- tor-relays - lists.torproject.org

Temporarily shutting down public relay
by Shawn Webb 24 Jul '18

24 Jul '18

Hey All, As an FYI, I'm temorarily shutting down the non-exit HardenedBSD-based relay I run at home (3CA2B91F2F2720202DD845E0E4C827E720CF5430) due to an upcoming extensive shoulder surgery my wife is having. I need to cut costs as she will be out of work for a year. My plan is to re-enable it once she's fully recovered. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera(a)is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE

1 0

FYI: Subpoena Received
by "IPfail (Tor Admin)" 23 Jul '18

23 Jul '18

FYI, I received a subpoena from a US based court to produce information about individual(s) who were using one of our exit nodes at a specific date/time. In the nearly 3 months that these exits have been in operation, this is the first subpoena and only the second complaint received. For purposes of documenting the approximate ratio of "complaints / traffic processed", these nodes have handled ~515TB and are using the recommended reduced exit policy. https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy

7 8

Bridges and MyFamily setting
by Cristian Consonni 23 Jul '18

23 Jul '18

Hi, I am running a couple of relay nodes and now I would like to set a bridge relay. The `torrc` file says the following: --- ## Uncomment this if you run more than one Tor relay, and add the identity ## key fingerprint of each Tor relay you control, even if they're on ## different networks. You declare it here so Tor clients can avoid ## using more than one of your relays in a single circuit. See ## https://www.torproject.org/docs/faq#MultipleRelays ## However, you should never include a bridge's fingerprint here, as it would ## break its concealability and potentially reveal its IP/TCP address. #MyFamily $keyid,$keyid,... --- I understand that I should not add the bridge fingerprint to the MyFamily setting of my other relays, but should I set MyFamily on my bridge (with the fingerprints of my other nodes)? I suppose that the logic of avoiding to have the same circuit through multiple relay controlled by the same operator is still valid, but I don't know if this could be a problem. C

2 3

[Software Announcement] FamilyGenerator: Tor MyFamily Generator
by Neel Chauhan 22 Jul '18

22 Jul '18

Hi tor-relays mailing list, I have created a tool called FamilyGenerator. FamilyGenerator is a tool to automatically construct a Tor MyFamily line based on Onionoo parameters. Why? If you run multiple relays, it can become hard to keep your MyFamily line updated if you add or remove relays. FamilyGenerator makes it easier (and automated if you use cron, or maybe without it in a future version if it ever comes). Does it integrate with Tor directly? As of now, no. If you want to automatically load FamilyGenerator outputs to Tor, you can: 1. Make sure all your relays has something in common in the Nickname or ContactInfo lines 2. Use a shell script to generate the MyFamily line with FamilyGenerator 3. Use a cron job to reload Tor after FamilyGenerator runs 4. Include the output in a Include line in your torrc Hopefully, a future version can avoid cron (that is, if it comes). FamilyGenerator is available on GitHub at: https://github.com/neelchauhan/FamilyGenerator You can install it from PyPI with: pip install FamilyGenerator A FreeBSD port is underway. For Debian users, sorry, but there's no Debian package in the pipeline as I don't use Debian. That's it. Thank You, Neel Chauhan

5 6

Trying to set up a relay at home, but get no connections
by Gunnar Wolf 22 Jul '18

22 Jul '18

Hello, I have set up a VM at my home server (via fiber DSL) to work as a Tor relay. I have set up port forwarding for ORport and DirPort (defaults, 9001 and 9030). The logs don't give me any useful information — or, possibly, I fail to grok anything useful ;-) The following happens every couple of hours: Jun 07 09:36:19.000 [notice] Heartbeat: It seems like we are not in the cached consensus. Jun 07 09:36:19.000 [notice] Heartbeat: Tor's uptime is 17:59 hours, with 0 circuits open. I've sent 2.71 MB and received 32.26 MB. Jun 07 09:36:19.000 [notice] Average packaged cell fullness: 13.454%. TLS write overhead: 12% Jun 07 09:36:19.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 14/14 NTor. Jun 07 09:36:19.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 21 v4 connections; and received 0 v1 connections, 0 v2 connections, 0 v3 connections, and 216 v4 connections. Jun 07 09:36:19.000 [notice] DoS mitigation since startup: 0 circuits rejected, 0 marked addresses. 0 connections closed. 0 single hop clients refused. Jun 07 15:36:19.000 [notice] Heartbeat: It seems like we are not in the cached consensus. Jun 07 15:36:19.000 [notice] Heartbeat: Tor's uptime is 23:59 hours, with 0 circuits open. I've sent 3.18 MB and received 42.36 MB. Jun 07 15:36:19.000 [notice] Average packaged cell fullness: 13.454%. TLS write overhead: 14% Jun 07 15:36:19.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 0/0 NTor. Jun 07 15:36:19.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 21 v4 connections; and received 0 v1 connections, 0 v2 connections, 0 v3 connections, and 284 v4 connections. Jun 07 15:36:19.000 [notice] DoS mitigation since startup: 0 circuits rejected, 0 marked addresses. 0 connections closed. 0 single hop clients refused. Jun 07 21:36:19.000 [notice] Heartbeat: It seems like we are not in the cached consensus. Jun 07 21:36:19.000 [notice] Heartbeat: Tor's uptime is 1 day 5:59 hours, with 0 circuits open. I've sent 3.66 MB and received 53.04 MB. Jun 07 21:36:19.000 [notice] Average packaged cell fullness: 13.454%. TLS write overhead: 16% Jun 07 21:36:19.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 0/0 NTor. Jun 07 21:36:19.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 21 v4 connections; and received 0 v1 connections, 0 v2 connections, 0 v3 connections, and 351 v4 connections. Jun 07 21:36:19.000 [notice] DoS mitigation since startup: 0 circuits rejected, 0 marked addresses. 0 connections closed. 0 single hop clients refused. What should I look into? Thanks,

11 13

Question regarding ethical torrent blocking
by Conrad Rockenhaus 21 Jul '18

21 Jul '18

Hello, I was going to ask someone off-list, but the amount of abuse and DCMA complaints I have received now have been so much that I have decided that the best action to take is to set an exit policy. I run a couple of exit nodes and I have people apparently using them to torrent, which we ask people politely not to do through Tor....but the policy gets ignored I guess. Anyway, I'm receiving a sufficient amount of complaints to where I'm worried that my service may be terminated unless I take action, which would affect the greater good. So the question is - I run the default exit policy. I don't like being the arbiter of what goes through and what doesn't. Is it okay, ethically, from a free speech standpoint, to reach this point to where we say "we need to block this content from transversing my node" in response to legal complaints from others? Are others implementing these blocks and do you feel that such a block doesn't violate any ethical norm to provide uncensored access to the Internet? I'm just curious on what thoughts on this are. I know how to technically perform the block, I guess I feel like we're one of the last bastions against censorship on the Internet and people do torrent legitimate stuff. I don't consider pirating Fallout 4, The Elder Scrolls V, Sweetbitter, and The Evil Within 2 to be protected speech FYI... my worry is just blocking the legitimate uses of bittorrent. Thanks, Conrad Rockenhaus

8 10

Discounts/Free Trials on BSD instances to promote BSD relays?
by Conrad Rockenhaus 20 Jul '18

20 Jul '18

Howdy, So, anyway, I was previously more active, but I decided on a midlife career change and was on a training path to become a Physician Assistant. Then I was hit by a drunk driver. Now I had to drop out of the program for the next year at least, if at all, so I'm going back to working IT. That's the sob story. I like BSD, primarily FreeBSD (please flame me about how my relays aren't secure later :P) and like promoting the use of it. I have excess capacity on dedicated servers that I personally pay for that are used to host portions of a very popular Wiki based Satire/Dark Humor website. Some of that capacity is already going to Tor. On the servers that have address space SWIPed to me, I would like to resell that capacity specifically to host BSD based Tor relays, exits, bridges, and hidden services. Right now I'm working on infrastructure and a website and trying to somewhat automate things. The question I would like to ask, and honestly, I'm not trying to generate customers, I honestly believe that if a Linux user actually logs into a BSD box for the first time and sees the beauty and grace that the differences between BSD and Linux are that they would want to switch their own personal relay. I'm a firm believer of this. I know there's some hardcore Linux fans out there and that's fine, there's a legion of BSD fans too :). To the point - would it be fair to network stability to offer a week long free trial to run a tor instance, well, that is if that's what the user hopefully runs? Would such a model even have an affect on increasing the number of BSD instances we have on Tor presently? And again, per a suggestion in a previous email chain that I was involved in, I setup my ARIN and RIPE ids, and my providers have SWIPed the address spaces to me so any and all abuse complaints will be coming to me for the address spaces for now on. Thanks, Conrad

6 10

Updating relay using killall -hup command
by Keifer Bly 20 Jul '18

20 Jul '18

Hello, So recently I upgraded from tor 0.3.3.8 to tor 0.3.3.9, and used the killall -HUP command to restart the relay. However this did nothing, the relay consensus says I am still running tor 0.3.3.8 days later. Is there a way I can cause the upgrade to appear without completely restarting the relay? The OS is macos High Sierra 10.13.6. Thank you.

5 4

Re: [tor-relays] Discounts/Free Trials on BSD instances to promote BSD relays?
by Conrad Rockenhaus 19 Jul '18

19 Jul '18

Thank you for letting me know, I will look into this! I greatly appreciate the tip. On Wed, Jul 18, 2018 at 9:03 PM, Alejandro Andreu <contact(a)alejandroandr.eu> wrote: > Hi, > > For automating the setup please consider using `gibson`[1], an effort made > by the folks at Emerald Onion to better manage a Tor relay through a set of > shell scripts. It's still in development, but just as you do, they run > everything in BSD boxes. > > Cheers! > > [1]: https://emeraldonion.org/introducing-gibson/ > > > > -------- Original Message -------- > > On Jul 19, 2018, 09:34, Conrad Rockenhaus < conrad(a)rockenhaus.com> wrote: > > > Howdy, > > So, anyway, I was previously more active, but I decided on a midlife > career change and was on a training path to become a Physician > Assistant. Then I was hit by a drunk driver. Now I had to drop out of > the program for the next year at least, if at all, so I'm going back > to working IT. That's the sob story. > > I like BSD, primarily FreeBSD (please flame me about how my relays > aren't secure later :P) and like promoting the use of it. I have > excess capacity on dedicated servers that I personally pay for that > are used to host portions of a very popular Wiki based Satire/Dark > Humor website. Some of that capacity is already going to Tor. On the > servers that have address space SWIPed to me, I would like to resell > that capacity specifically to host BSD based Tor relays, exits, > bridges, and hidden services. Right now I'm working on infrastructure > and a website and trying to somewhat automate things. > > The question I would like to ask, and honestly, I'm not trying to > generate customers, I honestly believe that if a Linux user actually > logs into a BSD box for the first time and sees the beauty and grace > that the differences between BSD and Linux are that they would want to > switch their own personal relay. I'm a firm believer of this. I know > there's some hardcore Linux fans out there and that's fine, there's a > legion of BSD fans too :). > > To the point - would it be fair to network stability to offer a week > long free trial to run a tor instance, well, that is if that's what > the user hopefully runs? Would such a model even have an affect on > increasing the number of BSD instances we have on Tor presently? > > And again, per a suggestion in a previous email chain that I was > involved in, I setup my ARIN and RIPE ids, and my providers have > SWIPed the address spaces to me so any and all abuse complaints will > be coming to me for the address spaces for now on. > > Thanks, > > Conrad > _______________________________________________ > tor-relays mailing list > tor-relays(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Conrad Rockenhaus Get started with GreyPony Anonymization Today! https://www.greyponyit.com

1 0

Home router keeps failing.
by Gary 18 Jul '18

18 Jul '18

Hi, I keep having issues with my home router - it keeps failing due to the number of connections and I would be grateful for some advice. I have been running a (non-exit) middle relay for some time and up until now my router has mostly coped. It is what is what I got from my ISP, I can't afford to get a new one. At the minute I had to reset it on a daily basis which not only breaks tor circuits, but I am finding it increasingly hard to convince other people I live with that we need the relay when it causes them browsing issues. My relay connects via wire Ethernet. When I get to (approx) 900 incoming / 600 outgoing tor connections the router goes TITSUP. ACCOUNTING MAX is set to 8GBytes, I think the actual daily usage is about 4 GB though. RelayBandwidthRate is 250 KBytes, RelayBandwitdthBurst is 500KBytes. Although there are a few other devices / phones also connected, however I would estimate not more than a combined 2 GB daily HTTP / HTTPS traffic for all devices. No file sharing / P2P other than tor. My DSL speed is approx 50 mbits download / 15 mbits upload I dont want to keep resetting my router every day, I would be grateful for any advice. Many Thanks.

6 5