tor-relays

tor-relays@lists.torproject.org

5 participants
4883 discussions

Does Tor itself estimate how it can run as quota-utilizing as possible?
by telekobold 01 Oct '23

01 Oct '23

Hello together, today I apparently discovered an interesting feature of Tor I wasn't aware of: I'm running two relays at a large provider's data center having 20TB/month free outgoing traffic for each relay. However, this quota is often exhausted before the end of a month. In order to provide the Tor project with some bandwidth all the time, I configured "AccountingMax 20 TB" and "AccountingStart month 1 00:00" and, for the last few months, I used to switch off one of the relays on the first of a month and turn it on again a few days after the beginning of the month, so that one of the two relays is running all the time. I also connected the two relays using the "MyFamily" flag. Until last month, each of the relays simply continued to run after the end of the month. Today, however, I wondered why one of the relays shut itself down apparently which did not change after a restart. A look into /var/log/tor/notices.log provided the following entries: Oct 01 16:58:29.000 [notice] Configured hibernation. This interval began at 2023-10-01 00:00:00; the scheduled wake-up time is 2023-10-05 06:06:25; we expect to exhaust our quota for this interval around 2023-10-29 04:23:25; the next interval begins at 2023-11-01 00:00:00 (all times local) [...] Oct 01 16:58:49.000 [notice] Commencing hibernation. We will wake up at 2023-10-05 06:06:25 local time. Oct 01 16:58:49.000 [notice] Going dormant. Blowing away remaining connections. So apparently Tor learned from my behavior and calculated itself when to turn itself off and on again in order to use as much quota as possible based on the bandwidth used and/or some other metrics so I don't have to do this manually in future? Kind regards telekobold

2 2

Bridge with iat-mode=2 very slow
by Split 28 Sep '23

28 Sep '23

Hello everyone! I run the obfs4 bridge, in the parameters I specify to use iat-modr=2. As a result, the bridge is VERY, VERY SLOW. Connection speed is on average 100 kb/sec. When I remove the iat-mode=2 parameter, the speed becomes 8-10 times higher. I checked the processor load, it is at 3%, the problem is unlikely to be with the processor, the RAM load is at 20%. I can't figure out if this is expected behavior or if the speed drop is too significant. Please tell me, is this the normal maximum speed of the bridge with iat-mode=2 or can it be increased somehow?

3 2

Tor Weather : Node-Flag [Guard] Alert
by denny.obreham＠a-n-o-n-y-m-e.net 27 Sep '23

27 Sep '23

I received the following message from Tor Weather. According to Tor Metrics, this exit relay still has no Guard flag. Another - slightly more recent - exit relay (25FC41154DCB2CAE3ABD74A8DFCD5B90D2CFFD57) is on the same server and IP, and still has the Guard flag (although with 0% guard probability). Should I do something with this info? Denny On 09/26/2023 06:31 PM weather(a)torproject.org wrote .. > > > Hi, > > We have detected that the node - 3B85067588C3F017D5CCF7D8F65B5881B7D4C97C associated > with your subscription has lost the Guard flag > for more than 1hr(s). This may impact the performance of your service. > > Thank You!

2 1

Grafana dashboards
by Toralf Förster 16 Sep '23

16 Sep '23

Yesterday I stumbled together 2-3 dashboards [1] for Tor relay(s), Tor Snowflake(s) and the DDoS solution [2]. Feedback is welcome. [1] https://github.com/toralf/torutils/tree/main/dashboards [2] https://github.com/toralf/torutils/tree/main -- Toralf

1 0

Metrics
by BridgeOverStyx 08 Sep '23

08 Sep '23

My bridge styxVortex is up and running. I know this because the Nyx monitor shows activity. However, a search of metrics.torproject.org shows it down. It has been in this state for at least a month. Do you have any suggestions of what could be the possible cause of this? I am using pfblockerng on my network, but the machine that is running Tor bridge is not filtered by it. I do have a couple of TOR feed enabled in pfblockerng but only incoming traffic is filtered. I have no idea how the bridge stats are passed to metrics.torproject.org so it is very challenging for me to tamp down on the cause. Any suggestion, at this point, will be helpful. Sent with [Proton Mail](https://proton.me/) secure email.

6 9

Quick bugfix sharing regarding obfs4 malfunctioning
by telekobold 07 Sep '23

07 Sep '23

Hi, I just want to share some quick bugfix with you (sorry if this is obvious to you or has been written somewhere else). Suddenly, I got the following error messages on my two bridges running on Debian 11 appearing in the logs (in /var/log/tor/notices.log and in the nyx output) every second until a restart: <timestamp> [warn] Managed proxy "/usr/bin/obfs4proxy" process terminated with status code 65280 <timestamp> [warn] Server managed proxy encountered a method error. (obfs4 listen tcp 0.0.0.0:443: bind: permission denied) <timestamp> [warn] Managed proxy '/usr/bin/obfs4proxy' was spawned successfully, but it didn't launch any pluggable transport listeners! When restarting the corresponding bridge, in the startup process the second and the third of the above warning messages again appeared in the logs. So obfs4 was suddenly not usable any more. Port 443 is not blocked in the bridge's firewalls. A bit research reveled that apparently, an automatic update set the systemd setting "NoNewPrivileges=no" in /lib/systemd/system/tor(a)default.service and tor@.service [1] back to yes, which caused the above issue. After setting it back and restarting, everything works fine now and instead of the warning messages mentioned above, the following message appears in the log again: <timestamp> [notice] Registered server transport 'obfs4' at '[::]:443' (Several places recommend to set the obfs4 port to 443 to get around restrictive firewalls, so I didn't want to set it to something else). Kind regards telekobold [1] http://xmrhfasfg5suueegrnc4gsgyi2tyclcy5oz7f5drnrodmdtob6t2ioyd.onion/relay…

3 2

(Last call) Bridges running obsolete Tor version (0.4.5.x) to be removed soon
by gus 05 Sep '23

05 Sep '23

Hi bridge operators, Serge, the Bridge Authority is about to update their Tor version to 0.4.8.5 and it will reject bridges running the Tor version 0.4.5.x. Please upgrade your bridge if you're running an outdated version (0.4.5.x) ASAP. List of outdated bridges: https://metrics.torproject.org/rs.html#search/type:bridge%20version:0.4.5%20 Thanks for helping censored users to bypass censorship! cheers, Gus -- The Tor Project Community Team Lead

2 1

relayor v23.2.0 is released
by nusenu 28 Aug '23

28 Aug '23

Hi, relayor v23.2.0 is released. relayor is an ansible role that helps you with running tor relays with minimal effort (automate everything). https://github.com/nusenu/ansible-relayor#main-benefits-for-a-tor-relay-ope… This release includes new prometheus alert rules so you do not forget to renew your relay certificates before they expire. This feature requires tor version 0.4.8 though which is unfortunately not yet available on deb.torproject.org stable repos. It also includes rules that alert you if your exit relay has an unhealthy DNS timeout fraction or if your relay is dropping onionskins for at least 15 minutes. Changelog: https://github.com/nusenu/ansible-relayor/releases/tag/v23.2.0 kind regards, nusenu -- https://nusenu.github.io

1 0

Exit Relays: What is your DNS timeout rate?
by nusenu 26 Aug '23

26 Aug '23

Hi, the upcoming relayor release will contain new prometheus alert rules that should help operators detect/mitigate/prevent some common operational issues. One of these rules will alert on high DNS timeout rates [1] on exit relays that should be investigated and resolved to improve the Tor Browser experience for users. To define the default alert threshold it would be relevant to know current timeout rates by multiple exit operators. So if you feel up to it you can send me (off-list) your current timeout rates (30 day graph): If you run tor exits with relayor and MetricsPort enabled you can use these Prometheus queries: timeout percentage by server: (sum by (instance)(rate(tor_relay_exit_dns_error_total{reason="tor_timeout"}[15m])))/(sum by (instance)(rate(tor_relay_exit_dns_query_total[15m])))*100 DNS query rate: sum by (instance)(rate(tor_relay_exit_dns_query_total[15m])) If you run exits without relayor you can use these queries: (sum by (job)(rate(tor_relay_exit_dns_error_total{reason="tor_timeout"}[15m])))/(sum by (job)(rate(tor_relay_exit_dns_query_total[15m])))*100 sum(rate(tor_relay_exit_dns_query_total[15m])) kind regards, nusenu [1] https://github.com/nusenu/ansible-relayor/commit/9b6937563ec0b41e6abb0217ed… -- https://nusenu.github.io

1 0

Wrong "first seen" flag for bridges at metrics.torproject.org
by telekobold 23 Aug '23

23 Aug '23

Hi together, I have an issue regarding the "first seen" flag at metrics.torproject.org: It is definitely wrong for my two bridges - both dates are much too close in the past. For one of the bridges, it seems to correspond to the last signing key renewal, for the other bridge, it seems to correspond to the penultimate signing key renewal. Has anyone observed similar behavior for its relay? (I found it meaningful to first ask here before creating an issue at [*]). [*] https://gitlab.torproject.org/hiro/onionoo/-/issues Kind regards, telekobold

3 2

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays