August 2017 - tor-relays - lists.torproject.org

Fallback directory mirror DFRI7 is dead
by Linus Nordberg 25 Aug '17

25 Aug '17

Hi teor, Fallback directory mirror DFRI7 [0] is down, due to multiple disk krashes, since about 30h and will not come alive with the same key. [0] 171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576 A new DFRI7 will appear on the same address and port within a couple of days. Should I simply update fallback_dirs.inc?

3 3

Tor Install Error
by Kurt Besig 24 Aug '17

24 Aug '17

While using apt-get to update my tor relay to a 'recommended' version I keep encountering this error: W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.torproject.org trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 74A941BA219EC810 W: Failed to fetch http://deb.torproject.org/torproject.org/dists/trusty/InRelease I've read several approaches to remedying this error, however I'm wondering what would be the 'most widely accepted as correct' method of dealing with the error? Thanks

2 1

OR banned?
by Marcus Danilo Leite Rodrigues 24 Aug '17

24 Aug '17

Hello. I was running a Tor Relay for the past month (fingerprint 71BEBB61D0D35234D57087D035F12971FA315168) at my university and it seems that it got banned somehow. I got messages on my log like the following: http status 400 ("Fingerprint is marked rejected -- please contact us?") response from dirserver '171.25.193.9:443'. Please correct. I was hoping to get some information regarding this ban and how I could correct whatever was done wrong in order to get my relay up and running again. Best wishes, Marcus Rodrigues.

3 3

Any IP allocations available out there?
by Paul Templeton 24 Aug '17

24 Aug '17

Thanx to all here on the list for input to earlier posts. Helped a lot. Question I have is there anywhere where you can get a block of IP address or lease as I'm in the process of getting a 10/10Mb SHDSL service(No flaming data cap :-)) here in AU but I want an IP range that abuse questions can be forwarded to me. The service provider doesn't provide ARIN registration but said if I have my own block I can update the BG and manage it my self. Regards, Paul PS - the best price I can do at the moment is $550pm - *SIGH* - but worth it.

4 4

Re: [tor-relays] Any IP allocations available out there?
by Paul Templeton 24 Aug '17

24 Aug '17

OVH has this in AU 5.9 For security reasons, OVH reserves the right to proceed with the immediate suspension without notice, of any Server on which there is a public service Proxy, IRC, VPN or TOR which is available free of charge or for a fee, and for which OVH has knowledge of its fraudulent or illegal misuse. > with Tor's overall architecture, does it really make sense to > route e.g. EU clients exiting to EU destinations, True - Wanted to add to the diversity in location and OS. Will look at other jurisdictions for better service... Still looking but so far all have data caps. I really want a decent exit node here in AU but getting perplexed. I'll sleep on it... Paul

2 1

Re: [tor-relays] Any IP allocations available out there?
by Paul Templeton 24 Aug '17

24 Aug '17

Thanx niftybunny, It's more political than anything. With the constant changes in policy driving censorship I feel that having a strong presence is important. At the moment there are 50 nodes in Australia with the fastest running at 357Kbs and only two exit nodes - fastest is 100Kbs. Its a reflection on the state of politics and the level of service that is provided by ISP's. Yes I could run more nodes in VMs around the world but at this stage I would like to investigate a strong presence here in AU. Regards, Paul ----- Original Message ----- From: "niftybunny" <abuse(a)to-surf-and-protect.net> To: tor-relays(a)lists.torproject.org Sent: Thursday, August 24, 2017 10:41:12 AM Subject: Re: [tor-relays] Any IP allocations available out there? The smallest block you can advertise with your own AD is a /24 as far as I know. Getting a IPv4 /24 is …. expensive and hard to get. If you are not incredible rich and very tech savvy and a hardcore Tor supporter: Forget it. Get yourself a few virtual servers. niftybunny “For too long, we have been a passively tolerant society, saying to our citizens 'as long as you obey the law, we will leave you alone'” --David Cameron, 2015 On 24. Aug 2017, at 02:29, Paul Templeton < paul(a)coffswifi.net > wrote: Thanx to all here on the list for input to earlier posts. Helped a lot. Question I have is there anywhere where you can get a block of IP address or lease as I'm in the process of getting a 10/10Mb SHDSL service(No flaming data cap :-)) here in AU but I want an IP range that abuse questions can be forwarded to me. The service provider doesn't provide ARIN registration but said if I have my own block I can update the BG and manage it my self. Regards, Paul PS - the best price I can do at the moment is $550pm - *SIGH* - but worth it. _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

2 1

Unable to compile Tor
by Alan 23 Aug '17

23 Aug '17

Up until now i've relied on updating Tor using yum update but the version on the repos is currently 0.2.9.10 . Arm reports this as unrecommended, so compiling from source looks to be the only option. I pulled down 0.3.0.10, untarred and ran ./configure && make I get these errors-- ---------------------------- In file included from src/common/tortls.c:52:0: src/common/tortls.h:140:15: error: conflicting types for SSL_SESSION_get_master_key STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, ^ In file included from src/common/tortls.c:40:0: /usr/local/include/openssl/ssl.h:1725:15: note: previous declaration of SSL_SESSION_get_master_key was here __owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl, ^ src/common/tortls.c: In function find_cipher_by_id: src/common/tortls.c:1331:21: warning: unused variable c [-Wunused-variable] const SSL_CIPHER *c; ^ src/common/tortls.c: In function tor_tls_client_is_using_v2_ciphers: src/common/tortls.c:1508:20: error: dereferencing pointer to incomplete type ciphers = session->ciphers; ^ src/common/tortls.c: At top level: src/common/tortls.c:2402:1: error: conflicting types for SSL_get_client_random SSL_get_client_random(SSL *s, uint8_t *out, size_t len) ^ In file included from src/common/tortls.c:40:0: /usr/local/include/openssl/ssl.h:1721:15: note: previous declaration of SSL_get_client_random was here __owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, ^ In file included from src/common/tortls.c:27:0: src/common/tortls.c: In function SSL_get_client_random: src/common/tortls.c:2407:15: error: dereferencing pointer to incomplete type tor_assert(s->s3); ^ src/common/compat.h:196:51: note: in definition of macro PREDICT_UNLIKELY #define PREDICT_UNLIKELY(exp) __builtin_expect(!!(exp), 0) ^ src/common/tortls.c:2407:3: note: in expansion of macro tor_assert tor_assert(s->s3); ^ src/common/tortls.c:2408:16: error: dereferencing pointer to incomplete type memcpy(out, s->s3->client_random, len); ^ src/common/tortls.c: At top level: src/common/tortls.c:2415:1: error: conflicting types for SSL_get_server_random SSL_get_server_random(SSL *s, uint8_t *out, size_t len) ^ In file included from src/common/tortls.c:40:0: /usr/local/include/openssl/ssl.h:1723:15: note: previous declaration of SSL_get_server_random was here __owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, ^ In file included from src/common/tortls.c:27:0: src/common/tortls.c: In function SSL_get_server_random: src/common/tortls.c:2420:15: error: dereferencing pointer to incomplete type tor_assert(s->s3); ^ src/common/compat.h:196:51: note: in definition of macro PREDICT_UNLIKELY #define PREDICT_UNLIKELY(exp) __builtin_expect(!!(exp), 0) ^ src/common/tortls.c:2420:3: note: in expansion of macro tor_assert tor_assert(s->s3); ^ src/common/tortls.c:2421:16: error: dereferencing pointer to incomplete type memcpy(out, s->s3->server_random, len); ^ src/common/tortls.c: In function SSL_SESSION_get_master_key: src/common/tortls.c:2432:13: error: dereferencing pointer to incomplete type return s->master_key_length; ^ In file included from src/common/tortls.c:27:0: src/common/tortls.c:2433:30: error: dereferencing pointer to incomplete type tor_assert(len == (size_t)s->master_key_length); ^ src/common/compat.h:196:51: note: in definition of macro PREDICT_UNLIKELY #define PREDICT_UNLIKELY(exp) __builtin_expect(!!(exp), 0) ^ src/common/tortls.c:2433:3: note: in expansion of macro tor_assert tor_assert(len == (size_t)s->master_key_length); ^ src/common/tortls.c:2435:16: error: dereferencing pointer to incomplete type memcpy(out, s->master_key, len); ^ make[1]: *** [src/common/tortls.o] Error 1 make[1]: Leaving directory `/root/tor-0.3.0.10' make: *** [all] Error 2 ---------------------------- I'm running on Centos 7 Alan

2 1

Bandwidth Question
by Torix 22 Aug '17

22 Aug '17

Dear List, I run a middle node at home. I jacked up my bandwidth from 300/500 KB to 500/700 KB a fortnight ago, and my usage has more than doubled. I run it on Verizon FIOS at home; I'm looking at about 650-750 G/month estimate now from vnstat. I read that Verizon starts to take notice if I get to a TB/month, so I am asking for advice on easing this back if necessary. I can limit the daily bandwidth - or can I just ease down the bandwidth? Clearly each time I increased the bandwidth I got more connexions; would they drop off if I went back to my old bandwidth? I'm a little unclear how long it would take other relays to attach to other middle relays once they have found mine. The more general question behind this is: is it better to have a higher bandwidth for a limited time each day or a lower bandwidth up all day? Sent with [ProtonMail](https://protonmail.com) Secure Email.

2 1

outdated key files in ./keys ?
by Toralf Förster 22 Aug '17

22 Aug '17

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I do wonder if I do still need all of these files at my exit relay with verion 0.3.1.5-alpha ? $> ls keys/ ed25519_master_id_public_key ed25519_signing_secret_key secret_onion_key_ntor ed25519_master_id_secret_key secret_id_key secret_onion_key_ntor.old ed25519_signing_cert secret_onion_key secret_onion_key.old - -- Toralf PGP C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZdBBxccdG9yYWxmLmZv ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTiqVAP0VYBto7mkqOnSirkklCU/EiiV0 CV06fXxqH8KDzW3wAwD+P/O6+gs/LEPLhP7OFo9XbgzyO2zrElusqDhPU/kSzCw= =nzsU -----END PGP SIGNATURE-----

2 1

Does fallback directory traffic go over the ORPort?
by tor 22 Aug '17

22 Aug '17

In another thread, Roger said: > Note that most clients use the ORPort for fetching directory stuff, and > that's heading towards "all clients" as people upgrade and stop using weird > configurations. I'm curious about the 100+ fallback directory mirrors. Does fallback directory traffic go over the ORPort too? Is it safe to disable the DirPort on fallback relays?

2 1