- tor-relays - lists.torproject.org

Tor automatic start
by Keifer Bly 04 Dec '24

04 Dec '24

Hi, So on Debain 12, is there a way to configure tor to start automatically when the os boots? Thanks. --Keifer

4 4

WebTunnel Hardware Requirements
by Dan 03 Dec '24

03 Dec '24

Hi all, I'm hoping to spin up some webtunnel bridges in response to the call for more. I currently run a few middle relays, but have never setup a bridge. I have found a provider in the good-bad-isps list that offers additional IPv4 addresses for a small fee so I'm planning to run 5 bridges from 1 VPS to make management easier. Is this enough horsepower to run 5 WebTunnel bridges? - 4 vCore AMD EPYC Rome - 8 GB memory - 48 GB SSD Thanks

2 1

Re: Tor automatic start
by fossdd 02 Dec '24

02 Dec '24

On Sun Dec 1, 2024 at 8:15 PM CET, Keifer Bly wrote: > Hi, > > So on Debain 12, is there a way to configure tor to start automatically > when the os boots? Thanks. > > --Keifer Do you mean something like, `systemctl enable tor`?

1 0

A call for more WebTunnel bridges
by gus 02 Dec '24

02 Dec '24

Dear relay operators, Last week, we kicked off a campaign to grow the number of Tor WebTunnel bridges. And the response has been amazing! In less than five days, we've already increased 80+ new WebTunnel bridges! Today is 'Cyber Monday', and it's a good opportunity to take advantage of special offers from hosting providers and contribute to this campaign. Learn how to join this campaign below or read our blog post for more details: https://blog.torproject.org/call-for-webtunnel-bridges/ Thank you for running relays & bridges, Gus ## Summary We are calling on the Tor community and the Internet freedom community to help us scale up WebTunnel bridges. If you've ever thought about running a Tor bridge, now is the time. Recent reports from Tor users in Russia indicate an escalation in online censorship with the goal of blocking access to Tor and other circumvention tools. This new wave includes attempts to block Tor bridges and pluggable transports developed by the Tor Project, removal of circumvention apps from stores, and targeting popular hosting providers, shrinking the space for bypassing censorship. Despite these ongoing actions, Tor remains effective. One alarming trend is the targeted blocking of popular hosting providers by Roscomnadzor. As many circumvention tools are using them, this action made some Tor bridges inaccessible to many users in Russia. As Roscomnadzor and internet service providers in Russia are increasing their blocking efforts, the need for more WebTunnel bridges has become urgent. ## Bridge campaign rules for participation The campaign starts today, November 28, 2024, and will run until March 10, 2025. As a token of our appreciation for your volunteer work, we're offering a Tor t-shirt to operators who run 5 or more WebTunnel bridges during this period. Please note: Only one t-shirt will be awarded per operator. See the technical requirements below to participate in the campaign. WebTunnel deployment guide: https://community.torproject.org/relay/setup/webtunnel/ ## Technical requirements to join this campaign 1. Operators must run one WebTunnel bridge per IPv4. It is acceptable to use multiple subdomains or distinct domains. 2. Include a valid email address as your contact information. Or we won't be able to confirm and validate your participation in the campaign. 3. Maintain your bridges running for at least 1 year. 4. Ensure your bridges have a solid uptime, operating close to 24/7. Reboots for updates are fine. 5. Your bridge must remain functional during the campaign period. 6. Do not host your bridges with Hetzner. See: https://ntc.party/t/12845 ## How to participate After spinning up and verifying that your 5 WebTunnel bridges are working, confirm your participation by emailing frontdesk(a)torproject.org with the following template: ``` Subject: Participation in Bridge Campaign 2025 Body: Hi, I'm signing up for the Tor Bridge Campaign. These are my bridges: <Add here your bridge lines> My t-shirt is (pick your size: https://gitlab.torproject.org/tpo/community/team/-/wikis/tshirts/tshirt-siz…) ``` To validate your participation, please contact us using the same email address listed in your contactinfo. You can expect your reward to be shipped in Q2 2025. -- The Tor Project Community Team Lead

1 0

haproxy webtunnel
by Softail 01 Dec '24

01 Dec '24

I'm trying to set up a webtunnel bridge using haproxy since that's what I use for ssl. I have the webtunnel docker image, which is a bit oldish but seems to be working, is reachable from the internet, listening on 15000 etc. When I connect with a browser using the random string exactly as it is in the bridge line it finds it and passes it on. That doesn't work but haproxy did the right thing. I can append anything to that and haproxy works. When I try to connect from android tor browser using the browser line, it tries to connect and I see it in the logs but as far as I can tell is not sending that string. I expected to have trouble with the websockets but this has never been a problem with haproxy before. ATM not really sure where to turn other than back to nginx, which after all is possible but yet another thing to tend, or recompiling, try not Android? Thanks

1 0

Regarding IPv6 & webtunnel bridge
by Dionysios K. 29 Nov '24

29 Nov '24

Hello, Is there any particular configuration change I have to do in torrc/nginx for my bridge to be listed as both v4/v6 on the metrics website? It's a webtunnel bridge and that complicates things, for obfs4 the configuration is pretty much straightforward. D.

3 2

Restart of standalone Snowflake proxies required
by Cecylia Bocovich 27 Nov '24

27 Nov '24

We recently completed an upgrade to the Snowflake broker machine[0] that required us to move the broker to a different IP address. We found, after updating our DNS records, that the standalone (command-line) proxies will not re-resolve the domain name of the broker and will continue to make connections to the old IP address until restarted. If you run a standalone Snowflake proxy, please restart when you get a chance. Thanks! [0] https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…

1 0

relay operator meeting postponed
by George 23 Nov '24

23 Nov '24

Greetings fellow relay operators! Sorry for the last minute notice, but we're postponing the usual relay operators meeting previously set for tomorrow. Stay tuned for a new date. George -- 43C2 85B0 41B6 4AC1 0E02 2767 7092 AEB3 40B0 C804

1 0

Solicitation for an IPv4 block
by Christopher Sheats 21 Nov '24

21 Nov '24

Hello everyone, In light of Tor Project's push into the global south, I'm bringing on a new advisory board member (https://freeradical.zone/@kedislav) from Chile, and together we're documenting co-location and IP transit costs in the country for a possible Tor exit relay deployment. However, in order to do this, we need some company/university/nonprofit, or some kind person, to donate to us a /24 (or greater) IPv4 block. If said entity is in the USA, it's possible to make this a tax-deductible donation since we are a 501(c)(3). If you could connect me to anyone who might be able to do this for Tor, please feel free to connect me over Signal or email. We can use our existing IPv6 block for dual-stack relays. Or we might get a new ASN and new IPv6 block for that region. If you have any information about Chilean co-location and/or IP transit deals, or contacts, or even good places to get used or new servers, please let me know. I'm hoping that our involvement in the region will help inspire others to do something similar. We'll of course do a full bi-lingual write up like we did in 2017 (https://emeraldonion.org/blog/starting-a-human-rights-isp/) -- Christopher Sheats Director, Emerald Onion Signal: +1 206.739.3390 // emerald.01 Web: https://emeraldonion.org Mastodon: https://digitalcourage.social/@EmeraldOnion

1 0

Journal warnings spam
by Dionysios K. 19 Nov '24

19 Nov '24

Hey guys, Do you have any solution to stop the spam caused by tor: The IPv4 ORPort address 127.0.0.1 does not match the descriptor address <IP>. If you have a static public IPv4 address, use 'Address <IPv4>' and 'OutboundBindAddress <IPv4>'. Indeed I have a static IP but behind nat, so defining it in torrc is not possible as it can't bind to it.

2 2