December 2024 - tor-relays - lists.torproject.org

Standalone snowflake proxy re-testing as restricted
by 0x5fcfbd30＠proton.me 21 Dec '24

21 Dec '24

Hey there, I have been running a standalone snowflake proxy for quite some time now. First in a docker container, but now in its own linux container to have more control over it myself. This has worked out great so far with an ephemeral-ports-range of 200 ports. Those are forwarded to the linux container in my router. Since a few days, I noticed a big drop in connections per hour. I restarted the proxy and it tested as restricted even though all ports are properly forwarded and I see the UDP packets reaching the machine via tcpdump. After several restarts, I finally got it to confirm unrestricted but 6 hours later (default re-test period?), its restricted again. Just to rule out the obvious, is it only me having this problem? I'm building from source and git log says: commit f940d7d6efe423c4d7a901a33d34bb51086b4a41 Date: Tue Nov 26 16:19:49 2024 +0000 chore(deps): update module github.com/pion/ice/v4 to v4.0.3 I wonder if this is a problem of my local setup or a bug snowflake itself. Any ideas? Best regards, 0x5fcfbd30

3 3

Tor activities at 38th Chaos Communication Congress, Hamburg, 2024
by gus 20 Dec '24

20 Dec '24

Hello, Join us for Tor activities @ 38th Chaos Communication Congress (38C3): https://events.ccc.de/congress/2024/ The 38th Chaos Communication Congress runs from December 27 to 30, 2024 in Hamburg. We've got a lineup of Tor activities happening during this congress! - December 28: "Guardians of the Onion" (20:30 - 21:30, Day 2): (live streaming, recorded) https://events.ccc.de/congress/2024/hub/en/event/guardians-of-the-onion-ens… - December 29: "Tor Relay Operator meetup & State of the Onion Operators" (23:00 - 01:00, Day 3): https://events.ccc.de/congress/2024/hub/en/event/tor-relay-operators-meetup… - December 30: "All things Tor related!" (11:00 - 13:00, Day 4): https://events.ccc.de/congress/2024/hub/en/event/tor/ - Tor Project assembly (near Cold North/BornHack assembly): https://events.ccc.de/congress/2024/hub/en/assembly/tor-project/ See you there! \o/ Gus -- The Tor Project Community Team Lead

1 0

Next Tor Relay Operator Meetup - December 7th 2024 @ 1900 UTC
by gus 16 Dec '24

16 Dec '24

Dear Relay operators, Save the date! Our next online meetup is happening on Saturday, December 7th, 2024 at 1900 UTC[1]. I'm happy to announce that we'll have a special guest, Ben Collier, joining us to discuss his new book:"Tor: From the Dark Web to the Future of Privacy."[2] (2024) ## Agenda 1. Announcements - New WebTunnel bridges campaign - https://blog.torproject.org/call-for-webtunnel-bridges/ - Upcoming in-person events 2. Ben Collier's book presentation & discussion ## How to join Meetup details: - Room link: https://tor.meet.coop/gus-og0-x74-dzn - Date & Time: Saturday, December 7th, 2024 @ 19.00 UTC - Duration: 60 to 90 minutes - Tor Code of Conduct: https://community.torproject.org/policies/code_of_conduct/ - Registration: No need for a registration or anything else, just use the room link above. The room will open 10 minutes before the meetup starts. ## DON'T MISS SOTO This month, the Tor team was very busy with State of the Onion (SOTO), and I'd like to invite you all to watch the videos: - Community Day: https://www.youtube.com/watch?v=EODNtLqD7f8 - Tor Project Teams update: https://www.youtube.com/watch?v=HjPdReNmf_g cheers, Gus [1] If you're confused about UTC and your timezone, @anarcat maintains a cool project called undertime - https://gitlab.com/anarcat/undertime [2] "Tor: From the Dark Web to the Future of Privacy" book is available here: https://direct.mit.edu/books/oa-monograph/5761/TorFrom-the-Dark-Web-to-the-… -- The Tor Project Community Team Lead

2 3

install OBFS4
by Keifer Bly 13 Dec '24

13 Dec '24

Hi, So for Debain 12, what is the command to install OBFS4? For my bridge at https://metrics.torproject.org/rs.html#details/0E547D99DEB753B20A19EEAA053C… Even though I configured obfs4 in torrc its saying no transport protocols. Thanks. The torrc Nickname udeservefreedom ORPort <hidden> Log notice file /var/tornitces.log/notices.log SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:<hidden> ExtOrPort auto ExitPolicy reject *:* ContactInfo keiferdodderblyyatgmaildoddercom --Keifer

4 6

Question about WebTunnel bridge
by apfelnymous＠tutanota.de 11 Dec '24

11 Dec '24

Hi, can I run a webtunnel bridge on the same device that already runs a common bridge ? I have 1 bridge relay running 24/7, I could setup another machine for the webtunnel bridge but I can't get another ipv4 . Should I put it down and replace with a webtunnel bridge ? Thoughts ? Cheers

1 0

Tor Relay via Tailscale Funnel?
by Derek Martin 07 Dec '24

07 Dec '24

Long time lurker. Saw the call for more middle relays. I have a large amount of spare capacity on my homeserver and 2.5GB fiber to the house. Is there precedent for running a relay through a Tailscale Funnel? I would need to check to make sure Tailscale TOS was okay with it, but to my ISP, it'd just look like Wireguard traffic. Any thoughts or fools errand?

1 0

ORPort bug is an impediment to running on my servers
by Red Oaive 06 Dec '24

06 Dec '24

Bug 40994 (reported at https://gitlab.torproject.org/tpo/core/tor/-/issues/40994) has become a fairly serious impediment to running relays. I generally obtain two ipv4 addresses on my machines and the ports I want to use for tor are not available on both addresses. So listening on 0.0.0.0 is not an option for me. And listening on a specific address incurs the serious problem where NoListen even when not specified seems to be assumed without recourse (see discussion at https://v236xhqtyullodhf26szyjepvkbv6iitrhjgrqj4avaoukebkk6n6syd.onion/t/re…)

1 2

Countering botnet traffic using DNS blocklists
by Imre Jonk 06 Dec '24

06 Dec '24

Hi all, Haven't posted in a while here, it's good to see that this list is still going strong :) I hope that some Tor Project employee can reply on list item 2 below. I've been co-operating an exit relay for some four years now. My usual response to abuse notifications is adding a reject rule to my ExitPolicy that blocks outgoing traffic to the attacked IP address/subnet. I do this mostly to prevent overhead for the volunteer abuse coordinators that operate the network that my exit resides in, but also to "do something" (not much, but at least something) for the attacked network. Yesterday however, I received a notification from my government's proactive security alerting service, notifying me of a botnet using my exit relay for communication. Now, I both like the Tor Project and privacy in general, and at the same time dislike botnets. And this made me think: what if I configure my DNS resolution to block queries for known botnet C&C domains? It would make it a bit harder to abuse the Tor network for botnet communications, and save a bit of bandwidth for users that have a good faith need for anonimity (you know, these users [1]). [1] https://2019.www.torproject.org/about/torusers.html.en Now, I'm aware there are a couple of downsides to this: 1. Starting to block things could be considered a slippery slope. First it's botnets, then it's piracy, then whatever else the government dislikes. I'm not too worried about this as long as I can choose what I block myself, and I already counter BitTorrent usage by using the well-known ReducedExitPolicy. 2. This old GitLab wiki page [2] lists a relay that is using a censored DNS provider as an example of a bad relay. It however doesn't provide a reason for this. If the DNS provider *only* blocks requests for known C&C domains, would that be okay? [2] https://gitlab.torproject.org/legacy/trac/-/wikis/doc/ReportingBadRelays#wh… 3. Obviously, the Unbound blocklist source or censoring DNS provider that would be used would gain some control over traffic on the Tor network. I'd say this is a tradeoff. If *only* C&C domains are blocked, I would be okay with this. 4. Potential legal issues. I know that in some jurisdictions (the U.S. I believe is a good example) setting up selective filtering makes the filter operator at least somewhat responsible for the traffic that passes through the filter. I'm not too worried about this at the moment. Both my exit relay and I are situated in the Netherlands. What do you guys think? Do we accept DNS filtering for blocking botnet traffic, or do we all cry censorship over this? Cheers, Imre

1 0

Tor automatic start
by Keifer Bly 03 Dec '24

03 Dec '24

Hi, So on Debain 12, is there a way to configure tor to start automatically when the os boots? Thanks. --Keifer

4 4

WebTunnel Hardware Requirements
by Dan 03 Dec '24

03 Dec '24

Hi all, I'm hoping to spin up some webtunnel bridges in response to the call for more. I currently run a few middle relays, but have never setup a bridge. I have found a provider in the good-bad-isps list that offers additional IPv4 addresses for a small fee so I'm planning to run 5 bridges from 1 VPS to make management easier. Is this enough horsepower to run 5 WebTunnel bridges? - 4 vCore AMD EPYC Rome - 8 GB memory - 48 GB SSD Thanks

2 1