- tor-relays - lists.torproject.org

reminder: tor 0.3.5 reaches end of life on 2022-02-01
by nusenu 01 Feb '22

01 Feb '22

Reminder: tor 0.3.5 reaches it's end of life on 2022-02-01 (in 3 weeks from now). Over 700 relays - about 7% of the network's guard capacity currently still run this soon unsupported tor version. https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorRele… kind regards, nusenu -- https://nusenu.github.io _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

1 1

Introduction message from me :)
by Miryam Webb 01 Feb '22

01 Feb '22

Hello all, I am a new relay operator and I am glad to make your acquaintance. Currently my nodes are not processing traffic because they are being rejected by the directory nodes but I hope that gus will reply soon and that we can get this working. I have been administrating linux servers for more than 8 years but I have no experience with running tor nodes. So if you have tips and tricks a noob should know feel free to write me. :) Miryam

3 2

OVHcloud does not allow Tor exit relays on VPS/cloud services
by Neel Chauhan 01 Feb '22

01 Feb '22

Hi, I was running a pair of Tor exit relays on OVH, and when I sent an response, I got this as a reply: === As provided in our Service Specific Terms, Anonymization services, such as TOR, are not permitted on OVHcloud's VPS or Public Cloud services. We request that you immediately cease utilizing your current subscriptions as a TOR exit node. Failure to comply with this request may result in the suspension and/or termination of your servers and/or account in accordance with our Terms of Service. https://us.ovhcloud.com/legal/service-specific-terms === It seems OVH does not allow Tor exit relays on "cloud" or "VPS" subscriptions anymore. In the past when I used OVH for exits I had no issues, so they must have changed their TOS. I am assuming OVH dedicated servers are fine. I guess I'm moving the two exit relays to Terrahost. Terrahost is more expensive but I already have exits there and they are excellent. I never had a great experience with OVH. -Neel

2 1

wrong iptables rules? / no inbound traffic in nyx
by ax8eaz7z3g 27 Jan '22

27 Jan '22

Hi! I noticed that after I have set up my ip(+6)tables up to filter unwanted incoming traffic all "inbound" and "directory" connections in nyx disappeared, only lot of "outbound" connections are there. I am running exit relay (IPv4+IPv6) on ORPort 443 and DIRPort 80. Is there someone willing to check my iptable rules? I am starting to lose it... > My iptables: > -P INPUT DROP > > -P FORWARD DROP > > -P OUTPUT DROP > > -A INPUT -i lo -j ACCEPT > > -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT # SSH running there > > -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # allow incoming comm to ORPort > > -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # allow incoming comm to DIRPort > > -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # allow all already established incoming connections > > -A OUTPUT -o lo -j ACCEPT # allow all outgoing connections > > -A OUTPUT -o eth0 -j ACCEPT > My ip6tables: > > -P INPUT DROP > > -P FORWARD DROP > > -P OUTPUT DROP > > -N ICMPv6_IN > > -N ICMPv6_OUT > > -A INPUT -i lo -j ACCEPT > > -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT # SSH running there > > -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # allow incoming comm to ORPort > > -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # allow incoming comm to DIRPort > > -A INPUT -p ipv6-icmp -j ICMPv6_IN #pass all icmpv6 related traffic to new chain > > -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # allow all already established incoming connections > > -A OUTPUT -o lo -j ACCEPT > > -A OUTPUT -p ipv6-icmp -j ICMPv6_OUT #pass all icmpv6 related traffic to new chain > > -A OUTPUT -o eth0 -j ACCEPT # allow all outgoing connections > > -A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT > > -A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT > > -A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT > > -A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT > > -A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT > > -A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT > > -A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT > > -A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT > > -A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT > > -A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT > > -A ICMPv6_IN -j DROP > > -A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT > > -A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT > > -A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT > > -A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT > > -A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT > > -A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT > > -A ICMPv6_OUT -j DROP Thank you all for any replies! Have a nice day. Bye

2 2

We need bridges with iat-mode set to 1 and especially 2 as well!
by juckiuscaesar＠web.de 26 Jan '22

26 Jan '22

5 9

tor prometheus metrics -> expected label value, got "INVALID"
by Fran 24 Jan '22

24 Jan '22

Hej, I just found out about the integrated prometheus exporter in tor - yay, thanks for that! I can scrape it with curl: $ curl http://<ip>:9035/metrics # HELP tor_hs_rdv_num_total Total number of rendezvous circuit created # TYPE tor_hs_rdv_num_total counter tor_hs_rdv_num_total{onion=<onionv3adr>} 4 # HELP tor_hs_app_write_bytes_total Total number of bytes written to the application # TYPE tor_hs_app_write_bytes_total counter tor_hs_app_write_bytes_total{onion=<onionv3adr>,port=80} 15211 # HELP tor_hs_intro_num_total Total number of introduction received # TYPE tor_hs_intro_num_total counter tor_hs_intro_num_total{onion=<onionv3adr>} 4 # HELP tor_hs_rdv_established_count Total number of established rendezvous circuit # TYPE tor_hs_rdv_established_count gauge tor_hs_rdv_established_count{onion=<onionv3adr>} 1 # HELP tor_hs_app_read_bytes_total Total number of bytes read from the application # TYPE tor_hs_app_read_bytes_total counter tor_hs_app_read_bytes_total{onion=<onionv3adr>,port=80} 319667 # HELP tor_hs_intro_established_count Total number of established introduction circuit # TYPE tor_hs_intro_established_count gauge tor_hs_intro_established_count{onion=<onionv3adr>} 18 Which looks like proper data for me. Unfortunately prometheus thinks otherwise. In the prometheus webGUI under "/targets" it complains: > expected label value, got "INVALID" The Prometheus config part is: - job_name: tor_metrics metrics_path: /metrics static_configs: - targets: - <server1>:9035 - <server2>:9035 Servers are running Debian 11, Prometheus 2.32.1 and tor 0.4.6.9-1~d11.bullseye+1 I searched the relays mailinglist and tried to find something in the internet, unfortunately not very successfully. Any ideas? Thanks a lot! fran

2 3

All relays rejected
by lists＠redpanda.bz 23 Jan '22

23 Jan '22

Hi @all, i operate family https://yui.cat/family/BD0630FF0D6E61A906A4D69340B5B1F4FC805498/ and all of my nodes are getting rejected. I have a valid contact info set in my torrc, as MyFamily for all the nodes i operate and all the nodes are running on tor 0.4.6.9 but i recieve: http status 400 ("Fingerprint and/or ed25519 identity is marked rejected -- if you think this is a mistake please set a valid email address in ContactInfo and send an email to bad-relays(a)lists.torproject.org mentioning your fingerprint(s)?") response from dirserver I sent an email already to the bad-relays list but maybe anyone of you got an idea?

2 1

Terraform to deploy Tor Relays
by Andrew Smith 19 Jan '22

19 Jan '22

Hi I wanted to share a project that I've been working on which allows deploying of Tor relays through terraform. The code and documentation is here: https://github.com/andrewmichaelsmith/terrator The focus is on running on cloud hosting providers, currently supported cloud services are digitalocean, vultr and heztner. It works - I'm using it to run some tor relays right now. There are some limitations (documented on github) though and it is still very much a work in progress. As a bit of background, after reading the call to deploy more bridges <https://blog.torproject.org/tor-censorship-in-russia/> I got thinking how useful it could be to deploy a number of bridges by simply editing a config file and pushing 'go'. After a bit of tinerking - torraform <https://github.com/andrewmichaelsmith/terrator> was born. Personally I have this hooked up to Github and Terraform Cloud (both free), meaning I can simply edit 1 file in a git repo to create new relays. Keen to hear feedback or questions! Thanks -- Andy Smith http://andrewmichaelsmith.com | @bingleybeep

2 2

IPV6 address keeps changing every 2-3 days
by Quentin Campbell 19 Jan '22

19 Jan '22

Hi, I'm running a non-exit relay on a home British Telecom broadband connection (FTTC, 20Mb up/80Mb down). Its IP addresses (IPV4 & IPV6) are allocated dynamically. The IPV4 address can remain the same for weeks. However the IPV6 address seems less stable and lasts no more than 2 or 3 days before changing. A consquence of this is that Tor Metrics (atlas) shows a lot of downtime for the node. When I see that the node is down I restart the (UBUNTU) NetworkManager although the host should pick up the new address eventually without doing that? I would like to run a stable node with as little downtime as possible. Any suggestions on how I might improve things; in particular can I automate the checking and restart of the network/TOR whenever the IPV6 address changes? Do I really need to do this? On that last point, I thought that TOR nodes handled more gracefully the issue of dynamic address changes? Is there any source of info on this for dynamic IPV6 addresses? Thanks, Quentin

3 2

Tor related talks @ rC3
by nusenu 17 Jan '22

17 Jan '22

in chronological order: ------------------------------------------------------ title: Towards a more Trustworthy Tor Network when: 2021-12-28, 17:00 CET where: https://streaming.media.ccc.de/rc3/csh primary target audience: - Tor user - Tor relay operators - onion service operators - and everyone that cares about Tor ------------------------------------------------------ title: The Tor Project - State of the Onion when: 2021-12-28, 18:00 CET where: https://streaming.media.ccc.de/rc3/csh ------------------------------------------------------ -- https://nusenu.github.io

2 3