tor-relays

tor-relays@lists.torproject.org

42 participants
4821 discussions

Start a nNew thread

(Без темы)
by Станислав 18 Apr '20

18 Apr '20

2 1

Got my first abuse
by lists＠for-privacy.net 18 Apr '20

18 Apr '20

Hi, my Family¹ has had an exit for 2 weeks and today the first abuse mail has arrived. First of all, thanks for the templates: https://www.torservers.net/wiki/abuse/templates https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates I linked these two from the Tor-project: - Common Boilerplate (Tor Intro) - SSH Bruteforce Attempts and wrote the following myself: -------------------------------------- Another good option that we use ourselves is: fail2ban And report to blacklists, which can then be loaded into the router firewalls: https://www.abuseipdb.com/user/33280 Hope this helps! -------------------------------------- I actually wanted to add that the SSH login attempts can be limited. (3-6) Because the logs from the abuse mail showed 100 attempts pro IP. ;-) _Are such notes useful or do such instructions cause even more problems?_ ¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

12 20

Help with torrc for Bridge
by ylms 18 Apr '20

18 Apr '20

Hello all I just set up a bridge and want to make sure I didn't forget anything. //the torrc I use Nickname FancyNick ContactInfo see https://example.com/torcontact/ ControlPort 9051 ORPort 443 SocksPort 0 BridgeRelay 1 ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:80 ExtORPort auto CookieAuthentication 1 ExitPolicy reject *:* ExitPolicy reject6 *:* ClientUseIPv6 1 #%include /etc/tor/torrc_family //End of torrc For the family, is this setting needed for a Bridge? Should it be set? Thanks for any advice yl

2 4

Re: [tor-relays] 100% CPU at random rate
by scullcactus 17 Apr '20

17 Apr '20

Thanks Gisle and petrarca for confirming that. I thought this is because of my messed-up OS only. I linked this thread to the trac's ticket #33554 to for more info on that. On 17.04.2020 21:27, Gisle Vanem wrote: >> My problem is, and long time has been, the following. Every 30-40-60-120 >> minutes (it varies) I suddenly see CPU consumption jumps to 100% because >> of tor process, so I need to stop/start it to settle things down. Also, >> when I start Tor after a period of inactivity, say, a few hours or >> night, I cannot start it reliably for the first time, ever. It goes up >> to "Bootstrapped 95% (circuit_create): Establishing a Tor circuit" log >> message and... 100% CPU. After the second start, I get 100% CPU with >> 50/50 probability, and after the 3rd, it finally is OK, most of the >> time. Then, this 30-40-60-120 minutes cycle begins... It happens with >> this "Bootstrapped 95% ..." message or a bit before that. > > I've seen the same and patched like this: > > --- a/lib/thread/compat_winthreads.c 2020-01-24 21:59:07 > +++ b/lib/thread/compat_winthreads.c 2020-04-09 08:55:04 > @@ -170,6 +170,8 @@ > do { > DWORD res; > res = WaitForSingleObject(cond->event, ms); > + > + SleepEx(1, TRUE); > EnterCriticalSection(&cond->lock); > if (cond->n_to_wake && > cond->generation != generation_at_start) { > > ------------- > > That always did the trick. > > I reported it here: > https://trac.torproject.org/projects/tor/ticket/33411 > > --gv

1 0

100% CPU at random rate
by scullcactus 17 Apr '20

17 Apr '20

Hello list. This is my 1st message here, and I'm not a pro, so please excuse me if I do something wrong. I run a relay for several years now. This is my personal notebook so I only start Tor when I power it up. I set it up for 2 things: to be a node (non-exit) and to serve me as a SOCKS proxy for accessing some sites I have here blocked. My problem is, and long time has been, the following. Every 30-40-60-120 minutes (it varies) I suddenly see CPU consumption jumps to 100% because of tor process, so I need to stop/start it to settle things down. Also, when I start Tor after a period of inactivity, say, a few hours or night, I cannot start it reliably for the first time, ever. It goes up to "Bootstrapped 95% (circuit_create): Establishing a Tor circuit" log message and... 100% CPU. After the second start, I get 100% CPU with 50/50 probability, and after the 3rd, it finally is OK, most of the time. Then, this 30-40-60-120 minutes cycle begins... It happens with this "Bootstrapped 95% ..." message or a bit before that. I experienced it with many 0.3.x, 0.4.1.x versions, now with 0.4.2.x versions also. I tried not to restart tor process when it eats my CPU for several minutes but it doesn't stop, so I have to stop/start it manually. I see nothing bad in the log at its NOTICE level. My setup now is: Windows 8 Tor is 0.4.2.6 Fingerprint BF4591C167FF01B8AAE2749CD9D04913BD6743C4 I run Tor as a Service (--service install cli option; start manually) My notebook is decently powerful and so is my network connection My torrc is basically like this: SOCKSPort [port] SOCKSPolicy accept private:*,reject *:* Log notice file C:\tor-0.4.2.6\var\notice.log DataDirectory C:\tor-0.4.2.6\var ControlPort [port] HashedControlPassword [cencored] MaxMemInQueues 1 Gb Address [my real ip] Nickname skullcactus ORPort 59001 NoListen ORPort 192.168.0.84:9001 NoAdvertise DirPort 59030 NoListen DirPort 192.168.0.84:9030 NoAdvertise RelayBandwidthRate 3 MBytes RelayBandwidthBurst 6 MBytes ExitRelay 0 GeoIPFile C:\tor-0.4.2.6\Data\Tor\geoip GeoIPv6File C:\tor-0.4.2.6\Data\Tor\geoip6 ExcludeExitNodes [some exclusions] StrictNodes 1 TrackHostExits [some hosts] TrackHostExitsExpire 600 HeartbeatPeriod 1 hours Really, I want to keep my node working but it gets on my nerves :-) . Can you please help me track the problem down?

3 2

Wrong IP geolocation
by Mario Costa 17 Apr '20

17 Apr '20

One of my relays is reporting a wrong country and AS Name/Number on the Tor Metrics page. I suspect that the other relays displayed filtering by AS Name have the same problem since all of them belong to the same 255.255.0.0 subnet. I know precisely where my relay’s data center is, and it’s not the reported country. How can I report the correct location? Browsing Tor’s source it looks to me that it downloads a database from https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz <https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz> but the link is not working, and it seems that they now require an account in order to access the data. I don’t know if the Metrics page is using the same database. -m

3 2

Low observed bandwith
by Mario Costa 16 Apr '20

16 Apr '20

Hi list, I’m running a guard relay from my home connection on a Raspberry Pi 4. My internet connection is 1000/100 Mbps, and I thought I’d allocate half of the upload bandwidth for the relay. Then I set RelayBandwidthRate to 10 MB/s, because I thought that Tor would upload 5 MB/s and download 5 MB/s. However, the maximum observed bandwidth was always about 6 MB/s. I’d like to know what could cause this low observed bandwidth. I don’t think it’s the Raspberry Pi, because CPU usage is always low and it has a Gigabit connection to the router. The router itself easily reaches Gigabit speeds, so 10 MB/s should be a breeze. Could it be the number of connections? nyx indicates that the connections are always about 4000. If this is the case, how can I know if the connections bottleneck is the router or the Raspberry Pi? Additionally, I’d like to ask for a rule of thumb for setting the RelayBandwithBurst. I set it to 20 MB/s because I’m ok with the relay using the whole upload bandwidth (about 10 MB/s, or 100 Mbps) for short periods of time, but as I already explained I’m never seeing such speeds. For reference my relay’s fingerprint is F942EE73F1B8E39125F617FA85E80E4C9E540A2E. -m

4 5

Multiple obsf4 Bridge Relays on macOS
by Wilton Gorske 15 Apr '20

15 Apr '20

Hi all, Firstly, I hope you're taking care and staying safe (against pandemics and surveillance, especially considering how the latter is taking advantage of the former). Secondly, and mainly, I am working on setting up ten obsf4 bridge relays on macOS and keep running into port issues, so I'm hoping to get some general advice and guidance about how to set this up in the absence of updated macOS tutorials online. These bridge relays are going to run on one macOS server. Knowing that they can each have their own dedicated IP address, could someone advise how to best set up these multiple obsf4 bridge instances so each can be run (tor -f /usr/local/etc/tor/torrc.1, torrc.2, torrc.3, etc...) under one non-root user with only two public ports open on the data center network (80 and 443)? I'm getting stuck at the port reachability phase, and even more so when trying to run multiple instances with forwarding/binding warnings. The Application Level Firewall allows certain granted programs (tor/tor-gencert/tor-print-ed-signing-cert/tor-resolve/torify/obfs4proxy) the ability to open or accept a network socket. By editing the macOS network system settings to route port 80 to 9005, and noting ORPort 80 NoListen ORPort 0.0.0.0:9005 NoAdvertise in the torrc, that works correctly (including routing 443 for obfs4proxy). Running a second instance is where it seems to break down. Is there a way to have multiple tor instances sharing a port? My guess is the main issue is that at the system routing level, I need a way to note each IP and port so it goes to the right tor instance. Currently, the forwarding is set up like: rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9005 I'm guessing I need some way to designate IP XX.XXX.XX.120 -> port 9005 (torrc.1), XX.XXX.XX.121 -> port 9006 (torrc.2), XX.XXX.XX.122 -> port 9007 (torrc.3), etc. Is that correct? A copy of my notes and configurations so far can be found here: http://5jp7xtmox6jyoqd5.onion/p/ISjeXEW-vt8H1s89bwSW Please feel free to make suggestions or edits directly in that etherpad. I'm sure there are multiple ways to do this, but I definitely want to make sure I am using the most secure method as opposed to the easiest or quickest... Thanks for any help in advance. All the best, Wilton

2 1

Question about authority clock skew
by torjoy 14 Apr '20

14 Apr '20

Hello everyone, how are you? I was browsing the "Consensus health" page and something let me curious... What is the importance of the clock skew in the authorities with the resolution of microseconds? Picture: 2020/04/13 - 13:37 UTC Also, how the authorities compare their clocks? Using ntp daemon for example? I'm asking this here because I work in a time and frequency reference lab and have two NTP (stratum 1, connected directly to UTC(LRTE) timescale. And a stratum 2 that is discilplinned with the stratum 1 timeserver). So considering the microssencond accuracy did the keepers of these authorities care about the time source? Or any time source is ok? Best regards and keep safe! Luiz

4 5

Introducing: The Onion Pack
by Ralph Wetzel 10 Apr '20

10 Apr '20

8 11

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays