket/29991.” Thank you.


--Keifer

From: Keifer Bly
Sent: Friday, April 5, 2019 12:43 AM
To: tor-relays@lists.torproject.org
Subject: RE: [tor-relays] Question about new website

Hi, sorry but I am not able to find it in the directory link. It is still being 
updated alongside tor browser correct? Thanks.

--Keifer

From: Georg Koppen
Sent: Wednesday, April 3, 2019 12:14 AM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Question about new website

Keifer Bly:
> Hi all, the new website looks nice. I like the look of it. I have one
> question, where can the tor expert bundle be downloaded from now? Thanks.

Hm, you are right, it seems it is not possible to download it from our
website at the moment. I've opened
https://trac.torproject.org/projects/tor/ticket/29991.

That said, you can always get if from
https://dist.torproject.org/torbrowser/.

Look at the latest stable release folder there and check out the
respective tor-win*zip file you need.

Sorry for the inconvenience,
Georg



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about new website

[Keifer Bly]

Hi, sorry but I am not able to find it in the directory link. It is still being 
updated alongside tor browser correct? Thanks.

--Keifer

From: Georg Koppen
Sent: Wednesday, April 3, 2019 12:14 AM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Question about new website

Keifer Bly:
> Hi all, the new website looks nice. I like the look of it. I have one
> question, where can the tor expert bundle be downloaded from now? Thanks.

Hm, you are right, it seems it is not possible to download it from our
website at the moment. I've opened
https://trac.torproject.org/projects/tor/ticket/29991.

That said, you can always get if from
https://dist.torproject.org/torbrowser/.

Look at the latest stable release folder there and check out the
respective tor-win*zip file you need.

Sorry for the inconvenience,
Georg


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about new website

[Georg Koppen]

Keifer Bly:
> Hi all, the new website looks nice. I like the look of it. I have one
> question, where can the tor expert bundle be downloaded from now? Thanks.

Hm, you are right, it seems it is not possible to download it from our
website at the moment. I've opened
https://trac.torproject.org/projects/tor/ticket/29991.

That said, you can always get if from
https://dist.torproject.org/torbrowser/.

Look at the latest stable release folder there and check out the
respective tor-win*zip file you need.

Sorry for the inconvenience,
Georg



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question about new website

[Keifer Bly]

Hi all, the new website looks nice. I like the look of it. I have one
question, where can the tor expert bundle be downloaded from now? Thanks.
-- 
--Keifer
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question Re: firewall rules for obfs4 bridge relay

[torrelay.europa]

Thanks for the link & clarification.
Best regards,
Kenneth

3. Oct 2018 14:15 by entensai...@use.startmail.com 
:


> Hi Kenneth,
> find the answers here: > 
> https://lists.torproject.org/pipermail/tor-relays/2018-July/015748.html 
> 
> It would be great to add that to the guide at> 
> https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy
>  
> >
>   ^^.
>  
>> Hello,
>>
>> I'm in the process of setting up a couple of obfs4 bridge relays on Ubuntu 
>> server 18.04. 
>>
>> I'm endeavoring to apply strict firewall rules to ensure only the necessary 
>> ports are open.
>>
>> In accordance with the configuration (below) I've allowed port 9001:
>>
>> #Bridge config
>> RunAsDaemon 1
>> ORPort 9001
>> BridgeRelay 1
>> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
>> ExtORPort auto
>>
>> #Set your bridge nickname and contact info
>> ContactInfo 
>> Nickname pick-a-nickname
>>
>> I've also allowed port 9051 to enable me to connect to the obfs4 server via 
>> onionbox.
>>
>> After starting the Tor service the Tor logs report,
>>
>> Opening Socks listener on 127.0.0.1:9050
>>
>> Opening Control listener on 127.0.0.1:9051
>>
>> Opening OR listener on 0.0.0.0:9001
>>
>> Extended OR listener listening on port X.
>>
>> Registered server transport 'obfs4' at '[::]:33919'
>>
>> All of the ports listed (above) appear to be fixed ports that open each time 
>> I start/restart Tor. However, the"Extended OR listener listening on port 
>> X" changes on each start/restart.
>>  >> I can see the configuration (above) instructs ExtORPort auto.>>  >> I've 
>> looked online where there is some advice suggesting the auto setting for 
>> ExtORPort is important for securityreasons, however, if I'd like to have 
>> strict firewall rules the auto setting becomes problematic.
>> Currently, I've allowed port 9001 & the Tor logs report,
>>
>> Now checking whether ORPort XXX.XXX.XXX.XX:9001 is reachable...
>>
>> Self-testing indicates your ORPort is reachable from the outside.
>>
>> I'd be grateful for some advice on which ports I should keep open, to ensure 
>> I can provide the very best service  security practice both for the 
>> client & the server - thanks :)
>>
>> Best regards,
>>
>> Kenneth___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question Re: firewall rules for obfs4 bridge relay

[entensaison]

Hi Kenneth,
find the answers here: 
https://lists.torproject.org/pipermail/tor-relays/2018-July/015748.html
It would be great to add that to the guide at 
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy 
^^.

 

Hello,

I'm in the process of setting up a couple of obfs4 bridge relays on 
Ubuntu server 18.04. 


I'm endeavoring to apply strict firewall rules to ensure only the 
necessary ports are open.


In accordance with the configuration (below) I've allowed port 9001:

#Bridge config
RunAsDaemon 1
ORPort 9001
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto

#Set your bridge nickname and contact info
ContactInfo 
Nickname pick-a-nickname

I've also allowed port 9051 to enable me to connect to the obfs4 
server via onionbox.


After starting the Tor service the Tor logs report,

Opening Socks listener on 127.0.0.1:9050

Opening Control listener on 127.0.0.1:9051

Opening OR listener on 0.0.0.0:9001

Extended OR listener listening on port X.

Registered server transport 'obfs4' at '[::]:33919'

All of the ports listed (above) appear to be fixed ports that open 
each time I start/restart Tor. However, the "Extended OR listener 
listening on port X" changes on each start/restart.

 
I can see the configuration (above) instructs ExtORPort auto.
 
I've looked online where there is some advice suggesting the auto 
setting for ExtORPort is important for security reasons, however, if 
I'd like to have strict firewall rules the auto setting becomes 
problematic.

Currently, I've allowed port 9001 & the Tor logs report,

Now checking whether ORPort XXX.XXX.XXX.XX:9001 is reachable...

Self-testing indicates your ORPort is reachable from the outside.

I'd be grateful for some advice on which ports I should keep open, to 
ensure I can provide the very best service & good security practice 
both for the client & the server - thanks :)


Best regards,

Kenneth
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question Re: firewall rules for obfs4 bridge relay [addendum]

[torrelay.europa]

PS - forgot to state that I'm using ufw firewall. 
Date: 3. Oct 2018 13:16From: torrelay.eur...@keemail.me 

To: tor-relays@lists.torproject.org 
Subject: Question Re: firewall rules for obfs4 bridge relay


> Hello,
>
> I'm in the process of setting up a couple of obfs4 bridge relays on Ubuntu 
> server 18.04.  
>
> I'm endeavoring to apply strict firewall rules to ensure only the necessary 
> ports are open. 
>
> In accordance with the configuration (below) I've allowed port 9001:
>
> #Bridge config
> RunAsDaemon 1
> ORPort 9001
> BridgeRelay 1
> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> ExtORPort auto
>
> #Set your bridge nickname and contact info
> ContactInfo 
> Nickname pick-a-nickname
>
> I've also allowed port 9051 to enable me to connect to the obfs4 server via 
> onionbox.
>
> After starting the Tor service the Tor logs report,
>
> Opening Socks listener on 127.0.0.1:9050
>
> Opening Control listener on 127.0.0.1:9051
>
> Opening OR listener on 0.0.0.0:9001
>
> Extended OR listener listening on port X.
>
> Registered server transport 'obfs4' at '[::]:33919'
>
> All of the ports listed (above) appear to be fixed ports that open each time 
> I start/restart Tor. However, the "Extended OR listener listening on port 
> X" changes on each start/restart. 
>
> I can see the configuration (above) instructs ExtORPort auto. 
>
> I've looked online where there is some advice suggesting the auto setting for 
> ExtORPort is important for security reasons, however, if I'd like to have 
> strict firewall rules the auto setting becomes problematic.
> Currently, I've allowed port 9001 & the Tor logs report,
>
> Now checking whether ORPort XXX.XXX.XXX.XX:9001 is reachable...
>
> Self-testing indicates your ORPort is reachable from the outside. 
>
> I'd be grateful for some advice on which ports I should keep open, to ensure 
> I can provide the very best service & good security practice both for the 
> client & the server - thanks :)
>
> Best regards,
>
> Kenneth
>
>
>
>
>
>
>
>___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question Re: firewall rules for obfs4 bridge relay

[torrelay.europa]

Hello,

I'm in the process of setting up a couple of obfs4 bridge relays on Ubuntu 
server 18.04.  

I'm endeavoring to apply strict firewall rules to ensure only the necessary 
ports are open. 

In accordance with the configuration (below) I've allowed port 9001:

#Bridge config
RunAsDaemon 1
ORPort 9001
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto

#Set your bridge nickname and contact info
ContactInfo 
Nickname pick-a-nickname

I've also allowed port 9051 to enable me to connect to the obfs4 server via 
onionbox.

After starting the Tor service the Tor logs report,

Opening Socks listener on 127.0.0.1:9050

Opening Control listener on 127.0.0.1:9051

Opening OR listener on 0.0.0.0:9001

Extended OR listener listening on port X.

Registered server transport 'obfs4' at '[::]:33919'

All of the ports listed (above) appear to be fixed ports that open each time I 
start/restart Tor. However, the "Extended OR listener listening on port X" 
changes on each start/restart. 

I can see the configuration (above) instructs ExtORPort auto. 

I've looked online where there is some advice suggesting the auto setting for 
ExtORPort is important for security reasons, however, if I'd like to have 
strict firewall rules the auto setting becomes problematic.
Currently, I've allowed port 9001 & the Tor logs report,

Now checking whether ORPort XXX.XXX.XXX.XX:9001 is reachable...

Self-testing indicates your ORPort is reachable from the outside. 

I'd be grateful for some advice on which ports I should keep open, to ensure I 
can provide the very best service & good security practice both for the client 
& the server - thanks :)

Best regards,

Kenneth







___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] question related to consensus weight fraction calculation

[nusenu]

Toralf Förster:
> One possible explanation could be that most of the network growth was
> made at the same AS as where I do reside?

AS is not taken into account for path selection but same /16 IPv4 netblock and 
same family is.
-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] question related to consensus weight fraction calculation

[nusenu]

Toralf Förster:
> I do wonder about any changes in the algorithm which drops the cw of a
> relay [1] by a magnitude within 1 year as seen in [2]?
> 
> [1]
> https://metrics.torproject.org/rs.html#details/1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA
> [2]
> https://screenshotscdn.firefoxusercontent.com/images/040958f1-a5be-4630-9551-c8f6f9952a5e.png

You are looking at cw **fraction**, which is a relative value compared to the 
rest of the network,
which is why I think it isn't the best value to look at when trying to 
determine "is my relay 
doing better or worse than usual?" 

If your relay is doing great as usual and others add 50 Gbit/s of capacity you 
might see
your cw fraction and exit probability go down.

Your cw fraction and exit probability is decreasing since several month, at the 
same time the
the overall tor network capacity increased:

https://metrics.torproject.org/bandwidth.png?start=2017-08-21=2018-08-19
https://metrics.torproject.org/bandwidth-flags.png?start=2017-08-21=2018-08-19


The better question might be: Did your absolute cw value decrease as well or 
did it remain static?


This is why I'd like to see absolute CW graphs in addition to the fraction 
graphs (and even the ratio of them),
here is the ticket: 

https://trac.torproject.org/projects/tor/ticket/26767

-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] question related to consensus weight fraction calculation

[Toralf Förster]

I do wonder about any changes in the algorithm which drops the cw of a
relay [1] by a magnitude within 1 year as seen in [2]?

[1]
https://metrics.torproject.org/rs.html#details/1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA
[2]
https://screenshotscdn.firefoxusercontent.com/images/040958f1-a5be-4630-9551-c8f6f9952a5e.png

-- 
Toralf
PGP C4EACDDE 0076E94E



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question On Running A Tor Bridge Relay

[Tony Peck]

Thanks.  Got it installed.  Still more to do.  My problem is using go
but am figuring it out.

On 8/8/2018 at 12:16 PM, "teor"  wrote:> On 8 Aug 2018, at 19:45, Tony
Peck  wrote:
> 
> I have tried the manual install mentioned in this communication.  I
get the error: gopath not set.  The go help gopath does not help me. 
What should the gopath be and where should I put it?  I also use a
local Charter company, Spectrum.

Hi,

This answer tells you how to set the GOPATH:

https://stackoverflow.com/questions/21001387/how-do-i-set-the-gopath-environment-variable-on-ubuntu-what-file-must-i-edit

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question On Running A Tor Bridge Relay

[teor]

> On 8 Aug 2018, at 19:45, Tony Peck  wrote:
> 
> I have tried the manual install mentioned in this communication.  I get the 
> error: gopath not set.  The go help gopath does not help me.  What should the 
> gopath be and where should I put it?  I also use a local Charter company, 
> Spectrum.

Hi,

This answer tells you how to set the GOPATH:

https://stackoverflow.com/questions/21001387/how-do-i-set-the-gopath-environment-variable-on-ubuntu-what-file-must-i-edit

T


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question On Running A Tor Bridge Relay

[Tony Peck]

I have tried the manual install mentioned in this communication.  I
get the error: gopath not set.  The go help gopath does not help me. 
What should the gopath be and where should I put it?  I also use a
local Charter company, Spectrum.

On 8/8/2018 at 4:32 AM, "Keifer Bly"  wrote:Ok. Thanks. The only
computer I can run my relay on is a macos compter, and it seems to
have been doing ok for the last week or so. Perhaps that was something
unrelated my router was doing. As obfs4 seems incompatible with
macos/homebrew, I will keep running my relay as normal for now. I
tried doing a manual install and it caused the tor software to crash,
leading me to believe that will not work on MacOS for now.
I had another thought, in newest versions of tor browser, the option
to use bridges is now lables as "tor is censored in my country" where
it used to read "my isp blocks connections to the tor network". There
could also be people in uncensored countries trying to connect from
networks who's network administrator has blocked access to the tor
network, it might be a good idea to include this in the text to clear
confusion. Just a thought.
On Sun, Aug 5, 2018 at 6:54 PM teor  wrote:

 > On 1 Aug 2018, at 19:57, Keifer Bly  wrote:
 > 
 > Hi All,
 > 
 > So given that I am running my relay off of a home internet router
(a Netgear Orbi Router) I am considering switching to running an
obfuscated bridge. I am not sure I will do this, but have noticed that
when my relay (torland at
 >
http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e72132684096eee779d30)
Gets a lot of use,  this can cause my computer I am running it on to
get hot (It is a mid 2011 iMac with 8GB Ram running Mac OS High
Sierra). It does not happen often, but does from time to time. I have
also noticed that not often but occasionally when my relay is running,
my router will lock up either for a few minutes or until I restart it.
I do not know if this is related to my relay (I checked with Netgear
support and was told the router  is capable of about 60,000
simultaneous connections, 65,000 being the absolute maximum).
 > 
 > The ISP is Charter Communications, and the internet speed generally
alternates between 500-800 kb/s. I will maybe try running a bridge to
cut down on the maximum number of connections I get, and have three
questions. I have been running a public relay off my listed ip for
some time but have a Dynamic IP so it should change from time to time.
 > 
 >   • What would be the most helpful PT to run? Obfs4 is the
one I would most likely choose, and what countries are these being
used in the most?
 obfs4 is a good PT to run.
 Here is a graph of the top 10 countries:
 https://metrics.torproject.org/userstats-bridge-table.html
 >   • I looked on the tor website and could only find the
instructions for installing PT on Linux at 
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy.
Is there currently a way to install the PT for Obfs4 on Mac OS High
Sierra (this would be installed via homebrew)?
 You can use “brew search” in your terminal to find homebrew
packages.
 It doesn’t look like obfs4proxy is available via homebrew:
 
http://brewformulas.org/search?utf8=%E2%9C%93%5Bterms%5D=obfs4proxy=%5Bnames%5D=0%5Bnames%5D=1%5Bfilenames%5D=0%5Bfilenames%5D=1%5Bdescriptions%5D=0%5Bdescriptions%5D=1
 You could try a manual install:
 https://gitweb.torproject.org/pluggable-transports/obfs4.git/plain/README.md
 >   • Would it be possible to keep my current relay
fingerprint?
 Keeping your current relay fingerprint is a bad idea.
 It makes your bridge easier to censor, and it doesn’t help bridge
users.
 Delete your keys and start again.
 T
 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
 ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question On Running A Tor Bridge Relay

[Keifer Bly]

Ok. Thanks. The only computer I can run my relay on is a macos compter, and
it seems to have been doing ok for the last week or so. Perhaps that was
something unrelated my router was doing. As obfs4 seems incompatible with
macos/homebrew, I will keep running my relay as normal for now. I tried
doing a manual install and it caused the tor software to crash, leading me
to believe that will not work on MacOS for now.

I had another thought, in newest versions of tor browser, the option to use
bridges is now lables as "tor is censored in my country" where it used to
read "my isp blocks connections to the tor network". There could also be
people in uncensored countries trying to connect from networks who's
network administrator has blocked access to the tor network, it might be a
good idea to include this in the text to clear confusion. Just a thought.

On Sun, Aug 5, 2018 at 6:54 PM teor  wrote:

>
> > On 1 Aug 2018, at 19:57, Keifer Bly  wrote:
> >
> > Hi All,
> >
> > So given that I am running my relay off of a home internet router (a
> Netgear Orbi Router) I am considering switching to running an obfuscated
> bridge. I am not sure I will do this, but have noticed that when my relay
> (torland at
> >
> http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e72132684096eee779d30)
> Gets a lot of use,  this can cause my computer I am running it on to get
> hot (It is a mid 2011 iMac with 8GB Ram running Mac OS High Sierra). It
> does not happen often, but does from time to time. I have also noticed that
> not often but occasionally when my relay is running, my router will lock up
> either for a few minutes or until I restart it. I do not know if this is
> related to my relay (I checked with Netgear support and was told the
> router  is capable of about 60,000 simultaneous connections, 65,000 being
> the absolute maximum).
> >
> > The ISP is Charter Communications, and the internet speed generally
> alternates between 500-800 kb/s. I will maybe try running a bridge to cut
> down on the maximum number of connections I get, and have three questions.
> I have been running a public relay off my listed ip for some time but have
> a Dynamic IP so it should change from time to time.
> >
> >   • What would be the most helpful PT to run? Obfs4 is the one I
> would most likely choose, and what countries are these being used in the
> most?
>
> obfs4 is a good PT to run.
>
> Here is a graph of the top 10 countries:
> https://metrics.torproject.org/userstats-bridge-table.html
>
> >   • I looked on the tor website and could only find the instructions
> for installing PT on Linux at
> https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy.
> Is there currently a way to install the PT for Obfs4 on Mac OS High Sierra
> (this would be installed via homebrew)?
>
> You can use “brew search” in your terminal to find homebrew packages.
>
> It doesn’t look like obfs4proxy is available via homebrew:
>
> http://brewformulas.org/search?utf8=%E2%9C%93%5Bterms%5D=obfs4proxy=%5Bnames%5D=0%5Bnames%5D=1%5Bfilenames%5D=0%5Bfilenames%5D=1%5Bdescriptions%5D=0%5Bdescriptions%5D=1
>
> You could try a manual install:
>
> https://gitweb.torproject.org/pluggable-transports/obfs4.git/plain/README.md
>
> >   • Would it be possible to keep my current relay fingerprint?
>
> Keeping your current relay fingerprint is a bad idea.
> It makes your bridge easier to censor, and it doesn’t help bridge users.
>
> Delete your keys and start again.
>
> T
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question On Running A Tor Bridge Relay

[teor]

> On 1 Aug 2018, at 19:57, Keifer Bly  wrote:
> 
> Hi All,
> 
> So given that I am running my relay off of a home internet router (a Netgear 
> Orbi Router) I am considering switching to running an obfuscated bridge. I am 
> not sure I will do this, but have noticed that when my relay (torland at
> http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e72132684096eee779d30)
>  Gets a lot of use,  this can cause my computer I am running it on to get hot 
> (It is a mid 2011 iMac with 8GB Ram running Mac OS High Sierra). It does not 
> happen often, but does from time to time. I have also noticed that not often 
> but occasionally when my relay is running, my router will lock up either for 
> a few minutes or until I restart it. I do not know if this is related to my 
> relay (I checked with Netgear support and was told the router  is capable of 
> about 60,000 simultaneous connections, 65,000 being the absolute maximum).
> 
> The ISP is Charter Communications, and the internet speed generally 
> alternates between 500-800 kb/s. I will maybe try running a bridge to cut 
> down on the maximum number of connections I get, and have three questions. I 
> have been running a public relay off my listed ip for some time but have a 
> Dynamic IP so it should change from time to time.
> 
>   • What would be the most helpful PT to run? Obfs4 is the one I would 
> most likely choose, and what countries are these being used in the most?

obfs4 is a good PT to run.

Here is a graph of the top 10 countries:
https://metrics.torproject.org/userstats-bridge-table.html

>   • I looked on the tor website and could only find the instructions for 
> installing PT on Linux at  
> https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy.
>  Is there currently a way to install the PT for Obfs4 on Mac OS High Sierra 
> (this would be installed via homebrew)?

You can use “brew search” in your terminal to find homebrew packages.

It doesn’t look like obfs4proxy is available via homebrew:
http://brewformulas.org/search?utf8=%E2%9C%93%5Bterms%5D=obfs4proxy=%5Bnames%5D=0%5Bnames%5D=1%5Bfilenames%5D=0%5Bfilenames%5D=1%5Bdescriptions%5D=0%5Bdescriptions%5D=1

You could try a manual install:
https://gitweb.torproject.org/pluggable-transports/obfs4.git/plain/README.md

>   • Would it be possible to keep my current relay fingerprint?

Keeping your current relay fingerprint is a bad idea.
It makes your bridge easier to censor, and it doesn’t help bridge users.

Delete your keys and start again.

T



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding variables in torrc

[Michael Brodhead]

I found this templating tool really easy to use for my torrc:

https://github.com/tests-always-included/mo 


Invocation is like so:

NICKNAME=$NICKNAME mo /tmp/host-config/torrc.mo > /tor/etc/torrc

And the corresponding torrc line is:

Nickname {{NICKNAME}}

IPv6 would work the same way.

—mkb


> On Aug 1, 2018, at 10:54 PM, con...@rockenhaus.com wrote:
> 
> Hello All,
> 
> I haven't had a chance to experiment with it yet, but can I source a
> variable from the tor startup script, let's say the IPv6 address of an
> instance, and define that within torrc as follows
> 
> ORPort [$Instance_IPv6_ADDR]:443
> 
> I'm sure if it's possible it would of already been done. I just wanted to
> see if there was an easy fix for simplifying templates for end users.
> 
> Thanks,
> 
> Conrad
> 
> --
> Conrad Rockenhaus
> Fingerprint: 8049 CDBA C385 C451 3348 776D 0F72 F2B5 26DA E93F
> Public Key:
> https://pgp.key-server.io/pks/lookup?op=get=0x0F72F2B526DAE93F
> https://www.rockenhaus.com
> --
> Get started with GreyPony Anonymization Today!
> https://www.greyponyit.com
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding variables in torrc

[nusenu]

> I haven't had a chance to experiment with it yet, but can I source a
> variable from the tor startup script, let's say the IPv6 address of an
> instance, and define that within torrc as follows
> 
> ORPort [$Instance_IPv6_ADDR]:443
> 
> I'm sure if it's possible it would of already been done. I just wanted to
> see if there was an easy fix for simplifying templates for end users.

the torrc has no template support AFAIK - you would have to use a
configuration management for that, but maybe the 
torrc %include functionality is somewhat useful for you
 

-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question regarding variables in torrc

[conrad]

Hello All,

I haven't had a chance to experiment with it yet, but can I source a
variable from the tor startup script, let's say the IPv6 address of an
instance, and define that within torrc as follows

ORPort [$Instance_IPv6_ADDR]:443

I'm sure if it's possible it would of already been done. I just wanted to
see if there was an easy fix for simplifying templates for end users.

Thanks,

Conrad

--
Conrad Rockenhaus
Fingerprint: 8049 CDBA C385 C451 3348 776D 0F72 F2B5 26DA E93F
Public Key:
https://pgp.key-server.io/pks/lookup?op=get=0x0F72F2B526DAE93F
https://www.rockenhaus.com
--
Get started with GreyPony Anonymization Today!
https://www.greyponyit.com


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question On Running A Tor Bridge Relay

[Keifer Bly]

➢ and the internet speed generally alternates between 500-800 kb/s.

Not internet speed, that’s my relay speed. Sorry. 
From: Keifer Bly
Sent: Wednesday, August 1, 2018 2:57 AM
To: tor-relays@lists.torproject.org
Subject: Question On Running A Tor Bridge Relay

Hi All,

So given that I am running my relay off of a home internet router (a Netgear 
Orbi Router) I am considering switching to running an obfuscated bridge. I am 
not sure I will do this, but have noticed that when my relay (torland at 
http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e72132684096eee779d30)
 Gets a lot of use,  this can cause my computer I am running it on to get hot 
(It is a mid 2011 iMac with 8GB Ram running Mac OS High Sierra). It does not 
happen often, but does from time to time. I have also noticed that not often 
but occasionally when my relay is running, my router will lock up either for a 
few minutes or until I restart it. I do not know if this is related to my relay 
(I checked with Netgear support and was told the router  is capable of about 
60,000 simultaneous connections, 65,000 being the absolute maximum).

The ISP is Charter Communications, and the internet speed generally alternates 
between 500-800 kb/s. I will maybe try running a bridge to cut down on the 
maximum number of connections I get, and have three questions. I have been 
running a public relay off my listed ip for some time but have a Dynamic IP so 
it should change from time to time.

1. What would be the most helpful PT to run? Obfs4 is the one I would most 
likely choose, and what countries are these being used in the most?
2. I looked on the tor website and could only find the instructions for 
installing PT on Linux at  
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy.
 Is there currently a way to install the PT for Obfs4 on Mac OS High Sierra 
(this would be installed via homebrew)?
3. Would it be possible to keep my current relay fingerprint?

Thanks very much. 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question On Running A Tor Bridge Relay

[Keifer Bly]

Hi All,

So given that I am running my relay off of a home internet router (a Netgear 
Orbi Router) I am considering switching to running an obfuscated bridge. I am 
not sure I will do this, but have noticed that when my relay (torland at 
http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e72132684096eee779d30)
 Gets a lot of use,  this can cause my computer I am running it on to get hot 
(It is a mid 2011 iMac with 8GB Ram running Mac OS High Sierra). It does not 
happen often, but does from time to time. I have also noticed that not often 
but occasionally when my relay is running, my router will lock up either for a 
few minutes or until I restart it. I do not know if this is related to my relay 
(I checked with Netgear support and was told the router  is capable of about 
60,000 simultaneous connections, 65,000 being the absolute maximum).

The ISP is Charter Communications, and the internet speed generally alternates 
between 500-800 kb/s. I will maybe try running a bridge to cut down on the 
maximum number of connections I get, and have three questions. I have been 
running a public relay off my listed ip for some time but have a Dynamic IP so 
it should change from time to time.

1. What would be the most helpful PT to run? Obfs4 is the one I would most 
likely choose, and what countries are these being used in the most?
2. I looked on the tor website and could only find the instructions for 
installing PT on Linux at  
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy.
 Is there currently a way to install the PT for Obfs4 on Mac OS High Sierra 
(this would be installed via homebrew)?
3. Would it be possible to keep my current relay fingerprint?

Thanks very much. 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[torix]

Dear Conrad,

It seems to me that there is an ethical difference between being forced to cut 
off torrent traffic and cutting off certain traffic because you object to the 
content.

--torix

Sent with [ProtonMail](https://protonmail.com) Secure Email.

‐‐‐ Original Message ‐‐‐
On July 15, 2018 12:23 PM, Conrad Rockenhaus  wrote:

> Hello,
>
> I was going to ask someone off-list, but the amount of abuse and DCMA 
> complaints I have received now have been so much that I have decided that the 
> best action to take is to set an exit policy. I run a couple of exit nodes 
> and I have people apparently using them to torrent, which we ask people 
> politely not to do through Torbut the policy gets ignored I guess. 
> Anyway, I'm receiving a sufficient amount of complaints to where I'm worried 
> that my service may be terminated unless I take action, which would affect 
> the greater good.
>
> So the question is - I run the default exit policy. I don't like being the 
> arbiter of what goes through and what doesn't. Is it okay, ethically, from a 
> free speech standpoint, to reach this point to where we say "we need to block 
> this content from transversing my node" in response to legal complaints from 
> others? Are others implementing these blocks and do you feel that such a 
> block doesn't violate any ethical norm to provide uncensored access to the 
> Internet?
>
> I'm just curious on what thoughts on this are. I know how to technically 
> perform the block, I guess I feel like we're one of the last bastions against 
> censorship on the Internet and people do torrent legitimate stuff. I don't 
> consider pirating Fallout 4, The Elder Scrolls V, Sweetbitter, and The Evil 
> Within 2 to be protected speech FYI... my worry is just blocking the 
> legitimate uses of bittorrent.
>
> Thanks,
>
> Conrad Rockenhaus___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[tor]

grarpamp  wrote:

> If operators are taking flak from their upstream,
> and they want to carry the traffic for reasons,
> before giving in and deploying exit policy, see what options
> are available to SWIP the address space to you and thus
> eat a lot of the complaints from the internet yourself.

What he said, but adding to this -

There are not many exit operators who will be in a position to 
actually own their own IP space and therefore have it SWIPed to them 
100%, with nobody else getting abuse complaints. The more SWIP you can 
get pointed at you, the better, but unfortunately something like 
getting colo space and a /28 doesn't necessarily get you that.


The automated DCMA complaints are actually an abuse of the recipient's 
email system because the goons sending them do not change what they 
are doing (or in fact, respond) when you ask them to stop emailing 
you.


For those in a position to run exit policies that might result in 
abusive automated DCMA emails, it is entirely within the realm of 
reasonable to build email server filters to reject those at the SMTP 
envelope (refusal to even accept the emails). You'll also probably be 
making a filter that outright rejects Base-64 emails from that sender 
(ie: requiring all abuse@ emails to be submitted plain text or HTML).








___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[grarpamp]

If operators are taking flak from their upstream,
and they want to carry the traffic for reasons,
before giving in and deploying exit policy, see what options
are available to SWIP the address space to you and thus
eat a lot of the complaints from the internet yourself.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Conrad Rockenhaus]

On Sun, Jul 15, 2018 at 2:18 PM, Mirimir  wrote:
>
> I think that you'll find blocking bittorrent to be harder than expected.
> Modern protocols are well-encrypted, and DPI doesn't really touch them.
>

DPI was never even under consideration. I wasn't comfortable calling
it "Free Speech" when I was indeed limiting access to something by
implementing an exit policy. I forgot that the default policy in
itself limits SMTP, and other things and my comfort level increased.

-Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Conrad Rockenhaus]

On Sun, Jul 15, 2018 at 12:36 PM, Nagaev Boris  wrote:


> I think that modern copyright lays violate non aggression principle,
> which includes free speech.

As I agree, which is why I typically ignored such threats until my
provider started enforcing said threats.

> Rationale. Skip this paragraph if you already agree with the above
> statement. When a person buys a hard drive they become an owner of it.
> Of all its parts, including parts happen to be Fallout 4, The Elder
> Scrolls V, Sweetbitter, and The Evil Within 2. Another person
> establishes a private communication channel between their hard drive
> and the first person's hard drive. The line between them is private,
> hard drives are private property of these two people => any
> intervention of force into this voluntarily interaction is an
> aggression.
>
> If one agrees that copyright laws are incompatible with free speech
> and are immoral, then he has to admit that all solutions including Tor
> are technical, not fundamental. Thus the "quality" of a solution is
> based not on morality but on technical properties (e.g. how much data
> is transmitted, how many people can use it, etc). Free speech
> considerations are not a measure at this point. If to continue
> providing the service the node has to drop some connections is the
> lesser evil to be accepted. You can compare it with treating an
> incurable disease: you can not fix the problem in a right way but you
> can reduce the suffering and increase life time of the patient.
>

Thank you for your very thoughtful answer. I just implemented the
first choice in the ReducedExit policies in my exits to try to block
the bittorrent threat from taking service away from everyone else.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Mirimir]

On 07/15/2018 09:23 AM, Conrad Rockenhaus wrote:



> I'm just curious on what thoughts on this are. I know how to technically
> perform the block, I guess I feel like we're one of the last bastions
> against censorship on the Internet and people do torrent legitimate stuff.
> I don't consider pirating Fallout 4, The Elder Scrolls V, Sweetbitter, and
> The Evil Within 2 to be protected speech FYI... my worry is just blocking
> the legitimate uses of bittorrent.

I think that you'll find blocking bittorrent to be harder than expected.
Modern protocols are well-encrypted, and DPI doesn't really touch them.




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Roger Dingledine]

On Sun, Jul 15, 2018 at 05:53:13PM +0100, Iain Learmonth wrote:
> Exit policies are the way to configure this. Please do not try to filter
> specific uses of a protocol using DPI. Application-level
> filtering/firewalls is a good way to get the BadExit flag.

I know this wasn't the original question, but I think it will be useful
to add:

In addition, though the line isn't black-and-white, declining to handle
traffic based on destination IP address or port is more on the "address"
side of things, whereas DPI by payload is more on the "content" side
of things. And the closer you are to making decisions based on content,
the closer you are to wiretapping, and also the closer you are to taking
responsibility for the content that you do "decide" to let through. So
it is a bad move from a legal perspective to go that route.

As for the ethics question, I think everybody who is offering exit
capacity of any sort is doing a good deed for the world, and people
contribute according to what their circumstances allow, and to me that's
very reasonable.

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Matt Traudt]

On 07/15/2018 01:21 PM, Conrad Rockenhaus wrote:
> Hello,
> 
>> Tor is designed in such a way that you can separately decide whether or
>> not you want to contribute to the network, and also whether or not you
>> are willing to deal with abuse notices. This is configured via exit
>> policies.
> 
> I never said that, I asked if people felt it was ethical to still
> consider themselves contributing to "Full Free Speech" by running the
> default exit policy then to start deviating from the default exit
> policy and blocking items such as access to bittorrent. Basically, my
> concern is I see a legitimate use of bittorrent, which is why I never
> blocked it on my exits. Now I'm being forced to. I'm asking if other
> people view themselves as "Full Free Speech" still or are we starting
> to arbitrate free speech?
> 

Even when using the default exit policy you are blocking some ports. For
example, SMTP on port 25.

There are legitimate reasons to use port 25. You're already blocking
those users that want to use 25. If you choose to define supporting Full
Free Speech as allowing all traffic, you already stopped supporting FFS.

Personally I'd rather support 99.9% of Tor users (made up percentage)
forever than support 100% of Tor users for a limited time.

I don't run the default exit policy on all my relays and I don't see
anything wrong with my decision.

Hope that helps. Thanks for running a relay(s).

Matt

PS: for reference, the default exit policy is as follows according to
the Tor manual. https://www.torproject.org/docs/tor-manual.html.en

reject *:25
reject *:119
reject *:135-139
reject *:445
reject *:563
reject *:1214
reject *:4661-4666
reject *:6346-6429
reject *:6699
reject *:6881-6999
accept *:*

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Nagaev Boris]

On Sun, Jul 15, 2018 at 12:23 PM, Conrad Rockenhaus
 wrote:
> Hello,
>
> I was going to ask someone off-list, but the amount of abuse and DCMA
> complaints I have received now have been so much that I have decided that
> the best action to take is to set an exit policy. I run a couple of exit
> nodes and I have people apparently using them to torrent, which we ask
> people politely not to do through Torbut the policy gets ignored I
> guess. Anyway, I'm receiving a sufficient amount of complaints to where I'm
> worried that my service may be terminated unless I take action, which would
> affect the greater good.
>
> So the question is - I run the default exit policy. I don't like being the
> arbiter of what goes through and what doesn't. Is it okay, ethically, from a
> free speech standpoint, to reach this point to where we say "we need to
> block this content from transversing my node" in response to legal
> complaints from others? Are others implementing these blocks and do you feel
> that such a block doesn't violate any ethical norm to provide uncensored
> access to the Internet?
>
> I'm just curious on what thoughts on this are. I know how to technically
> perform the block, I guess I feel like we're one of the last bastions
> against censorship on the Internet and people do torrent legitimate stuff. I
> don't consider pirating Fallout 4, The Elder Scrolls V, Sweetbitter, and The
> Evil Within 2 to be protected speech FYI... my worry is just blocking the
> legitimate uses of bittorrent.
>
> Thanks,
>
> Conrad Rockenhaus
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

I think that modern copyright lays violate non aggression principle,
which includes free speech.

Rationale. Skip this paragraph if you already agree with the above
statement. When a person buys a hard drive they become an owner of it.
Of all its parts, including parts happen to be Fallout 4, The Elder
Scrolls V, Sweetbitter, and The Evil Within 2. Another person
establishes a private communication channel between their hard drive
and the first person's hard drive. The line between them is private,
hard drives are private property of these two people => any
intervention of force into this voluntarily interaction is an
aggression.

If one agrees that copyright laws are incompatible with free speech
and are immoral, then he has to admit that all solutions including Tor
are technical, not fundamental. Thus the "quality" of a solution is
based not on morality but on technical properties (e.g. how much data
is transmitted, how many people can use it, etc). Free speech
considerations are not a measure at this point. If to continue
providing the service the node has to drop some connections is the
lesser evil to be accepted. You can compare it with treating an
incurable disease: you can not fix the problem in a right way but you
can reduce the suffering and increase life time of the patient.

-- 
Best regards,
Boris Nagaev
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Conrad Rockenhaus]

Hello,

> Tor is designed in such a way that you can separately decide whether or
> not you want to contribute to the network, and also whether or not you
> are willing to deal with abuse notices. This is configured via exit
> policies.

I never said that, I asked if people felt it was ethical to still
consider themselves contributing to "Full Free Speech" by running the
default exit policy then to start deviating from the default exit
policy and blocking items such as access to bittorrent. Basically, my
concern is I see a legitimate use of bittorrent, which is why I never
blocked it on my exits. Now I'm being forced to. I'm asking if other
people view themselves as "Full Free Speech" still or are we starting
to arbitrate free speech?


> If abuse is threatening the continued running of your relay, then you
> should take action to avoid not having a relay anymore.

I am, but I'm in an ethical quandary. Do I like watching scat porn?
No, but I'll defend your right to the death to watch it.


> There is a page on the wiki about various reduced exit policies that
> will reduce the amount of abuse notices your relay may attract:

Again, we can answer the technical questions all day long, but it's
not answering my true question here.

>
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
>
> Exit policies are the way to configure this. Please do not try to filter
> specific uses of a protocol using DPI. Application-level
> filtering/firewalls is a good way to get the BadExit flag.

Never thought of doing it that way. I do business by the book, what
I'm questioning is am I right to call myself a Defender of the Faith
by the book or should I try fighting this or what?

Thanks,

Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding ethical torrent blocking

[Iain Learmonth]

Hi,

On 15/07/18 17:23, Conrad Rockenhaus wrote:
> I'm just curious on what thoughts on this are. I know how to technically
> perform the block, I guess I feel like we're one of the last bastions
> against censorship on the Internet and people do torrent legitimate
> stuff. I don't consider pirating Fallout 4, The Elder Scrolls V,
> Sweetbitter, and The Evil Within 2 to be protected speech FYI... my
> worry is just blocking the legitimate uses of bittorrent.

Tor is designed in such a way that you can separately decide whether or
not you want to contribute to the network, and also whether or not you
are willing to deal with abuse notices. This is configured via exit
policies.

If abuse is threatening the continued running of your relay, then you
should take action to avoid not having a relay anymore.

There is a page on the wiki about various reduced exit policies that
will reduce the amount of abuse notices your relay may attract:

https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy

Exit policies are the way to configure this. Please do not try to filter
specific uses of a protocol using DPI. Application-level
filtering/firewalls is a good way to get the BadExit flag.

Thanks,
Iain.



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question regarding ethical torrent blocking

[Conrad Rockenhaus]

Hello,

I was going to ask someone off-list, but the amount of abuse and DCMA
complaints I have received now have been so much that I have decided that
the best action to take is to set an exit policy. I run a couple of exit
nodes and I have people apparently using them to torrent, which we ask
people politely not to do through Torbut the policy gets ignored I
guess. Anyway, I'm receiving a sufficient amount of complaints to where I'm
worried that my service may be terminated unless I take action, which would
affect the greater good.

So the question is - I run the default exit policy. I don't like being the
arbiter of what goes through and what doesn't. Is it okay, ethically, from
a free speech standpoint, to reach this point to where we say "we need to
block this content from transversing my node" in response to legal
complaints from others? Are others implementing these blocks and do you
feel that such a block doesn't violate any ethical norm to provide
uncensored access to the Internet?

I'm just curious on what thoughts on this are. I know how to technically
perform the block, I guess I feel like we're one of the last bastions
against censorship on the Internet and people do torrent legitimate stuff.
I don't consider pirating Fallout 4, The Elder Scrolls V, Sweetbitter, and
The Evil Within 2 to be protected speech FYI... my worry is just blocking
the legitimate uses of bittorrent.

Thanks,

Conrad Rockenhaus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question on relay allowed downtime

[Keifer Bly]

Thank you. I just had to restart my relay again because it disappeared from
the relay list for some reason, the software did not say that it was having
any trouble and my internet connection is working perfectly fine. Would you
know why that might be happening? Thank you.

On Thu, Apr 26, 2018 at 5:54 AM, Vasilis  wrote:

> Hi,
>
> Keifer Bly:
>
> > So recently I had an uptime of about 3-4 days but then I had to restart
> my computer to install an operating system update (the OS in question being
> Mac OS X High Sierra). I know I am not to worry about what flags I have as
> long as I am not a bad relay, but am curious, what is the allowed downtime
> the network allows to do things like install operating system updates, etc,
> without significantly impacting time between failures?
>
> In general it's much better to run an updated relay and take as much time
> is
> needed for operating system updates. You can read Tor's protocol
> specification
> section that describe how directory authorities choose which flags to
> apply to
> routers (relays) [1].
>
>
> For more information on the topic you can read related discussions in tor
> relay
> threads [2], [3].
>
>
> [1] https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2426
> [2] https://lists.torproject.org/pipermail/tor-relays/2017-Janua
> ry/011826.html
> [3] https://lists.torproject.org/pipermail/tor-relays/2014-Decem
> ber/005896.html
>
>
> Cheers,
> ~Vasilis
> --
> Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
> Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question on relay allowed downtime

[Vasilis]

Hi,

Keifer Bly:

> So recently I had an uptime of about 3-4 days but then I had to restart my 
> computer to install an operating system update (the OS in question being Mac 
> OS X High Sierra). I know I am not to worry about what flags I have as long 
> as I am not a bad relay, but am curious, what is the allowed downtime the 
> network allows to do things like install operating system updates, etc, 
> without significantly impacting time between failures?

In general it's much better to run an updated relay and take as much time is
needed for operating system updates. You can read Tor's protocol specification
section that describe how directory authorities choose which flags to apply to
routers (relays) [1].


For more information on the topic you can read related discussions in tor relay
threads [2], [3].


[1] https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2426
[2] https://lists.torproject.org/pipermail/tor-relays/2017-January/011826.html
[3] https://lists.torproject.org/pipermail/tor-relays/2014-December/005896.html


Cheers,
~Vasilis
-- 
Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question on relay allowed downtime

[Keifer Bly]

Hello,

So recently I had an uptime of about 3-4 days but then I had to restart my 
computer to install an operating system update (the OS in question being Mac OS 
X High Sierra). I know I am not to worry about what flags I have as long as I 
am not a bad relay, but am curious, what is the allowed downtime the network 
allows to do things like install operating system updates, etc, without 
significantly impacting time between failures?

Thank you.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding exit sizing

[igor.n.mitrofanov]

This is why I chose to run multiple 100 Mhz nodes. I over-advertise the 
capacity, so that some of them get a bit more traffic than they really should, 
because the bwauths under-measure NA relays and, worse, keep changing their 
measurements for no apparent reason. On the same bare metal box one relay can 
be measured as 3-4x another, easily.
 Original message From: Conrad Rockenhaus 
<con...@rockenhaus.com> Date: 2/10/18  12:33 AM  (GMT-08:00) To: 
tor-relays@lists.torproject.org Subject: Re: [tor-relays] Question regarding 
exit sizing 
The 500 Mbps instance would either be one of my private servers in my co-lo, or 
a dedicated server in one of my private cloud hosting locations. With both 
contacts, bandwidth costs aren’t an issue, but if one big instance would work I 
would put it on the same hardware that I am running a server that averages 
about 700+ mbps consistently.  The small servers that I’m hitting 100 mbps on, 
I’m just getting low cost VPSes for since….they do the job and they do the job 
well, they’re guaranteed a minimum of 100mbps bandwidth to the first tier 1 hop 
and Atlas shows them consistently used at that level, so I’m happy.
I mainly wanted to give back big to the community because Tor gave me the idea 
for my latest free for personal/charge for business use idea that I’m going to 
roll out soon (I’ll gladly send y’all a link, as I think it’s something that 
would be very useful).

I haven’t noticed any bad measurements…the three relays I run now, well, one 
just started this week so we can throw that one out for now, but the other two  
are showing 12.55 MiB/s and 12.28 MiB/s, and I’m guaranteed 100 mbps, so I’m 
doing pretty well on those two. Since the priority is exit nodes, I’ll probably 
add two more exit nodes in Canada, leaving four exits, and one relay there.
But I do get your points, and the more I do think about it, it would be better 
to just spread it all out, so I guess whenever I start spinning up nodes in 
Europe I’ll just use VPSes. One other thing I forgot to realize is I’m seeing a 
steady increase in the amount of DDoS attacks on my exits as of late. My 
provider tries to mitigate them as much as possible, but it’s annoying for the 
end users going through the node and it’s annoying for the people who are 
getting affected by the DDoS. Putting everything on one big box is just 
screaming “Here, attack me right here plz, kthx."


On Feb 10, 2018, at 1:44 AM, tor <t...@anondroid.com> wrote:
What scenario is better for the network - adding five 100mbps nodes, or one 500 
mbps node?


Are we talking bare metal or VPS? A VPS will probably bottleneck on RAM or CPU 
before hitting 500 Mpbs.

Bare metal would stand a chance with the right hardware and tuning, but I 
wouldn't assume you'll hit 500 Mbps on any given node.

Due to the nature of the bandwidth measurements, physical location matters too. 
You're at the mercy of Tor's bandwidth authorities and in my experience, the 
further away from Europe, the worse your measurements will be, and so again you 
may not hit 500 Mbps.

Basically, you shouldn't assume that whatever bandwidth you plan for and 
advertise will come your way. 

I think you'd have better luck with 5x 100 Mbps nodes, or maybe 3x 200 Mbps 
nodes. You can also run 2 relays per IP.

There are advantages to spreading out the load (like redundancy). I also think 
Tor's bandwidth measurements and consensus weights are fickle, and some of the 
variables are out of your control (what else is going on in your rack, 
datacenter, upstream, etc.). You could use ansible-relayor to turn up a bunch 
of nodes, wait to see which ones are the most performant, and then keep the 
best ones. That's what I would do. :)


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding exit sizing

[Conrad Rockenhaus]

The 500 Mbps instance would either be one of my private servers in my co-lo, or 
a dedicated server in one of my private cloud hosting locations. With both 
contacts, bandwidth costs aren’t an issue, but if one big instance would work I 
would put it on the same hardware that I am running a server that averages 
about 700+ mbps consistently.  The small servers that I’m hitting 100 mbps on, 
I’m just getting low cost VPSes for since….they do the job and they do the job 
well, they’re guaranteed a minimum of 100mbps bandwidth to the first tier 1 hop 
and Atlas shows them consistently used at that level, so I’m happy.

I mainly wanted to give back big to the community because Tor gave me the idea 
for my latest free for personal/charge for business use idea that I’m going to 
roll out soon (I’ll gladly send y’all a link, as I think it’s something that 
would be very useful).

I haven’t noticed any bad measurements…the three relays I run now, well, one 
just started this week so we can throw that one out for now, but the other two  
are showing 12.55 MiB/s and 12.28 MiB/s, and I’m guaranteed 100 mbps, so I’m 
doing pretty well on those two. Since the priority is exit nodes, I’ll probably 
add two more exit nodes in Canada, leaving four exits, and one relay there.

But I do get your points, and the more I do think about it, it would be better 
to just spread it all out, so I guess whenever I start spinning up nodes in 
Europe I’ll just use VPSes. One other thing I forgot to realize is I’m seeing a 
steady increase in the amount of DDoS attacks on my exits as of late. My 
provider tries to mitigate them as much as possible, but it’s annoying for the 
end users going through the node and it’s annoying for the people who are 
getting affected by the DDoS. Putting everything on one big box is just 
screaming “Here, attack me right here plz, kthx."




> On Feb 10, 2018, at 1:44 AM, tor  wrote:
> 
>> What scenario is better for the network - adding five 100mbps nodes, or one 
>> 500 mbps node?
> 
> 
> Are we talking bare metal or VPS? A VPS will probably bottleneck on RAM or 
> CPU before hitting 500 Mpbs.
> 
> Bare metal would stand a chance with the right hardware and tuning, but I 
> wouldn't assume you'll hit 500 Mbps on any given node.
> 
> Due to the nature of the bandwidth measurements, physical location matters 
> too. You're at the mercy of Tor's bandwidth authorities and in my experience, 
> the further away from Europe, the worse your measurements will be, and so 
> again you may not hit 500 Mbps.
> 
> Basically, you shouldn't assume that whatever bandwidth you plan for and 
> advertise will come your way. 
> 
> I think you'd have better luck with 5x 100 Mbps nodes, or maybe 3x 200 Mbps 
> nodes. You can also run 2 relays per IP.
> 
> There are advantages to spreading out the load (like redundancy). I also 
> think Tor's bandwidth measurements and consensus weights are fickle, and some 
> of the variables are out of your control (what else is going on in your rack, 
> datacenter, upstream, etc.). You could use ansible-relayor to turn up a bunch 
> of nodes, wait to see which ones are the most performant, and then keep the 
> best ones. That's what I would do. :)
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question regarding exit sizing

[tor]

> What scenario is better for the network - adding five 100mbps nodes, or one 
> 500 mbps node?


Are we talking bare metal or VPS? A VPS will probably bottleneck on RAM or CPU 
before hitting 500 Mpbs.

Bare metal would stand a chance with the right hardware and tuning, but I 
wouldn't assume you'll hit 500 Mbps on any given node.

Due to the nature of the bandwidth measurements, physical location matters too. 
You're at the mercy of Tor's bandwidth authorities and in my experience, the 
further away from Europe, the worse your measurements will be, and so again you 
may not hit 500 Mbps.

Basically, you shouldn't assume that whatever bandwidth you plan for and 
advertise will come your way. 

I think you'd have better luck with 5x 100 Mbps nodes, or maybe 3x 200 Mbps 
nodes. You can also run 2 relays per IP.

There are advantages to spreading out the load (like redundancy). I also think 
Tor's bandwidth measurements and consensus weights are fickle, and some of the 
variables are out of your control (what else is going on in your rack, 
datacenter, upstream, etc.). You could use ansible-relayor to turn up a bunch 
of nodes, wait to see which ones are the most performant, and then keep the 
best ones. That's what I would do. :)


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question regarding exit sizing

[Conrad Rockenhaus]

Hello,

I have a question regarding relay sizing to add additional nodes to the network.

What scenario is better for the network - adding five 100mbps nodes, or one 500 
mbps node? Let’s keep it easy and say all five of those 100 mbps nodes would be 
in the same datacenter, configured in the same configuration, etc.

I’m just curious, because I”m getting ready to add a few more nodes, but I’m 
wondering if it’ll be better to go big, or just stay small.

Thanks,

Conrad Rockenhaus
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about downtime

[nusenu]

Conrad Rockenhaus:
> They’re running on CentOS, so I have to manually install the latest
> version of tor to keep up with the security updates.
> 
> I am considering migrating to Ubuntu or Debian to make the update
> process simpler.

EPEL repos ship tor 0.2.9.14 - that version should be just fine from a
security perspective, but I agree that you will get security updates
faster on Debian based systems if you use the torproject's repository.

If you want to run tor 0.3.2.x on CentOS you might want to track:
https://bugzilla.redhat.com/show_bug.cgi?id=1532909
https://copr.fedorainfracloud.org/coprs/maha/tor-latest/

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about downtime

[Roger Dingledine]

On Sun, Jan 21, 2018 at 03:52:27AM -0600, Conrad Rockenhaus wrote:
> Anyway, I had a quick question, on the relay side I run ConradsOVHRelay01 
> (Relay) and ConradsOVHRelay02 (Exit). They???re running on CentOS, so I have 
> to manually install the latest version of tor to keep up with the security 
> updates. 

Thanks for running two relays!

> I am considering migrating to Ubuntu or Debian to make the update process 
> simpler. To avoid downtime, would it be better to spin up two more boxes and 
> migrate or would bringing them down for maintenance be acceptable? I would 
> like to avoid downtime personally, as they???re stable, fast relays.

I'd say do whichever one you would find more fun.

If you take them down for maintenance and to switch OSes, this is
totally fine, and their reputation will recover after a while -- and
in any case even if they e.g. lose the Guard flag for a bit, they'll be
used for other roles until they get it back.

If you want to do the more complicated approach of spinning up two new
computers, configuring them, and then copying the keys and nicknames
and etc over, so you have less downtime, that is also totally fine.

In sum: do the one that will bring you more joy. :)

Thanks,
--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question about downtime

[Conrad Rockenhaus]

Hello,

Note - to others that have sent me emails about a proposed project, I will 
respond, I’m sorry I just got caught up in a huge emergency project.

Anyway, I had a quick question, on the relay side I run ConradsOVHRelay01 
(Relay) and ConradsOVHRelay02 (Exit). They’re running on CentOS, so I have to 
manually install the latest version of tor to keep up with the security 
updates. 

I am considering migrating to Ubuntu or Debian to make the update process 
simpler. To avoid downtime, would it be better to spin up two more boxes and 
migrate or would bringing them down for maintenance be acceptable? I would like 
to avoid downtime personally, as they’re stable, fast relays.

I’m just looking for thoughts and ideas.

Thanks,

Conrad
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: systematic hacking on my social media accounts

[Dave Warren]

On 2018-01-12 18:07, Paul Templeton wrote:

They got into my Facebook page (Haven't used it for years) - Seems that they 
got access via really old personal questions that family have provided them via 
their online posts - ie happy birthday now that you are this old... and hows 
your dog m doing and my mum listing her maiden name etc. I can't get it 
through to people to stop them from having public profiles... SIGH. Mean while 
they have to put up with girly pics or unfriend me as i'm not interested in the 
account.


Why would you place your security in the hands of people who may or may 
not remember what data they are supposed to hide, and who have no vested 
interest in guessing which parts should or should not be used?


Hint: You don't need to answer security questions honestly, just record 
what you answered for future reference. An randomly generated 
alphanumeric password is just as good as "spot" for the name of your 
first pet from Facebook's perspective, but a lot more secure for you.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question: systematic hacking on my social media accounts

[Paul Templeton]

Hi all,

Just wondering if anyone else has had this problem over the last week. I have 
had attempts (one successful) on my social media accounts. Just found it 
strange that it was more than one.

They got into my Facebook page (Haven't used it for years) - Seems that they 
got access via really old personal questions that family have provided them via 
their online posts - ie happy birthday now that you are this old... and hows 
your dog m doing and my mum listing her maiden name etc. I can't get it 
through to people to stop them from having public profiles... SIGH. Mean while 
they have to put up with girly pics or unfriend me as i'm not interested in the 
account.

A lesson for all.

Paul


609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about relay speed + quick question about IPV6

[Sheesh]

Nevermind. It got its flags back and is now working a expected. :)

Thanks for everybody's help!


On 03.10.2016 05:45, Sheesh wrote:
>
> Alright, thank you!
>
> I'm just wondering why I have only a few connections (14 inbound, 1
> outbound) right now. But I guess that's because the relay lost its
> stable and fast flag due to server move and several restarts and now
> needs some time to reestablish?
>
>
> On 03.10.2016 04:03, teor wrote:
>>> On 2 Oct 2016, at 18:59, Sheesh  wrote:
>>>
>>> Thank you! Two last questions, though (hope it's okay): Do I need to put 
>>> ExitPolicy reject6 *:* in my torrc or is this covered by ExitPolicy reject 
>>> *:*?
>> ExitPolicy reject *:* applies to both IPv4 and IPv6.
>> And your relay won't exit on IPv4 unless you set ExitRelay to 1, and won't 
>> exit on IPv6 unless you set IPv6Exit and ExitRelay to 1.
>>
>>> Also why do I always have 4 or 8 circuits open? At least that's what 
>>> tor-arm shows me.
>> Because tor preemptively builds circuits for you to use when you need them.
>> When your relay publishes a descriptor, it will make more circuits as needed 
>> to relay client traffic.
>>
>> Tim
>>
>>> On 03.10.2016 03:34, teor wrote:
> On 2 Oct 2016, at 17:17, Sheesh 
>  wrote:
>
> Thanks for everybody's input. I decided to move the relay keys to the
> new server but I'm not entirely sure if I start another slow (500KB/s)
> one or just seed some Linux distros or do something else helpful.
>
> Also I do have a question about IPv6:
> If I read right I just have to add
> ORPort [IPv6]:Port
> DirPort [IPv6]:Port
>
 You only need the ORPort, the IPv6 DirPort isn't needed any more.
 (It was used by a few of the 0.2.8 alpha series, but removed before the
 stable release.)


> is this correct?
> Can I specify the same ports I use for IPv4 (443 and 80)?
>
 Yes, this should work on most OSs, if it doesn't, please file a bug.


> Also since I have a couple of IPv6 available but a non-exit relay is it
> still necessary to set OutboundBindAddress?
>
 OutboundBindAddress can be used twice, once with an IPv4 address and once
 with an IPv6 address. Outbound traffic on a non-exit relay is all IPv4,
 and it will use the routing table if you don't use OutboundBindAddress.

 Unless you have multiple IPv4 addresses, it won't make any difference.

 T

 --
 Tim Wilson-Brown (teor)

 teor2345 at gmail dot com
 PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
 ricochet:ekmygaiu4rzgsk6n
 xmpp: teor at torproject dot org










 ___
 tor-relays mailing list

 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> T
>>
>> --
>> Tim Wilson-Brown (teor)
>>
>> teor2345 at gmail dot com
>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>> ricochet:ekmygaiu4rzgsk6n
>> xmpp: teor at torproject dot org
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about relay speed + quick question about IPV6

[Sheesh]

Alright, thank you!

I'm just wondering why I have only a few connections (14 inbound, 1
outbound) right now. But I guess that's because the relay lost its
stable and fast flag due to server move and several restarts and now
needs some time to reestablish?


On 03.10.2016 04:03, teor wrote:
>> On 2 Oct 2016, at 18:59, Sheesh  wrote:
>>
>> Thank you! Two last questions, though (hope it's okay): Do I need to put 
>> ExitPolicy reject6 *:* in my torrc or is this covered by ExitPolicy reject 
>> *:*?
> ExitPolicy reject *:* applies to both IPv4 and IPv6.
> And your relay won't exit on IPv4 unless you set ExitRelay to 1, and won't 
> exit on IPv6 unless you set IPv6Exit and ExitRelay to 1.
>
>> Also why do I always have 4 or 8 circuits open? At least that's what tor-arm 
>> shows me.
> Because tor preemptively builds circuits for you to use when you need them.
> When your relay publishes a descriptor, it will make more circuits as needed 
> to relay client traffic.
>
> Tim
>
>> On 03.10.2016 03:34, teor wrote:
 On 2 Oct 2016, at 17:17, Sheesh 
  wrote:

 Thanks for everybody's input. I decided to move the relay keys to the
 new server but I'm not entirely sure if I start another slow (500KB/s)
 one or just seed some Linux distros or do something else helpful.

 Also I do have a question about IPv6:
 If I read right I just have to add
 ORPort [IPv6]:Port
 DirPort [IPv6]:Port

>>> You only need the ORPort, the IPv6 DirPort isn't needed any more.
>>> (It was used by a few of the 0.2.8 alpha series, but removed before the
>>> stable release.)
>>>
>>>
 is this correct?
 Can I specify the same ports I use for IPv4 (443 and 80)?

>>> Yes, this should work on most OSs, if it doesn't, please file a bug.
>>>
>>>
 Also since I have a couple of IPv6 available but a non-exit relay is it
 still necessary to set OutboundBindAddress?

>>> OutboundBindAddress can be used twice, once with an IPv4 address and once
>>> with an IPv6 address. Outbound traffic on a non-exit relay is all IPv4,
>>> and it will use the routing table if you don't use OutboundBindAddress.
>>>
>>> Unless you have multiple IPv4 addresses, it won't make any difference.
>>>
>>> T
>>>
>>> --
>>> Tim Wilson-Brown (teor)
>>>
>>> teor2345 at gmail dot com
>>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>>> ricochet:ekmygaiu4rzgsk6n
>>> xmpp: teor at torproject dot org
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ___
>>> tor-relays mailing list
>>>
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> T
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
>
>
>
>
>
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about relay speed + quick question about IPV6

[Tristan]

Um, yes it will. I don't have ExitRelay in my torrc file at all, and it
exits just fine.

On Sun, Oct 2, 2016 at 9:03 PM, teor  wrote:

>
> And your relay won't exit on IPv4 unless you set ExitRelay to 1
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
>
>
>
>
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>


-- 
Finding information, passing it along. ～SuperSluether
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about relay speed + quick question about IPV6

[teor]

> On 2 Oct 2016, at 18:59, Sheesh  wrote:
> 
> Thank you! Two last questions, though (hope it's okay): Do I need to put 
> ExitPolicy reject6 *:* in my torrc or is this covered by ExitPolicy reject 
> *:*?

ExitPolicy reject *:* applies to both IPv4 and IPv6.
And your relay won't exit on IPv4 unless you set ExitRelay to 1, and won't exit 
on IPv6 unless you set IPv6Exit and ExitRelay to 1.

> Also why do I always have 4 or 8 circuits open? At least that's what tor-arm 
> shows me.

Because tor preemptively builds circuits for you to use when you need them.
When your relay publishes a descriptor, it will make more circuits as needed to 
relay client traffic.

Tim

> 
> On 03.10.2016 03:34, teor wrote:
>>> On 2 Oct 2016, at 17:17, Sheesh 
>>>  wrote:
>>> 
>>> Thanks for everybody's input. I decided to move the relay keys to the
>>> new server but I'm not entirely sure if I start another slow (500KB/s)
>>> one or just seed some Linux distros or do something else helpful.
>>> 
>>> Also I do have a question about IPv6:
>>> If I read right I just have to add
>>> ORPort [IPv6]:Port
>>> DirPort [IPv6]:Port
>>> 
>> You only need the ORPort, the IPv6 DirPort isn't needed any more.
>> (It was used by a few of the 0.2.8 alpha series, but removed before the
>> stable release.)
>> 
>> 
>>> is this correct?
>>> Can I specify the same ports I use for IPv4 (443 and 80)?
>>> 
>> Yes, this should work on most OSs, if it doesn't, please file a bug.
>> 
>> 
>>> Also since I have a couple of IPv6 available but a non-exit relay is it
>>> still necessary to set OutboundBindAddress?
>>> 
>> OutboundBindAddress can be used twice, once with an IPv4 address and once
>> with an IPv6 address. Outbound traffic on a non-exit relay is all IPv4,
>> and it will use the routing table if you don't use OutboundBindAddress.
>> 
>> Unless you have multiple IPv4 addresses, it won't make any difference.
>> 
>> T
>> 
>> --
>> Tim Wilson-Brown (teor)
>> 
>> teor2345 at gmail dot com
>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>> ricochet:ekmygaiu4rzgsk6n
>> xmpp: teor at torproject dot org
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> ___
>> tor-relays mailing list
>> 
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org









signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about relay speed + quick question about IPV6

[Sheesh]

Thank you! Two last questions, though (hope it's okay): Do I need to put
ExitPolicy reject6 *:* in my torrc or is this covered by ExitPolicy
reject *:*?

Also why do I always have 4 or 8 circuits open? At least that's what
tor-arm shows me.


On 03.10.2016 03:34, teor wrote:
>> On 2 Oct 2016, at 17:17, Sheesh  wrote:
>>
>> Thanks for everybody's input. I decided to move the relay keys to the
>> new server but I'm not entirely sure if I start another slow (500KB/s)
>> one or just seed some Linux distros or do something else helpful.
>>
>> Also I do have a question about IPv6:
>> If I read right I just have to add
>> ORPort [IPv6]:Port
>> DirPort [IPv6]:Port
> You only need the ORPort, the IPv6 DirPort isn't needed any more.
> (It was used by a few of the 0.2.8 alpha series, but removed before the
> stable release.)
>
>> is this correct?
>> Can I specify the same ports I use for IPv4 (443 and 80)?
> Yes, this should work on most OSs, if it doesn't, please file a bug.
>
>> Also since I have a couple of IPv6 available but a non-exit relay is it
>> still necessary to set OutboundBindAddress?
> OutboundBindAddress can be used twice, once with an IPv4 address and once
> with an IPv6 address. Outbound traffic on a non-exit relay is all IPv4,
> and it will use the routing table if you don't use OutboundBindAddress.
>
> Unless you have multiple IPv4 addresses, it won't make any difference.
>
> T
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
>
>
>
>
>
>
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about relay speed + quick question about IPV6

[teor]

> On 2 Oct 2016, at 17:17, Sheesh  wrote:
> 
> Thanks for everybody's input. I decided to move the relay keys to the
> new server but I'm not entirely sure if I start another slow (500KB/s)
> one or just seed some Linux distros or do something else helpful.
> 
> Also I do have a question about IPv6:
> If I read right I just have to add
> ORPort [IPv6]:Port
> DirPort [IPv6]:Port

You only need the ORPort, the IPv6 DirPort isn't needed any more.
(It was used by a few of the 0.2.8 alpha series, but removed before the
stable release.)

> is this correct?
> Can I specify the same ports I use for IPv4 (443 and 80)?

Yes, this should work on most OSs, if it doesn't, please file a bug.

> Also since I have a couple of IPv6 available but a non-exit relay is it
> still necessary to set OutboundBindAddress?

OutboundBindAddress can be used twice, once with an IPv4 address and once
with an IPv6 address. Outbound traffic on a non-exit relay is all IPv4,
and it will use the routing table if you don't use OutboundBindAddress.

Unless you have multiple IPv4 addresses, it won't make any difference.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org









signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays