September 2017 - tor-relays - lists.torproject.org

ansible-relayor, how to ?
by Petrusko 01 Apr '18

01 Apr '18

Hey! I'm planning to try the "ansible-relayor" to deploy some Tor relay instances. If I'm not wrong, it's a main goal ? 2 instances / IP... (soooory for being really noob about this!!!) But I'm lost... not found a tutorial, step by step, you know the tutorial so loved by all noobs! For now, on a fresh Debian8 install, there are : - tor 0.2.9.8 (fresh install from depo, client is ok when opening log file) - ansible - ansible-galaxy install nusenu.relayor - git clone https://github.com/nusenu/ansible-relayor (the folder is stored in my /home...) Will it configure (automatically) many torrc file per instance ? +every key files /relay ? (I'm not too much lost!) Do have I to do this install on every server built ? Or relayor can manage few servers on different locations ? Command lines list use this tool if available ? Many thx for help !!! (and hard work for this tool :) -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5

6 9

Monitoring multiple relays
by Xza 01 Nov '17

01 Nov '17

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I have a couple relays / exits running. Now my question is : how do you manage them is there any dashboard or CLI tools to manage them ( statistics, ect.. ) I know the cli tool specially for Tor "arm" Thanks alot. - -- PGP : 29A4CE52 -----BEGIN PGP SIGNATURE----- iQI4BAEBCgAiGxxEbyA8eWFuZGVyZXNvbkByaXNldXAubmV0PgUCV0SJlwAKCRBI of/XNyszSvv/D/9VtjI+bmiqK53v//StUbmpYjgQjYheYvwktFld+2XDURh52dmU sbk3lab2RS1eQJxjV0BVXMF9O2JUAlp4NA2UMpj8ZJlCk0h1S6p2o4/sAlsrHr8Z nb67HiaRIyEvi9cQiXFtDtK/onAkEuKskolyvh3ysJRRUubHSX1z8WuNJIc4xyGH ZpSLPGUOO6qI7mM8ztS0muEy1khmkHgtlyHi2l4K/NsW3I90cV3w6Db2AEnV6v1c tsfehqLExsHUdEo0U3hHU7yY1p2fzD5Z+C0tgVKTnP5Zus/Vr9OH/zFwxneo0E7a 5FHdnCZnNIG9W32uQgjDdmBEv/YFEd0um/vMWFGUehFANSt+DIps7E+AjwiJwm2i ov97JJurQkrSMX7ZchTEsy720Ju272olp2eDiHaXXTK2TkxcEq+d1gZfj7CXycPW 6mCrj6L6URJAZ34GJQfFFjv8QbFmKkAvGhxl/O8KXRbXxedbLH7PY73jmFjJcmxO +KnSeyqMe1KbzazYyFydP+VmgI2k1IlO89l8Jq1Gq9f2KOPY9UKFZjGDKLS0xGZW EnqU/KUINcrGejYFT8nYNxA+OFTd/ZGIX5qP4Vo5NsZ/pDLZjdxIcvHx1jjZbER+ 5Ku2bihm2KTNAGoYDqB3LGCm+QdEFG/p573xQCcXPk92GyhMJDi9EMPDgA== =mTa0 -----END PGP SIGNATURE-----

8 8

Re: [tor-relays] Tor exit nodes attacking SSH?
by me＠eugenemolotov.ru 08 Oct '17

08 Oct '17

On 08/08/2017 01:48 PM, Steven Chamberlain wrote: > Further investigation shows that this happens for any destination IP > address, even where there's no SSH service running: Make a "trap" ssh server (for example on virtualbox machine without any sensitive data) and log in into it through tsocks. After that check from which ip it was logged in. This probably would be ip of the exit node.

5 4

About relay size
by IPonU 08 Oct '17

08 Oct '17

Hi Tor list, I'm already running a small exit node (100Mbps bandwidth) and I'm ready to spend more money on it, so have a question for you guys : Is it better if I run other small ones (100Mbps too) or only 1 big exit relay (1 Gbps) ? What's best for the network stability/security ? Thanks a lot IPonU

13 34

More recent rpm somewhere?
by Patrick DERWAEL 07 Oct '17

07 Oct '17

Hi folks, I'm running a few relays on CentOS 7 As I'm sticking to the ease of rpm distributions, I'm left behind on 0.2.9.10 from EPEL Does anyone know of another rpm repository with a more up to date version ? Thanks! Patrick

5 7

Relay uptime versus outdated Tor version
by K. Besig 02 Oct '17

02 Oct '17

One of my relays has over 416 days of uptime, which I'm very proud of, however it's running an outdated version of Tor. I should probably already know the answer, but it seems to me I would have to stop the tor service to update the relay. Would I in fact lose my uptime or would it be seamless? Thanks for the response

14 21

bwauths doesn't reach reliable my relay
by Toralf Förster 30 Sep '17

30 Sep '17

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I do wonder why both longclaw and Faravahar seems since few days not to reach my relays 1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA and 6EABEBF38CE7E3DF672C4DB01383606FE3EB2215 respectively - resulting in a bw value of 20. B/c I switched to version 0.3.1.7 I do wonder if this could be the culprit ? - -- Toralf PGP C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWcwE1BccdG9yYWxmLmZv ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTik4AP4ubRPDKm3jz73xGXmNAhupWarC 9pVPhRNqoD19jgpbGwD/QUnYKHIpbV4983kVMBjr9vbt2zwHRwmT0o+YMFJEVws= =NYwf -----END PGP SIGNATURE-----

3 6

Re: [tor-relays] About relay size
by Dhalgren Tor 30 Sep '17

30 Sep '17

FWIW I run a 100TB (150mbps) exit and am convinced that this size provides better quality exit connectivity than the highest ranked monster bandwidth relays. The biggest relays attract the greatest blacklist treatment due to the volume of abuse emanating from them. As a user of Tor I frequently observe connection attempts commencing with a handful of top-rated relays, only to work down to a mid-bandwidth relay such as mine before successfully completing. For this reason I would like to see the exit selection algorithm bias somewhat away from relays rated over 50000. Is annoying to wait 30 seconds for the discovery of a usable path. Hard 100mbps connections will be easier to manage than the 100TB class of service, as the latter is usually over a 1GB link with a FUP (fair use policy) associated with it and extravagant surcharges for exceeding the limit. ________________________________ >Hi Tor list, > >I'm already running a small exit node (100Mbps bandwidth) and I'm ready >to spend more money on it, so have a question for you guys : > >Is it better if I run other small ones (100Mbps too) or only 1 big exit >relay (1 Gbps) ? What's best for the network stability/security ? > >Thanks a lot > >IPonU

1 0

Info about HW Encryption on Raspberry
by Fr33d0m4all 29 Sep '17

29 Sep '17

Hi, I have a Raspberry Pi3 that runs a Tor mid-relay and I’ve noticed that in the last weeks it reaches high temperatures (about 76°C) due to high CPU usage when Tor traffic increases. It did not reach this temperature until this summer (but it is not due to an higher environment temperature), so I don’t know if it can be related to 0.3 version. Now I’m running Tor 0.3.1.7. Should Tor 0.3.x use Raspberry Pi3 AES-NI hardware acceleration to reduce high cpu usage? Is there a way to check and enable it if disabled? # openssl speed -evp aes-256-cbc Doing aes-256-cbc for 3s on 16 size blocks: 5560204 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 1631984 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 425826 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 107776 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 13489 aes-256-cbc's in 3.00s OpenSSL 1.0.1t 3 May 2016 built on: Fri Jan 27 22:44:27 2017 options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 29654.42k 34815.66k 36337.15k 36787.54k 36833.96k Best regards, Fr33d0m4All

2 1

NTor
by Sebastian Urbach 29 Sep '17

29 Sep '17

Dear List, I just noticed an increase from 670k to 8.8 million NTor handshakes. CPU load reached the limit and Consensus Weight dropped. Something is going around ... https://atlas.torproject.org/#details/4198BD138E5E11B15B05C826B427148CED7D9… -- Sincerely yours / M.f.G. / Sincères salutations Sebastian Urbach --------------------------------------------------------------------------- Those who surrender freedom for security will not have, nor do they deserve, either one. --------------------------------------------------------------------------- Benjamin Franklin (1706-1790)

1 0