tor-relays

tor-relays@lists.torproject.org

42 participants
4821 discussions

Re: [tor-relays] Selecting Exit Addresses
by denny.obreham＠a-n-o-n-y-m-e.net 31 Mar '23

31 Mar '23

OK, finally got a configuration that looks like it works: Address 209.141.39.157 OutboundBindAddress 209.141.39.157 ORPort 209.141.39.157:9001 IPv4Only ORPort XXX.XXX.XXX.XXX:443 NoListen ORPort XXX.XXX.XXX.XXX:9001 NoListen Where XXX.XXX.XXX.XXX is the IP I didn't want to be used by my Tor exit relay. (The IPv4 flag is probably useless, I just didn't think to take it out after adding the IP to the port.) I'll see if abuse reports for my second IP will stop showing up on abuseipdb.com. Unless you find I did something wrong, thanks for helping, Denny denny.obreham(a)a-n-o-n-y-m-e.net wrote .. > The second IP is still in "Exit Addresses" with the new configuration ... https://metrics.torproject.org/rs.html#details/3B85067588C3F017D5CCF7D8F65B… > > torrc: > > Address 209.141.39.157 > OutboundBindAddress 209.141.39.157 > ORPort 9001 IPv4Only > > Denny > > denny.obreham(a)a-n-o-n-y-m-e.net wrote .. > > Thanks Marco. > > > > First, I had to change my ORPort to 9001 with your proposed configuration because > > using 443 caused an error => "Could not bind to 0.0.0.0:443: Address already > in > > use. Is Tor already running?" > > Probably because my other Tor instance (hidden service) is using it. > > > > Now I'm just waiting for the metrics to update to see if everything is as expected. > > > > Finally, thanks for the help with IPv6 because I cannot get it to work. Somehow > > when I try to check IPv6 availability ( https://community.torproject.org/relay/setup/post-install/ > > ), I get "ping6: connect: Network is unreachable". I don't have time to set it > > up right now (I already spent hours last week) so I'll get back to you for that. > > > > Denny > > > > lists(a)for-privacy.net wrote .. > > > Hi denny, > > > > > > > Hi, > > > > > > > > I just activated my first exit relay. ( > > > > https://metrics.torproject.org/rs.html#details/3B85067588C3F017D5CCF7D8F65B > > > > 5881B7D4C97C ) I had the following in my torrc (plus some other things): > > > > > > I've answered the rest to the list. > > > If you want to enable IPv6 at Frantech/BuyVM: > > > > > > First create one in Stallion from your given subnet. > > > This is what my /etc/network/interfaces looks like at Frantech > > > > > > > > > # This file describes the network interfaces available on your system > > > # and how to activate them. For more information, see interfaces(5). > > > > > > source /etc/network/interfaces.d/* > > > > > > # The loopback network interface > > > auto lo > > > iface lo inet loopback > > > > > > # The primary network interface > > > allow-hotplug eth0 > > > iface eth0 inet static > > > address 104.244.73.43/24 > > > gateway 104.244.73.1 > > > # dns-* options are implemented by the resolvconf package, if installed > > > dns-nameservers 127.0.0.1 107.189.0.68 107.189.0.69 > > > dns-search for-privacy.net > > > > > > iface eth0 inet6 static > > > address 2605:6400:0030:f78b::2/64 > > > up ip -6 route add 2605:6400:0030::1 dev eth0 > > > up ip -6 route add default via 2605:6400:0030::1 > > > down ip -6 route del default via 2605:6400:0030::1 > > > down ip -6 route del 2605:6400:0030::1 dev eth0 > > > dns-nameservers ::1 IPv6ns1 IPv6ns2 > > > > > > > > > -- > > > ╰_╯ Ciao Marco! > > > > > > Debian GNU/Linux > > > > > > It's free software and it gives you freedom!

1 0

Re: [tor-relays] Selecting Exit Addresses
by denny.obreham＠a-n-o-n-y-m-e.net 31 Mar '23

31 Mar '23

Thanks Marco. First, I had to change my ORPort to 9001 with your proposed configuration because using 443 caused an error => "Could not bind to 0.0.0.0:443: Address already in use. Is Tor already running?" Probably because my other Tor instance (hidden service) is using it. Now I'm just waiting for the metrics to update to see if everything is as expected. Finally, thanks for the help with IPv6 because I cannot get it to work. Somehow when I try to check IPv6 availability ( https://community.torproject.org/relay/setup/post-install/ ), I get "ping6: connect: Network is unreachable". I don't have time to set it up right now (I already spent hours last week) so I'll get back to you for that. Denny lists(a)for-privacy.net wrote .. > Hi denny, > > > Hi, > > > > I just activated my first exit relay. ( > > https://metrics.torproject.org/rs.html#details/3B85067588C3F017D5CCF7D8F65B > > 5881B7D4C97C ) I had the following in my torrc (plus some other things): > > I've answered the rest to the list. > If you want to enable IPv6 at Frantech/BuyVM: > > First create one in Stallion from your given subnet. > This is what my /etc/network/interfaces looks like at Frantech > > > # This file describes the network interfaces available on your system > # and how to activate them. For more information, see interfaces(5). > > source /etc/network/interfaces.d/* > > # The loopback network interface > auto lo > iface lo inet loopback > > # The primary network interface > allow-hotplug eth0 > iface eth0 inet static > address 104.244.73.43/24 > gateway 104.244.73.1 > # dns-* options are implemented by the resolvconf package, if installed > dns-nameservers 127.0.0.1 107.189.0.68 107.189.0.69 > dns-search for-privacy.net > > iface eth0 inet6 static > address 2605:6400:0030:f78b::2/64 > up ip -6 route add 2605:6400:0030::1 dev eth0 > up ip -6 route add default via 2605:6400:0030::1 > down ip -6 route del default via 2605:6400:0030::1 > down ip -6 route del 2605:6400:0030::1 dev eth0 > dns-nameservers ::1 IPv6ns1 IPv6ns2 > > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you freedom!

1 0

Selecting Exit Addresses
by denny.obreham＠a-n-o-n-y-m-e.net 31 Mar '23

31 Mar '23

Hi, I just activated my first exit relay. ( https://metrics.torproject.org/rs.html#details/3B85067588C3F017D5CCF7D8F65B… ) I had the following in my torrc (plus some other things): SocksPort 0 ControlPort 9052 ORPort 209.141.39.157:443 I have 2 IPs on my server and I wanted Tor to use 209.141.39.157. I thought setting it with ORPort would suffice. But under "Exit Addresses" in the metrics it was my other IP. So I added the following in my torrc: Address 209.141.39.157 OutboundBindAddress 209.141.39.157 And now I have both IPs in the "Exit Addresses". How can I prevent my exit relay from using the other IP? Note that I have also another instance of Tor running a hidden service that I intended to run on the other IP. Denny

2 2

Launch of new Tor Weather service
by Georg Koppen 31 Mar '23

31 Mar '23

Hello everyone! As indicated on the last relay operator meetup we were close to re-launching the Tor Weather service. Now, after fixing a bunch of last-minute issues and double-checking everything is working we can finally announce that the newly designed Tor Weather service is ready for public usage. Feel free to try it out at https://weather.torproject.org and help improving it! For those not knowing what this service is about: Tor Weather is offering subscriptions to keep track of the well-being of relays. Right now, after registering an account, one can get an e-mail notification in case a relay goes down or loses some flags or goes below a certain amount of observed bandwidth. The idea is to help operators in managing their relays that way and showing them their contribution to our project is much appreciated. There a many more things we can potentially offer subscriptions for, like getting notifications for upcoming relay operator meetups, having earned a Tor t-shirt, new relay requirements, running outdated Tor versions... You can find a current list of ideas in our bug tracker[1]; feel free to add missing ones and pick up issues to work on. This is a free software project after all. :) We see Tor Weather as an investment into our relay operator community and think it will be useful in the future to help growing and strengthening our community, which is very exciting. Finally, I'd like to give a big shout-out to Sarthik Gupta who did all the heavy-lifting and re-wrote Tor Weather during last years' Google Summer of Code and keeps improving it. Additionally, kez from our sysadmin team was invaluable in getting all the different pieces set up and running on our infrastructure. Thanks as well to all the volunteers, like nusenu, who contributed with ideas and feedback over the years which convinced us that Tor Weather is a worthwhile tool to invest time and energy in again. Georg [1] https://gitlab.torproject.org/tpo/network-health/tor-weather/-/issues

2 3

Notification when tor relay goes offline
by Keifer Bly 24 Mar '23

24 Mar '23

2 2

inet_csk_bind_conflict
by Christopher Sheats 21 Mar '23

21 Mar '23

Hello tor-relays, We are using Ubuntu server currently for our exit relays. Occasionally, exit throughput will drop from ~4Gbps down to ~200Mbps and the only observable data point that we have is a significant increase in inet_csk_bind_conflict, as seen via 'perf top', where it will hit 85% [kernel] utilization. A while back we thought we solved with with two /etc/sysctl.conf settings: net.ipv4.ip_local_port_range = 1024 65535 net.ipv4.tcp_tw_reuse = 1 However we are still experiencing this problem. Both of our (currently, two) relay servers suffer from the same problem, at the same time. They are AMD Epyc 7402P bare-metal servers each with 96GB RAM, each has 20 exit relays on them. This issue persists after upgrading to 0.4.7.11. Screenshots of perf top are shared here: https://digitalcourage.social/@EmeraldOnion/109440197076214023 Does anyone have experience troubleshooting and/or fixing this problem? Cheers, -- Christopher Sheats (yawnbox) Executive Director Emerald Onion Signal: +1 206.739.3390 Website: https://emeraldonion.org/ Mastodon: https://digitalcourage.social/@EmeraldOnion/

6 20

Next Tor Relay Operator Meetup - March 4, 2023 (19 UTC)
by gus 19 Mar '23

19 Mar '23

Hi, The next Tor Relay Operator Meetup will happen on March 4, 2023, at 19 UTC! We're still working on the agenda, feel free to add your topics and/or questions on the pad: https://pad.riseup.net/p/tor-relay-op-meetup-m4-keep onionsite: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor… WHERE Room link: https://tor.meet.coop/gus-og0-x74-dzn Registration No need for a registration or anything else, just use the room-link above. We will open the room 10 minutes before so you can test your mic setup. Please share with your friends, social media and other mailing lists! Gus -- The Tor Project Community Team Lead

6 7

Confusing bridge signs...
by Keifer Bly 18 Mar '23

18 Mar '23

Hi, So my bridge at https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1… says it has “none “, though the torrc file has it set to be distributed publicly. I'm wondering why the bridge would say that, when it obviously is being used as it's apparently blocked in Russia? I have not personally given the bridge to anyone. Thanks. --Keifer

5 25

export iptables metrics
by Toralf Förster 17 Mar '23

17 Mar '23

I found the time and wrote a Bash script [1] to export iptables and ipset metrics to Prometheus/Grafana. It works at least with [2]. [1] https://github.com/toralf/torutils/blob/main/metrics.sh [2] https://github.com/toralf/torutils#readme -- Toralf

1 0

Too Many Connections
by Jeff Teitel 15 Mar '23

15 Mar '23

My node is overloaded with connections. Conntrack.sh shows count: 65535. By far the majority (50k+) are to/from my own IP. This sometimes makes my node unreachable. And now it is reporting the StaleDesc flag. There is nothing else running on this node (except bind9). I've already set up tor-ddos. What else can I do? -- Jeff Teitel e-Mail: Jeff(a)Teitel.net Mobile: +1-202-271-1238 (he/his)

2 1

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays