Re: [tor-relays] Fwd: [tor-announce] Tor 0.3.2.9 is released (new stable series)

2018-01-14 Thread r1610091651 
On Mon, 15 Jan 2018 at 01:27 teor  wrote:

>
> On 15 Jan 2018, at 11:19, r1610091651  wrote:
>
> Hi
>
> I was wondering if anyone knows when this release would become available
> as a Ubuntu package?
>
> I'm using the repository below but it's not there yet.
> deb-src http://deb.torproject.org/torproject.org xenial main
>
>
> Here is how you can get notifications of package updates:
>
> https://lists.torproject.org/pipermail/tor-relays/2018-January/014146.html
>
> T
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


I already have a notification schema in place. It's just that the package
isn't available...
Are you saying: just wait and see?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] connlimit: better to use "DROP" or "REJECT --reject-with tcp-reset"?

2018-01-14 Thread teor 

> On 10 Jan 2018, at 16:39, teor  wrote:
> 
> Hi,
> 
> Still having load trouble on your relay?
> Try dropping rapid connection attempts.
> 
>> On 9 Jan 2018, at 16:32, teor  wrote:
>> 
>> I've tried various ways of limiting Tor's RAM and CPU.
>> MaxAdvertisedBandwidth was effective, as was limiting Tor's file
>> descriptors and DisableOOSCheck 1. MaxMemInQueues had a minor impact.
>> 
>> So I decided to use a firewall to limit connections.
>> 
>> ...
>> 
>> So I set up this firewall rule:
>> 
>> /sbin/iptables -A INPUT -p tcp --syn ! --dport 22 -m connlimit 
>> --connlimit-above 100 -j DROP
>> 
>> You should replace 22 with the list of ports you use for SSH and other
>> important connections, just in case.
>> 
>> ...
> 
> This worked well, but Tor was still using a lot of CPU with its OOS checks.
> And it was using 4GB of RAM, which is good, but not sustainable on my machine.
> 
> Today, I added these firewall rules to drop rapid connection attempts
> from the same IP address, even if there are under 100 connections:
> 
> iptables -I INPUT -p tcp --syn ! --dport 22 -m state --state NEW -m recent 
> --set
> iptables -I INPUT -p tcp --syn ! --dport 22 -m state --state NEW -m recent 
> --update --seconds 60 --hitcount 100 -j DROP
> 
> They drop connection attempts after there have been 100 attempts in a minute.
> So if there were 100 clients, that would be 1 connection per client per 
> minute.
> 
> This reduced Tor's CPU usage and OOS warnings within a few minutes.
> I'm hoping RAM will go down over time.
> 
> I made the rules permanent using:
> 
> iptables-save > /etc/iptables/rules.v4
> 
> This might be Debian-specific.

I tried a few configs over the past week.

Now I have:
* MaxMemInQueues 2 GB
* 15000 file descriptors per tor instance
* DisableOOSCheck 0
* A limit of 20 established connections per IP
* A limit of 6 connection attempts per IP per minute

I left this over the weekend, and my relays are stable, and using:
* 3 GB - 6 GB RAM
* 5000 - 11000 file descriptors
* 50 - 120% CPU

They are also not logging too many OOS warnings or other warnings,
apart from the normal "assign to cpuworker failed" and "attempt to
establish rendezvous".

Thanks to everyone for your suggestions in this and other threads.

We are also working on a few different ways to limit the load in Tor.

T

--
Tim / teor

PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n




signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] dd-wrt Tor setup (was: Re: Marker branch for current tor release(s))

2018-01-14 Thread teor 
Hi,

Please start a new thread for new questions.

> On 13 Jan 2018, at 08:49, Grander Marizan  wrote:
> 
> Would any of you know the setup for dd-wrt the onion router project under the 
> services Tab

I've never set this up myself, but I just did a search online:

How to setup OpenVPN on DD-WRT using TorGuard Startup Script
https://torguard.net/knowledgebase.php?action=displayarticle=47

T

--
Tim / teor

PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n




signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Fwd: [tor-announce] Tor 0.3.2.9 is released (new stable series)

2018-01-14 Thread teor 

> On 15 Jan 2018, at 11:19, r1610091651  wrote:
> 
> Hi
> 
> I was wondering if anyone knows when this release would become available as a 
> Ubuntu package?
> 
> I'm using the repository below but it's not there yet.
> deb-src http://deb.torproject.org/torproject.org xenial main

Here is how you can get notifications of package updates:

https://lists.torproject.org/pipermail/tor-relays/2018-January/014146.html

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Fwd: [tor-announce] Tor 0.3.2.9 is released (new stable series)

2018-01-14 Thread r1610091651 
Hi

I was wondering if anyone knows when this release would become available as
a Ubuntu package?

I'm using the repository below but it's not there yet.
deb-src http://deb.torproject.org/torproject.org xenial main

(I did try to ask Nick)

Thx

On Tue, 9 Jan 2018 at 16:31 Nick Mathewson  wrote:

> On Tue, Jan 9, 2018 at 9:49 AM, Nick Mathewson 
> wrote:
> > (If you are about to reply saying "please take me off this list",
> > instead please follow these instructions:
> >  https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
> > .  If you have trouble, it is probably because you subscribed using a
> > different address than the one you are trying to unsubscribe with.
> > You will have to enter the actual email address you used to
> > subscribe.)
> >
> > After months of work, Tor 0.3.1.7 is now available!  This is the first
> > stable release in the 0.3.2.x series, and we hope you find it useful.
>
> By which I mean, of course, that 0.3.2.9 is now available.
>
> Thanks to the 12 people who have already told me about this in the
> last 30 minutes, and my apologies for the extra email.
> ___
> tor-announce mailing list
> tor-annou...@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] The Onion Box v4.1

2018-01-14 Thread John Ricketts 
Excellent, thank you.

On Jan 14, 2018, at 15:04, Ralph Wetzel 
> wrote:

Good evening!

I've released today v4.1 of The Onion Box, the web interface to monitor your 
Tor nodes in action.

Some bugs have been fixed, and the whole package was adapted to be installable 
from PyPI, the Python Package Index!
Thus there's no longer the need to grab the latest version from GitHub & 
manually install it and all dependencies. Just do a 'pip install theonionbox' 
(preferably within a Python Virtual Environment) ... and the installation 
procedure commences.
Those changes - as well as the procedure to create a virtualenv - are reflected 
in the new Getting 
Started chapter of 
the reworked README.

To check for further details follow 
www.theonionbox.com - which will lead you to the 
GitHub repository.
Give it a try! I'm looking forward receiving your feedback and answering your 
questions.

Best Regards,

Ralph
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] The Onion Box v4.1

2018-01-14 Thread Ralph Wetzel 
Good evening!

 

I've released today v4.1 of The Onion Box, the web interface to monitor your Tor nodes in action.

 

Some bugs have been fixed, and the whole package was adapted to be installable from PyPI, the Python Package Index!

Thus there's no longer the need to grab the latest version from GitHub & manually install it and all dependencies. Just do a 'pip install theonionbox' (preferably within a Python Virtual Environment) ... and the installation procedure commences.

Those changes - as well as the procedure to create a virtualenv - are reflected in the new Getting Started chapter of the reworked README.

 


To check for further details follow www.theonionbox.com - which will lead you to the GitHub repository.

Give it a try! I'm looking forward receiving your feedback and answering your questions.

 

Best Regards,

 

Ralph

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Release 0.3.2.9 "expert bundle" for Win x64 available?

2018-01-14 Thread teor 

> On 14 Jan 2018, at 23:32, Peter Ott  wrote:
> 
> Hi,
> is there already a built for the new stable 0.3.2.9  “expert bundle” Win x64 
> available or any idea when it will be distributed?

The Windows expert bundles are built at the same time as Tor Browser releases.

You can find them under the Tor Browser release directories here:
https://dist.torproject.org/torbrowser/

They are called:
tor-win{32,64}-*version*.zip

At the moment, 0.3.1.9 and 0.3.2.7-rc are available in the stable and alpha 
series.
The next Tor Browser releases should include 0.3.2.9 and possibly 0.3.3.1-alpha.

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tried to establish rendezvous on non-OR circuit

2018-01-14 Thread niftybunny 
No, you are fine.

> On 14. Jan 2018, at 21:04, TorGate  wrote:
> 
> Hi to all,
> is this a problem :-)
> 
>  [WARN] Tried to establish rendezvous on non-OR circuit with purpose Acting 
> as rendevous (pending)  [9 duplicates
>hidden]
>  18:34:
> 
> and
> 
> [WARN] Tried to establish rendezvous on non-OR circuit with purpose Acting as 
> rendevous (pending)  [13 duplicates
>   
> 
> TorGate
> torgate(at)linux-hus.dk 
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Tried to establish rendezvous on non-OR circuit

2018-01-14 Thread TorGate 
Hi to all,
is this a problem :-)

 [WARN] Tried to establish rendezvous on non-OR circuit with purpose Acting as 
rendevous (pending)  [9 duplicates
   hidden]
 18:34:

and

[WARN] Tried to establish rendezvous on non-OR circuit with purpose Acting as 
rendevous (pending)  [13 duplicates


TorGate
torgate(at)linux-hus.dk





signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] nyx no connections shown

2018-01-14 Thread TorGate 
is working again :-)

> Am 14.01.2018 um 16:39 schrieb TorGate :
> 
> I have also restartet tor but isnt working.
> There are no connections shown.
> 
> system is freebsd and py2.7
> 
> Ideas ???
> 
>> Am 14.01.2018 um 12:26 schrieb TorGate > >:
>> 
>> Hi, i have 2 new relais running and have also installed nyx.
>> When i go to the page 2 in nyx is there no connection.
>> But my network show me over 4000 tor connections .
>> 
>> What is the issue with nyx on my torservers ?
>> 
>> TorGate
>> torgate(at)linux-hus.dk 
>> 
>> 
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> TorGate
> torgate(at)linux-hus.dk 
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

TorGate
torgate(at)linux-hus.dk





signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] nyx no connections shown

2018-01-14 Thread TorGate 
I have also restartet tor but isnt working.
There are no connections shown.

system is freebsd and py2.7

Ideas ???

> Am 14.01.2018 um 12:26 schrieb TorGate :
> 
> Hi, i have 2 new relais running and have also installed nyx.
> When i go to the page 2 in nyx is there no connection.
> But my network show me over 4000 tor connections .
> 
> What is the issue with nyx on my torservers ?
> 
> TorGate
> torgate(at)linux-hus.dk 
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

TorGate
torgate(at)linux-hus.dk





signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

2018-01-14 Thread nusenu 


Charly Ghislain:
> If my relay running at ip A is also available, although not advertised, at
> ip B, should I bother with MyFamily settings?
> 
> This may happen if the relay is running as service in a docker swarm.
If only one of your relays in consensus you do not need to set MyFamily.
If you have more than one relay in consensus MyFamily is required.

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] MyFamily and ContactInfo fields are required for operators running multiple tor instances

2018-01-14 Thread Charly Ghislain 
If my relay running at ip A is also available, although not advertised, at
ip B, should I bother with MyFamily settings?

This may happen if the relay is running as service in a docker swarm.

On Thu, Jan 11, 2018 at 9:11 PM, Dmitrii Tcvetkov 
wrote:

> On Thu, 11 Jan 2018 21:02:42 +0100
> Sebastian Hahn  wrote:
>
> > > On 11. Jan 2018, at 20:44, Dmitrii Tcvetkov 
> > > wrote:
> > >>>MyFamily **must** be set correctly if you run more than one
> > >>> relay or bridge. (That is, every relay should list all the others
> > >>> as described above.)
> > >
> > > So if I run some relays and also some bridges I must to specify
> > > unhashed fingerprints of the bridges in MyFamily in configs of all
> > > my relays?
> >
> > No. That's harmful. Never list bridge fingerprints in MyFamily. I have
> > reopened the closed bug report[0] because the man page now gives this
> > harmful advice (and actually contradicts itself). Let's hope it gets
> > fixed quickly.
> >
> > [0]: https://trac.torproject.org/projects/tor/ticket/24526
> >
>
> Yeah, thats why I asked. Thanks for the answer.
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Release 0.3.2.9 "expert bundle" for Win x64 available?

2018-01-14 Thread Peter Ott 


smime.p7m
Description: S/MIME encrypted message
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] AS "sprint S.A."

2018-01-14 Thread nusenu 
I'm proposing to remove these 5 exit relays as per the new contactInfo/MyFamily 
requirements,
most of them signed up at the same time, use the same tor version and have the 
same exit policy.

(I'm CC'ing tor-relays so the operator has a chance to see and react to this 
email as well)

+-+--+-+--+-+-+
| first_seen  | fingerprint  | tor_version 
| nickname | or_port | contact |
+-+--+-+--+-+-+
| 2018-01-09 13:00:00 | AC3F8121574050C595FED8ED44CEA2DCD75F9BAF | 0.2.4.29
| lacheses |9001 | NULL|
| 2018-01-13 20:00:00 | 9A90F846871641CB97C70B948963FCA3F7486E5A | 0.2.4.29
| Glaucus  |9001 | NULL|
| 2018-01-13 20:00:00 | AF2B2D9A7C33E23C02A3AEA917DDC86663EBEF2A | 0.2.4.29
| Hemera   |9001 | NULL|
| 2018-01-13 20:00:00 | E92D860BE6E3460ECB02E37A11DDEF87461EE08B | 0.2.4.29
| Demeter  |9001 | NULL|
| 2018-01-13 21:00:00 | 0AE3AC492B709AA851488D01B1AD1EDFC040947F | 0.2.4.29
| Enyo |9001 | NULL|
+-+--+-+--+-+-+

ornetra...@riseup.net:
> 2018-01-13
> 
> |   Up |   Ext | JoinTime   | IP | CC   |   ORp |   Dirp | 
> Version   | Contact   | Nickname   |   eFamMembers |
> |--+---+++--+---++---+---++---|
> |1 | 1 | 19:43:55   | 195.22.125.135 | pl   |  9001 |  0 | 
> 0.2.4.29  | None  | Demeter| 1 |
> |1 | 1 | 19:44:06   | 195.22.125.141 | pl   |  9001 |  0 | 
> 0.2.4.29  | None  | Glaucus| 1 |
> |1 | 1 | 19:44:10   | 195.22.125.144 | pl   |  9001 |  0 | 
> 0.2.4.29  | None  | Hemera | 1 |
> |1 | 1 | 19:45:23   | 195.22.125.137 | pl   |  9001 |  0 | 
> 0.2.4.29  | None  | Enyo   | 1 |
> 
> https://nusenu.github.io/OrNetRadar/2018/01/13/a2


-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] >30% of the Tor network runs outdated version: Consider enabling auto-updates

2018-01-14 Thread Sebastian Hahn 

> On 14. Jan 2018, at 10:56, Ralph Seichter  wrote:
> 
> On 12.01.2018 17:05, nusenu wrote:
> 
>> The motivation for this is that there are a lot of relays (>3000)
>> running outdated tor releases.
> 
> This reminds me that I wanted to ask about package updates:
> 
> I compile Tor from the source code on my Gentoo based relays, so after
> the announcement of stable release 0.3.2.9 those relays were updated on
> the same day, just like earlier releases. However, some of my relays use
> Debian 8 "Jessie" with a limited package set (i.e. no compiler), and
> apt-get is not yet listing the new Tor release. Would it be possible for
> package maintainers to announce update availability via the tor-announce
> mailing list?

Use something like cron-apt to get notifications of newly available
updates (or install them automatically).

Cheers
Sebastian
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] nyx no connections shown

2018-01-14 Thread TorGate 
Hi, i have 2 new relais running and have also installed nyx.
When i go to the page 2 in nyx is there no connection.
But my network show me over 4000 tor connections .

What is the issue with nyx on my torservers ?

TorGate
torgate(at)linux-hus.dk





signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] >30% of the Tor network runs outdated version: Consider enabling auto-updates

2018-01-14 Thread Ralph Seichter 
On 12.01.2018 17:05, nusenu wrote:

> The motivation for this is that there are a lot of relays (>3000)
> running outdated tor releases.

This reminds me that I wanted to ask about package updates:

I compile Tor from the source code on my Gentoo based relays, so after
the announcement of stable release 0.3.2.9 those relays were updated on
the same day, just like earlier releases. However, some of my relays use
Debian 8 "Jessie" with a limited package set (i.e. no compiler), and
apt-get is not yet listing the new Tor release. Would it be possible for
package maintainers to announce update availability via the tor-announce
mailing list?

-Ralph
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays