- tor-relays - lists.torproject.org

Tor related talks @ rC3
by nusenu 17 Jan '22

17 Jan '22

in chronological order: ------------------------------------------------------ title: Towards a more Trustworthy Tor Network when: 2021-12-28, 17:00 CET where: https://streaming.media.ccc.de/rc3/csh primary target audience: - Tor user - Tor relay operators - onion service operators - and everyone that cares about Tor ------------------------------------------------------ title: The Tor Project - State of the Onion when: 2021-12-28, 18:00 CET where: https://streaming.media.ccc.de/rc3/csh ------------------------------------------------------ -- https://nusenu.github.io

2 3

DNS Timeouts - I think the threshold for overload needs raising
by AMuse 16 Jan '22

16 Jan '22

Hi all! I'm operating a TOR Exit on dedicated hardware. The load average is low (0.07) and the network load is fine (120Mb/sec out of a 1Gb/sec link). Connections aren't being dropped, and for all I can see things are fine. However, on the TOR Metrics relay search, my exit consistently shows as "Overloaded" due to DNS failures. >From my logs, I never go above 2% in DNS failures and from the debugging I've done so far it looks like most of the failures are in IPv6 lookups not returning an AAAA record because the destination site has no AAAA configured. Could whoever runs the "Overloaded" flag consider upping the overload limit to 2% or so? Or, can we tune out ipv6 and ipv4 failures separately maybe? This was never an issue until I configured my relay for v6. =========== Jan 15 19:57:45.000 [notice] General overload -> DNS timeouts (65) fraction 1.0619% is above threshold of 1.0000% Jan 15 20:07:45.000 [notice] General overload -> DNS timeouts (67) fraction 1.0124% is above threshold of 1.0000% Jan 15 20:17:45.000 [notice] General overload -> DNS timeouts (71) fraction 1.1275% is above threshold of 1.0000% Jan 15 20:27:45.000 [notice] General overload -> DNS timeouts (94) fraction 1.4003% is above threshold of 1.0000% Jan 15 20:37:45.000 [notice] General overload -> DNS timeouts (72) fraction 1.2000% is above threshold of 1.0000% Jan 15 20:47:45.000 [notice] General overload -> DNS timeouts (75) fraction 1.2517% is above threshold of 1.0000% Jan 15 20:57:45.000 [notice] General overload -> DNS timeouts (70) fraction 1.1605% is above threshold of 1.0000% Jan 15 21:07:45.000 [notice] General overload -> DNS timeouts (92) fraction 1.6028% is above threshold of 1.0000% Jan 15 21:17:45.000 [notice] General overload -> DNS timeouts (73) fraction 1.3290% is above threshold of 1.0000% Jan 15 21:27:45.000 [notice] General overload -> DNS timeouts (73) fraction 1.2907% is above threshold of 1.0000% Jan 15 21:37:45.000 [notice] General overload -> DNS timeouts (65) fraction 1.0095% is above threshold of 1.0000% Jan 15 21:47:45.000 [notice] General overload -> DNS timeouts (83) fraction 1.2635% is above threshold of 1.0000%

2 2

New non-exit relay - DirPort question
by Richard Menedetter 16 Jan '22

16 Jan '22

Hi all I installed a non-exit relay 5 days ago. Works actually quit nicely. I was awarded the stable flag. (Also had briefly the HSDir flag, but lost it after a restart. Too early for the Guard flag.) So I think everything looks good. I have DirPort 9030 in my config. It is shown in nyx and the tor process listens there. But the relay search page says: Dir Address none It looks like this on my server: tcp 0 0 0.0.0.0:9030 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9001 0.0.0.0:* LISTEN tcp6 0 0 :::9001 :::* LISTEN Why is it not shown and used by TOR? And what is directory for anyways? Why is it not listening und using IPv6 additionally to IPv4? Did I need to configure something additionally to get it running? Some TOR nodes show a port there. Anything to consider for new relay operators? I have limited the network traffic to 15 MB/s, so 240 MBit/s (bidirectional) so I should be well below my allowance. CU, Ricsi

3 3

Re: [tor-relays] Home Tor Middle Relay Blacklisted
by zorc 13 Jan '22

13 Jan '22

> Fellow Tor Operators: > > After about 9 months of running Tor as a Middle Relay from my home network, I'm beginning to experience signs of my public semi-static IPv4 address being blacklisted with 403 Forbidden errors from Reuters and Venmo. I've confirmed by successfully accessing both sites with my mobile internet connection. > > I'm not surprised that Venmo is blacklisting, but extremely surprised I'm being blocked by Reuters. You would think such a organization would be a proponent of free speech. I wouldn't be surprised if Reuters used Tor in some capacity. It doesn't make sense. > > When Googling my public semi-static IPv4 address, it appears in several Tor blacklists. That being said, I'm at the point that, at a minimum, I will have to ask my ISP to freshen my public semi-static IPv4 address. > > Previously, when speaking with my ISP, they mentioned offering a static IPv6 address at no cost. I'm wondering if that offer was with the expectation that I would have to give up my existing IPv4 semi-static address? If they provided both IPv4 and IPv6 addresses, at no cost, I'd like to run a Tor Bridge using the?semi-static?IPv4 address and configure my existing Middle Tor Relay to use the new static IPv6 address. That way, I'll be able to browse unimpeded through the?semi-static?IPv4 address and not have to be concerned with the static IPv6 address being blacklisted. > > Are other Tor Operators experiencing similar issues? Will I continue to experience blacklisting issues, even after migrating to a Tor Bridge? What are best practices in moving an existing Tor Relay to a new address, while avoiding the loss of flags? > > As always, I appreciate the feedback. > > Respectfully, > > Gary? Hi Gary, I'm having a similar experience. My main solution is (somewhat ironically I guess) to use a VPN. The sum of the two work reasonably well. When the VPN is blocked by something, my residential IP is usually not. What I also did once is directly contact a service I am paying for, and tell them to please use the Tor exit list instead of the Tor all-relays list if they really need. After some back and forth, this site started working again, although I never heard anything back from them whether this was indeed due to my enquiry. Maybe this could work for Reuters too if you explain to them how Tor is helping especially journalists? As for the IPv6, my understanding is, that currently IPv6-only relays are not possible, i.e. your IPv4 would still show up on the blocklists. In addition, it would also show up as a Tor relay, i.e. your bridge would become blocked too. Not 100% sure on this, so someone please correct me if I'm wrong. Cheers, zorc PGP 64c416e08f0575609d6212c075c6b8e01967b659 Sent with ProtonMail Secure Email.

2 1

Bridge showing offline
by Eddie 12 Jan '22

12 Jan '22

Looking at tor metrics, one of my bridges is showing as off-line: B080140DC1BAB5B86D1CE5A4CA2EF64F20282440 However, the log isn't showing any issues: Oct 14 00:00:28.000 [notice] Tor 0.4.5.8 opening new log file. Oct 14 00:00:28.000 [notice] Configured hibernation. This interval began at 2021-10-14 00:00:00; the scheduled wake-up time was 2021-10-14 00:00:00; we expect to exhaust our quota for this interval around 2021-10-15 00:00:00; the next interval begins at 2021-10-15 00:00:00 (all times local) Oct 14 01:49:40.000 [notice] Heartbeat: Tor's uptime is 124 days 6:00 hours, with 0 circuits open. I've sent 907.23 GB and received 922.28 GB. I've received 63052 connections on IPv4 and 8375 on IPv6. I've made 512684 connections with IPv4 and 100974 with IPv6. Oct 14 01:49:40.000 [notice] While not bootstrapping, fetched this many bytes: 1801791624 (server descriptor fetch); 175792 (server descriptor upload); 221750347 (consensus network-status fetch); 10974 (authority cert fetch); 19905655 (microdescriptor fetch) Oct 14 01:49:40.000 [notice] Heartbeat: Accounting enabled. Sent: 140.52 MB, Received: 140.69 MB, Used: 281.21 MB / 200.00 GB, Rule: sum. The current accounting interval ends on 2021-10-15 00:00:00, in 22:10 hours. Oct 14 01:49:40.000 [notice] Heartbeat: In the last 6 hours, I have seen 14 unique clients. Initially I thought of a previous issue I had with IPv6 connectivity, but don't think this is the problem here as the 2nd bridge on the same server is showing on-line. Also an IPv6 port scan shows the ports for both bridges as accessible. Ideas ?? Cheers.

5 8

Home Tor Middle Relay Blacklisted
by Gary C. New 10 Jan '22

10 Jan '22

Fellow Tor Operators: After about 9 months of running Tor as a Middle Relay from my home network, I'm beginning to experience signs of my public semi-static IPv4 address being blacklisted with 403 Forbidden errors from Reuters and Venmo. I've confirmed by successfully accessing both sites with my mobile internet connection. I'm not surprised that Venmo is blacklisting, but extremely surprised I'm being blocked by Reuters. You would think such a organization would be a proponent of free speech. I wouldn't be surprised if Reuters used Tor in some capacity. It doesn't make sense. When Googling my public semi-static IPv4 address, it appears in several Tor blacklists. That being said, I'm at the point that, at a minimum, I will have to ask my ISP to freshen my public semi-static IPv4 address. Previously, when speaking with my ISP, they mentioned offering a static IPv6 address at no cost. I'm wondering if that offer was with the expectation that I would have to give up my existing IPv4 semi-static address? If they provided both IPv4 and IPv6 addresses, at no cost, I'd like to run a Tor Bridge using the semi-static IPv4 address and configure my existing Middle Tor Relay to use the new static IPv6 address. That way, I'll be able to browse unimpeded through the semi-static IPv4 address and not have to be concerned with the static IPv6 address being blacklisted. Are other Tor Operators experiencing similar issues? Will I continue to experience blacklisting issues, even after migrating to a Tor Bridge? What are best practices in moving an existing Tor Relay to a new address, while avoiding the loss of flags? As always, I appreciate the feedback. Respectfully, Gary— This Message Originated by the Sun. iBigBlue 63W Solar Array (~12 Hour Charge) + 2 x Charmast 26800mAh Power Banks = iPhone XS Max 512GB (~2 Weeks Charged)

2 1

Overloaded relay - need help with how to debug using MetricsPort
by nottryingtobelame 09 Jan '22

09 Jan '22

The page linked to by the "overloaded" alert on my relay's Relay Search page mentions using MetricsPort for troubleshooting, but it provides no information on how to actually use it. I posted about this issue on Reddit and no one has replied with a viable guide to help me out, though one user was able to find a page showing at least the syntax for MetricsPort. I also reached out to network-report(a)torproject.org and have not received a reply. I found discussion about the implementation of MetricsPort on the Tor Project github but it would be nice if the Tor Project officially documented this, especially since it is suggested in the guidance for resolving this problem. At any rate, my relay is 4.5 years old and I've never had a problem with it being overloaded until now. It is on a Raspberry Pi 4 (4 GB) and that doesn't appear to be anywhere near maxing out CPU or memory usage. The only change I have made is putting it behind a pfSense hardware firewall, but the firewall itself is not maxing out in CPU or memory usage or even storage. So, any help that anyone can provide is greatly appreciated! Thanks in advance!

1 0

Strange thing happening in metrics
by David Hu 09 Jan '22

09 Jan '22

Hello awesome people, I have been running a Tor relay for a while with bandwidth progressively increasing. However in Tor Metrics, it shows like the attached (i.e. consensus weight decreased some, and middle probability as a consequence decreased as well). How is it supposed to happen?

3 2

Leaving tor
by Jonas 07 Jan '22

07 Jan '22

Grüezi, I run a large number of bridges, which hopefully only the tor project can see them and confirm they are mine. I know they are used because I can see the traffic utilization over time. Hopefully they were helpful, especially to people in Russia over the past few weeks. After being harassed by multiple paranoid people over the bridges along with accusations of all kinds, I give up. I do not need this drama. The servers on which the bridges run are good for a while, but I am dropping out of the mailing lists, forum, and matrix. Eventually the bridges will go away too. Merci vilmal and herzlichen glückwunsch! Jonas

2 1

General overload -> DNS timeouts
by Intrepid Ibex 07 Jan '22

07 Jan '22

Hi everybody, I am new to tor (as server operator) and try to support the network by operating an exit node. Machine is running Ubuntu 20.04 - Tor 0.4.6.8. nyx is giving me a notive every 10 minutes or so: [NOTICE] General overload -> DNS timeouts (6) fraction 1.4742% is above threshold of 1.0000% DNS on this machine however works perfectly. I told my tor browser to use my specific exit node, everything works fine. Node is running since 4 days now. Load is as expected. Thanks in advance for any help! Ibex \-- Sent using MsgSafe.io's Free Plan Private, encrypted, online communication For everyone. https://www.msgsafe.io

13 25