Hi Nusenu
Am Samstag, den 24.03.2018, 13:51 +0000 schrieb nusenu:
Hi Tim,
I saw you recently added 8 new tor exit instances and wanted to thank you for contributing exit bandwidth to the tor network!
At the moment this is a (small) Host with 10 GBE and multiple addresses. I hope the computing power is enough to handle a bunch of Tor traffic. We need to get a bit more experience with that.
May I ask what CPU you use and how much memory the system has?
At time of writing, the VM has 4 cores of Xeon E3-1230 V2 @ 3.30GHz with 8 GB of main memory. The VM has 4 IPv4 addresses and a complete /48 IPv6 prefix.
The system is not operated in a data center and the physical space is limited so it's not as powerful as we would like to.
My plan is to observe the system a bit over the next weeks. If it's clear to low computing power, I would love to make a 'Plan B'.
I saw your have IPv6 addresses [2]. If your connectivity/routing allows also for IPv6 exiting and ORPorts, enabling IPv6 on your exits would be great and appreciated.
Currently we still building up the network. So, yes, it's planned and in the last hour we configured the addresses. But it will take some time until the prefix is announced completely.
Note that if you enable IPv6 without having proper IPv6 connectivity your relays will drop out of consensus, so it is best to ensure proper IPv6 connectivity before enabling IPv6 on your relays.
Yes, thanks for the advice. I will wait until the reachability is good.
Yes, it's the ansible-relayor. Great work, and btw: Thank you!
But unfortunately, atlas recognized only the two instances on the main IP.
You can _not_ have more than two tor instances per public IPv4 address.
The system has 4 public IPv4 addresses.
This is to avoid that someone adds many instances on a single IP (Sybil attack). Unless you modify it, ansible-relayor makes sure you do not configure more than 2 instances per IPv4.
We have 8 instances for 4 public IP's. So 2 instances per IP.
So I manipulated the template a bit, so that the 'Address'-config is added to the torrc. I'm currently unsure if it's a bug or if I've a misunderstanding. Still learning.. ;)
Unless you have some unusual NAT you should never need to add the "Address" config (ansible-relayor supports it after someone with a rather unusual network setup requested it).
There is no NAT.
I don't know, but it seemed to me, that Tor wasn't able to use the correct IPs: --- %< --- Mär 22 02:19:47 tor Tor-185.220.100.253_9000[586]: Your server (185.220.100.252:9000) has not managed to conf irm that its ORPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Ple ase check your firewalls, ports, address, /etc/hosts file, etc. --- >% ---
This looked to me that the instance on 185.220.100.253:9000 "thought" it has the 185.220.100.252:9000. That's the reason for my idea to add the 'Address'-setting.
If I'm misunderstanding you, or if there is a bug in ansible-relayor please let me know.
Don't know. Currently I'm not able to decide. ;)
Tim
thanks for joining the network and happy packet forwarding!
Please don't hesitate to contact me if there is any problem with our Tor relay.
It is always good to be able to reach relay operators, thanks. nusenu