tor-relays May 2017

tor-relays@lists.torproject.org

57 participants
39 discussions

ansible-relayor, how to ?
by Petrusko 01 Apr '18

01 Apr '18

Hey! I'm planning to try the "ansible-relayor" to deploy some Tor relay instances. If I'm not wrong, it's a main goal ? 2 instances / IP... (soooory for being really noob about this!!!) But I'm lost... not found a tutorial, step by step, you know the tutorial so loved by all noobs! For now, on a fresh Debian8 install, there are : - tor 0.2.9.8 (fresh install from depo, client is ok when opening log file) - ansible - ansible-galaxy install nusenu.relayor - git clone https://github.com/nusenu/… [View More]

6 9

Monitoring multiple relays
by Xza 01 Nov '17

01 Nov '17

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I have a couple relays / exits running. Now my question is : how do you manage them is there any dashboard or CLI tools to manage them ( statistics, ect.. ) I know the cli tool specially for Tor "arm" Thanks alot. - -- PGP : 29A4CE52 -----BEGIN PGP SIGNATURE----- iQI4BAEBCgAiGxxEbyA8eWFuZGVyZXNvbkByaXNldXAubmV0PgUCV0SJlwAKCRBI of/XNyszSvv/D/9VtjI+bmiqK53v//StUbmpYjgQjYheYvwktFld+2XDURh52dmU … [View More]

8 8

GeoIP file
by Ian Zimmerman 29 Jun '17

29 Jun '17

How does the tor daemon read the GeoIP database file? Does it read the whole file once when starting up, or every time it needs to resolve an IP, or something in between (say, it builds an index in memory on startup and then seeks to locations in the file when looking up)? I am asking because I want to know if I need to restart, SIGHUP or in some other way kick the daemon after I install a new GeoIP file into place. -- Please *no* private Cc: on mailing lists and newsgroups Personal signed … [View More]

3 4

Who is running the two biggest Exits in the network?
by Paul 01 Jun '17

01 Jun '17

Since about mid April there are just two similar Exits making up now about 4.5% exit probability together. Located in Panama, run in the okservers.net network, AS395978 ,they don’t give up any further information about themselves. Personally I would feel better at least having a contact or even better, knowing who is giving that much effort. Probably a MyFamily configuration should be placed as well? https://atlas.torproject.org/#details/29C92C854E0F6652A77F3A8B231D693299396… https://atlas.torproject.org/#details/2CA4B2F36C2DDECFCB0B5A0D3300ED30E68E2… Paul

6 10

Questions about OfflineMasterKey
by Cristian Consonni 01 Jun '17

01 Jun '17

Hi, On 18/05/2017 10:45, nusenu wrote:>> Currently, my server hosting kitten1 and kitten2 (tor guard and fallback >> directory) is under seizure since 14/05 11h. butplease revoke >> immediatly kitten1 & kitten2 tor node. >> Those nodes are also fallback directory. > > I don't know any context or background but if you fear this could happen end to use tor's OfflineMasterKey feature (without > copying the master key to the server) with a short keylifetime (i.… [View More]e. 7 > days), especially if it is a fallback dir > (which requires a tor source code change to remove it). This feature is interesting and I did not know about it. However, I have been reading the documentation page[1] and I have the impression that the more I read the less I understand how it works. If I look inside the DataDir of one of my relays - a standard Debian install - see this: ``` ed25519_master_id_public_key ed25519_master_id_secret_key ed25519_signing_cert ed25519_signing_secret_key secret_id_key secret_onion_key secret_onion_key_ntor secret_onion_key_ntor.old secret_onion_key.old ``` So, here some of the things I think I have understood: * Tor uses a ed25519 key to generate the other keys need to decrypt incoming traffic and route it to its next destination on the network. I don't know how this works in practice, but probably it is too much detail at the moment. * In the standard install the master key is the `ed25519_master_id_secret_key` above, which has no passphrase. * If in `torrc` we declare `OfflineMasterKey 1` then the `ed25519_master_id_secret_key` will not reside anymore on the relay but on a separate machine. * In the process of generating the master key (with the command `tor --keygen`, all the files above will be generated. * To run the node with `OfflineMasterKey 1` you need to copy all the files generated in the previous step *with the exception of the master key*. I had also a few questions: * is the above correct? * if I use the offline master key protected with a passphrase will I need to input the passphrase every time I restart Tor (I have in mind what Apache does when you restart it and have certificates protected with a passphrase)? * Assuming that I am going to use a separate machine to generate the master key I need to make sure that the version of Tor on the machine that I use to generate the key and the relay? Thanks for your help. Cristian [1]: https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineK… [View Less]

3 5

Encrypting the DataDir
by Cristian Consonni 31 May '17

31 May '17

On 15/05/2017 12:21, aeris wrote: > Private key are under encrypted volume and may be protected On 21/05/2017 10:02, Roger Dingledine wrote: > On Sun, May 21, 2017 at 09:12:39AM +0200, Petrusko wrote: >> @aeris, do they ask you to uncrypt the volume ? (good luck to you...) >> What can be the best ? Uncrypt the relay to help police when asking, >> when this relay is only a relay and storing nothing else ? > > That's actually why the torservers.net people suggest *… [View More]

5 6

reminder: tor 0.3.1.1-alpha is _not_ recommended (known bug)
by nusenu 31 May '17

31 May '17

Since there were only 8 relays running 0.3.1.1-alpha I didn't bother to state this here, but since the number is rising since yesterday I just wanted to remind you that tor 0.3.1.1-alpha contains a bug that makes this not a good version to use. In the worst case (unlikely) you would publish a limited amount of memory via your relay descriptor https://trac.torproject.org/projects/tor/ticket/22368#comment:7 https://trac.torproject.org/projects/tor/ticket/22378 Relays currently using tor 0.3.1.… [View More]

3 3

Question about circuit/path live time
by Olaf Grimm 31 May '17

31 May '17

Dear readers ! For my relays I looking for a torrc parameter to reduce the circuit live time from default of 10 minutes to about 5 minutes. My intension: I dont' know is the point of time to switch the path between relays synchronized. An overlap (or different switching time) will reduce the path live time to less than 10 minutes. This is ok for me, because the circuit analysis time for attackers is less than 10 minutes (traceroute...). Synchronized relays keeps a whole circuit path open for … [View More]

2 1

Neldoreth relay seized ?
by aeris 30 May '17

30 May '17

Dear Neldoreth relay’s operator, This day, we were informed of a Tor node seizure at FirstHeberg during the 13-14/05, related to Wanacry infection of the french company Renault. https://www.nextinpact.com/news/104398-wannacrypt-nud-tor-saisi-chez-firsth… FirstHeberg say the seized node was "traffic analyzed" during some times before being shuting down for content cloning and drive given to cops. They are at least 5 others relays seized under the same case at OVH and Online providers. … [View More]

3 2

New exit node best practices
by Isaac Grover, Aileron I.T. 29 May '17

29 May '17

Good evening, After many months of running a relay, I'm planning to establish up a family of exit nodes with geographically diverse VPS providers, shying away from the list of the most heavily used Tor friendly providers. Several questions: - Does establishing a family increase the risk of the nodes being taken down en masse? - Do you suggest providing ample contact information for the node directory, as opposed to little or none? - I'm being very upfront with sales@ regarding my purpose … [View More]

5 4

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays May 2017