- tor-relays - lists.torproject.org

Tor relay on Verizon FiOS/FTTH: Advertised Bandwidth capped at ~19.5MiB/s
by Neel Chauhan 19 Feb '19

19 Feb '19

Hi tor-relays@ mailing list, I have a Tor relay "NeelTorRelay2": https://metrics.torproject.org/rs.html#details/D5B8C38539C509380767D4DE20DE… This relay is hosted on a 300 mbps Verizon FiOS (FTTH/GPON) connection. My server is a HPE ProLiant MicroServer Gen10 (quad-core AMD X3421 variant) running FreeBSD, and my router is a Linksys WRT1900AC running OpenWrt. For some reason, the Advertised Bandwidth is not going above ~19.5 MiB/s. If my relay is pushing 10MB/s (80mbps) at a given time, the CPU usage is around 20%, so I don't think its the CPU. My question is that is this lower Advertised Bandwidth speeds normal for a relay hosted on a connection behind a consumer level router and it's NAT table (even despite OpenWrt)? Could it be Verizon's DPI/QoS now that Net Neutrality is repealed? Would using a non-consumer router (like Ubiquiti or pfSense) help? Thank You, Neel Chauhan === https://www.neelc.org/

4 4

Re: [tor-relays] Tor relay on Verizon FiOS/FTTH: Advertised Bandwidth capped at ~19.5MiB/s
by starlight.2018q2＠binnacle.cx 18 Feb '19

18 Feb '19

Neel Chauhan neel at neelc.org at Mon Feb 18 18:05:47 UTC 2019 > >I feel it's my Linksys WRT1900AC because consumer routers aren't >designed for the traffic high-bandwidth Tor relays handle, even after >flashing things like OpenWrt. The router is probably dropping packets and is problem. Also consumer grade switches generally cannot handle FiOS without dropping tons of packets. A one TCP connection speedtest will not trigger overload the way a 7000 connection Tor router does. Dealt with this here by attaching the Linux server directly to FiOS and having it act as the outside router. The relay would run much better but I fried the mainboard with a PCIx NIC overload; swapped in an incredibly ancient system formerly collecting dust on a shelf. Too busy/lazy to put up the newer box waiting to take it's place.

1 0

Re: [tor-relays] Tor relay on Verizon FiOS/FTTH: Advertised Bandwidth capped at ~19.5MiB/s
by Roman Mamedov 18 Feb '19

18 Feb '19

On Mon, 18 Feb 2019 09:06:05 -0500 Neel Chauhan <neel(a)neelc.org> wrote: > Verizon gives both 300 mbps upload and download speeds. Uploads are more > heavily oversubscribed on FiOS, primarily because GPON gives 2.5gbps > downloads and 1.25gbps uploads. But then again the upload will be barely utilized by typical residential Internet users. Still my recommendation is to test your bandwidth in multiple ways first, be it speedtest.net, or (better yet) https://github.com/sivel/speedtest-cli, or iperf3 servers, if you can find any near your location. If tests show that you do get near 300 Mbit both directions, the next step would be to just set up two instances of Tor, as I suggested before in your thread[1]. Actually fun to see my prediction from back then coming true precisely (with regard to getting only 200 Mbit). [1] https://www.mail-archive.com/tor-relays@lists.torproject.org/msg15819.html Running two instances is the universal solution which should improve Tor's bandwidth utilization on almost any connection. -- With respect, Roman

2 2

IRC operator meeting - February 7th
by Colin Childs 13 Feb '19

13 Feb '19

Hi everyone, As previously discussed (https://lists.torproject.org/pipermail/tor-relays/2019-January/016894.html <https://lists.torproject.org/pipermail/tor-relays/2019-January/016894.html>) we are resuming our IRC relay operator meetings this Thursday, February 7th @ 2:00UTC. These meetings will be held in #tor-meeting on irc.oftc.net <http://irc.oftc.net/>. If you’d like to add to the agenda, please edit the pad at https://storm.torproject.org/shared/mbyhs_ors7pdIxU92TLQoK_OzDGNpVw6p_zkC6D… <https://storm.torproject.org/shared/mbyhs_ors7pdIxU92TLQoK_OzDGNpVw6p_zkC6D…> See you all there!

2 3

Re: [tor-relays] BadExit why?
by Olaf Grimm 12 Feb '19

12 Feb '19

Thank you for the answer. I try to get a new IP from the Trabia support. Olaf Am 12.02.19 um 21:51 schrieb David Goulet: > On 12 Feb (21:35:29), Olaf Grimm wrote: >> inet 178.175.148.15 > Thanks Olaf! > > That IP was flagged as rewritting bitcoin addresses on Jan 21st, 2019. > > It appears you re-used a malicious IP from I.C.S. Trabia-Network S.R.L. > > Do you have an easy way to request a new IP for that Exit node or it is kind > of a pain? > > Un-blacklisting a relay that is still not considered expired from our reject > rule set can be a laborious process because essentially, we have to make a > case to the directory authorities and they decide if they remove the rule or > not based on our arguments ;). > > So changing the IP would be definitely the easiest way else we can try to > convince the dirauth :). > > Sorry for the inconvenience! > David > >> Am 12.02.19 um 21:34 schrieb David Goulet: >>> On 12 Feb (21:30:10), Olaf Grimm wrote: >>>> Hello ! >>>> >>>> I provisioning a new exit since two hours. It is a totally new relay in >>>> a VM. My other relays at the same provider are ok. Why I see "BadExit" >>>> in Nyx??? Now my first bad experience with my 11 relays... >>>> >>>> fingerprint: CCDC4A28392C7448A34E98DF872213BC16DB27CD >>>> Nickname Hydra10 >>> This relay is not yet on Relay Search: >>> >>> http://rougmnvswfsmd4dq.onion/rs.html#search/CCDC4A28392C7448A34E98DF872213… >>> >>> I'm guessing it is quite new. >>> >>> That fingerprint is *not* set as a BadExit so this means you might have gotten >>> the IP address of an old BadExit. >>> >>> Can you share the address so I can look it up? >>> >>> Thanks! >>> David >>> >>>> At all exits I have the same firewall rules and torrc configs: >>>> >>>> ufw status >>>> Status: active >>>> >>>> To Action From >>>> -- ------ ---- >>>> 22/tcp ALLOW Anywhere >>>> 9001/tcp ALLOW Anywhere >>>> 9030/tcp ALLOW Anywhere >>>> 80/tcp ALLOW Anywhere >>>> 443/tcp ALLOW Anywhere >>>> 1194/tcp ALLOW Anywhere >>>> 53/tcp ALLOW Anywhere >>>> 53/udp ALLOW Anywhere >>>> 1194/udp ALLOW Anywhere >>>> 22/tcp (v6) ALLOW Anywhere (v6) >>>> 9001/tcp (v6) ALLOW Anywhere (v6) >>>> 9030/tcp (v6) ALLOW Anywhere (v6) >>>> 80/tcp (v6) ALLOW Anywhere (v6) >>>> 443/tcp (v6) ALLOW Anywhere (v6) >>>> 1194/tcp (v6) ALLOW Anywhere (v6) >>>> 53/tcp (v6) ALLOW Anywhere (v6) >>>> 53/udp (v6) ALLOW Anywhere (v6) >>>> 1194/udp (v6) ALLOW Anywhere (v6) >>>> >>>> Please take a look what happens. >>>> >>>> Olaf >>>> _______________________________________________ >>>> tor-relays mailing list >>>> tor-relays(a)lists.torproject.org >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> _______________________________________________ >>> tor-relays mailing list >>> tor-relays(a)lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > >

2 1

BadExit why?
by Olaf Grimm 12 Feb '19

12 Feb '19

Hello ! I provisioning a new exit since two hours. It is a totally new relay in a VM. My other relays at the same provider are ok. Why I see "BadExit" in Nyx??? Now my first bad experience with my 11 relays... fingerprint: CCDC4A28392C7448A34E98DF872213BC16DB27CD Nickname Hydra10 At all exits I have the same firewall rules and torrc configs: ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 9001/tcp ALLOW Anywhere 9030/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 1194/tcp ALLOW Anywhere 53/tcp ALLOW Anywhere 53/udp ALLOW Anywhere 1194/udp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 9001/tcp (v6) ALLOW Anywhere (v6) 9030/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 1194/tcp (v6) ALLOW Anywhere (v6) 53/tcp (v6) ALLOW Anywhere (v6) 53/udp (v6) ALLOW Anywhere (v6) 1194/udp (v6) ALLOW Anywhere (v6) Please take a look what happens. Olaf

3 2

plans to require ContactInfo to be non-empty
by nusenu 11 Feb '19

11 Feb '19

Hi, due to some recent and ongoing events related to a malicious entity running tor relays I'll start to pursue an idea that I had for some time: require non-empty ContactInfo (non-empty does not mean valid email address) This is primarily a non-technical policy discussion which will take place on tor-dev@. If you want to help right away and currently don't make use of the ContactInfo, please set it. If you think such a change would negatively affect you please let me know (off-list is also fine if you prefer). thanks, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

9 12

2 ip addresses at the same device, works except for the DirPort
by Toralf Förster 07 Feb '19

07 Feb '19

I ordered a 2nd ip address for my server and put them in the first order in my network configuration. I do wonder, why this adapted torrcconfiguration: $> cat /etc/tor/torrc # torrc at tor-relay # PIDFile /var/run/tor/tor.pid DataDirectory /var/lib/tor/data Nickname zwiebeltoralf OutboundBindAddress 5.9.158.75 DirPort 80 ORPort 443 DirPort [2a01:4f8:190:514a::2]:80 NoAdvertise ORPort [2a01:4f8:190:514a::2]:443 ControlPort 9051 Log warn file /tmp/warn.log #Log notice file /tmp/notice.log #Log info file /tmp/info.log ExitRelay 0 IPv6Exit 0 works at the first glance (about 6,000 connection) but still give after a while in the log: Feb 06 19:59:08.000 [notice] Tor 0.4.0.1-alpha opening log file. Feb 06 20:19:26.000 [warn] Your server (<xx>:80) has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. (where <xx> is the new main ip address at my eth0 device) -- Toralf PGP C4EACDDE 0076E94E

2 2

Tor meetup @ Onionspace, Berlin
by Vasilis 03 Feb '19

03 Feb '19

Dear Tor friends and relay operators, Tomorrow (02.02.2019) a relay operators meetup will take place at Onionspace, Berlin. When: Saturday, February 2nd, 2019 Time: 16:00 / 4:00 PM Where: Gottschedstrasse 4, Entrance 4, 13357 Berlin (U Nauener Platz) Event link: https://blog.torproject.org/events/tor-meetup-berlin Hope to see many of you there! Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162

3 2

note to Falback Directory operators: bandwidth wasting bot
by starlight.2018q2＠binnacle.cx 03 Feb '19

03 Feb '19

For the last year a bot of some kind has loaded Fallback Directory relays with excessive directory document requests. Some detail can be found in ticket #27921 at https://trac.torproject.org/projects/tor/ticket/27921. To determine if your relay is affected, look the relay up in https://metrics.torproject.org/rs.html, click the 6-Month history tab, and examine the graph for significantly higher "write bytes per second" relative to "read bytes per second". I find this annoying (since I pay for the wasted bandwidth) and came up with a one-line hack that mitigates the abuse without impairing the usefulness of the DIR service to normal relays and clients. If you compile your daemon from source and are interested contact me directly for the patch.

2 1