> Toralf Förster hat am 22.10.2022 22:40 CEST
> geschrieben:
>
> IMO a "reload tor" is fully sufficient and should be preferrred over
> "restart", or ?
A "reload" will update the ExitPolicy, but not drain existing connections very
quickly, at least on our servers. Feel free to use whatever
Hello,
on the evening of 2022-10-18, we (Artikel10) started getting alerts about our
Tor servers, while our traffic declined sharply. When we investigated, we found
that there were hundreds of thousands of TCP connections (per server) open to a
single address, orders of magnitude more than
The Relay Operator Meetup will take place on Sunday, 21:00 at the c-base tent
(please bring a chair):
https://wiki.mch2022.org/Session:Tor_Relay_Operator_Meetup
Kind regards,
Alexander
> gus hat am 22.07.2022 16:00 CEST geschrieben:
>
>
> Hi everyone,
>
> This month we won't have our
> Georg Koppen hat am 20.09.2021 18:38 geschrieben:
>
> This happens from time to time. It could be someone trying to
> impersonate your relay. Feel free to contact
>
> bad-rel...@lists.torproject.org
>
> with your relay nickname/fingerprint and we can take care of that and
> investigate.
> Petrusko hat am 27.03.2021 11:05 geschrieben:
>
> Is it allowed to add something like this, to advertise on ipv6 too ?? :
> DIRPort [::xxx:x::::xxx]:9030
You can only advertise one DirPort, according to "man tor":
> all but one DirPort must have the NoAdvertise flag set
> David Goulet hat am 24.03.2021 13:07 geschrieben:
>
> At the moment, the only metrics exported are those of onion services. We still
> need to implement exporting relay and client metrics.
>
> If you set an onion service, you should get more stuff :) else we have a bug!
I just checked, an
> David Goulet hat am 22.03.2021 13:24 geschrieben:
>
> > Sending GET requests to the address returns empty responses.
>
> You should be able to get the metrics with a GET on /metrics.
>
> Let us know if this works for you!
The empty 200 response is returned from "/metrics", I guess due to
Hello,
when I activate the "MetricsPort" feature, the Tor log reports that it is going
to open the port, then it says "Address already in use". According to
"netstat", the address is indeed in use, but by "tor". Sending GET requests to
the address returns empty responses.
Any ideas?
Kind
Hi Josh,
the Tor network is still mostly IPv4
(https://metrics.torproject.org/relays-ipv6.html), so I would say it's ok to
turn IPv6 off on your relay for now, especially if there's a problem with
stability.
Kind regards,
Alexander
> Josh Lawson hat am 21.08.2020 00:59
> geschrieben:
> Imre Jonk hat am 13.08.2020 09:13 geschrieben:
>
> On Wed, 2020-08-12 at 22:42 -0700, Keifer Bly wrote:
> > Is it possible to run more than one tor instance on the same machine?
>
> I imagine that something equally simple can be done for
> systemd-based systems as well.
>
> Imre
The Debian
Hi Olaf,
this:
> '2019-10-17 20:34:32 (1.01 MB/s) -
> ‘A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc’ saved [19665/19665]
looks like output from wget rather than curl. Is there some weird configuration
calling wget instead of curl on your system? What do "alias curl" or "which
curl" say?
If I
You can use "deb.torproject.org" in Raspbian:
https://support.torproject.org/apt/tor-deb-repo/
> Volker Mink hat am 8. Oktober 2019 um 08:29 geschrieben:
>
> Could be, i am not so deep into this whole linux-magic.
> Its raspian stretch with kernel 4.19.66 on a PI2B, which is -as far as
Hi everyone,
at our Tor meetup in August 2018 we announced plans to found a Hamburg-based
Tor association, and now we did it: Artikel10 was established by 12 founding
members on Friday evening! Our purpose is supporting secure communication media
like Tor, as well as doing digital rights
English:
We would like to invite people interested in the Tor project and relay
operators in the Hamburg area to meet at University of Hamburg,
Department of Computer Science. There will be an introduction to Tor, a
Q session and a brief announcement about a newly founded Hamburg-based
Tor
Another update: we have moved the meetup to 2018-12-28 (Day 2), 12:00:
https://events.ccc.de/congress/2018/wiki/index.php/Session:Tor_relay_operators_meetup
Kind regards,
Alexander
---
PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
On 2018-12-24 23:16, 35C3 35C3 wrote:
On December 24,
On 2018-08-22 10:59, Alexander Dietrich wrote:
When: Friday, August 31st, 6:00 PM
Where: CCC Hamburg, Zeiseweg 9 (
https://hamburg.ccc.de/#wegbeschreibung )
WWW: https://hamburg.ccc.de/2018/08/20/tor-meet-up-beim-ccchh-index/
A few notes from the Meetup:
There were about 15 participants
Hi everyone,
we would like to invite people interested in the Tor project and relay
operators in the Hamburg area to meet at the CCC Hamburg. There will be
an introduction to Tor, a Q session and a brief announcement about a
future Hamburg-based Tor association. We would love for relay
On 2018-07-31 16:27, Cristian Consonni wrote:
so I am assuming that to test my bridge it is not sufficient to know
which pluggable transport is running, the IP address and the port. I
need the cert string and the iat-mode number.
So, how can I found those values? And, most importantly, is this
On 2018-07-23 16:03, Cristian Consonni wrote:
```
[notice] Registered server transport 'obfs4' at '[::]:46396'
```
Remember the random port associated to your bridge needs to be open for
incoming connections. You can find it from the logs: it's 46396 in this
example.
---
I can assume that
On 2018-05-11 14:52, Ralph Seichter wrote:
Assuming you can install whatever software you like, I recommend
running
your own instance of Unbound on your exit node machines. Current
Unbound
versions support DNSSEC validation, QNAME minimisation, etc. While
using
your ISP's resolvers works as a
On 2018-04-11 04:10, Paul Templeton wrote:
When I do a dig +dnssec . | grep ";; flags:" I get ;; flags: qr rd ra
ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 this looks as if
its working.
Just to be safe, you could also check the rest of the dig output and
/etc/resolv.conf (or
If you are looking for bridge relays, please send email to
brid...@torproject.org from a GMail, Yahoo or Riseup account.
More information: https://bridges.torproject.org/
Kind regards,
Alexander
---
PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
34C3: +49464438299-5789
On 2017-12-23
On 2017-12-08 13:24, niftybunny wrote:
>> On 8. Dec 2017, at 10:23, Alexander Dietrich <alexan...@dietrich.cx> wrote:
>>
>> I have no experience with Hetzner, but no ISP in Germany (or elsewhere) has
>> ever asked me for a copy of my passport. I'd rathe
I have no experience with Hetzner, but no ISP in Germany (or elsewhere)
has ever asked me for a copy of my passport. I'd rather spend my money
elsewhere.
(For German readers: it's illegal to create photocopies of the latest
generation of ID cards, except for government agencies, banks and such,
On 2017-10-24 03:30, nusenu wrote:
It appears to have started earlier than July if you graph metrics' csv
file for better granularity. Maybe somewhere in mid May 2017 (maybe
when
tor 0.2.9.x -> 0.3.0 started to spread? -> correlate it with the relays
by version graph)
I had a dead relay
On 2017-10-21 01:25, diffusae wrote:
Oct 21 01:09:10.000 [warn] tor_bug_occurred_: Bug:
src/common/compress.c:576: tor_compress_process: Non-fatal assertion
!((rv == TOR_COMPRESS_OK) && *in_len == in_len_orig && *out_len ==
out_len_orig) failed. (on Tor 0.3.1.7 6babd3d9ba9318b3)
Oct 21
There is a self-organized session now:
https://wiki.sha2017.org/w/Session:Tor_Relay_Operators_Meetup
Cheers,
Alexander
Sent from my toasterOn Aug 5, 2017 5:46 PM, Alexander Færøy
wrote:
>
> On 1 August 2017 at 21:24, Schroedinger wrote:
> > if
On 2017-05-22 10:23, nusenu wrote:
Please post your configuration file
/etc/tor/torrc (without sensitive content like password hashes)
It's not very exciting, with all comments removed:
--
HeartbeatPeriod 1 hours
SOCKSPort 0
HiddenServiceDir /var/lib/tor/SERVICE_NAME/
On 2017-05-22 04:07, teor wrote:
The permissions on /var/lib/tor/SERVICE_NAME/ are "rwx--S---" and it's
owned by debian-tor, which worked for 0.2.9.10.
What user is your tor process running as?
The Ubuntu packages from d.t.o run Tor as "debian-tor". I would expect
0.3.0.7 to do the same,
Hello,
did anyone else run into a problem when upgrading from 0.2.9.10 to
0.3.0.7 on Ubuntu?
Tor is no longer starting, with these messages in syslog:
[notice] Read configuration file
"/usr/share/tor/tor-service-defaults-torrc".
[notice] Read configuration file "/etc/tor/torrc".
[warn]
On a Pi 3 the official packages seem to work, so you can simply follow
the instructions on the Tor website:
https://www.torproject.org/docs/debian.html.en
Use "Option two" and ignore the "Raspbian is not Debian" paragraph.
Best regards,
Alexander
---
PGP Key: https://dietrich.cx/pgp |
Hi,
the obfs2 pluggable transport was deprecated a while ago since it was
easy to detect, but obfs3 was still considered safe, IIRC. Has anything
changed here?
I was just wondering if new bridges should only run obfs4, or if it's
fine to run obfs3 at the same time.
Best regards,
Alexander
Can you please move these discussions to a more appropriate mailing list
(i.e. tor-talk or maybe tor-dev)?
Thank you,
Alexander
---
PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
On 2016-12-08 12:11, Christian Pietsch wrote:
On Thu, Dec 08, 2016 at 10:41:46AM +0500, Roman Mamedov
On 2016-08-31 14:33, Peter Palfrader wrote:
On Wed, 31 Aug 2016, Alexander Dietrich wrote:
When I checked, the /var/run/tor directory had the mode "rwxr-sr-x".
After
removing the permissions for "other", tor started without problems.
This most likely means that you
Hello,
I just had a tor instance exit with these error messages:
[warn] Failed to parse/validate config: Failed to bind one of the
listener ports.
[err] Reading config failed--see warnings above. For usage, try -h.
[warn] Restart failed (config error?). Exiting.
Above that, the log contains
Hi,
I just tried to use ExoneraTor, but it seems to be down:
https://exonerator.torproject.org/
Best regards,
Alexander
--
PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
___
tor-relays mailing list
tor-relays@lists.torproject.org
Actually not - you are right Alexander!
But then the question are:
- why do I need a user "_tor-tor" since the last update, when I didn’t
need that before
- why is it not self creating
- what do I have to do - really creating "_tor-tor" with the same
privileges as "_tor-tor2"?
Thank
The error message "Ungültiger Anwender „_tor-tor“" appears several times
in your log, while there are no error messages about user "_tor-tor2".
Does the first user exist?
Best regards,
Alexander
---
PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
On 2016-08-06 14:56, pa011 wrote:
Thank
On 2016-05-01 11:35, Toralf Förster wrote:
On 05/01/2016 01:20 AM, Moritz Bartl wrote:
Maybe it is simply too crazy for many jurisdictions to believe,
but police in Germany in most cases actually treats you well and is
not your enemy. There's no point in turning every occasion into a
combat
Sounds like they don't know what Tor is, or they didn't notice your host
is a Tor exit node.
Might be a good idea to address both issues by sending them a link to
the Tor documentation and configuring a better reverse DNS record for
your IP address.
Best regards,
Alexander
---
PGP Key:
If you want this to run mostly hands-off, please install and properly
configure the Debian package unattended-upgrades. Make sure all the
packages on the system are updated automatically, not only Tor! Verify
that this actually happens. (One thing I learned in the past is that
without the
at 12:12, Alexander Dietrich alexan...@dietrich.cx wrote:
On Ubuntu, service tor reload should also work.
There's not a lot you can do about updates that require a restart (other than
to restart).
You can automate the restarts though, install unattended-upgrades and
update-notifier-common
On Ubuntu, service tor reload should also work.
There's not a lot you can do about updates that require a restart (other
than to restart).
You can automate the restarts though, install unattended-upgrades and
update-notifier-common, then check out the config files in
/etc/apt/apt.conf.d.
On 2015-03-12 18:55, Sven Reissmann wrote:
strange ~ # ping keys.gnupg.net
PING pool.sks-keyservers.net (144.76.120.109) 56(84) bytes of data.
64 bytes from encrypt.to (144.76.120.109): icmp_req=1 ttl=56 time=6.71
ms
64 bytes from encrypt.to (144.76.120.109): icmp_req=2 ttl=56 time=6.84
ms
://trac.torproject.org/projects/tor/ticket/13716
Best regards,
Alexander
---
PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B
On 2015-02-21 14:23, Alexander Dietrich wrote:
A couple of posts later in that thread, Lunar points out that
obfs4proxy is in the Tor Project's package repo:
http
| 0x727A756DC55A356B
On 2015-02-17 02:09, isis wrote:
Alexander Dietrich transcribed 0.9K bytes:
Ok, I'll bite: what would somebody have to know to make this happen?
I know nothing of Ubuntu's policies for package inclusion in their
distribution channels; you might try asking their developers. However
/f7RYslrMHfkqIQSCtulIq3fI7CQpFjtoRYCfcG5nF0IziU3lHB0cRB7uL0n
zKwPYW3CiQz0O8HDCg0sdp1iuYr6yahr1WsnpBoc1AGWASTqdVgRELXHgCL6
ZMyT
=FL9d
-END PGP SIGNATURE-
On 3 February 2015 at 18:33, Alexander Dietrich alexan...@dietrich.cx wrote:
Is it possible to install the obfs4proxy package securely
On 2015-02-06 18:08, Andreas Krey wrote:
Hmm, perhaps I should get my credit card and see how the
amazon cloud tor nodes are preconfigured. ;-)
You can check it out here (if that's the correct repository):
https://gitweb.torproject.org/tor-cloud.git/tree/ec2-prep.sh
On the other hand, if
In case you haven't already seen it, you should only run two Tor
processes per IP address:
https://www.torservers.net/wiki/setup/server#multiple_tor_processes
Best regards,
Alexander
---
PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B
On 2015-01-02 17:06, Kura wrote:
Thanks
Will you post a summary to this list afterwards? I only run a
non-exit-relay (and there's a scheduling conflict with Food Hacking
Base, sigh), but would definitely like to know what's up (if there's
anything still up at that point, ha ha).
Thanks,
Alexander
---
PGP Key:
On 2014-09-05 03:43, grarpamp wrote:
I wonder how to get them to notice more consistently?
Simple, either mail their contact (if any) and they fix it, or
blacklist their
fingerprints. There is no reason any relay should not be able to sync
time.
Other possibilities:
- extend the Tor
On 2014-08-14 23:46, Tim wrote:
Also not being a lawyer, if BTC isn't legal tender in your country (if
such a concept exists), are you really accepting money?
I guess a more precise description would involve the words monetary
value. But again, I'm not a lawyer, that's why I asked.
Using
On 2014-08-14 10:25, Mike Cardwell wrote:
On the other hand. It costs you nothing to stick a bitcoin
address in a config file to find out.
Not being a lawyer, does accepting money for running a Tor relay make it
a commercial operation (in some countries) and put you in a different
legal
AFAIK, arm connects to the control port of a single instance at a time.
You would have to configure different ControlPort settings for each
instance and connect to them one by one.
I posted this multi-instance script a short while ago:
https://gist.github.com/7adietri/9122199
It's very close
The Tor Cloud AMIs (if that's what you're using) are configured to
auto-update and restart if necessary.
But it probably can't hurt to check that you have the fixed OpenSSL
package.
Best regards,
Alexander
---
PGP Key: 0xC55A356B | https://dietrich.cx/pgp
On 2014-04-09 20:05, lee
Is it possible that either the DataDirectory setting changed due to
the update or the directory content?
Best regards,
Alexander
---
PGP Key: 0xC55A356B | https://dietrich.cx/pgp
On 2014-03-22 15:26, Oliver Schönefeld wrote:
Hi guys,
i updated from Tor 0.2.3.25 (relay
You should probably use the Tor project's package repository.
See this page for details:
https://www.torproject.org/docs/debian.html.en#ubuntu
Best regards,
Alexander
---
PGP Key: 0xC55A356B | https://dietrich.cx/pgp
On 2014-03-18 13:57, Zenaan Harkness wrote:
Currently running Debian's
It's managed by a script and a few rules:
https://tor.stackexchange.com/questions/1032/when-does-a-relay-get-the-named-flag
So, any day now?
Best regards,
Alexander
---
PGP Key: 0xC55A356B | https://dietrich.cx/pgp
On 2014-02-26 17:45, John Ricketts wrote:
All,
At what point does the router
Hello,
the recent thread on this topic prompted me to make a multi-instance
init script:
https://gist.github.com/7adietri/9122199
It's basically the current official init script and torservers.net's
instances mechanism frankensteined together. Maybe other people will
find it useful too.
Hi,
I've seen this error message twice now within about 12 hours:
ssh_exchange_identification: Connection closed by remote host
If I read the script correctly, it tries to upload the data and then
deletes it without checking for successful upload.
Since the data is probably lost, should I
Those settings are kilobyte per second, so you're currently allowing 4
megabit per second as burst.
So unless there's many concurrent 2 Mbps connections, sounds ok.
Best regards,
Alexander
---
PGP Key: 0xC55A356B | https://dietrich.cx/pgp
On 2014-02-08 15:28, Tora Tora Tora wrote:
I have
Hello,
a relay I'm running is currently at about 0.80 load average. It has a
dual-core CPU and I have configured NumCPUs 2. I'm still in the
process of finding the bandwidth limit.
Should I keep increasing RelayBandwidthRate on the single Tor process,
or is it a better idea to start a
://dietrich.cx/pgp
On 2014-01-24 10:49, Alexander Dietrich wrote:
Hello,
a relay I'm running is currently at about 0.80 load average. It has a
dual-core CPU and I have configured NumCPUs 2. I'm still in the
process of finding the bandwidth limit.
Should I keep increasing RelayBandwidthRate on the single Tor
://dietrich.cx/pgp
On 2014-01-15 18:29, Patrick ZAJDA wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Alexander,
Yes, I was talking about the MyFamily setting.
So I'll only put the relay in the bridge configuration.
Thanks,
Patrick
Le 15/01/2014 17:59, Alexander Dietrich a écrit
I wrote a short HowTo on running multiple Tor processes on one host
[1]. Feedback and improvements are greatly appreciated!
Johannes
Link(s):
[1]: https://gist.github.com/wargh/8271499
Sounds pretty straight-forward to me! A few things:
- Line 15: do you really need 5 IP addresses for 4
65 matches
Mail list logo