- tor-relays - lists.torproject.org

Understanding Reduced Exit Policies..?
by Jeremy Olexa 13 Sep '14

13 Sep '14

Hello, I've setup a non-exit node so that I can contribute and understand the TOR network somewhat better. I've only had my node (jolexarelay1) up for a few weeks so it is still becoming a part of the network at guard status. So, as I understand my ISP, I can run an exit node if I "handle" abuse complaints to their standards. Now, since I have more idle bandwidth than idle time to "handle" complaints, I've often wondered about the reduced exit node strategy as seen at https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy - I'd like to allow ports in a methodical fashion such that I can test to see if a port generates complaints easily/quickly. My question: If I want to "try" being an exit node and add allowed exit ports slowly, does that help the network or not? For example, month 1: allow port 22, month 2: allow IRC ports, and so-on. How does the client path selection work in this case - is it smart enough to pick my exit when needed? Thanks for any insight, Jeremy

3 3

request at Hetzner
by Toralf Förster 13 Sep '14

13 Sep '14

3 things: 1. ========= This is what I get few days ago from Hetzer Support: >Guten Tag Herr Förster, > >laut Deutschem Recht sind Tor Server im Moment nicht verboten. >Aus diesem Grund sind Tor Server bei uns auch nicht verboten. >Aus Erfahrung raten wir jedoch vom Betrieb eines Tor Exit Node ab. >Leider wird oft ueber Tor Server Content verbreitet welcher laut >Deutschem Recht >nicht erlaubt ist. Dies kann Ermittlungen von Behoerden nach sich >ziehen. Maybe worth to update https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs ? 2. ========= I'm planning to setup there a dedicated server now soon (with Gentoo Linux if possible) within next days - or are there too much servers already at the ISP Hetzner ? 3. ========= And for the following days I do want put the line "ExitPolicy reject *:*" before all subsequent liens like "ExitPolicy accept *:20-23 # FTP, SSH, telnet" of the reduced exit policy to just look how the system behaves as a simply relay. Worth or superflous ? Am I right, that later just commenting out that reject line enhance the Tor server from relay to "relay + exit node" ? Or does this mean that -- Toralf pgp key: 0076 E94E

6 9

What to change for v0.2.5.x?
by Steve Snyder 13 Sep '14

13 Sep '14

So now Tor v0.2.5.x Release Candidates are available. Can someone give an overview of what's new for those who don't follow the development process? What can/or should be changed in a working v0.2.4.x relay config to accommodate the changes made in the new code? Are there particular areas (IPv6, multi-threading, etc.) that one should be aware of when moving from v0.2.4 to v0.2.5? The changelogs do a great job of describing the changes between point releases but are somewhat overwhelming when attempting to determine the differences between major releases. If would be great if someone could give a brief(-ish) description of those changes. Thanks.

3 3

IPv6 - status
by Marcin Gondek 12 Sep '14

12 Sep '14

Hi, What is the current state of IPv6? ==cut== Relays to relays Relays talk to other relays. The work with relays talking to other relays over IPv6 has not been started. ==cut== Is there any plans to start? How I can help? ==cut== Directory authorities on IPv6 Clients and relays talk to directory authorities. The work with making directory authorities reachable over IPv6 has not been started. This work will be tracked in #6027. ==cut== Same as above? Clue is when it will be possible to run pure IPv6 relay/guard. Regards, -- Marcin Gondek / Drixter http://fido.e-utp.net/ AS56662

3 4

Re: [tor-relays] boost CPU on a Tor relay
by Harold Naparst 09 Sep '14

09 Sep '14

I'll just throw in my datapoint on this subject because it might be of interest. My relay (torpoint) is currently advertising a bandwidth of 58 MB/s according to Globe. Arm reports that it is pushing 50 MB/s and has 12,500 open clients. It has a Xeon E3/1220 with 8 GB ram. The load average is 0.75, and the four cores are at about 20-25% each. About 2GB of ram is being used. On the whole, this relay is probably bandwidth constrained. The ISP guarantees 150 Mbps, but I sometimes get more, like now.

1 0

Gentoo overlay
by Harold Naparst 09 Sep '14

09 Sep '14

Sorry Jeremy, I didn't realize you were a Gentoo dev. I have added the comment to the Gentoo bug discussion per your wishes.

1 0

Re: [tor-relays] enable-ec_nistp_64_gcc_128
by Harold Naparst 09 Sep '14

09 Sep '14

I thought about this also, but I decided not to do it. Gentoo has clearly decided not to include the Elliptic Curve algorithms until they can get confirmation that it works on all archs. Funtoo has taken the opposite position. >From the looks of the Gentoo thread, they should add the flag in the near future, and I think it would be more diplomatic to just let the process play out. My hope is that a Google search would lead most people to this post. I just created the ebuild in my overlay because I wanted it now and I thought some other enthusiasts would also want it now. I hope it works for you, and would be interested if it makes a difference. > Thanks for your contribution, can you also add some note to the > underlying bug report https://bugs.gentoo.org/469976 so others may see > it easier? > -Jeremy > On Mon, Sep 8, 2014 at 2:52 PM, Harold Naparst <harold(a)alum.mit.edu> wrote: >> If you want a version of openssl compiled with the >> enable-ec_nistp_64_gcc_128 option and you are using Gentoo Linux, >> you can grab it from my overlay:

1 0

enable-ec_nistp_64_gcc_128
by Harold Naparst 09 Sep '14

09 Sep '14

If you want a version of openssl compiled with the enable-ec_nistp_64_gcc_128 option and you are using Gentoo Linux, you can grab it from my overlay: layman -f layman -a hnaparst emerge openssl The new flag "nist" is turned on by default. I have 1.0.1i and 1.0.2_beta2 in the overlay. Hope it helps.

2 1

TTTT
by Sebastian Urbach 08 Sep '14

08 Sep '14

Dear list members, Just a quick update regarding TTTT: Currently we are working on a technical paper based on the so far collected data. ETA is roughly 4 weeks from now on. The paper is going to hit this list asap. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach ---------------------------------------------- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. ---------------------------------------------- Benjamin Franklin (1706 - 1790), Inventor, journalist, printer, diplomat and statesman

1 0

Handshake flood now on NTor
by Jobiwan Kenobi 08 Sep '14

08 Sep '14

Hi, For about 15 hours straight, my relay was being hammered by connections/handshakes. I see lots of these: Sep 02 01:03:02.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [70638 similar message(s) suppressed in last 60 seconds] Numbers vary between 30000 and 80000 per 60 seconds. Also the occasional clock jump message and other performance related messages, and of course, _lots_ of unsuccessful handshakes: Sep 01 22:31:26.000 [notice] Circuit handshake stats since last time: 5038/5038 TAP, 17771/17773 NTor. Sep 02 04:31:26.000 [notice] Circuit handshake stats since last time: 3100/3484 TAP, 465565/5417818 NTor. Sep 02 10:31:26.000 [notice] Circuit handshake stats since last time: 3139/4249 TAP, 679872/8244698 NTor. Sep 02 16:31:26.000 [notice] Circuit handshake stats since last time: 3884/5294 TAP, 502835/10443735 NTor. It is a low spec machine. I've been through episodes like this before, but this time it's different: - They are NTor handshakes, where before they would be TAP handshakes. - The amount of up and down traffic is pretty balanced, where before I would get much more down than up during these floods. - In case it matters: I am now running 0.2.4.23, before I was on 0.2.4.18-RC It stopped about 4 hours ago. Running normal now. -Job

3 3