tor-relays

tor-relays@lists.torproject.org

38 participants
4819 discussions

Start a nNew thread

Re: [tor-relays] TOR Services on Microsoft Azure
by Volker Mink 13 Oct '16

13 Oct '16

3 3

OBFS4 Bridge
by pvr6＠sigaint.org 13 Oct '16

13 Oct '16

Have been running an obfs3 bridge for a while. Since I was building a new Debian server wanted to add obfs4, but when I configure TBB to point to the obfs4 port [Z] I get "general SOCKS failure" in the TBB log. Changing it back to use obfs3 and port [Y] works fine. How can I fix it so obfs4 works too? Here are the relevant lines from torrc: --- ORPort [X] BridgeRelay 1 PublishServerDescriptor bridge ServerTransportPlugin obfs3 exec /usr/bin/obfs4proxy managed ServerTransportListenAddr obfs3 0.0.0.0:[Y] ServerTransportListenAddr obfs4 0.0.0.0:[Z] ExtORPort auto --- If I do netstat -pan, I see obfs4proxy is listening on both ports on all interfaces. I tried to add "--log-file logfile" after /usr/bin/obfs4proxy in torrc but then it wouldn't start the proxy at all. I'm not finding any other log messages showing a problem. Tor's log is clean, just shows it starting both proxy instances (which netstat confirms.) Obfs4proxy is the packaged version 0.0.6. Not sure where else to look or change. I'd like to get it working but have commented out the obfs4 line for now.

2 2

Running tor on OpenBSD with hardware acceleration
by Farid Joubbi 12 Oct '16

12 Oct '16

Hello, I have a relay running on OpenBSD. LibreSSL that comes with OpenBSD does not have support for hardware acceleration. I get this when I start tor: "[notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster." How do I enable support for hardware acceleration? My guess is that I have to compile and install OpenSSL, then compile Tor to use the new OpenSSL. Does anyone here have any experience with this on OpenBSD? Anything that I have missed and should be aware of? Thanks.

3 3

Moving multiple instances to another VPS
by pa011 12 Oct '16

12 Oct '16

I have to move a multiple instances Exit from one VPS to another. Apart from creating the same instances on the new machine with **tor-instance-create** I would then just copy the whole directory /var/lib/tor/keys to the new VPS - or should I copy all /var/lib/tor/ to not miss anything from the original one? Am I miss anything else? Thanks Paul

4 5

Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.
by Gareth Llewellyn 11 Oct '16

11 Oct '16

On 9 Oct 2016 11:36, "pa011" <pa011(a)web.de> wrote: > > - what forces drive ISP's to behave like they do with abuses? > - maybe Exit volunteers and here especially the big ones could ask some questions to their ISP to get more light on this I set up my own ISP (AS28715) so I could run Tor exits etc without any trouble. > > I do refer to my old questions -still unanswered: > > -is it just the more work for rather poor money handling(forwarding) > those abuses ? Yes. Every abuse ticket is a person answering that abuse ticket instead of helping a customer who is potentially paying for support. It's also that some of the abuse emails can be quite threatening (e.g. blacklisting the entire /24 or reporting the "crime" to local Police etc) some of the smaller ISPs can get intimidated by those threats. > - to whom else do ISP's have to report what they are doing with received > abuses? In the UK; No one. > - must ISP's answer to the origin of the abuse? No. But is polite to do so. > - who is getting a copy of all that conversation(if at all)? Depends on the ISPs policies / any applicable laws. (In the UK and at least as far as my ISP is concerned; no-one) > - can an ISP loose its license (with too many or badly handled abuses)? AFAIK; No. In the UK I guess one could appeal to Court if an ISP wasn't preventing its network from being used to your detriment but I'm not sure how far you'd get. > - are there any regulatory burdens for them - if so which ones? Yes. Lots depending on the country. > - are ISP's treated different in different parts of the world? Very much so.

7 6

new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.
by Toralf Förster 10 Oct '16

10 Oct '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Today I got this for the first since I run exits: Oct 06 08:23:03.000 [warn] Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS. Something I should worry about ? - -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlf2Dz0ACgkQxOrN3gB26U5LMAD+POAhOITGeYh5CFdOwFxgfzMf 510EN+mxt+3nTAFXgrIA/1BUXnr1DXh61y5ttIxSoVGJb95r8FTrnKiDTZ23yBkV =vFhm -----END PGP SIGNATURE-----

9 13

'No space left on device' glitch causing log failure
by Geoff Down 10 Oct '16

10 Oct '16

Hi all, these are the last entries in my log, but my bridge is still listed on Atlas and client functionality is fine. Latest stable version on OSX10.4. Needless to say, the disk is not full and 'tor' can write to that directory just fine now. Oct 05 22:52:09.000 [warn] Couldn't open "/Users/tor/tor/state.tmp" (/Users/tor/tor/state) for writing: No space left on device Oct 05 22:52:09.000 [warn] Unable to write state to file "/Users/tor/tor/state"; will try again later Oct 05 23:10:27.000 [warn] Couldn't open "/Users/tor/tor/cached-consensus.tmp" (/Users/tor/tor/cached-consensus) for writing: No space left on device Oct 05 23:11:32.000 [warn] Error writing to "/Users/tor/tor/cached-descriptors.new": No space left on device Oct 05 23:11:32.000 [warn] Unable to store router descriptor {more of the same until Oct 05 23:11:34.000} GD -- http://www.fastmail.com - Access all of your messages and folders wherever you are

4 4

tor relay and syslog logging
by Dr. Who 09 Oct '16

09 Oct '16

I'm trying to log locally (notice.log) and to a local syslog-ng server. It doesn't seem to work. I get no messages at all to my local syslog server. When I try to log some testlines manually (even as the tor system user) it seems to work. As I understood the configuration I can have multiple "Log " lines without problem, right? A test like: logger -p daemon.notice -t tortest Testing generates the expected lines in /var/log/messages What facility is used by tor when logging to syslog? I didn't find that information. System is a standard current debian 8.6 with tor Tor 0.2.8.8 (git-8d8a099454d994bd), the two Log-Lines are: Log notice file /var/log/tor/notices.log Log notice syslog Any idea what might be missing?

2 1

ISP, Abuses , Intrusion Prevention etc.
by pa011 09 Oct '16

09 Oct '16

My personal efforts over the last months as well as the recent discussion about Intrusion prevention showed, there are more and more ISP's not giving support any more for running Tor exits, either in not allowing new ones or even shutting down existing ones. Sure there are still chances to find new inexperienced ISP's, which in the willing to increase their customer base give allowance to run an Exit. But only a few weeks later their wish to get rid of you again increases with the same speed as the stack of abuses rises.Finally you are out again and on the back of their terms not even able to get your unused money back. Further doing it that way, is kind of leaving scorched earth behind you and not only yourself, but for Tor as a whole. So there are at least two questions: - what forces drive ISP's to behave like they do with abuses? - maybe Exit volunteers and here especially the big ones could ask some questions to their ISP to get more light on this I do refer to my old questions -still unanswered: -is it just the more work for rather poor money handling(forwarding) those abuses ? - to whom else do ISP's have to report what they are doing with received abuses? - must ISP's answer to the origin of the abuse? - who is getting a copy of all that conversation(if at all)? - can an ISP loose its license (with too many or badly handled abuses)? - are there any regulatory burdens for them - if so which ones? - are ISP's treated different in different parts of the world? - could there in the medium therm changes be made the way Tor operates to bring down the non linear increase of abuses Support terribly needed and appreciated! Paul

1 0

Intrusion Prevention System Software - Snort or Suricata
by pa011 09 Oct '16

09 Oct '16

One of my main ISP is going mad with the number of abuses he gets from my Exits (currently most on port 80). He asks me to install "Intrusion Prevention System Software" or shutting down the servers. He personally recommends Snort or Suricata. As far as I understand implementing such a software is not going together with Tor - am I right? Somebody having same or any experience? Thanks Paul

15 96

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays