August 2016 - tor-relays - lists.torproject.org

Local DNS on Exit logs failed user queries
by teor 18 Aug '16

18 Aug '16

Hi, When I set up a Tor Exit, I set up a local resolver (BIND) as a cache. Today, I was monitoring the syslog, and I noticed that BIND logs DNS names when resolution fails. (I have since removed these entries from the logs.) One way to prevent this is to disable logging on BIND entirely: logging { category default { null; }; }; Another is to isolate the categories that log DNS names, and disable them individually: logging { // these categories log DNS names category dnssec { null; }; category edns-disabled { null; }; category lame-servers { null; }; category resolver { null; }; category security { null; }; // also ignore uncategorised log messages category unmatched { null; }; }; I've updated the Tor wiki page on BIND with this configuration: https://trac.torproject.org/projects/tor/wiki/doc/BIND Does anyone know how to work out all the BIND categories that log DNS names? (All of the documentation I found online was helping people log *every* DNS query.) Or is it safer just to log a few essential categories? (Can anyone recommend any?) Has anyone checked if the logs on other resolvers (like unbound) have the same issue? Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org

4 4

Web server and TOR bridge at same IP:port
by Alen Hiew 17 Aug '16

17 Aug '16

Hello, listers! Is it possible to configure on own physical server a https Web server (for ex., Apache) at port 443 and obfs4 or meek bridge at same static global IP address and same port 443? It's something like SNI, not for two TLS web sites with different domain names at same IP but for web site on web server and TOR bridge. If this is possible it will be good masking for bridge because on others' requests this server will reply as simple https web server. As i understand, it will be difficult for observer without keys to distinguish encrypted bridge traffic from TLS-encrypted web traffic. If this is possible, can anyone tell about configuration manual/hits for this? WBR, Alan Hiew.

5 4

[WARN] Remote server sent bogus reason code 65021
by pa011 16 Aug '16

16 Aug '16

Just established a new Exit with two instances on (Linux 3.16.0-4-amd64) ,Tor 0.2.8.6 On the second instance I get these warnings: [WARN] Remote server sent bogus reason code 65021 [21 duplicates hidden] [WARN] Remote server sent bogus reason code 65023 [95 duplicates hidden] [NOTICE] Have tried resolving or connecting to address '[scrubbed]' at 3 different places. Giving up. [40 duplicates hidden] The code65023 is ticking up by one in about 10 seconds? The default instance is free of that. Anything to worry about? Thanks Paul

1 1

A question about transfer - any advice?
by Charon 16 Aug '16

16 Aug '16

I'm running a Tor relay and everything is going great so far, but since I'm hosting on a commercial VPS, I have limited transfer (1 TB per month, overage: $0.02/GB). As such, I've set accounting to 10 GB per day so I'll at most use 620 GB in any given month and don't have to pay any overage costs. Q1: can I increase this limit without paying extra? I'm seeing that this 10 GB is hit very quickly, today within 9 hours. Q2: how can I adjust the bandwidth limit (80 Mb/s, burst 160 Mb/s) so that this 10 GB is more spread out over the day? Would it help to make this, say, 20 or 40 Mb/s? Thanks! Ps: if I haven't supplied sufficient details, please feel free to ask

2 1

Re: [tor-relays] Pi3 mid relay dropping lil bit of packets
by Pi3 16 Aug '16

16 Aug '16

Hmm I just noticed that systemd HUPs tor exactly every 24h and now I have 16 packets lost with 30gb relayed. Can this be the cause? Is there a way to log these drops without putting too much load on ram/cpu? Just to have a timestamp?

1 0

Re: [tor-relays] Pi3 mid relay dropping lil bit of packets
by Pi3 16 Aug '16

16 Aug '16

Ok thank you for replies, will keep an eye on this. On Tue, Aug 16, 2016 at 6:11 AM, Green Dream <greendream848(a)gmail.com> wrote: Counter-point... transmission errors are not a certainty: RX packets:323526978271 errors:0 dropped:0 overruns:0 frame:0 TX packets:249565709357 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:285274358053849 (285.2 TB) TX bytes:287754558279252 (287.7 TB) Ideally there should be no errors. :) 11 dropped packets isn't a big deal, but I wouldn't be quick to dismiss these errors by default. In certain cases things might be improved with driver updates, or sysctl tweaks, or a new ethernet cable, etc. _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

1 0

spelling mistake
by I 16 Aug '16

16 Aug '16

2 1

Pi3 mid relay dropping lil bit of packets
by Pi3 16 Aug '16

16 Aug '16

Hello, I just started running my little 5 mbits mid relay on Pi3 on raspbian and all seems to be dandy, it picked traffic nicely, hovering around 700-800 total connections, its not unusual to see it pushing full advertised bandwidth during peak hours (with ~20-25% load on 1 core, multithread pls come already), tldr so far nice. Except with 3days uptime and 20 gigs of data relayed ifconfig shows 11 (eleven) packets dropped on eth0. Google says it can be ring buffer on NIC getting full, but ethtool -g eth0 says Ring parameters for eth0: Cannot get device ring settings: Operation not supported ethtool -S eth0 = no stats available Htop avg load is 0.30, tor uses 121/950mb of ram. Im running standard conntrack cstate established related iptable rule with default drop. Pi3 is in LAN behind modem nat. It worries me because if I get more consensus, drops will probably go up. I didnt apply any sysctl tweaks. Using official deb NIC is Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter and its internally connected to usb2 by design - it shows under lsusb. ethtool says 100Mb/s full duplex. Tor log is clean with only heartbeat in it, syslog seemed ok also if I didnt miss anything. Or is it so marginal I should forget about it? Im not sure what should I do about it, any suggestions are welcomed. Thanks

4 3

obfs4 - git how to ?
by Petrusko 15 Aug '16

15 Aug '16

Trying to use obfs4 from git on a test bridge : With "root" user: cd /home/TEST git clone https://git.torproject.org/pluggable-transports/obfs4.git ln -s /home/TEST/obfs4/obfs4proxy /usr/bin/obfs4proxy torrc file : [...] ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed ServerTransportListenAddr obfs4 0.0.0.0:48001 In the log when starting Tor : [...] [warn] Could not launch managed proxy executable at '/usr/bin/obfs4proxy' ('Permission denied'). [...] Tor is still working and is connected to the network... Humm, I think I've not understand how to use this source, and how to manage it ?! Thx for you help :) -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5

4 4

Re: [tor-relays] Pi3 mid relay dropping lil bit of packets
by Tristan 15 Aug '16

15 Aug '16

Personal opinion here: 11 packets dropped on 20GB of data sounds pretty small, and these packets might not even be from Tor. Literally any network service could have dropped those packets (ntp, ssh, updates, etc.) I wouldn't worry about it unless it starts to dramatically increase. On Aug 15, 2016 1:08 PM, "Pi3" <tor-relays(a)mixbox.pl> wrote: Hello, I just started running my little 5 mbits mid relay on Pi3 on raspbian and all seems to be dandy, it picked traffic nicely, hovering around 700-800 total connections, its not unusual to see it pushing full advertised bandwidth during peak hours (with ~20-25% load on 1 core, multithread pls come already), tldr so far nice. Except with 3days uptime and 20 gigs of data relayed ifconfig shows 11 (eleven) packets dropped on eth0. Google says it can be ring buffer on NIC getting full, but ethtool -g eth0 says Ring parameters for eth0: Cannot get device ring settings: Operation not supported ethtool -S eth0 = no stats available Htop avg load is 0.30, tor uses 121/950mb of ram. Im running standard conntrack cstate established related iptable rule with default drop. Pi3 is in LAN behind modem nat. It worries me because if I get more consensus, drops will probably go up. I didnt apply any sysctl tweaks. Using official deb NIC is Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter and its internally connected to usb2 by design - it shows under lsusb. ethtool says 100Mb/s full duplex. Tor log is clean with only heartbeat in it, syslog seemed ok also if I didnt miss anything. Or is it so marginal I should forget about it? Im not sure what should I do about it, any suggestions are welcomed. Thanks _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

2 1