tor-relays

tor-relays@lists.torproject.org

42 participants
4821 discussions

Re: [tor-relays] tor-relays Digest, Vol 150, Issue 13
by amanyaz Amangeldiyew 31 Jul '23

31 Jul '23

Hi. Everybody. In Turkmenistan these IPs are open: 96.233.128.72 167.62.193.195 108.50.165.220 71.33.251.73 99.232.152.8 108.184.202.115 108.34.184.5 99.230.178.2 108.184.201.30 71.212.129.108 88.22.43.218 67.6.147.5 79.16.171.221 79.113.212.117 88.91.78.20 172.88.64.65 67.251.118.15 41.109.196.229 96.237.186.35 95.31.20.151 71.113.184.94 151.225.43.243 141.255.66.158 88.19.75.220 67.11.187.237 67.6.182.48 95.252.250.216 67.6.161.111 95.236.84.157 143.107.229.252 92.194.57.57 I think for now port 8080 is open too. Can anybody make obfs4 server with these ips and port 8080? On Mon, Jul 31, 2023 at 5:01 PM <tor-relays-request(a)lists.torproject.org> wrote: > Send tor-relays mailing list submissions to > tor-relays(a)lists.torproject.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > or, via email, send a message with subject or body 'help' to > tor-relays-request(a)lists.torproject.org > > You can reach the person managing the list at > tor-relays-owner(a)lists.torproject.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tor-relays digest..." > > > Today's Topics: > > 1. Re: Help Turkmens to bypass Internet censorship: run an obfs4 > bridge! (lists(a)for-privacy.net) > 2. Re: Help Turkmens to bypass Internet censorship: run an obfs4 > bridge! (Gary C. New) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 30 Jul 2023 23:30:26 +0200 > From: lists(a)for-privacy.net > To: tor-relays(a)lists.torproject.org > Subject: Re: [tor-relays] Help Turkmens to bypass Internet censorship: > run an obfs4 bridge! > Message-ID: <2156503.WeTp2EQoyn@t520> > Content-Type: text/plain; charset="us-ascii" > > On Freitag, 21. Juli 2023 18:07:35 CEST gus wrote: > > > New update: In the last few weeks, internal political conflicts and > > other events[1] in Turkmenistan have led to another wave of censorship > > on Tor and anti-censorship tools. Tor bridges have been one of the few > > free alternatives for people in Turkmenistan to connect with the world > > and access the open Internet. > > > > I stopped snowflake and now a bridge is running on my dynIP. > > > > > ## torrc example > > > > BridgeRelay 1 > > ORPort 127.0.0.1:auto > > AssumeReachable 1 > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > > ServerTransportListenAddr obfs4 0.0.0.0:8080 > > ExtORPort auto > > Nickname helptm > > ContactInfo <please-add-your-email-here> > > Log notice file /var/log/tor/notices.log > > # If you set BridgeDistribution none, please remember to email > > # your bridge line to us: frontdesk(a)torproject.org > > BridgeDistribution none > > But I have that in the log :-( > Jul 30 16:48:29 t520 Tor-01[93466]: The IPv4 ORPort address 127.0.0.1 does > not match the descriptor address 203.0.113.18. If you have a static public > IPv4 address, use 'Address <IPv4>' and 'OutboundBindAddress <IPv4>'. If you > are behind a NAT, use two ORPort lines: 'ORPort <PublicPort> NoListen' and > 'ORPort <InternalPort> NoAdvertise'. > Jul 30 16:48:29 t520 Tor-01[93466]: The IPv6 ORPort address ::1 does not > match the descriptor address 2001:db8:1234:1:bbbb:eeee:eeee:ffff. If you > have a static public IPv4 address, use 'Address <IPv6>' and > 'OutboundBindAddress <IPv6>'. If you are behind a NAT, use two ORPort > lines: 'ORPort <PublicPort> NoListen' and 'ORPort <InternalPort> > NoAdvertise'. > > I don't know if I should ignore that or better configure it that way: > ORPort 127.0.0.1:8443 NoListen > ORPort 8443 NoAdvertise > ORPort [::1]:8443 NoListen > ORPort 8443 NoAdvertise > > I'm aware of > https://gitlab.torproject.org/tpo/core/tor/-/issues/40208 > I hope to get it done with scipting on my Mikrotik, or switch to ipv4 only. > > frontdesk(a)torproject.org has no PGP key, can I send you or meskio the > bridgeline? > > Bridgeline must be: > Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=abra+kadabra iat-mode=0 > But DynIP changes every few days. Do you also give the bridge users > myrouter.example.net? > > Because of your post in the forum: > https://forum.torproject.org/t/orport-127-0-0-1-auto/8470 > should we do this with all running bridges, or only the hidden ones? > > -- > Ciao Marco! >

1 1

(no subject)
by amanyaz Amangeldiyew 27 Jul '23

27 Jul '23

Hi. I am from. Turkmenistan. I have obtained obsf4 bridge from internet but only ip address is readable. If anybody knows fully obsf4 bridge please send me to my mail. Ip address is: obsf4 93.104.161.141

1 0

Final Call: Last Opportunity to Participate in the Tor Update Survey - Closes Tomorrow!
by Meitong Wang 22 Jul '23

22 Jul '23

Dear Tor Relay Operators, We hope this email finds you well. This is our final outreach regarding the Tor Update Survey, and we want to extend a sincere thank you to those who have already participated. Your valuable contributions have been invaluable to our research project at the University of Edinburgh. For those who haven't had the opportunity to take part yet, we wanted to remind you that the survey will be closing tomorrow, the 23rd of July. If you are interested in sharing your insights towards updates as a Tor relay operator, we kindly request you to participate now and make your voice heard. Your participation in this survey is crucial for understanding the challenges and developments within the Tor network. Your responses will be treated with the utmost confidentiality, and all data will be anonymized to ensure your privacy. Taking the survey will take approximately 10 minutes, and we genuinely appreciate the time and effort you invest in contributing to this research. To participate, please click on the following link: https://cryptpad.fr/form/#/2/form/view/dvbbDORTjeztLzosbOuGVaRheI-FBjFh6xPQ… Once again, we would like to express our gratitude for your interest and support in this project. Your input will contribute to the continued growth and improvement of the Tor network. If you have already participated or are unable to participate at this time, we sincerely thank you for considering our invitation. Should you have any questions or require further information, please do not hesitate to reach out to us. Thank you, and we truly appreciate your attention to this matter. Best regards, Meitong Wang & Tariq Elahi The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. Is e buidheann carthannais a th' ann an Oilthigh Dh?n ?ideann, cl?raichte an Alba, ?ireamh cl?raidh SC005336.

1 0

Friendly Reminder: Tor Relay Operators' Survey Closes on 23rd July - Last Chance to Participate!
by Meitong Wang 19 Jul '23

19 Jul '23

Dear Tor Relay Operators, We hope this email finds you well. We are writing to provide a friendly reminder that our Tor Update Survey, conducted as part of the University of Edinburgh Research Project, will be closing on 23rd July. If you haven't already participated, this is your last chance to share your invaluable insights and experiences as a Tor relay operator. Your input is critical to our research and will play a significant role in understanding the challenges in the Tor network's update process. Your responses are entirely confidential, and all data will be anonymized to ensure your privacy. We truly appreciate your willingness to contribute to this research. The survey will take approximately 10 minutes to complete, and your input will shape the future improvements and enhancements of the Tor network update design. We understand how busy schedules can be, but taking the time to participate in this survey will be greatly beneficial to the entire Tor community. To access the survey, please click on the following link: https://cryptpad.fr/form/#/2/form/view/dvbbDORTjeztLzosbOuGVaRheI-FBjFh6xPQ…. The survey will close on 23rd July, so if you are interested in taking part, we kindly encourage you to do so now. Thank you once again for your participation and support. Should you have any questions or require further information, please don't hesitate to reach out to us. Please note that this study has been approved by the UoE Informatics Research Ethics Process, with the project reference number: 775342. Best regards, Meitong Wang & Tariq Elahi The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. Is e buidheann carthannais a th' ann an Oilthigh Dh?n ?ideann, cl?raichte an Alba, ?ireamh cl?raidh SC005336.

1 0

Is there a way to update obfs4 using chocklatey?
by Keifer Bly 16 Jul '23

16 Jul '23

Hi, So on Windows, it is possible to install the tor relay software using Chocolatey https://chocolatey.org/. Once it is installed, tor can be installed by using choco install tor and updated using choco upgrade tor in Windows powershell. But I am wondering, is there a way to install and update obfs4 in Chocolatey? Thanks. --Keifer

1 0

Question regarding bandwidth ratio on bridges.torproject.org and a few further, small, (probably related) questions
by telekobold 06 Jul '23

06 Jul '23

Hello together, I'm operating two Tor bridges. When calling bridges.torproject.org, for one of the bridges (set up in March, 2023), there are three outputs: - obfs4: functional - a bandwidth ratio - a "last tested" entry. But for my second bridge (set up at the beginning of June 2023), bridges.torproject.org does not output a bandwidth ratio. What does this missing bandwidth ratio output mean, since everything else seems to be normal? When starting nyx on the relays, I see connections there (even more on the bridge with the missing bandwidth ratio output), I can connect to both bridges using the Bridge's IP addresses and ORPorts via Tor browser, and metrics.torproject.org also outputs an advertised bandwidth, which is even much higher (4.87 MiB/s at the moment) than for my other bridge (1.43MiB/s at the momemt) for which bridges.torproject.org outputs a bandwidth ratio. The bridges run on virtual servers at the same hoster, but in two different countries. Nothing else runs on these virtual servers. I am honestly not quite sure to what extent the fingerprint of the bridge is information worth protecting, or whether only the port and IP address need to be protected. By the way, I also don't understand why my two bridges don't have a higher advertised bandwidth - currently, it's 4.87MiB/s for one and 1.43MiB/s for the other relay. I never got the fast flag for either bridge yet, in contrast to my two "normal" relays. On both servers, at least 1.6GiB/s is available, and a monthly data throughput of several terabytes. As a further issue, nyx doesn't output (in constrast to my two other relays) - not sure if this is a known issue. And, as a last issue, I didn't specify a distribution mechanism for my bridge, in the hope that the most suitable mechanism will be selected automatically. Initially, for one of my bridges (the one for which bridges.torproject.org outputs a bandwidth ratio) the bridge was assigned distribution mechanism "Moat". But suddenly, "None" is displayed under distribution mechanisms at metrics.torproject.org, which means that apparently the bridge is no longer distributed. What could be the reason that the distribution mechanism suddenly changed? Kind regards telekobold

2 1

Invitation to Participate in Tor Update Survey - University of Edinburgh Research Project
by Meitong Wang 05 Jul '23

05 Jul '23

Dear Relay Operators, My name is Meitong, and I am a Master's student at the University of Edinburgh, currently being supervised by Tariq Elahi. I am working on a project to understand Tor Relay Operators and further improve Tor security. I am writing to invite you to participate in a survey as part of a research project conducted by the University of Edinburgh. The purpose of this survey is to gather valuable insights and feedback from relay operators regarding the Tor network's update process. The overall goal of this survey is to understand the experiences, challenges, and perspectives of relay operators when it comes to Tor relay updates. Your input will contribute to improving the update design and addressing any issues that may arise. I want to assure you that your participation in this survey is completely anonymous. Your responses will be treated with strict confidentiality and will only be used for research purposes. To access the survey, please click on the following link: https://cryptpad.fr/form/#/2/form/view/dvbbDORTjeztLzosbOuGVaRheI-FBjFh6xPQ… The survey will be open until July 23, 2023. Your participation is highly appreciated and will be valuable in shaping the future updates of Tor. Please note that this study has been approved by the UoE Informatics Research Ethics Process, with the project reference number: 775342. To provide you with more information about the survey and its purpose, I have attached the Participant Information Form. This document explains the study's background, procedures, and your rights as a participant. I kindly request that you review it before deciding whether to participate. If you have any questions or concerns about the survey or the research project, please feel free to reach out to me. I would be more than happy to provide further clarification. Thank you in advance for your time and valuable contribution. We eagerly await your response! Best regards, Meitong Wang & Tariq Elahi The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. Is e buidheann carthannais a th' ann an Oilthigh Dh?n ?ideann, cl?raichte an Alba, ?ireamh cl?raidh SC005336.

1 0

Security implications of disabling onion key rotation?
by David Fifield 05 Jul '23

05 Jul '23

Linus Nordberg and I have had a paper accepted to FOCI 2023 on the special pluggable transports configuration used on the Snowflake bridges. That design was first hashed out on this mailing list last year. https://forum.torproject.net/t/tor-relays-how-to-reduce-tor-cpu-load-on-a-s… https://github.com/net4people/bbs/issues/103 https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival%20G… There is a draft of the paper here: https://www.bamsoftware.com/papers/pt-bridge-hiperf/pt-bridge-hiperf.202303… https://www.bamsoftware.com/papers/pt-bridge-hiperf/pt-bridge-hiperf.202303… A question that more than one reviewer asked is, what are the security implications of disabling onion key rotation as we do? (Section 3.2 in the draft.) It's a good question and one we'd like to address in the final draft. What are the risks of not rotating onion keys? My understanding is that rotation is meant to enhance forward security; i.e., limit how far back in time past recorded connections can be attacked in the case of key compromise. https://spec.torproject.org/tor-design Section 4 says: Short-term keys are rotated periodically and independently, to limit the impact of key compromise. Do the considerations differ when using ntor keys versus TAP keys?

3 5

Instructions for setting up an Obfs4 bridge on windows
by tor 03 Jul '23

03 Jul '23

Hi, I'm attempting to follow the instructions for setting up a obfs4 bridge on Windows. In my instance, it is Windows 10. The instructions say to copy out the obfs4proxy.exe from: C:\Users\<user>\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports However, there is no obfs4 file in this location or anywhere else within the tor browser bundle. In this location, there are only a snowflake exe and a lyrebird exe. I also checked the tor expert bundle and there is no obfs4 exe there. Any suggestions as to where I may find the obfs4 exe for Windows? -matt

2 1

(Announcement) WebTunnel, a new pluggable transport for bridges, now available for deployment
by Shelikhoo 30 Jun '23

30 Jun '23

Dear Tor relay operators, We're excited to announce WebTunnel, a new bridge pluggable transport (PT) for the Tor ecosystem. It is a censor resistant proxy that try to imitate HTTPS traffic, based on HTTPT(https://www.usenix.org/conference/foci20/presentation/frolov) research. We are currently operating a trial soft launch for WebTunnel, and encouragebridge operators to setup WebTunnel bridges to discover issues within theimplementation of this newpluggable transport. How it works ------------ When connecting to a WebTunnel Bridge, the client send a http 1.1 upgrade request to the load balancer over an encrypted connection, like how WebSocket works. Thus, from an observator’s point of view, this process looks like a real websocket connection to the real website. If one ever try to connect to the fronting website, then what will be presented will be that fronting website. Without the full URL including the path, which the censor don’t know, it is very difficult to tell if a website hosts a WebTunnel by probing the HTTPS port. Technical requirements ---------------------- To set up a WebTunnel Bridge, you will need a self-hosted website,a domain under your control,a configurable load balancer, static IPv4, and environment to setup Tor Bridge to setup a WebTunnel Bridge. Docker or other container runtime is recommended to streamline setup process, but is not required. The setup guide is available here: _https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/web… <https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…> How to test and report issues ----------------------------- You can test the WebTunnel bridge by using themost recent version of Tor Browser Alpha(https://www.torproject.org/download/alpha/). Currently, WebTunnel is only distributed over the HTTPSdistributor(torrc setting:'BridgeDistribution https'). You can report issues on the Tor Project GitLab Anti-censorship group: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…. Given that this new PT is only available now on Tor Browser Alpha, relay operators should not expect significant usage or a large number of users at the moment. Please let us know if you encountered any difficulty with WebTunnel setup. Thanks for your contribution to the Tor ecosystem.

3 2

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays