July 2018 - tor-relays - lists.torproject.org

Become a Fallback Directory Mirror
by Colin Childs 14 Nov '18

14 Nov '18

Hello Tor Relay Operators, Do you want your relay to be a Tor fallback directory mirror? Will it have the same address and port for the next 2 years? Just reply to this email with your relay's fingerprint. If your relay is on the current list, you don't need to do anything. If you're asking: Q: What's a fallback directory mirror? Fallback directory mirrors help Tor clients connect to the network. For more details, see [1]. Q: Is my relay on the current list? Search [2] and [3] for your relay fingerprint or IP address and port: [2] is the current list of fallbacks in Tor. [3] is used to create the next list of fallbacks. Q: What do I need to do if my relay is on the list? Keep the same IP address, keys, and ports. Email tor-relays if the relay's details change. Q: Can my relay be on the list next time? We need fast relays that will be on the same IP address and port for 2 years. Reply to this email to get on the list, or to update the details of your relay. Once or twice a year, we run a script to choose about 150-200 relays from the potential list [3] for the list in Tor [2]. Q: Why didn't my relay get on the list last time? We check a relay's uptime, flags, and speed [4]. Sometimes, a relay might be down when we check. That's ok, we will check it again next time. It's good to have some new relays on the list every release. That helps tor clients, because blocking a changing list is harder. Q. I already have a relay in the fallback list, can I add another? We will pick up to 7 relays per operator to be in the fallback list. Please send any relays that you would like considered for the fallback list. Thanks for considering and/or being a fallback directory mirror! [1]: https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors <https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors> [2]: https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc <https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc> [3]: https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist <https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist> [4]: https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_… <https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_…>

8 9

IPv6 and bridges
by arisbe 07 Oct '18

07 Oct '18

Hello to you all, Question: Is there a point to adding IPv6 addresses to the ORPorts of my bridges? Will they then operate somewhat in the fashion of guards without published metrics? Any info would be helpful. Arisbe

3 2

Strange Traffic behaviour
by Tobias Sachs 06 Aug '18

06 Aug '18

Hey folks! My relay which is currently hibernating shows something strange. Hibernation is set to 19 TB’s of outgoing Traffic. Hetzner Cloud shows ~16TB outgoing traffic and the relays log itself 38TB. vnstat reports exactly 20.38 TiB tx so in conclusion Hetzner can not count there Bits and Bytes or the same as protection is not correct. Because if Hetzner’s stats are correct i would have send 3 TB’s of Traffic to other Tor servers and clients internally. Because internal traffic is not counted. I guess that a Juniper routers net flow tool is correct so how can i look at this? Because my second relay in Helsinki does have this too with a difference of 2 TB’s. "Heartbeat: Tor's uptime is 27 days 1:39 hours, with 0 circuits open. I've sent 38486.76 GB and received 38489.42 GB. We are currently hibernating.“ When i divide that by two this gives me 19 TB’s of outgoing Traffic. So i guess that this is a bug? Thanks! Tobias

10 22

NTP and tor
by Michael Brodhead 03 Aug '18

03 Aug '18

I brought up my first relay over the weekend and I am waiting for traffic to ramp up. In a few places I've read the suggestion to use NTP to keep the relay's clock in sync. Fair enough, but now there is a problem... I've been reading up on NTP a bit and using ntpdate to occasionally update the system time is now deprecated. We're supposed to run ntpd. Ntpd docs make it sound like ntpd needs to run a listener to function at all. I'd rather not add additional attack surface to my relay. Those of you who run relays, how are you keeping your system clock in sync? My relay is on FreeBSD 11. Thanks, ---mkb

5 7

ExtOrPort settings for obsf4, obfs3 and firewall
by Cristian Consonni 02 Aug '18

02 Aug '18

Hi, Form the instructions to install obsf4: https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4… --- ``` ExtORPort auto ``` [...] ``` [notice] Registered server transport 'obfs4' at '[::]:46396' ``` Remember the random port associated to your bridge needs to be open for incoming connections. You can find it from the logs: it's 46396 in this example. --- I can assume that using `ExtORPort auto` would mean that potentially any time Tor is restarted or reload a new port will be picked. Furthermore, in this thread[1] it is said: --- [...] ExtORPort tells tor to open a local-only (bound to localhost) socket for getting information from / communicating with obfsproxy --- So, if I want to be sure to know in advance which firewall port I should let open it is better that I choose a fixed port. Also, that port needs only to accept connections from localhost, i.e. the loopback interface? The only port that needs to be reachable from anywhere is the ORPort? Also, in this answer on Tor Stack Exchange[2] it is said that is possible to run both obfs3 and obfs4 from the same bridge. Is this useful/recommended? Also, in the answer: --- I had to make port forwards for the given obfs ports in iptables (easy with gufw) as well as in my hardware (internet-)firewall to make things work. So I am not so sure that the ExORPort is for local connections only as mentioned by Rodger (please let me know if I am wrong here). --- Thanks in advance (I am sorry for the flood of stupid question, but I prefer to ask a stupid question that having things not work and not understanding why...) C [1]: https://lists.torproject.org/pipermail/tor-relays/2014-February/003909.html [2]: https://tor.stackexchange.com/a/6735

3 7

DirCache on low-memory hosts
by Michael Brodhead 01 Aug '18

01 Aug '18

Those of you running relays on low-RAM hosts, what do you do about DirCache? When I first brought up my relay I noticed this message in the logs: [warn] Being a directory cache (default) with less than DIRCACHE_MIN_MEM_MB MB of memory is not recommended and may consume most of the available resources, consider disabling this functionality by setting the DirCache option to 0. When I DirCache to 0 I see another warning: [warn] DirCache is disabled and we are configured as a relay. This may disqualify us from becoming a guard in the future. As it turns out I can increase my VMs memory for free so that’s no big deal. Still, I’m curious. What do people do with relays without much memory? Skip DirCache? Are there ways to reduce the memory footprint and still cache directory info? Thanks, —mkb

2 1

greyponyit.com free trial report
by Dmitrii Tcvetkov 29 Jul '18

29 Jul '18

Since 25.07.2018 I'm running Tor exit relay BBF17F784433635FA28E7E585D05FE3B15A31A6B on FreeBSD VPS. Although AS16276 is quite crowded, fact that IP address space is SWIPed to Conrad Rockenhaus means that I, as relay operator, don't need to deal with a torrent of abuse complaints because of usual exit activity. This allows to run relay with default exit policy. The VPS has OS FreeBSD 11.2 on KVM hypervisor (hypervisor maybe different for newer VPS though), storage is ZFS on GPT. The relay is too young to reach it's full potential, I may post updates in the future.

2 1

3-hourly pattern in network load of my Tor exit relay
by Toralf Förster 29 Jul '18

29 Jul '18

I do run 2 exits at the same hardware [1] and do use systat [2] to monitor system data. 2 questions: A) Since a while (months) I do observe a periodic pattern in the network load. An example is the graph (SVG format, made with [3]) of the data from yesterday. Is this typical? I did not observe such a pattern in the last few years. B) htop shows me, that the Tor exit relay listening on ORPort 443 consumes typically 30% more CPU time than the second Tor exit relay listing on ORport 9001. Boths however have nearly identical configs, bandwith weights and amount of connections (typical values are 4300 and 4500 respectively, 3700 and 3900 of them are connections to relays, the delta are exit connections). Does this explains the delta in CPU time? [1] https://metrics.torproject.org/rs.html#search/family:D11D11877769B9E617537B… [2] http://sebastien.godard.pagesperso-orange.fr/ [3] svg=/tmp/graph.svg; sadf -g -T ~/tmp/sa/sa28 -O skipempty,oneday -- -n ALL > $svg && konqueror $svg -- Toralf PGP C4EACDDE 0076E94E

2 2

theonionbox
by TorGate 29 Jul '18

29 Jul '18

Hi i have found an issue on the freebsd startupscript. The theonionbox.py is in the /bin dir not in the theonionbox dir OLD: # That's out script command="${theonionbox_dir}/theonionbox.py --mode=service --config='${theonionbox_conf}'" start_cmd="/usr/sbin/daemon -u ${theonionbox_user} -p ${pidfile} ${command}" NEW: # That's out script command="${theonionbox_dir}/bin/theonionbox --mode=service --config='${theonionbox_conf}'" start_cmd="/usr/sbin/daemon -u ${theonionbox_user} -p ${pidfile} ${command}" Hope this help any Relayoperator :-) TorGate torgate(at)linux-hus.dk

1 0

Nyx 2.0.4-4 on armhf - Python3 error
by Paul 28 Jul '18

28 Jul '18

I try to run Nyx on Linux 4.9.80-Re4son-v7+ #1 SMP Thu Apr 26 17:45:16 CDT 2018 armv7l getting following after start: Traceback (most recent call last): File "/usr/bin/nyx", line 11, in <module> load_entry_point('nyx==2.0.4', 'console_scripts', 'nyx')() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 476, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2700, in load_entry_point return ep.load() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2318, in load return self.resolve() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2324, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "/usr/lib/python3/dist-packages/nyx/__init__.py", line 46, in <module> import distutils.spawn ModuleNotFoundError: No module named 'distutils.spawn' Could somebody show me a way to solve this and get Nyx running? Thanks Paul

5 5