- tor-relays - lists.torproject.org

haproxy webtunnel
by Softail 01 Dec '24

01 Dec '24

I'm trying to set up a webtunnel bridge using haproxy since that's what I use for ssl. I have the webtunnel docker image, which is a bit oldish but seems to be working, is reachable from the internet, listening on 15000 etc. When I connect with a browser using the random string exactly as it is in the bridge line it finds it and passes it on. That doesn't work but haproxy did the right thing. I can append anything to that and haproxy works. When I try to connect from android tor browser using the browser line, it tries to connect and I see it in the logs but as far as I can tell is not sending that string. I expected to have trouble with the websockets but this has never been a problem with haproxy before. ATM not really sure where to turn other than back to nginx, which after all is possible but yet another thing to tend, or recompiling, try not Android? Thanks

1 0

Regarding IPv6 & webtunnel bridge
by Dionysios K. 29 Nov '24

29 Nov '24

Hello, Is there any particular configuration change I have to do in torrc/nginx for my bridge to be listed as both v4/v6 on the metrics website? It's a webtunnel bridge and that complicates things, for obfs4 the configuration is pretty much straightforward. D.

3 2

Restart of standalone Snowflake proxies required
by Cecylia Bocovich 27 Nov '24

27 Nov '24

We recently completed an upgrade to the Snowflake broker machine[0] that required us to move the broker to a different IP address. We found, after updating our DNS records, that the standalone (command-line) proxies will not re-resolve the domain name of the broker and will continue to make connections to the old IP address until restarted. If you run a standalone Snowflake proxy, please restart when you get a chance. Thanks! [0] https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…

1 0

relay operator meeting postponed
by George 23 Nov '24

23 Nov '24

Greetings fellow relay operators! Sorry for the last minute notice, but we're postponing the usual relay operators meeting previously set for tomorrow. Stay tuned for a new date. George -- 43C2 85B0 41B6 4AC1 0E02 2767 7092 AEB3 40B0 C804

1 0

Solicitation for an IPv4 block
by Christopher Sheats 20 Nov '24

20 Nov '24

Hello everyone, In light of Tor Project's push into the global south, I'm bringing on a new advisory board member (https://freeradical.zone/@kedislav) from Chile, and together we're documenting co-location and IP transit costs in the country for a possible Tor exit relay deployment. However, in order to do this, we need some company/university/nonprofit, or some kind person, to donate to us a /24 (or greater) IPv4 block. If said entity is in the USA, it's possible to make this a tax-deductible donation since we are a 501(c)(3). If you could connect me to anyone who might be able to do this for Tor, please feel free to connect me over Signal or email. We can use our existing IPv6 block for dual-stack relays. Or we might get a new ASN and new IPv6 block for that region. If you have any information about Chilean co-location and/or IP transit deals, or contacts, or even good places to get used or new servers, please let me know. I'm hoping that our involvement in the region will help inspire others to do something similar. We'll of course do a full bi-lingual write up like we did in 2017 (https://emeraldonion.org/blog/starting-a-human-rights-isp/) -- Christopher Sheats Director, Emerald Onion Signal: +1 206.739.3390 // emerald.01 Web: https://emeraldonion.org Mastodon: https://digitalcourage.social/@EmeraldOnion

1 0

Journal warnings spam
by Dionysios K. 19 Nov '24

19 Nov '24

Hey guys, Do you have any solution to stop the spam caused by tor: The IPv4 ORPort address 127.0.0.1 does not match the descriptor address <IP>. If you have a static public IPv4 address, use 'Address <IPv4>' and 'OutboundBindAddress <IPv4>'. Indeed I have a static IP but behind nat, so defining it in torrc is not possible as it can't bind to it.

2 2

Re: Looking for a new provider? Try Wedos.
by George Hartley 15 Nov '24

15 Nov '24

First of all, sorry for the late re-post of this e-mail to the list. An individual also active on the tor-relays list messaged regarding a new provider, I recommended one which is not crowded with Tor nodes, but our fellow decided to lie about the provider. Please read their quote. I can still recommend Wedos.cz for Guards/Middle relays, as well as bridges, and if you have very restrictive exit policy, maybe also for exits - however, confirm with staff first, and let them know which ports you want to allow. Also, always reply to all non-automated abuse reports, and forward them to the address for processed abuse reports given to you by staff. This was my original reply: Because their AI chat bot has infinite intelligence right? I know 2 people working there personally, Michal Jakubec and Roman Mondek, and they both reassured me yesterday that Guard/Middle and Bridge are NOT a problem, as long as they stay Guard/Middle or Bridge nodes. Using Tor FROM their network is also no problem.. using Tor to access THEIR is no problem. But, I did not trust their word.. So I tried it myself: No problem accessing the website using around 10 different exit nodes.. Then, I tried to order: Again, no problem! Received bitcoin payment information using a Tor mail service within 10 minutes: This is where I stopped, I did not pay the invoice and e-mailed Wedos stafff to please remove the order. But, Wedos supports Tor, and is a great choice especially for Guards/Middle nodes as well as bridges. Please don't lie about providers.. alternatively, if they still don't support Tor for you, please show the symptoms you are encountering. -GH On Thursday, November 7th, 2024 at 5:11 PM, Red Oaive clearly(a)ivegotyour.pw wrote: > On 2024-11-05 16:32, George Hartley via tor-relays wrote: > > > Also, please consider using a provider that is not overcrowded with > > Tor nodes already like OVH. > > > > I can recommend Wedos.cz ... https://wedos.cz/en/ > > They block access to their web site to Tor users. This doesn't bode well > for how Tor friendly they are. Their chatbot also claims tor is not > allowed: > > "Running Tor relays on a VPS from WEDOS is generally not allowed > due to the potential misuse of such services for attacks" > > Too bad becasue the price you quotes is attractive.

1 0

Re: Update: Tor relays source IPs spoofed to mass-scan port 22
by littlehoster.denote399＠passinbox.com 14 Nov '24

14 Nov '24

Hi, I had very similar reports to [tor-operator_urdn.co](https://forum.torproject.org/u/tor-operator_urdn.co): DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort 0 30-Oct-2024 14:06:13 BLOCKED attempted-recon 92.51.45.21 0 202.91.162.47 22 1 30-Oct-2024 14:43:35 BLOCKED attempted-recon 92.51.45.21 0 202.91.162.24 22 2 30-Oct-2024 15:11:40 BLOCKED attempted-recon 92.51.45.21 0 202.91.162.24 22 3 30-Oct-2024 15:19:05 DENIED 92.51.45.21 64006 TCP 202.91.162.172 22 4 30-Oct-2024 15:19:20 BLOCKED attempted-recon 92.51.45.21 0 202.91.162.24 225 30-Oct-2024 15:44:49 DENIED 92.51.45.21 18054 TCP 202.91.161.94 22 The report is from the same IP-range.

1 0

Update: Tor relays source IPs spoofed to mass-scan port 22
by gus 12 Nov '24

12 Nov '24

Hello everyone, I'm writing to share that the origin of the spoofed packets has been identified and successfully shut down today, thanks to the assistance from Andrew Morris at GreyNoise and anonymous contributors. I want to give special thanks to the members of our community who have dedicated their time and efforts to track down the perpetrators of this attack. Although this fake abuse incident had minimal impact on the network -- temporarily taking only a few relays offline -- it has been a frustrating issue for many relay operators. However, I want to reassure everyone that this disruption had no effect on Tor users whatsoever. We're incredibly fortunate to have such a skilled and committed group of relay operators standing with Tor. Thank you all for your resilience, ongoing support and for making the Tor network possible by running relays. Gus -- The Tor Project Community Team Lead

11 18

Re: Raspberry Pi 4
by Keifer Bly 11 Nov '24

11 Nov '24

Ok thanks all. --Keifer On Thu, Nov 7, 2024, 6:43 AM Michael Wächter via tor-relays < tor-relays(a)lists.torproject.org> wrote: > Hi all, > I’m running a relay on a Pi 4 now for almost 2 years, almost no issues at > all. Average CPU load 40 %, average bandwidth 5 MB. > Updating to a newer version of tor is a bit tricky. > > Rads > > Michael > > > Am 04.11.2024 um 12:40 schrieb jl2238--- via tor-relays < > tor-relays(a)lists.torproject.org>: > > It works. My relay is running on a Raspberry Pi 4B with 4 GB RAM. Bandwith > for the relay is 2 Mbit/s, CPU Load of the relay is about 20 % > > > Am 02.11.24 um 02:15 schrieb Keifer Bly: > > Hi, > > So I am wondering, is a Raspberry Pi 4 a recommended device to run a tor > relay on? In terms of traffic load, etc? Thanks. > --Keifer > > _______________________________________________ > tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > _______________________________________________ > tor-relays mailing list > tor-relays(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > _______________________________________________ > tor-relays mailing list > tor-relays(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >

2 2