- tor-relays - lists.torproject.org

Trouble Running Middle Relay On Google Cloud Debian VBS
by Keifer Bly 18 May '19

18 May '19

Hi all, So I am starting a new middle relay using a VPS hosted on Google Cloud running Debian. though the relay is running, it is not appearing in the consensus after 10 hours. Here is the tor log, any thoughts on what is going on would be greatly appreciated thank you. May 15 18:23:47.096 [notice] Opening OR listener on 0.0.0.0:65534 May 15 18:23:47.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. May 15 18:23:47.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. May 15 18:23:47.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. May 15 18:23:47.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't. May 15 18:23:47.000 [notice] Your Tor server's identity key fingerprint is 'torworld 3A4E582092E7C6B822EC01F4D76F680F6C65B0A2' May 15 18:23:47.000 [notice] Bootstrapped 0%: Starting May 15 18:23:50.000 [notice] Bootstrapped 80%: Connecting to the Tor network May 15 18:23:51.000 [notice] Guessed our IP address as 35.238.140.120 (source: 193.23.244.244). May 15 18:23:52.000 [notice] Bootstrapped 85%: Finishing handshake with first hop May 15 18:23:52.000 [notice] Bootstrapped 90%: Establishing a Tor circuit May 15 18:23:53.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. May 15 18:23:53.000 [notice] Bootstrapped 100%: Done May 15 18:23:53.000 [notice] Now checking whether ORPort 35.238.140.120:65534 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) May 15 18:23:54.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. May 15 18:23:56.000 [notice] Performing bandwidth self-test...done. May 16 00:23:50.000 [notice] Heartbeat: It seems like we are not in the cached consensus. May 16 00:23:50.000 [notice] Heartbeat: Tor's uptime is 5:59 hours, with 0 circuits open. I've sent 789 kB and received 7.41 MB. May 16 00:23:50.000 [notice] Average packaged cell fullness: 100.000%. TLS write overhead: 27% May 16 00:23:50.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 6/6 NTor. May 16 00:23:50.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 8 v4 connections; and received 1 v1 connections, 0 v2 connections, 0 v3 connections, and 6 v4 connections. May 16 00:23:50.000 [notice] DoS mitigation since startup: 0 circuits rejected, 0 marked addresses. 0 connections closed. 0 single hop clients refused. May 16 00:58:51.000 [warn] Received http status code 404 ("Not found") from server '45.62.242.212:9030' while fetching consensus directory. I also had another thing I wanted to ask. I am working on a crontab script to automatically update and restart the tor relay once a month automatically, as I am already running a bridge on another network that needs to be updated manually. Does this script look like it would get the job done? I don't have much experience with crontab. # m h dom mon dow command 0 0 1 * * apt-get update apt update && apt install -y --only-upgrade tor killall tor tor root@instance-1:/home/keifer_bly# Thank you very much. --Keifer

4 7

Tor relay operator meetup in Mexico
by Jacobo Nájera 18 May '19

18 May '19

Hi We have our first relay operator meeting in Mexico, next week. More details here: https://blog.torproject.org/events/reunion-de-operadoras-y-operadores-mexico Thanks, Jacobo

1 0

Email Blocked by ISP
by K. Besig 17 May '19

17 May '19

I've run a home relay on and off for several years and recently, for the first time, had my email blocked by the ISP rendering it impossible to login into my 3rd party mail sever. When I contacted support I was informed my email password had been reset due to activity that resembled e-bombing/mass mailing. Only after submitting to a system scan while the rep waited on the phone,was I able to reset my password. I moved several months ago and went from a TWC legacy account to a Spectrum account. Wondering if anything other than lowering my tor bandwidth would keep them off my back...

5 4

Consensus-health - Guard flag
by lists＠for-privacy.net 07 May '19

07 May '19

Hello, I do not understand why relay A751D8BEE222564B7BA657F74B6658836FF1AEEA does not get a guard status. A few weeks ago I set AccountingMax on this relay. This is off for about 3 weeks. All servers are configured the same. https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET -- Ciao Marco!

1 0

Solving World's Tor Users Being Blocked by Websites (was: Tor exit bridges)
by grarpamp 07 May '19

07 May '19

On 5/7/19, nusenu <nusenu-lists(a)riseup.net> wrote: > > juanjo: >> Tor relays are public and easily blocked by IP. To connect to Tor >> network users where Tor is censored have to use bridges and even PTs. >> But, what happens on the exit? Many websites block Tor IPs so using >> it to access "clearweb" is not possible. Should we allow and start >> using "exit bridges"? In I2P we have not this problem since there is >> no central IP list of relays. > > there is no need to extend to one more hope to achieve this > > https://lists.torproject.org/pipermail/tor-dev/2018-March/013036.html > > https://lists.torproject.org/pipermail/tor-relays/2019-May/017273.html It's possible to augment such outbound solution offerings even further by running an OpenVPN termination service so users can transport UDP between clearnet as well. VPNGate.net project has an idea there too. Even large regional IPv6 pools could be bought and shared by operators and rotated through. More tor relay operators should consider some of the above options, whether as a requested "bridge" service mechanism, or listed in the consensus "contact" field, or as more of a standalone VPNGate support, or "ExitGate" project sort of arrangement. Using only tor right now, a user needs to use a clearnet service that does not scrape consensus, or one not fronted by services doing similar to CloudFlare's spiteful default tor blocking policy, or find a lucky exit within whatever geolocation game the clearnet service uses, or get lucky through traditional vpn or proxy. But those are only fun statistical hacks, not real long term solutions to the underlying problem. It's unfortunate that such braindead blocking, stupid policy regimes, sites refusal to developing creative solutions [1] for so many world's users legitimate privacy, info risk, anonymity needs... often results in users accounts being locked out and escalated into forcing disclosure of users private info and ID to sites to unlock them, thus exposing users to ongoing long term fraud, cost, and stress when that info (in most cases truly unnecessary to collect) is eventually shared misused and stolen by both sites and criminals... or outright auto deletion of user's valued account, built up social networks, etc... all for doing nothing wrong, and harming no one or thing. Death by DriveByExit :( And really shameful to deny world's users the right to simply read a website, be it social, commercial, information, etc or even sadly their own tax-theft funded governmental public sites doing this blocking too. There are some related projects, best practice, as well... https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor https://trac.torproject.org/projects/tor/wiki/org/projects/DontBlockMe https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-access Positive outreach and direct engagement by Tor community is key here, and perhaps not enough of that is happening, at least not publicly. It's a big enough issue that it really needs a dedicated, active, allied, and even funded subproject... a MegaProject that needs to happen. [1] Such as forfeitable cryptocurrency and mailed-in cash deposits refundable in time, increasing account priviledges and features based on account age and activity, community moderation and behaviour support within the sites, opensource third party tracking-free local SecurImage style captcha throughout a sites features, privacy preserving non-SMS non-Google/Apple pure TOTP authenticator protocols, PGP recovery, letting users simply *read* websites without any hindrance, while utilizing these methods only for *write* operations, etc and so many more ways you can envision... Cc'd for awareness and inclusion. *Please remove tor-dev and tor-relays, and move this to tor-talk or tor-access for ongoing discussion and progress. Thanks.

1 0

Pool of IP Addresses
by amytain 05 May '19

05 May '19

Is it possible to have a pool of ip addresses as the outbound ip addresses instead of just one?

4 6

dhcp lease question
by torix＠protonmail.com 05 May '19

05 May '19

Yesterday I put in a new router for my home connexion to Verizon. Up until now, I've had to bring down my router for 18 hours or so for me to get a new ip address, so this has never really come up before. But I noticed in the new interface that my dhcp lease from Verizon is only 2 hours long. I have had 5 or 6 ip changes that I noticed, and found my relay starting all over again this morning, building up its connexions again. I'm hoping that Verizon will settle down and start renewing my ip address instead of giving me another every few hours, but of course I don't know if their pool of addresses is running low and they are scrambling or what. Any thoughts? I don't think I can continue with my home relay in good conscience if people are getting kicked off several times a day. TIA, --Torix Sent with [ProtonMail](https://protonmail.com) Secure Email.

5 5

unique .onion addresses decreasing a lot
by nusenu 05 May '19

05 May '19

Have a look at this graph: https://metrics.torproject.org/hidserv-dir-onions-seen.html?start=2019-02-0… Is this a measurement issue or did some major application migrate to v3 onion services? -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

2 1

Concern Over Bridge Distribution And Tor Updates
by Keifer Bly 05 May '19

05 May '19

Hello, So I am aware a new version of tor is now available, but am wondering, is there a way for relay / bridge operators to be notified when a new version of tor is available? Right now, it seems like the only way of knowing if an update for tor is available for our OS is to manually check. Thanks. I also wanted to say, I noticed that an available email provider to request bridges from is Yahoo Mail. Here’s my thought, Yahoo (alongside AOL) was bought by Verizon, so they are now owned by a phone carrier / ISP. This makes me wonder if Yahoo is still a safe email provider to send bridges to, seeing as their new privacy policy is essentially allowing them to use emails as public knowledge. Just a thought. Thanks all. --Keifer

3 4

Support tunneling
by amytain 04 May '19

04 May '19

Would it be possible to support gre tunneling for the inbound IP for the exit and outbound ips? Sent with [ProtonMail](https://protonmail.com) Secure Email.

2 1