tor-relays

tor-relays@lists.torproject.org

42 participants
4821 discussions

Re: [tor-relays] [OT] ExcludeNodes no longer working
by Scott Bennett 12 Sep '12

12 Sep '12

On Tue, 11 Sep 2012 16:12:36 -0400 Nick Mathewson <nickm(a)freehaven.net> wrote: >On Tue, Sep 11, 2012 at 1:52 PM, Steve Snyder <swsnyder(a)snydernet.net> wrote: >> On Tuesday, September 11, 2012 1:12pm, "Jacob Appelbaum" <jacob(a)appelbaum.net> said: >> [snip] >>> It seems that there are two issues - one is that a guard is failing to >>> build circuits, the other is that you can't seem to exclude them. I have >>> to admit, I'm more interested in the former... Is there a pattern to the >>> failures? >> >> I get those same messages occasionally. The following are from last week (v0.2.3.20-rc), seen from a Los Angeles datacenter. I haven't seen this rate of complaint before or since so I wrote it off as a fluke. >> >> Sep 01 05:20:31.000 [notice] Low circuit success rate 3/21 for guard BramaH4=39A0907D409836D7F014364C5FF5AC1DA79E0289. >> Sep 01 05:21:52.000 [notice] Low circuit success rate 6/21 for guard TORy2=F08F537D245A65D9C242359983718A19650A25F7. > >This looks like bug #6475. Those warnings should be suppressed in >0.2.3.31-rc and fixed for real in 0.2.4.x. ^^ Yikes. I do hope that was a typo. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************

1 0

Re: [tor-relays] [OT] ExcludeNodes no longer working
by Scott Bennett 12 Sep '12

12 Sep '12

Hi Jacob et al., On Tue, 11 Sep 2012 17:12:06 +0000 Jacob Appelbaum <jacob(a)appelbaum.net> wrote: >It is nice to see you posting again, I had wondered where you had gone. I've been here all along, but didn't have anything to say until this matter came up. > >Scott Bennett: >> I know this really belongs on tor-talk, but I haven't been subscribed >> to it for a long time now. Sorry if posting this here bothers anyone. > > >Seems like a fine place to discuss relay problems, which is what it >sounds like, no? Um, no, it seems to me that Exclude{,Exit}Node matters are client-side stuff. That's where the circuit routes are selected, which is where those torrc lines come into play, right? > >> Back in early July, I upgraded from 0.2.3.13-alpha to 0.2.3.18-rc. >> I immediately ran into problems with a python script that honors the >> http_proxy environment variable, which I normally have set to the localhost >> port for privoxy, which, in turn, connects to tor's SOCKS port. I couldn't >> really see what was going wrong, but using arm to ask for a new identity >> seemed to help sometimes to get a circuit that worked. Sending tor a >> SIGHUP instead also seemed to work about as often. > >If you use 0.2.2.x - what happens? No idea. I haven't built a "stable" version in at least five years, probably longer. > >> A bit over a week ago, I switched to 0.2.3.20-rc, and the problem >> still occurs. However, 0.2.3.20-rc now also emits a new message from time >> to time, the most recent occurrence of which is >> >> Sep 06 06:02:45.934 [notice] Low circuit success rate 7/21 for guard TORy0=753E0B5922E34BF98F0D21CC08EA7D1ADEEE2F6B. >> > >That is an interesting message - I wonder if the author of that message >might chime in? > >> Wondering whether such circuit-building failures might be related to the >> other problem, I began a little experiment: each time I saw a "Low circuit >> success rate" message, I added the key fingerprint of the node in question >> to my ExcludeNodes list in torrc and sent tor a SIGHUP. >> The problem is still occurring, though, and when I look at the >> circuits involved, they all seem to have at least one of the excluded >> nodes in them, usually in the entry position. So my question is, what >> changed between 0.2.3.13-alpha and 0.2.3.18-rc (or possibly 0.2.3.20-rc) >> in the handling of nodes listed in the ExcludeNodes line in torrc? And >> is there anything I can do to get the ExcludeNodes list to work again >> the way it used to work? >> Thanks in advance for any relevant information. >> > >It seems that there are two issues - one is that a guard is failing to >build circuits, the other is that you can't seem to exclude them. I have Right, but the guard's problem really shouldn't be my problem, although I suppose I could try emailing the node's operator about it. >to admit, I'm more interested in the former... Is there a pattern to the >failures? That is for the 7 successes for that node, did you see >anything interesting? Were say, the nodes that worked somehow in the >same country as that guard? Or perhaps were the other failed circuits >all seemingly unrelated to the guard? I haven't the foggiest. I don't even know over how much time tor has been calculating the ratio before it decides to issue that message. It could be minutes, hours, days... The failures I started getting with 0.2.3.18-rc were really irritating, but I didn't have a clue to follow until switching to 0.2.3.20-rc, which issues the interesting messages. That prompted me to turn INFO logging back on and watch what happened when I ran that script. Between the log and looking at arm's display of current circuit routes, I was able to see that nodes were being used that were supposed to have been excluded. > >As far as the ExcludeNodes - did you set StrictNodes at the same time? No. However, there are usually 800 - 900 guards active at any time these days, so I figured that excluding only the ones that gave me trouble would leave plenty of others available for selection. >Are you also a relay? Yes. See MYCROFTsOtherChild in the consensus, descriptors, or tor status pages. It's the same one I've been running for years, apart from short hiatuses in 2007 and 2008. Scott

1 0

Tor Weather - Node Down
by torhoste＠tor.host-ed.me 11 Sep '12

11 Sep '12

Hi, this is my very first post to this list. I operate tor exit relays vks24784 and vks24949 and subscribed to Tor Weather Reports. Now, at Sun, September 2, 2012 12:17 am and Thu, September 6, 2012 12:33 am, I received "Node Down" Reports for one of the nodes, 1st report for vks24949, 2nd for vks24784. That said, I noticed that these event resets the respective uptime counters at Atlas web application to "zero" and the node would lose the already earned stable, guard, named, etc. flags for a certain time period. The problem is that both nodes definitely were online to the best of my knowledge (they are 24/7 actually), see http://tor.host-ed.me/nodes/ and official Atlas logs at https://atlas.torproject.org/#details/AAD948023527A6D33FAA96816E4B5F101A664… and https://atlas.torproject.org/#details/B41CBB97CF4DCFF724F272F28FD3F0D683C2F… I even checked the "uptime" through ssh and there hasn't been any reboots occurring. Also, I'm wondering what actually would happen to guard, stable, named, etc. flags if I'd actually need to reboot the nodes cause of maintenance? I feel it unfortunate to lose these flags (also for the Tor network itself) and would like to ask: 1. What does Tor Weather consider a "Node Down" event? 2. How long does it take to regain the mentioned flags? I.e. does the node start from scratch earning them (so to speak), i.e. does it take as long as initially? Last thing I'd like to ask in that context: Do these "Node Down" events and/or needed maintenance reboots have any effect on a potential Tor T-Shirt claim? I'd actually really like to make myself a communicative, green Tor advertising column at some point in time ;-) Thanks!

1 0

GPG error
by Ottakar 10 Sep '12

10 Sep '12

Hi everyone, my node is actually down and when I want to update my debian, I' got a GPG error: root@foo:/home# apt-get update W: Une erreur s'est produite lors du contrôle de la signature. Le dépôt n'est pas mis à jour et les fichiers d'index précédents seront utilisés. Erreur de GPG : http://deb.torproject.org squeeze Release : Les signatures suivantes ne sont pas valables : KEYEXPIRED 1346668560 KEYEXPIRED 1346668560 KEYEXPIRED 1346668560 KEYEXPIRED 1346668560 W: Impossible de récupérer http://deb.torproject.org/torproject.org/dists/squeeze/Release W: Le téléchargement de quelques fichiers d'index a échoué, ils ont été ignorés, ou les anciens ont été utilisés à la place. Where can I find the procedure to update the GPG key? Thx

3 2

Subsidizezed relay proposal
by Dude 10 Sep '12

10 Sep '12

I want to share my thoughts and get feedback on operating a sponsored dedicated exit relay. 0. register a domain name 1. set up a centos linux based dedicated server at a Tor compatible ISP in the USA a. get myself set up as abuse contact for my IPs (I have worked the abuse alias before) b. "10MB" net connection. Most 100MB give you around 9 MB actual and 10 MB give you 6MB actual 2. set up a 'mostly public' exit node and run it intermittently while I tune and debug it 3. operate node for a month before submitting receipts for funding 4. add more nodes if this works I realized I have no assets, so I am going to hold off from creating a LLC type company for financial protection. Are there any more specifics and how/when subsidies will be released? Cheers!

1 0

Current state of v0.2.3.x IPv6 bridges?
by Steve Snyder 10 Sep '12

10 Sep '12

I'm wondering about the benefit of running abridge on an IPv6 address. Since the big announcement last December that v0.2.3.9 supports IPv6 addresses for bridges, I've read a few comments to the affect that BridgDB doesn't understand IPv6 addresses. So... what is the state of publishing IPv6 bridge addresses? Will clients requesting a bridge address ever be given an IPv6 address? Can a client specifically request an IPv6 address (or IPv4 address, for that matter)? Thanks.

3 2

Repository
by Jörg Frings-Fürst 05 Sep '12

05 Sep '12

Hi, I got the following error on every update. Pls fix it.. Jörg Frings-Fürst W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.torproject.org precise InRelease: The following signatures were invalid: KEYEXPIRED 1346668560 KEYEXPIRED 1346668560 KEYEXPIRED 1346668560 KEYEXPIRED 1346668560 > > W: Failed to fetch http://deb.torproject.org/torproject.org/dists/precise/InRelease > > W: Some index files failed to download. They have been ignored, or old ones used instead. >

2 1

Operating a sponsored relay II
by Dude 31 Aug '12

31 Aug '12

My research is telling me I can not host a Tor relay at most retail ISPs because it is perceived as an "open relay" and these cause a lot of headaches for ISPs. So that leaves colo, but this gets expensive fast. This is very expensive outside the USA. Could I work as an agent of torservers.net? Is there a FAQ listing friendly ISPs? I understand the need for documentation and receipts for expenses. It might be helpful to get quarterly payments instead of monthly. I was thinking of an USA Llc. for protection. Looking at my notes I now remember an 's-corp' is better for a single owner (simple corporation). Here is a link to the US commercial code for s-corps: http://www.gpo.gov/fdsys/pkg/USCODE-2011-title26/html/USCODE-2011-title26-s… I would be happy to document the process of setting up a US s-corp. if I create one. Cheers!

3 2

Has anyone had any success running a relay on an mk802?
by someonelse 29 Aug '12

29 Aug '12

I currently run a relay at home during the day, but would like to run one 24/7. Has anyone had any success doing this with the mk802 or similar device? This site seems to say it's possible: http://romanrm.ru/en/a10/mk802-server "It can run Web/Mail/DNS/DHCP/VPN/Jabber/Mumble/Tor servers..." I think this may work for me since I prefer Debian, something inexpensive (~$70 qualifies), low power and want to run wired Internet. If not the mk802 or mk802-II, then what device would do this better for around the same price? Thanks, Someonelse

1 0

Operating a sponsored relay
by Dude 29 Aug '12

29 Aug '12

Hello, I have experience working at ISPs supporting dedicated servers and am interested in operating a sponsored relay. Potential issues I see: # A true 100mb network connection is going to be expensive. Often a 24 port edge switch has just one 100mb uplink port. # As an operator, I might want an LLC to protect me from personal liability in the USA. # Ideally an ISP outside the USA would be used so the server is in a different legal jurisdiction than the operator. This would make payment and communication more difficult. At this time I imagine a server with an encrypted file system and long term log retention disabled. Reasonably hardened OS, but nothing too exotic. I think $100 a month above other costs would be fair. But I do not know how much attention a node would require once it was set up. If it requires a lot of time, more compensation would be in order. I am not looking to make a lot of money doing this, but I can not do it gratis. Cheers, John

2 1

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays