Hi,
On 28 Aug 2019, at 23:44, tux@hikari.me wrote:
Quoting teor teor@riseup.net:
On 28 Aug 2019, at 14:21, Hikari tux@hikari.me wrote:
So, it's just that few people receive my bridge from BridgeDB. So it's a guard relay, right? What am I lacking to receive a guard flag?
Guards and Bridges are different.
Bridges are secret entry nodes for a few Tor clients.
Guards are public entry nodes for any Tor client. But they are easier to block, because they are public.
And what about being a middle relay? Shouldn't it be used more frequently in this mode?
Middle relays are public middle nodes for any Tor client.
Bridges can't be used as middles, because bridge addresses are secret.
Now I get it.
Is it worthy running a public middle relay at home? Or is it possible sites will block my IP and I should stick with a bridge as it is now?
You should stick with a bridge.
I suppose a guard relay isn't advised, right?
There is no setting that lets operators make their relays middles or guards. Instead, all non-exits have some chance of being a middle or a guard. For new or slow relays, the chance of being a guard might be zero.
I have obfs3 and obfs4 enabled, but I've never tested them. And never got any error message either.
You can test them with Tor Browser, but it takes a bit of cut and paste work. Look up the obfs4 instructions for the location of the bridge line file.
Does Tor Browser for Windows come with obfs4? How to enable it?
Yes. Enter an obfs4 bridge line in the bridge settings.
See the bridges part of the Tor Browser manual: https://tb-manual.torproject.org/bridges/
I could also try running Tails on a VM if it has obfs4.
Tails has Tor Browser with obfs4.
If you'd like to get more bridge traffic, start another few bridges on different ports on the same IP, or different IPs.
Do you know any tutorial teaching how to run multiple Tor instances? I did it with Transmission and had some trouble but did it.
I don't know what Transmission is.
I suppose I'll need to duplicate /etc/tor and /var/log/tor and have 2 systemctl files pointing to the correct torrc.
And also point nyx to the correct instance. I just run it without parameters.
ansible-relayor is good, but I don't know if it supports bridges.
See the Tor Relay Guide: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#ConfigurationMan...
Another question. I currently have Address setting on torrc pointing to a domain handled by no-ip. I have 2 ISPs in load balancing, and before this setting I was having very frequent log messages saying my IP had changed, because each time Tor made its test it was using a different route. Isn't it possible to use Tor in load balancing?
There are different kinds of load balancing.
Tor relays and bridges can only advertise a single IPv4 address. Tor relays can also advertise an IPv6 address. We're working on dual-stack advertised addresses for bridges.
So Tor works well when your AS announces your relay's IP address on multiple upstream routers.
What's an AS?
A network on the internet.
I'm still working on getting IPv6 working. My Cisco RV340's WebUI doesn't have settings for enabling ULA and neither for delegating global prefix. I just bought a new router and will try to put OpenWRT on it, and hope to be able to setup everything then.
In early monitorings I'm noticing that one of my ISPs, the one I'm able to use global prefix, hasn't changed mine for over a week. But my server's IP is changing a few times every day inside the same prefix.
When (and if) I get everything working, I hope to have 1 no-ip domain for each ISP IPv4 address, and get 1 fixed IPv6 ULA and an equivalent global IP for each ISP global prefix and keep it fixed as long as ISPs don't change their prefix.
It's gonna take a few months to set it all.
Regarding Tor, maybe I'll need to run 1 instance for each ISP's IPv4+IPv6 combination. IPv4 will be easy, IDK how to make it know which IPv6 to use, if I'm unable to get no-ip working for IPv6.
Set the IPv6 address as an ORPort in the relay config.
But bridges can only advertise one obfs4 address right now. So I wouldn't worry too much about IPv6 yet.
If you have different IP addresses for each upstream, you can:
- Run a separate Tor instance for each address, or
- Set (inbound) Address to one upstream, and OutboundBindAddress to another.
Sorry I didn't understand the second option.
I don't think it will work very well for bridges anyway.
I'm buying a Ubiquiti EdgeRouter X to put OpenWRT. If everything works, in the near future I'll have IPv6 and load balancing working, but no-ip seems to not support IPv6. How should I setup my relay to use both ISPs and IPv4 + IPv6 with dynamic addresses?
Address supports DNS for IPv4 addresses.
IPv6 is only supported for ORPort (relays) and ServerTransportListenAddr (bridges). Tor doesn't have support for dynamic IPv6 yet.
Well that's troubling lol so I think I won't be able to use IPv6, unless ISPs leave static global prefixes and I'm able to set a relative fixed ULA.
Your router might be changing the address?
Is it possible to set Tor to use a specific network device?
No, that happens at the OS level.
Can your provider allocate static IPv6? It should have a pool of millions of IPv6 addresses, so static should be easy.
As I said, I'm monitoring IPv6 and the working ISP's global prefix hasn't changed in a week, but IPv6 addr is changing.
They won't wanna provide fixed global prefix, because they wanna charge for fixed IP. They are also serving only a /64 prefix. And blocking some most common ports.
Wow that's unhelpful.
My guess is that they haven't get dynamic global prefix allocation working yet, so they are just leaving it be for now. I also haven't tried turning modem off to see that forces prefix to change.
T