- tor-relays - lists.torproject.org

New releases today: please consider upgrading.
by Nick Mathewson 05 Mar '18

05 Mar '18

Hi! There are new security releases today. The official announcement just went to tor-announce, but I want to make sure that people on this list see it too. In brief: * Directory authorities should upgrade. * Relays running 0.3.2.1-alpha through 0.3.2.9 should upgrade. * Relays running 0.3.3.1-alpha should upgrade. * All other relays may wish to upgrade in order to improve their resistance to denial-of-service attacks. If you build Tor from source, the source code is available at https://dist.torproject.org/ . Packages should be available over the coming days. For the complete announcement, including changelogs, see https://lists.torproject.org/pipermail/tor-announce/2018-March/000152.html best wishes, -- Nick

2 1

Firewalls
by TorGate 05 Mar '18

05 Mar '18

Hi to all, I have a simple question, what is the best firewall solution ? With sourcecode and must be opensource. What do you mean ? regards Steffen TorGate torgate(at)linux-hus.dk OpenGPG 7FD5 65EF A4EF EEF3 7A13 4372 8409 49D6 01A2 0890

3 3

bridge behavior question
by Arisbe 05 Mar '18

05 Mar '18

Hello all, I have run a number of Tor nodes for five years but I started adding a few bridges last year. I have one bridge recently installed on a lease VPS that has not reported a single inbound connection in over 40 days (except for Bifroest hanging out). I see up to 4 outbound connections and usually see between 4 and 14 circuits. The IP tables are correct and torrc is copied from successful bridges except for IP address. The Tor version is 0.2.9.14 and the OS is debian 9.0 (stretch). I'm running obfs4proxy. I set ORPort 9001 and ORPort [IPv6]:9001. Tor | Metrics reports Advertised Bandwidth = 8.0 KiB/s for this bridge. Tor | Metrics reports Advertised Bandwidth for another working bridge I have with the same hosting company at 598.7 KiB/s. I suspect this variation is due to lack of connections by the unused bridge. I loaded a speed checker and it reported 72-Mb/s. Can anyone give me some steerage to help me get this bridge productive?

2 1

less than 3 bw auths available: self-measurement (with 10k cap in effect)
by nusenu 05 Mar '18

05 Mar '18

Hi, if your relays behave strangely in terms of bandwidth seen, than this might be due to the fact that there are less than 3 bw auth votes available. If you run a fast relay it is capped to 10k cw. This affects currently the 857 fastest relays. regards, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_

6 8

One pubblic IP, two or more relay on different ports
by MLTorNode 05 Mar '18

05 Mar '18

3 3

[WARN] Your computer is too slow to handle this many circuit creation requests
by Vasilis 04 Mar '18

04 Mar '18

Hi, I see a number of warning log messages on a dedicated server: [WARN] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [27615 similar message(s) suppressed in last 60 seconds] The relay is running on a dedicated hardware with the following specifications: CPU: Intel(R) Xeon(TM) CPU 3.00GHz RAM: 6G Kernel: Linux 3.16.0-5-amd64 Tor version: 0.3.2.9 flags: Fast, Guard, HSDir, Running, Stable, V2Dir, Valid exit policy: reject *:* Setting the NumCPUs option to the actual number of CPUs (2) didn't help. Is this hardware really too old/slow to run a relay on one ethernet Gigabit link? Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162

2 4

Port not rechable
by peter.zehetner＠liwest.at 04 Mar '18

04 Mar '18

OK, but what is this: Mar 03 21:36:31.000 [warn] Failed to start child process "tor-fw-helper" in state 9: No such file or directory Mar 03 21:51:46.000 [warn] Failed to start child process "tor-fw-helper" in state 9: No such file or directory Mar 03 21:56:51.000 [warn] Failed to start child process "tor-fw-helper" in state 9: No such file or directory Tor is now online for about 36 hours, the log says 6 hours because the computer was restarted. This is the latest log: Mar 03 23:45:12.000 [notice] Bootstrapped 0%: Starting Mar 03 23:45:24.000 [notice] Bootstrapped 80%: Connecting to the Tor network Mar 03 23:45:24.000 [notice] Signaled readiness to systemd Mar 03 23:45:24.000 [notice] Opening Socks listener on /var/run/tor/socks Mar 03 23:45:24.000 [notice] Opening Control listener on /var/run/tor/control Mar 03 23:45:25.000 [notice] Guessed our IP address as 81.10.248.112 (source: 154.35.175.225). Mar 03 23:45:25.000 [notice] Bootstrapped 85%: Finishing handshake with first hop Mar 03 23:45:26.000 [notice] Bootstrapped 90%: Establishing a Tor circuit Mar 03 23:45:27.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Mar 03 23:45:27.000 [notice] Bootstrapped 100%: Done Mar 03 23:45:27.000 [notice] Now checking whether ORPort 81.10.248.112:443 and DirPort 81.10.248.112:80 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) Mar 03 23:45:33.000 [notice] New control connection opened. Mar 03 23:46:49.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Mar 03 23:46:52.000 [notice] Performing bandwidth self-test...done. Mar 03 23:47:03.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Publishing server descriptor. Mar 04 05:45:24.000 [notice] Heartbeat: Tor's uptime is 5:59 hours, with 0 circuits open. I've sent 8.65 MB and received 15.91 MB. Mar 04 05:45:24.000 [notice] Average packaged cell fullness: 12.249%. TLS write overhead: 13% Mar 04 05:45:24.000 [notice] Circuit handshake stats since last time: 2/2 TAP, 1107/1107 NTor. Mar 04 05:45:24.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 454 v4 connections; and received 0 v1 connections, 0 v2 connections, 0 v3 connections, and 635 v4 connections. Mar 04 07:35:06.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. Mar 04 07:35:06.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". How long does it last until the relay will be in use? What do the "flags" in tor-arm mean? Sometimes it says "Running, V2Dir, Valid" Yours -Peter Am 03.03.2018 um 10:31 schrieb teor: > >> On 3 Mar 2018, at 18:32, peter.zehetner(a)liwest.at wrote: >> >> Mar 03 00:05:38.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. >> Mar 03 00:05:45.000 [notice] Performing bandwidth self-test...done. >> Mar 03 00:09:29.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Publishing server descriptor. > > It is ok. > >> … >> Mar 03 00:52:47.000 [warn] Controller gave us config lines that didn't validate: RelayBandwidthBurst must be at least equal to RelayBandwidthRate. > > You should check these options have the values you want. > > T > _______________________________________________ > tor-relays mailing list > tor-relays(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

2 1

tor26 dir auth differences
by nusenu 04 Mar '18

04 Mar '18

consensus-health (https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health) wrote: > WARNING: The following authorities are missing from the consensus: tor26, dizum > NOTICE: tor26 had 6216 Guard flags in its vote but the consensus had 1855 > NOTICE: tor26 had 0 Exit flags in its vote but the consensus had 777 > NOTICE: tor26 had 7086 Stable flags in its vote but the consensus had 4541 interesting -- https://mastodon.social/@nusenu twitter: @nusenu_

1 0

memory requirements
by notatorserver 04 Mar '18

04 Mar '18

Hi, I have just setup a tor-relay and I am wondering if the resource requirements are still current: "A non-exit relay faster than 40MBit/s should have at least 1 GB of RAM."[1] My relay is sitting at ~2.77G currently. I set the option: MaxMemInQueues 6GB Just wondering if this is any cause for concern? I realize the utilization is less than the limit but I just don't remember relays I have run in the past using this much memory. Thanks [1] https://trac.torproject.org/projects/tor/wiki/TorRelayGuide Sent with [ProtonMail](https://protonmail.com) Secure Email.

2 2

Port not rechable
by peter.zehetner＠liwest.at 03 Mar '18

03 Mar '18

I've opend the ports in my router. Could anybody be so kind to check my log and tell me wether it's ok or not? Mar 03 00:05:38.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Mar 03 00:05:45.000 [notice] Performing bandwidth self-test...done. Mar 03 00:09:29.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Publishing server descriptor. Mar 03 00:52:15.000 [notice] Tor 0.2.9.14 opening log file. Mar 03 00:52:47.000 [warn] Controller gave us config lines that didn't validate: RelayBandwidthBurst must be at least equal to RelayBandwidthRate. Mar 03 01:03:52.000 [notice] Tor 0.2.9.14 opening log file. Mar 03 01:04:03.000 [notice] Tor 0.2.9.14 opening log file. Mar 03 01:04:29.000 [notice] Tor 0.2.9.14 opening log file. Mar 03 04:33:03.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. Mar 03 04:33:03.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Mar 03 04:33:03.000 [notice] Read configuration file "/etc/tor/torrc". Mar 03 04:33:03.000 [notice] Tor 0.2.9.14 opening log file. Mar 03 06:04:27.000 [notice] Heartbeat: Tor's uptime is 5:59 hours, with 2 circuits open. I've sent 70.69 MB and received 76.91 MB. Mar 03 06:04:27.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 4/4 NTor. Mar 03 06:04:27.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 64 v4 connections; and received 0 v1 connections, 0 v2 connections, 10 v3 connections, and 193 v4 connections. Mar 03 07:35:04.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. Mar 03 07:35:04.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Mar 03 07:35:04.000 [notice] Read configuration file "/etc/tor/torrc". and: Mar 03 07:35:04.000 [notice] Tor 0.2.9.14 opening new log file. Mar 03 08:12:11.000 [warn] Failed to start child process "tor-fw-helper" in state 9: No such file or directory -Peter Am 02.03.2018 um 22:18 schrieb Matthew Finkel: > Hi! > > On Fri, Mar 02, 2018 at 09:34:02PM +0100, peter.zehetner(a)liwest.at wrote: >> OK, now I've set PortForwarding in Tor-Arm from "False" to "True", then restarted Tor: > > Hrm, I'm not sure this will do what you want. In fact, this may do > absolutely nothing. Do you have administative access into your network > router? Maybe there is a website interface you used. This is where you > should configure port forwarding. Unfortunately this is complicated and > not easy plug-n-play. > >> >> ...has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check... >> >> I'm going to run a non-exit-relay and I'm going to do this at home. >> >> Peter >> > _______________________________________________ > tor-relays mailing list > tor-relays(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

2 1