Re: [tor-relays] Does Tor work with Intel QAT acceleration
Hello Alex On Tuesday, April 12, 2022 16:19 CEST, "Alex Xu (Hello71)" wrote: If you don't already have a QAT device, I would not suggest getting one specifically for Tor. In particular, Tor doesn't spend very much time actually doing AES. It's mostly overhead from cell processing, TCP, small packets, etc. Additionally, because Tor uses a large number of relatively low-bandwidth connections, it will mostly send small chunks to the hardware engine, which is not particularly efficient. In the future, it may be possible to use KTLS, in which case QAT might actually improve performance quite a bit. However, there are a number of blockers to this, including that it messes with Tor's bandwidth limiting.That's a great advice I can really apreciate. So I better look for a good CPU / NIC combination and will have a look in the sysctl parameters some have posted. If KTLS would get supported, maybe mutli-threading will come too in another step... Would be nice to have this sort of information in FAQ on Tor project website. But hopefully, one with the same idea will now find this thread by searching the web as I couldn't. Have a good day Andreas ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Does Tor work with Intel QAT acceleration
Hi Andreas According to [0] QAT supports: * RSA with 2048, 3072, and 4096 bit keys * ECDH for the Montgomery Curve X25519 and NIST Prime Curves P-256 and P-384 * ECDSA for the NIST Prime Curves P-256 and P-384 * AES-GCM with 128, 192, and 256 bit keys The tor-spec [1] shows that Tor only uses RSA with 1024 Bit Keys and the ciphersuits only contain AES CBC and no AES GCM ones. I'm not an expert but it looks like it's not that useful for Tor. Tor doesn't scale well with multiple CPU cores but you can run 2 relays per IP to better use your hardware. On Debian / Ubuntu you can use tor-instance-create to create multiple relays on the same host. [0]: https://www.intel.com/content/www/us/en/developer/articles/guide/building-software-acceleration-features-in-the-intel-qat-engine-for-openssl.html [1]: https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt Regards Stefan On 11.04.22 21:13, Andreas Bollhalder wrote: Hello Kevin Thanks a lot for your response. 1) Regarding the speedtest, my firewall is limiting the speed to around 6.5Gbit/s. It's a fanless device and not capable to let me use the full 10Gbit/s. I host my hardware in my living room and can't install more powerfull, beacuse it would be too noisy and too big... My wife and kids will kill me :-) 2) For the NIC currently in use: it's an Intel I219-LM (rev 10). Maybe the are better models around. But I don't believe, they would lower the CPU usage by magnitude(s). But I let me educate if I'm wrong. 3) The CPU in use has the AES-NI flag set in "/proc/cpuinfo". So a litte acceleration is already in use. In the old days when using pfSense on a PC Engines Alix, I was using a mini PCI crypto accelerator card. And it could double or tripple the OpenVPN speed. So it seemed to me, that QAT could do the same for Tor. Andreas On Monday, April 11, 2022 15:58 CEST, Thoughts wrote: Two suggestions: 1) Run speedtest (https://www.speedtest.net) from behind your firewall and verify your actual bandwidth (or at least get a good approximation ). 2) Check the brand of NIC in your current machine. Intel NICs are reportedly much more efficient than RealTek for handling large number of packets - which is why they are recommended for most firewall machines. Suspect that logic would apply for a Tor Relay as well. Suspect you also want a CPU with AES-NI support. Check the specs on the web, AES-NI should be called out. "cat /proc/cpuinfo | grep aes" will also tell you if your running some flavor of linux. Kevin ps. Dig around on the web for firewall hardware recommendations. I know I've seen some tables on throughput for pfsense, shouldn't be too hard to find and might throw some light on the situation. pps. Very jealous of your connectivity! On 4/10/2022 2:32 PM, Andreas Bollhalder wrote: > Hi all > > I have my first Tor relay up und running. It's currently installed on > a little desktop computer with an Intel i5 9500T CPU. My Internet > connection is 10Gb/s symetric. From this bandwidth, I would be able to > spend a good part for supporting the Tor network. > > With that little machine, it seems that it would max out at somewhere > at ~30 MBytes/s. For my definitive Tor relay hardware, I'm currently > researching some options, which would be capable of handling Tor > traffic at the rate of 200 to 300MBytes. Even it would be used > nowadays, but who knows whats coming in the future and I hope this > relay would last 5 years ore so. > > It looks to me, that with a normal CPU, it's impossible to reach my > goal. But then I encountered, that Intel has the Quick Assist > Technoloy (QAT) integrated in some of their products (ie. Atom C3xx8). > This QAT can be used with OpenSSL as a hardware accelerator for > encryption. There also exist dedicated PCIe cards with QAT (ie. > Netgate CPIC-8955). > > Searching the Internet, I couldn't find any information if QAT would > be helpful with Tor. But Tor uses the OpenSSL library and this can use > the QAT acceleration. Is there anyone who has tried this und can share > his expirience? > > Thanks in advance > Andreas > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Does Tor work with Intel QAT acceleration
Excerpts from Andreas Bollhalder's message of April 12, 2022 2:12 am: > > Hello Alex > > Thank you for your nice hint ot QAT_Engine. > > Yes, in theory it really seems to be possible. Looking at the Github repo of > the QAT_Engine, it looks like there are still some issues with OpenSSL 3.0: > Support for QAT HW ECX, QAT SW ECX, QAT HW PRF and QAT HW HKDF is disabled > when built > against OpenSSL 3.0 due to known issues instead it uses non-accelerated > implementation > from OpenSSL.I'm on Ubuntu 20.04, so I should be still using OpenSSL 1.x. > There are plans for switching to OpenSSL 3.0 in Ubuntu 22.04. We'll see... > > So, one really has to test and I need to think about it. Wouldn't be a cheep > test, but if this platform can give me a medium power system (~50W) and great > speed, then it's definitively what I'm looking for. Otherwise I would prefer > a Ryzen like the 5750GE. > > Andreas If you don't already have a QAT device, I would not suggest getting one specifically for Tor. In particular, Tor doesn't spend very much time actually doing AES. It's mostly overhead from cell processing, TCP, small packets, etc. Additionally, because Tor uses a large number of relatively low-bandwidth connections, it will mostly send small chunks to the hardware engine, which is not particularly efficient. In the future, it may be possible to use KTLS, in which case QAT might actually improve performance quite a bit. However, there are a number of blockers to this, including that it messes with Tor's bandwidth limiting. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Does Tor work with Intel QAT acceleration
Hello Stefan Wow, that's very good researched. I still didn't get that deep into this. So it really seems, there is no special hardware which helps with Tor beside AES-NI, high CPU clock and a good NIC with good drivers. Yes, I have two instances running. Would be great, to have IPv6 only Tor instances. But I know that it's currently not supported... Greetings Andreas On Tuesday, April 12, 2022 16:23 CEST, Bauruine wrote: Hi Andreas According to [0] QAT supports: * RSA with 2048, 3072, and 4096 bit keys * ECDH for the Montgomery Curve X25519 and NIST Prime Curves P-256 and P-384 * ECDSA for the NIST Prime Curves P-256 and P-384 * AES-GCM with 128, 192, and 256 bit keys The tor-spec [1] shows that Tor only uses RSA with 1024 Bit Keys and the ciphersuits only contain AES CBC and no AES GCM ones. I'm not an expert but it looks like it's not that useful for Tor. Tor doesn't scale well with multiple CPU cores but you can run 2 relays per IP to better use your hardware. On Debian / Ubuntu you can use tor-instance-create to create multiple relays on the same host. [0]: https://www.intel.com/content/www/us/en/developer/articles/guide/building-software-acceleration-features-in-the-intel-qat-engine-for-openssl.html [1]: https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt Regards Stefan On 11.04.22 21:13, Andreas Bollhalder wrote:Hello Kevin Thanks a lot for your response. 1) Regarding the speedtest, my firewall is limiting the speed to around 6.5Gbit/s. It's a fanless device and not capable to let me use the full 10Gbit/s. I host my hardware in my living room and can't install more powerfull, beacuse it would be too noisy and too big... My wife and kids will kill me :-) 2) For the NIC currently in use: it's an Intel I219-LM (rev 10). Maybe the are better models around. But I don't believe, they would lower the CPU usage by magnitude(s). But I let me educate if I'm wrong. 3) The CPU in use has the AES-NI flag set in "/proc/cpuinfo". So a litte acceleration is already in use. In the old days when using pfSense on a PC Engines Alix, I was using a mini PCI crypto accelerator card. And it could double or tripple the OpenVPN speed. So it seemed to me, that QAT could do the same for Tor. Andreas On Monday, April 11, 2022 15:58 CEST, Thoughts wrote: Two suggestions: 1) Run speedtest (https://www.speedtest.net) from behind your firewall and verify your actual bandwidth (or at least get a good approximation ). 2) Check the brand of NIC in your current machine. Intel NICs are reportedly much more efficient than RealTek for handling large number of packets - which is why they are recommended for most firewall machines. Suspect that logic would apply for a Tor Relay as well. Suspect you also want a CPU with AES-NI support. Check the specs on the web, AES-NI should be called out. "cat /proc/cpuinfo | grep aes" will also tell you if your running some flavor of linux. Kevin ps. Dig around on the web for firewall hardware recommendations. I know I've seen some tables on throughput for pfsense, shouldn't be too hard to find and might throw some light on the situation. pps. Very jealous of your connectivity! On 4/10/2022 2:32 PM, Andreas Bollhalder wrote: > Hi all > > I have my first Tor relay up und running. It's currently installed on > a little desktop computer with an Intel i5 9500T CPU. My Internet > connection is 10Gb/s symetric. From this bandwidth, I would be able to > spend a good part for supporting the Tor network. > > With that little machine, it seems that it would max out at somewhere > at ~30 MBytes/s. For my definitive Tor relay hardware, I'm currently > researching some options, which would be capable of handling Tor > traffic at the rate of 200 to 300MBytes. Even it would be used > nowadays, but who knows whats coming in the future and I hope this > relay would last 5 years ore so. > > It looks to me, that with a normal CPU, it's impossible to reach my > goal. But then I encountered, that Intel has the Quick Assist > Technoloy (QAT) integrated in some of their products (ie. Atom C3xx8). > This QAT can be used with OpenSSL as a hardware accelerator for > encryption. There also exist dedicated PCIe cards with QAT (ie. > Netgate CPIC-8955). > > Searching the Internet, I couldn't find any information if QAT would > be helpful with Tor. But Tor uses the OpenSSL library and this can use > the QAT acceleration. Is there anyone who has tried this und can share > his expirience? > > Thanks in advance > Andreas > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org
Re: [tor-relays] Does Tor work with Intel QAT acceleration
Hello Kevin Thanks a lot for your response. 1) Regarding the speedtest, my firewall is limiting the speed to around 6.5Gbit/s. It's a fanless device and not capable to let me use the full 10Gbit/s. I host my hardware in my living room and can't install more powerfull, beacuse it would be too noisy and too big... My wife and kids will kill me :-) 2) For the NIC currently in use: it's an Intel I219-LM (rev 10). Maybe the are better models around. But I don't believe, they would lower the CPU usage by magnitude(s). But I let me educate if I'm wrong. 3) The CPU in use has the AES-NI flag set in "/proc/cpuinfo". So a litte acceleration is already in use. In the old days when using pfSense on a PC Engines Alix, I was using a mini PCI crypto accelerator card. And it could double or tripple the OpenVPN speed. So it seemed to me, that QAT could do the same for Tor. Andreas On Monday, April 11, 2022 15:58 CEST, Thoughts wrote: Two suggestions: 1) Run speedtest (https://www.speedtest.net) from behind your firewall and verify your actual bandwidth (or at least get a good approximation ). 2) Check the brand of NIC in your current machine. Intel NICs are reportedly much more efficient than RealTek for handling large number of packets - which is why they are recommended for most firewall machines. Suspect that logic would apply for a Tor Relay as well. Suspect you also want a CPU with AES-NI support. Check the specs on the web, AES-NI should be called out. "cat /proc/cpuinfo | grep aes" will also tell you if your running some flavor of linux. Kevin ps. Dig around on the web for firewall hardware recommendations. I know I've seen some tables on throughput for pfsense, shouldn't be too hard to find and might throw some light on the situation. pps. Very jealous of your connectivity! On 4/10/2022 2:32 PM, Andreas Bollhalder wrote: > Hi all > > I have my first Tor relay up und running. It's currently installed on > a little desktop computer with an Intel i5 9500T CPU. My Internet > connection is 10Gb/s symetric. From this bandwidth, I would be able to > spend a good part for supporting the Tor network. > > With that little machine, it seems that it would max out at somewhere > at ~30 MBytes/s. For my definitive Tor relay hardware, I'm currently > researching some options, which would be capable of handling Tor > traffic at the rate of 200 to 300MBytes. Even it would be used > nowadays, but who knows whats coming in the future and I hope this > relay would last 5 years ore so. > > It looks to me, that with a normal CPU, it's impossible to reach my > goal. But then I encountered, that Intel has the Quick Assist > Technoloy (QAT) integrated in some of their products (ie. Atom C3xx8). > This QAT can be used with OpenSSL as a hardware accelerator for > encryption. There also exist dedicated PCIe cards with QAT (ie. > Netgate CPIC-8955). > > Searching the Internet, I couldn't find any information if QAT would > be helpful with Tor. But Tor uses the OpenSSL library and this can use > the QAT acceleration. Is there anyone who has tried this und can share > his expirience? > > Thanks in advance > Andreas > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay question
onion...@riseup.net: I found in syslog file: http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-rel...@lists.torproject.org mentioning your fingerprint(s)?") response from dirserver 131.188.40.189:80. Please correct. http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-rel...@lists.torproject.org mentioning your fingerprint(s)?") response from dirserver 86.59.21.38:80. Please correct. http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-rel...@lists.torproject.org mentioning your fingerprint(s)?") response from dirserver 199.58.81.140:80. Please correct. http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-rel...@lists.torproject.org mentioning your fingerprint(s)?") response from dirserver 154.35.175.225:80. Please correct. http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-rel...@lists.torproject.org mentioning your fingerprint(s)?") response from dirserver 204.13.164.118:80. Please correct. Unable to find IPv6 address for ORPort 443. You might want to specify IPv4Only to it or set an explicit address or set Address. [60 similar message(s) suppressed in last 3540 seconds] Torrc file attached. VPS servers are online and working. I setup IPv6 on one VPS and restarted tor, but it doesn't solve the problem fully. FWIW we are working on this on the bad-relays@ list. Georg On 2022-04-11 06:34, li...@for-privacy.net wrote: On Sunday, April 10, 2022 2:04:02 AM CEST onion...@riseup.net wrote: 30 new exits at Frantec. Did you follow the AUP and send Francisco a ticket _beforehand_? Reverse DNS! Exit policy Port: 465, 587! https://buyvm.net/acceptable-use-policy/ No, we did not pay attention to their AUP. We have long been using their services for proxy and there were no problems. Thank you for reminding. You only set up IPv4. At Frantek you also have IPv6 on every VM. If you need help setting it up, you can ask here and specify your OS. We think that IPv6 is rarely used and therefore did not put it up. The Tor project has invested a lot of time and effort into improving IPv6 over the last few years. The aim is to also enable IPv6 only relays. We want to achieve more diversity, Tor-exit relays under different ASNs and multiple ISPs. With IPv4 this is difficult. IP's are empty and to get a /24 you have to pay around 5000,- EUR in the first year with RIPE. One /24 is the least you can announce as an ASN. You can't split that between different data centers. IPv6 is easier and cheaper to get. In addition, there are more and more ISPs that only offer IPv6. IPv6 only relays are only possible when almost all Tor relays support it. Currently about 75% Tor exits¹ and 50% entry/middle relays. https://nusenu.github.io/OrNetStats/#ipv6-relay-stats Therefore, anyone who can should configure IPv6 or dual stack. Site yui.cat shows that our nodes offline because not configured IPv6, right? No, yui.cat has nothing to do with it. This is a private status page using data from onionoo and Tor-metrics. First look at what's in the syslog. If you need help then post the errors and your torrc. When the Tor daemon is running without errors than as already mentioned, I think Francisco took you offline because your relays were blacklisted for open SMTP ports. Check if you have tickets in stallion. Or ask in the Frantech community chat on Discord, Matrix and IRC. ¹Heck, we've lost some IPv6 % since relayon is down. :-( ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Does Tor work with Intel QAT acceleration
Hello Alex Thank you for your nice hint ot QAT_Engine. Yes, in theory it really seems to be possible. Looking at the Github repo of the QAT_Engine, it looks like there are still some issues with OpenSSL 3.0: Support for QAT HW ECX, QAT SW ECX, QAT HW PRF and QAT HW HKDF is disabled when built against OpenSSL 3.0 due to known issues instead it uses non-accelerated implementation from OpenSSL.I'm on Ubuntu 20.04, so I should be still using OpenSSL 1.x. There are plans for switching to OpenSSL 3.0 in Ubuntu 22.04. We'll see... So, one really has to test and I need to think about it. Wouldn't be a cheep test, but if this platform can give me a medium power system (~50W) and great speed, then it's definitively what I'm looking for. Otherwise I would prefer a Ryzen like the 5750GE. Andreas On Tuesday, April 12, 2022 03:42 CEST, Alex Xu wrote: Excerpts from Andreas Bollhalder's message of April 10, 2022 3:32 pm: > > Hi all > > I have my first Tor relay up und running. It's currently installed on a > little desktop computer with an Intel i5 9500T CPU. My Internet connection is > 10Gb/s symetric. From this bandwidth, I would be able to spend a good part > for supporting the Tor network. > > With that little machine, it seems that it would max out at somewhere at ~30 > MBytes/s. For my definitive Tor relay hardware, I'm currently researching > some options, which would be capable of handling Tor traffic at the rate of > 200 to 300MBytes. Even it would be used nowadays, but who knows whats coming > in the future and I hope this relay would last 5 years ore so. > > It looks to me, that with a normal CPU, it's impossible to reach my goal. But > then I encountered, that Intel has the Quick Assist Technoloy (QAT) > integrated in some of their products (ie. Atom C3xx8). This QAT can be used > with OpenSSL as a hardware accelerator for encryption. There also exist > dedicated PCIe cards with QAT (ie. Netgate CPIC-8955). > > Searching the Internet, I couldn't find any information if QAT would be > helpful with Tor. But Tor uses the OpenSSL library and this can use the QAT > acceleration. Is there anyone who has tried this und can share his expirience? > > Thanks in advance > Andreas > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > In theory, you should be able to enable QAT with "HardwareAccel 1" on OpenSSL 1.x after installing https://github.com/intel/QAT_Engine. I'm not sure about the process for OpenSSL 3.0; I believe it involves editing OPENSSLDIR/openssl.cnf. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay question
I found in syslog file: http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-rel...@lists.torproject.org mentioning your fingerprint(s)?") response from dirserver 131.188.40.189:80. Please correct. http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-rel...@lists.torproject.org mentioning your fingerprint(s)?") response from dirserver 86.59.21.38:80. Please correct. http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-rel...@lists.torproject.org mentioning your fingerprint(s)?") response from dirserver 199.58.81.140:80. Please correct. http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-rel...@lists.torproject.org mentioning your fingerprint(s)?") response from dirserver 154.35.175.225:80. Please correct. http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-rel...@lists.torproject.org mentioning your fingerprint(s)?") response from dirserver 204.13.164.118:80. Please correct. Unable to find IPv6 address for ORPort 443. You might want to specify IPv4Only to it or set an explicit address or set Address. [60 similar message(s) suppressed in last 3540 seconds] Torrc file attached. VPS servers are online and working. I setup IPv6 on one VPS and restarted tor, but it doesn't solve the problem fully. On 2022-04-11 06:34, li...@for-privacy.net wrote: > On Sunday, April 10, 2022 2:04:02 AM CEST onion...@riseup.net wrote: >> > 30 new exits at Frantec. Did you follow the AUP and send Francisco a >> > ticket >> > _beforehand_? Reverse DNS! Exit policy Port: 465, 587! >> > https://buyvm.net/acceptable-use-policy/ >> >> No, we did not pay attention to their AUP. We have long been using their >> services for proxy and there were no problems. Thank you for reminding. >> >> > You only set up IPv4. At Frantek you also have IPv6 on every VM. If you >> > need help setting it up, you can ask here and specify your OS. >> >> We think that IPv6 is rarely used and therefore did not put it up. > > The Tor project has invested a lot of time and effort into improving IPv6 > over > the last few years. The aim is to also enable IPv6 only relays. We want to > achieve more diversity, Tor-exit relays under different ASNs and multiple > ISPs. With IPv4 this is difficult. IP's are empty and to get a /24 you have > to > pay around 5000,- EUR in the first year with RIPE. One /24 is the least you > can announce as an ASN. You can't split that between different data centers. > IPv6 is easier and cheaper to get. In addition, there are more and more ISPs > that only offer IPv6. > > IPv6 only relays are only possible when almost all Tor relays support it. > Currently about 75% Tor exits¹ and 50% entry/middle relays. > https://nusenu.github.io/OrNetStats/#ipv6-relay-stats > Therefore, anyone who can should configure IPv6 or dual stack. > >> Site >> yui.cat shows that our nodes offline because not configured IPv6, right? > > No, yui.cat has nothing to do with it. This is a private status page using > data from onionoo and Tor-metrics. > First look at what's in the syslog. If you need help then post the errors and > your torrc. > When the Tor daemon is running without errors than as already mentioned, I > think Francisco took you offline because your relays were blacklisted for > open > SMTP ports. Check if you have tickets in stallion. Or ask in the Frantech > community chat on Discord, Matrix and IRC. > > ¹Heck, we've lost some IPv6 % since relayon is down. :-( > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Nickname Chive MyFamily 9EC5083BC187C911841B1CAFAD9EE634CEB90EC4, 1030A18BAB85D2308E4FAD8A95BE456006F0, F81C34435CA08B81105B3C77CF29EE7824652BFB, C7D8C094D2885FBD378A6974612B04D4BE4B978C, 77D56000E85455708C5D45D2DD2D6AB32E46E4CB, 0D47B7FFDB9E0FD4913A7C38FC114533AF42EC6A, 11096F1079E442FFF76A1981F5815959C8C96B2A, 606CA0C1C7A40F7A27A233F0A32AABAA41464592, DA54B320BFAAED7E48A7DCB90EDB11FC46B2FB65, 64CB875321E6DB7574E4BB2BB5F549494406B62D, 331CCDB53AE3DF933AE2188C03F653589E78CD7D, 2749970D0B5A0ABC4154D61C42A67C70CFAF5F6B, 824CCE7FDC4E03300AE89017CA75F1671AE46A19, 5CF33DE98C9BB2C7FEE5299F1A45439B0DB2EA73, FCCDA0F529B950A7A2E8D6F12596918AAA7BF973, 44EFF9A121F3F3FC300FF6DE851159AFEC5541FB, B6B968107D696AD793943350DDCD62BE362B2286,