- tor-relays - lists.torproject.org

Re: Issues with My Tor Relay
by stay.hydrated834＠passmail.net 23 Feb '26

23 Feb '26

Hi everyone, Thank you for the reply and the information you provided. While preparing my response about the blocked traffic, I wanted to clarify the NAT and WAN rules in the screenshots and replace the aliases with the actual IP addresses. During that process I discovered that I (the numb nut of an administrator) forgot to fill in the NAT alias, so there was never an active NAT rule only the WAN rule was present. Because both the NAT and WAN rules are now active, the Tor relay is functioning correctly: no traffic to port 9001 is being blocked, and outbound traffic is unrestricted. I wonder why some connections were allowed by the WAN rule while others were denied and are now only allowed due to the NAT rule. Bandwidth: Average throughput: ~60 Mbps (occasionally up to 140 Mbps) Recent spikes: short bursts up to 420 Mbps training i guess? Due to frequent firewall restarts while I’m re‑configuring my network. I expect the traffic to stabilize as the network settles and after the training finished, and I’m happy if the relay can make use of any unused capacity. 1000Mbps would be the Maximum so there is alot of room to grow. :D Unexpected traffic bursts Every few hours I see dozens of Tor nodes connecting to my relay for 2–5 minutes, resulting in 1,000–7,500 connections dropping. These bursts don’t line up with the bandwidth spikes as far as i seen. My CPU usage, which is usually around 1 %, can rise to about 1.2 % during those periods. Im glad i already thought its static. :D I don’t think this is an attack—nothing I’ve seen, even a smart bulb, generates comparable traffic. I’m wondering if I still have a misconfiguration somewhere. Regarding Snowflakes Is it possible to Route all of my phones (apps) traffic still through WireGuard back to home while allowing Orbot to use the mobile network to open a Snowflake relay (my IP changes every 24 hours after a phone reboot). I have an unlimited 25Mbit not fast but steady. Im on GrapheneOS Screenshots I’ve attached screenshots that highlight exactly what is being blocked, so you can see the traffic patterns I described. Thanks again to everyone who runs relays; your experience helped me finally get mine working. <3 Stay hydrated! Cheers

1 0

Scheduled migration: Nothing to hide infrastructure (23-02-2026)
by Nothing to hide 20 Feb '26

20 Feb '26

Hi everyone, This is a heads-up that a significant portion of the Nothing to hide infrastructure will be undergoing a major upgrade and migration on Monday 23 February 2026. We are replacing older servers and networking equipment with modern high-performance hardware and moving to a new data center. What to expect: * While we aim to limit downtime to a few minutes, extended outages are possible depending on how the migration proceeds. * In the days following the migration, many of our existing relays will be assigned new IP addresses and/or roles. * Once we consider the new network and infrastructure stable, we will be adding more relays to the network. This move also provides much-needed headroom for auxiliary services we plan to offer Tor operators, such as DoT, DoH, DoQ, and NTS. We'll share more details on these in the near future. Best regards, Nothing to hide

1 0

Programmatically determine if a relay is hibernating
by forest-relay-contact＠cryptolab.net 18 Feb '26

18 Feb '26

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello. What is the authoritative way to determine if a relay is hibernating? I would have thought that using the control socket would be best, but Tor seems to unlink it when it enters hibernation, so Stem does not work. There's a possible heuristic by checking if /run/tor/tor.pid exists when /run/tor/control does not, but that's fragile because it assumes that the control socket is even enabled. Parsing the logs is doable, but also quite fragile. And I could certainly parse /var/lib/tor/state, but its format is surely subject to change at any time. How do I correctly determine whether a Tor process is in hibernation? Regards, forest -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQtr8ZXhq/o01Qf/pow+TRLM+X4xgUCaZERAgAKCRAw+TRLM+X4 xshIAQCjNVgq0vBzT+MJhbn8Vetj3UObU8DinVvp3gtj9DeLKgD/aKy7N3nvCUSu zFSSFZTCR0MFxQh9TxjmYO/tKRrPoAE= =gAnQ -----END PGP SIGNATURE-----

3 3

handle malicous IPv6 systems abusing the /64 hostmask
by Toralf Förster 15 Feb '26

15 Feb '26

I extended my DDoS solution [1] by blocking systems where malicous connections attempts where observed from up to 256 IPv6 addresses of the same /64 block within 24 hours from hosters providing /64 hostmasks. For now it is rather a quirk than a generic solution. But it works well. And it extends the solution to accept now manual block requests like ipset add tor-ddos6-5443 <IPv6 address> -exist [1] https://github.com/toralf/torutils?tab=readme-ov-file#details -- Toralf

2 2

Tor Node infected with ransomware
by skankhunt42 14 Feb '26

14 Feb '26

Hello there, today I woke up to an execution error of the relayor playbook. I then tried to look into the affected node (tor-nl1.skankhunt42.pw; nickname skankhunt42nl1) and couldn't SSH into it. So I went to the hosters VNC console and found a ransomware notice: Your files are encrypted, requires payment for decrypting Contact us: Telegram: @cloudcone_raidbot UUID: bfaa20d9-7b11-417d-a702-cfa95d6c203c I then tried to boot into recovery and look at the disk but as expected, partition table and ext4 superblocks were gone. hexdump head of the disk was just the ransomware note shown above. I was running Ubuntu 24.04 Minimal with ESM enabled and unattended-upgrades, everything else managed by relayor. I obviously checked the other nodes for unsual SSH logins (as they had the same SSH key) and didn't found anything. I am rotating the keys for now and shut down the VPS at HostSlick. Not sure if there is something to further investigate maybe. What's odd is that I couldn't find anything about "cloudcone_raidbot", doesn't even exist on telegram. I really want to understand what I did wrong. Maybe someone with more experience may take a look at it? Best, skankhunt42

4 4

Issues with My Tor Relay
by stay.hydrated834＠passmail.net 13 Feb '26

13 Feb '26

Hello there, For the past week I’ve been running a Tor relay using the Tor‑Relay plugin on my OpenSense. While the relay appears to be functioning, I’ve noticed a few irregularities: 1. Selective blocking: Some IP addresses that connect to me are being denied by default, whereas others with similar characteristics connect without any issue. 2. Low bandwidth usage: The relay isn’t consuming much bandwidth. I’m not sure whether this is normal while the relay is still learning its capacity or if something else is limiting traffic. 3. No connections on port 9030: So far, I haven’t seen any inbound connections to the directory port (9030). For testing, the following IP is reachable via ICMP ;) - 109.199.164.117 – Port 9001 (OR) / DIR 9030 Could you advise on why these behaviors are occurring and whether any configuration changes are needed? Thanks for your help, and stay hydrated!

3 2

Happy Family Roadmap for ansible-relayor/CIISS/OrNetStats
by nusenu 12 Feb '26

12 Feb '26

Hi, since David mentiond that there will be the first tor 0.4.9 stable release this week and ahf also mentioned [1] ansible-relayor in the context of the MyFamily successor Happy Family I want to give you a short roadmap in the context of relayor/CIISS/OrNetStats: * first stable tor 0.4.9.x release (likely in the coming days) * after tor 0.4.9 reaches deb.torproject.org and FreeBSD packages: * ansible-relayor will require tor version >= 0.4.9 and enable Happy Family by default in addition to MyFamily * after the first tor browser release with tor 0.4.9 for all platforms: * MyFamily support will be removed from ansible-relayor * CIISS version 3 is released: MyFamily is replaced with the Happy Family system * operators will have to update their proofs * we wait for happy family support in onionoo [2] * OrNetStats will implement and verify proofs according to CIISS version 3 [1] https://lists.torproject.org/mailman3/hyperkitty/list/tor-relays@lists.torp… [2] https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/4… kind regards, nusenu -- https://nusenu.github.io

2 1

Call for more Snowflake proxies!
by gus 07 Feb '26

07 Feb '26

Dear relay operators, The Snowflake network is currently overloaded and we need more Snowflake proxies. If you have spare bandwidth or available servers, please consider running Snowflake proxies. As online censorship continues to increase around the world -- particularly with the recent Internet restrictions in Iran[1] --, we are seeing a significant increase on snowflake usage. We urgently need more Snowflake proxies to help handle this surge and ensure that users can continue to access the open Internet. Please share this call with your friends, communities, hackerspaces and anyone who may be able to help! Gus ### How to help There are multiple ways to run snowflake proxies: - Option 1: Run a browser-based proxy. Click the link below, switch it ON and leave the tab open: https://embed-snowflake.torproject.org/ - Option 2: Install Snowflake browser extension: https://snowflake.torproject.org/#addonBtns - Option 3: Run Snowflake standalone proxy (recommended for relay operators): https://community.torproject.org/relay/setup/snowflake/ - Option 4: Install Orbot (iOS/Android) and enable Kindness mode. https://orbot.app/ ### FAQ for relay operators Q: I'm operating a Tor relay, can I run a Snowflake proxy on the same IP? A: It might not be helpful for censored users as Tor relays are frequently blocked on censored regions. Q: I'm operating a Tor bridge, can I run a Snowflake proxy on the same IP? A: It might expose your bridge IP address and censors might take this opportunity to block your bridge. Q: Can I run Snowflake proxy for a short period? A: Yes. Proxies can run for any amount of time. Even short periods help increase available capacity. Q: Do I need to share my Snowflake proxy manually? A: No. Your proxy is automatically distributed by the Snowflake broker. After setup, no further action is required. Q: Where can I see Snowflake proxy statistics? A: Snowflake proxy statistics are available from Tor Collector. You can download the data here: https://collector.torproject.org/recent/snowflakes/ [1] Censorship analysis in Iran: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… -- The Tor Project Community Team Lead

2 2

Hetzner Netscan False Positives
by tor_appliedprivacy.net 06 Feb '26

06 Feb '26

Hi, we just wanted to let you know that we got a Hetzner network contact yesterday here at 39C3 to try to get this issue solved at the root. We can not promise anything at this point but we will likely update this thread in a few weeks (January) about the status with Hetzner on this topic. best regards, tor(a)appliedprivacy.net

6 9

Re: Question about Snowflake proxy on non-exit tor relay
by gus 06 Feb '26

06 Feb '26

Hi, Yes, it applies to all relays, independent of their flags (exit, guard, middle.). Thank you! Gus On Fri, Feb 06, 2026 at 10:58:43AM +0100, Tor-relay wrote: > Hi, > > I have a question regarding the following FAQ entry: > > “Q: I'm operating a Tor relay, can I run a Snowflake proxy on the same IP? > A: It might not be helpful for censored users as Tor relays are frequently > blocked in censored regions.” > > Does this limitation also apply to non-exit relays, or is it mainly a > concern for exit relays? > > Thanks in advance. > > > On Thu, Feb 5, 2026, 17:34 gus via tor-relays < > tor-relays(a)lists.torproject.org> wrote: > > > Dear relay operators, > > > > The Snowflake network is currently overloaded and we need more Snowflake > > proxies. > > > > If you have spare bandwidth or available servers, please consider > > running Snowflake proxies. > > > > As online censorship continues to increase around the world -- > > particularly with the recent Internet restrictions in Iran[1] --, we are > > seeing a significant increase on snowflake usage. We urgently need more > > Snowflake proxies to help handle this surge and ensure that users can > > continue to access the open Internet. > > > > Please share this call with your friends, communities, hackerspaces and > > anyone who may be able to help! > > > > Gus > > > > ### How to help > > > > There are multiple ways to run snowflake proxies: > > > > - Option 1: Run a browser-based proxy. Click the link below, switch it > > ON and leave the tab open: https://embed-snowflake.torproject.org/ > > > > - Option 2: Install Snowflake browser extension: > > https://snowflake.torproject.org/#addonBtns > > > > - Option 3: Run Snowflake standalone proxy (recommended for relay > > operators): > > https://community.torproject.org/relay/setup/snowflake/ > > > > - Option 4: Install Orbot (iOS/Android) and enable Kindness mode. > > https://orbot.app/ > > > > ### FAQ for relay operators > > > > Q: I'm operating a Tor relay, can I run a Snowflake proxy on the same IP? > > A: It might not be helpful for censored users as Tor relays are > > frequently blocked on censored regions. > > > > Q: I'm operating a Tor bridge, can I run a Snowflake proxy on the same IP? > > A: It might expose your bridge IP address and censors might take this > > opportunity to block your bridge. > > > > Q: Can I run Snowflake proxy for a short period? > > A: Yes. Proxies can run for any amount of time. Even short periods help > > increase available capacity. > > > > Q: Do I need to share my Snowflake proxy manually? > > A: No. Your proxy is automatically distributed by the Snowflake broker. > > After setup, no further action is required. > > > > Q: Where can I see Snowflake proxy statistics? > > A: Snowflake proxy statistics are available from Tor Collector. You can > > download the data here: > > https://collector.torproject.org/recent/snowflakes/ > > > > [1] Censorship analysis in Iran: > > https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… > > -- > > The Tor Project > > Community Team Lead > > _______________________________________________ > > tor-relays mailing list -- tor-relays(a)lists.torproject.org > > To unsubscribe send an email to tor-relays-leave(a)lists.torproject.org > > -- The Tor Project Community Team Lead

1 0