- tor-relays - lists.torproject.org

Onion v2 HSDir Support (ref: v3 prop224) [was: fishy fingerprint patterns]
by grarpamp 04 Jan '19

04 Jan '19

> relays have a rather distinct signup and fingerprint pattern > usually seen for onion attacks. > ... > a) If you are an .onion operator I'd like to encourage you to switch to onion > services version 3 > ... > so we can start > ... > b) dropping onion version 2 services eventually. These are two separate things not necessarily tied together, thus split for clarity as above. The former a) is up to the onion operator based on their needs. If they have no need for v2, or need v3, they can or should switch to v3, indeed. The latter b) is a feature that some users and operators in and for onionspace explicitly choose and depend on to support common apps, and thus would definitely not like to see yanked out from under them. Better instead to advertise and update the default onion semantics for [new] users to v3, and continue support and backport doable features to v2 until time below... Node operators (tor-relays) would continue offering v2 HSDir support module until such time as the reasons for choosing v2 by those above are supported in v3 or vN. See the threads on this subject on tor-talk, tor-onions, and tickets for more. [CC for inclusion, move there if not relay specific]

4 6

hello aurum1704 tor relay operator
by nusenu 04 Jan '19

04 Jan '19

Hi aurum1704, thanks for adding so many relays. If I may ask: Are you planing to run them long term? Just be aware of the traffic pricing at DigitalOcean: https://www.digitalocean.com/community/tutorials/digitalocean-bandwidth-bil… | Up | Ext | JoinTime | Nickname | Version | IP | AS | CC | ORp | Dirp | OS | Contact | eFamMembers | FP | |------+-------+------------+------------+-----------+-----------------+-------------------+------+-------+--------+-------+-------------------------------------+---------------+------------------------------------------| | 1 | 0 | 21:26:48 | cobalt0 | 0.3.4.9 | 157.230.136.180 | None | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com | 14 | 4EF954752C47906CF26AFA9FDD2E82FE9B2CF040 | | 1 | 0 | 21:30:40 | cobalt00 | 0.3.4.9 | 157.230.136.180 | None | us | 9101 | 9032 | Linux | aurum1704(at)gmail(dot)com | 14 | 30BE64D2C5AAFD3F7BACFDE1E1CC8D540CE4D905 | | 1 | 0 | 06:42:48 | cobalt10 | 0.3.4.9 | 157.230.140.92 | None | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | 31B9D3F99A32543D1FE1DC2E2B2A2B21C0DFAB97 | | 1 | 0 | 06:47:53 | cobalt100 | 0.3.4.9 | 157.230.140.92 | None | us | 9101 | 9032 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | 225821522D8652DCECA757D59779587FE23B245F | | 1 | 0 | 02:36:57 | cobalt11 | 0.3.4.9 | 157.230.143.151 | None | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | 68C9268B76D27E199C7683771F3C83BE00FE3192 | | 1 | 0 | 02:54:17 | cobalt12 | 0.3.4.9 | 68.183.173.106 | DigitalOcean, LLC | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | AFA580D001379B6CF80FA38E3A0CB2A8B7FC5046 | | 1 | 0 | 02:56:16 | cobalt13 | 0.3.4.9 | 157.230.128.91 | None | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | 09058A1C003E5F9B7735D028D378C42DCF92CA46 | | 1 | 0 | 21:43:50 | cobalt14 | 0.3.4.9 | 157.230.132.69 | None | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | 94BF5FB37B5F7FEE124273A8751D416AE6F61380 | | 1 | 0 | 05:10:04 | cobalt15 | 0.3.4.9 | 157.230.132.150 | None | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | E1442DB84252242848E53E2599E1DBE7DF80278F | | 1 | 0 | 05:56:42 | cobalt16 | 0.3.4.9 | 157.230.132.151 | None | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com | 14 | 70FE4B7B908875359F34F22F7FC15C4F6CD7B27D | | 1 | 0 | 06:26:16 | cobalt7 | 0.3.4.9 | 157.230.132.153 | None | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | 640B889E6FE5F8AFC5A3A8553A9BE3377E43B4C5 | | 1 | 0 | 06:27:40 | cobalt8 | 0.3.4.9 | 157.230.132.175 | None | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | 9AE92FD739FCF3547C1ECD3C4EF71D434D5834E2 | | 1 | 0 | 06:31:00 | cobalt9 | 0.3.4.9 | 157.230.140.94 | None | us | 9001 | 9030 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | C3907FD65A2C0B389AB9CDF38EB6CA065064C134 | | 1 | 0 | 06:50:07 | cobalt99 | 0.3.4.9 | 157.230.140.94 | None | us | 9101 | 9032 | Linux | aurum1704(at)gmail(dot)com [tor-rel | 14 | A8AC085EAB39191F2304D7C86B5BDCB1E85A390C | -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

1 0

Re: [tor-relays] Metrics show Relay donw
by Darek Kramin 04 Jan '19

04 Jan '19

Looks problem is solved. Online now On Tue, Dec 25, 2018, 21:13 Darek Kramin <cptkramin(a)gmail.com wrote: > hi, > > I did started 2 days ago tor relay. when I set daily accounting was ok and > now with weekly set of GB relay is listed down. It is a glitch or my > misconfiguration. > Relay is named dasBoot at IP 46.175.238.8 > > brgds > Darek > > -- > > Cpt D.Kramin > +48 505 135145 >

2 1

My Fallback Directory Mirror is going down
by Viktor Nikolov 04 Jan '19

04 Jan '19

Hi! My Fallback Directory Mirror B6904ADD4C0D10CDA7179E051962350A69A63243 at 81.2.209.10 is going down permanently because my provider decommissioned the data center where I had my HW. :-( I will likely host my HW at a new provider soon, but at a new IP address. Viktor

2 1

openinternet.io: Tor Relay Configuration: 'MyFamily' missing and public munin graphs
by nusenu 03 Jan '19

03 Jan '19

Hi sysop (openinternet.io), thanks for helping the tor network by running relays. please do not forget to set your "MyFamily" configuration parameter on all your relays, so Tor clients are not at risk of using your relays in multiple positions in a single circuit. https://nusenu.github.io/OrNetStats/endtoend-correlation-groups Some more background: https://hackernoon.com/some-tor-relays-you-might-want-to-avoid-5901597ad821 Let us know if you need any help with this. Also note that it is very discouraged to publish munin network traffic graphs of tor relays (5min granularity) please remove them. kind regards, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

1 0

Hyperlink in ContactInfo
by Ilka Schulz 03 Jan '19

03 Jan '19

Hi, I wrote a little PHP-based contact page and put the link to the /ContactInfo/ of my relay's /torrc/. I added some HTML tags (/<a href=...> ... </a>/) to let Tor Metrics show the link as such; but, of course, the string is sanitized properly, so the /Contact/ field on Tor Metrics shows the literal HTML tags. Is there any chance to show the hyperlink on Tor Metrics, so that visitors can directly click on it? The same would be interesting for clear text email addresses. Regards, Ilka

2 1

Compatibility issue with OpenSSL 1.1.1a
by Nick Mathewson 02 Jan '19

02 Jan '19

Hi, folks! You should know that there is a compatibility issue between Tor and OpenSSL 1.1.1a, when TLS 1.3 is in use. Only OpenSSL 1.1.1a is affected; other OpenSSL versions are not. The effect here is that Tor relays using this version of OpenSSL will not be able to negotiate TLS 1.3 connections with one another. This is caused by a regression in OpenSSL 1.1.1a's implementation of tls13_hkdf_expand() function. For more information, see https://trac.torproject.org/projects/tor/ticket/28616 We're looking into possible mitigations. best wishes, -- Nick

5 7

300mbps FreeBSD Tor relay on HPE MicroServer Gen10 (AMD X3421)
by Neel Chauhan 02 Jan '19

02 Jan '19

Hi tor-relays@, I have a Tor middle relay NeelTorRelay2 hosted on a 50 megabit symmetrical Verizon FiOS (FTTH/GPON) connection. The server used is a HPE MicroServer Gen10 (AMD X3421 quad-core version, 8GB DDR4 RAM). This relay can be seen here: https://metrics.torproject.org/rs.html#details/D5B8C38539C509380767D4DE20DE… My relay runs FreeBSD 11.2 and Tor runs in a "jail". I am using AESNI and Tor is configured to use OpenSSL cryptodev. Here's the situation: I will be moving apartments in a few days, and Verizon is upgrading my broadband speed to 300 megabits symmetrical. I plan to use this extra bandwidth for Tor. Right now, I set my RelayBandwidthRate to my line speed (yes really!), and plan to increase this setting according to my new speed. I know that Tor is not optimized for multicore CPUs, and that's the reason why I am posting here. My question is that can Tor work on the HPE MicroServer Gen10 with the AMD X3421 (or one with a similar computer of any brand with a similar performance CPU, whether desktop or server, Intel or AMD) with all 300 megabits to a single instance or would I need two instances (each at 150 megabits each)? Looking at my top usage, I average at about 20-30% CPU usage on my 50 megabit relay. Also keep in mind that: * I am using my own router instead of Verizon's and I plan to keep doing so * I want to keep using FreeBSD on my server and do not want to run Linux * I would prefer to have a single instance, but can use multiple if I have to * When I move, I will upgrade my server to FreeBSD 12.0 * My server supports hardware accelerated AES and SHA. I am using this on FreeBSD with the aesni kernel module and Tor with "HardwareAccel 1" and "AccelName cryptodev" Thank You, Neel Chauhan === https://www.neelc.org/

7 9

Re: [tor-relays] 35C3 Tor Relay Operators Meetup
by 35C3 35C3 01 Jan '19

01 Jan '19

> Hi, I have only my smartphone at the moment. It would be great if you swap the rooms. Thank you added a second slot on the first day/night: 2018-12-28 00:30 Room M3 I did NOT replace the first slot in the smaller room (2018-12-28 16:30) because the second slot is a bit late to avoid collisions with ie "It Always Feels Like the Five Eyes Are Watching You" - Kurt Opsahl https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9951.html https://events.ccc.de/congress/2018/wiki/index.php/Session:Tor_relay_operat…

3 3

Security issue
by dns1983＠riseup.net 29 Dec '18

29 Dec '18

Hello, Do I have to worry about those many warns on my log file? [warn] Tried to establish rendezvous on non-OR circuit with purpose Acting as rendezvous (pending) I found some old posts on this warn, but I don't understand if it is a security issue and what I have to do to fix this. Someone could tell me if there is something that I can do to fix this and improve security of my Debian -derived machine? Thanks Gigi

2 2