tor-relays

tor-relays@lists.torproject.org

42 participants
4821 discussions

Tor Relay Web Ports
by mnlph74 24 May '20

24 May '20

Hi, I'm running a non-exit relay for quite some time now and I would like to open ports 53, 80, 443 (web ports) to be more useful. How do you handle fraudulent complaints? What is the best approach to this situation? Thank you for your help. Sent with ProtonMail Secure Email.

3 8

Re: [tor-relays] Why does it take 4 days to get the HSDir flag back?
by Roger Dingledine 23 May '20

23 May '20

On Thu, May 21, 2020 at 08:03:03PM +0200, tschador(a)posteo.de wrote: > after an update of tor it always take about 4 days to get the HSDir flag > back while the other flags are set very qick. What is the reason for > this delay? It's because the directory authorities are configured to wait that long before assigning the flag. See the MinUptimeHidServDirectoryV2 option: https://gitweb.torproject.org/tor.git/tree/src/feature/dirauth/dirauth_opti… It used to be 25 hours, long ago, with the reasoning that if a relay hasn't been up for a day, then it's too likely to go away again soon, and this churn causes reliability problems in reaching onion services. We changed it to 96 hours in late 2014, when we saw a Sybil attack (many new relays suddenly appearing) and realized that while they wouldn't become Guards for a while, they would become HSDirs quite quickly, and maybe we want to give ourselves a few more days after new relays appear before they get to become HSDirs. And here are two tickets on doing even more to make it hard for jerks to sign up relays with the goal of cheaply getting the HSDir flag: https://bugs.torproject.org/16538 and https://bugs.torproject.org/19162 And of course the long term fix is to drop the deprecated v2 onion service design, since the v3 onion service design is much better at limiting what an HSDir relay can learn about onion services: https://www.youtube.com/watch?v=Di7qAVidy1Y Hope this helps, --Roger

2 1

Re: [tor-relays] How do I add relays to a "family" and what are the benefits?
by Keifer Bly 22 May '20

22 May '20

1 0

How do I add relays to a "family" and what are the benefits?
by Keifer Bly 22 May '20

22 May '20

3 3

Trouble with opening ports for a new bridge
by nottryingtobelame＠protonmail.com 21 May '20

21 May '20

Hello, I have two low-traffic websites hosted on Digital Ocean. Each one is its own Droplet. I setup a Tor bridge on one and it has been running successfully (20-80 clients / 6 hours or so average) so I know this is possible. Now I am trying to setup a bridge on the second Droplet. I have Tor and obfs4proxy installed. My torrc is as follows: Log notice file /var/log/tor/notices.log RunAsDaemon 1 Nickname whatever ExitRelay 0 ExitPolicy reject *:* BridgeRelay 1 BridgeDistribution moat ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ORPort 6063 ExtORPort auto ContactInfo <nottryingtobelame AT protonmail DOT com> I am pasting the output of netstat -plunt to pastebin for the sake of clarity and space: https://pastebin.com/30UHP5FD And here is a screenshot of the firewall I created on Digital Ocean and applied explicitly to this Droplet: https://imgur.com/a/jm9ZIQ6 I have rebooted the Droplet, deleted and re-created the firewall, and I'm not getting anywhere. Any assistance is appreciated.

2 1

Metrics site down
by mnlph74 20 May '20

20 May '20

As of this writing... noticed that the metrics site is currently down.. Can someone confirm? Thanks https://metrics.torproject.org/ Sent with ProtonMail Secure Email.

1 0

Tor relay occasionally maxing out CPU usage
by William Kane 20 May '20

20 May '20

Hi there, I am the operator of the following relay: https://metrics.torproject.org/rs.html#details/47E1157F7DA6DF80EC00D745D73A… The relay is running on my Arch Linux server running kernel version 5.6.11. This is my tor configuration file: ORPort 37.157.195.83:38619 ORPort [2a02:2b88:2:1::3239:0]:38619 DirPort 37.157.195.83:44776 Nickname michaelscott ContactInfo ttallink(a)googlemail.com ControlPort 9051 SocksPort 0 CookieAuthentication 1 ExitPolicy reject *:* DataDirectory /var/lib/tor Sandbox 1 Linux kernel boot parameters from grub: quiet mitigations=off Kernel parameters from /etc/sysctl.d set on boot through systemd: kernel.dmesg_restrict = 1 net.ipv6.ip_nonlocal_bind = 1 kernel.yama.ptrace_scope = 3 vm.swappiness = 60 Tor systemd unit (shipped by distribution): [Unit] Description=Anonymizing Overlay Network After=network.target [Service] User=tor Type=simple ExecStart=/usr/bin/tor -f /etc/tor/torrc ExecReload=/usr/bin/kill -HUP $MAINPID KillSignal=SIGINT LimitNOFILE=8192 PrivateDevices=yes [Install] WantedBy=multi-user.target Tor systemd unit overrides: [Service] ProtectSystem=strict ProtectHome=true PrivateTmp=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true ProtectControlGroups=true NoNewPrivileges=true RestrictSUIDSGID=true RestrictAddressFamilies=AF_INET AF_INET6 ReadWritePaths=/var/lib/tor Occasionally, the CPU usage hit's 100%, and the maximum throughput drops down to around 16 Mbps from it's usual 80 Mbps. This happens randomly and not a fixed intervals which makes it pretty hard to profile. No abnormal entries in the log files. I found ticket #24857 in which someone describes a similar behavior, but on _Windows_. https://trac.torproject.org/projects/tor/ticket/24857 Is this also an issue on Linux? In that case, setting DirCache to 0 should fix the issue, however that would mean that, according to the manual, I would no longer be able to mirror directory information. If anyone else encountered the same problem and found a solution, please let me know. Best Regards, William

3 9

Tor relay - hardware upgrade and "Observed bandwidth" not changed
by lilyus＠pm.me 19 May '20

19 May '20

Hello, I recently upgraded the hardware of my Tor relay and the "Advertised Bandwith" did not change. https://metrics.torproject.org/rs.html#search/pelote :9001 > Bandwidth rate: 1024 MiB/s > Bandwidth burst: 1024 MiB/s > Observed bandwidth: 5.46 MiB/s :9101 > Bandwidth rate: 1024 MiB/s > Bandwidth burst: 1024 MiB/s > Observed bandwidth: 4.62 MiB/s My Internet provider allow: - 1 Gbit/s download - 600 Mbit/s upload The relay new hardware is "NUC8i5BEK" - Intel(R) Core(TM) i5-8259U CPU @ 2.30GHz - 8GB DDR4 SDRAM PC4-19200 - Samsung SSD 950 PRO 256GB nvme System: - OpenBSD 6.7 - tor-0.4.2.7 Relay configuration is done with https://github.com/nusenu/ansible-relayor No IPv6 (yet). Do I have to wait for something like "The lifecycle of a new relay" ? https://blog.torproject.org/lifecycle-new-relay Regards, Lilyus

1 0

warn message in notices .log after reinstallation of the relay (and restore of torrc and "keys" folder)
by David Strappazon 19 May '20

19 May '20

Hi, I had issues with my bridge who is running on a Raspberry pi 3+ so i've decided to completely reinstall it. First i saved my torrc file and my "keys" folder from /var/lib/tor. First thing i did after a clean install of the server was to copy and paste my torrc file in /etc/tor/ and the files "ed25519_master_id_secret_key" and "secret_id_key" in the keys directory. Anyway after starting Tor i had the following messages in notices.log: [warn] http status 400 '"looks like your keypair has changed?...etc...etc... i decided to completely replace the content of the keys folder by my backup but i still have the same message. When i go to Tor relay search i see my bridge with two different identities and both are offline ( one of the hashed fingerprints is the right one). Anyway if i run "nyx" i can see that Tor is working, reachable from the outside and some circuits are built. I suspect i make a mistake with the "keys" but i'm a little bit lost. Can you guys help me please ? Sent with [ProtonMail](https://protonmail.com) Secure Email.

1 0

tor relay on windows 10
by Станислав 18 May '20

18 May '20

4 6

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays