On May 23, 2019, at 3:54 AM, tor-relay@riseup.net wrote:
I think that a network based to much on remotes VMs, with closed source software running on the most deep machine level, is not very resilient and secure.
Actually, it’s very secure. By default, Tor doesn’t log anything but simple notice messages. In addition, if you use Offline Master Keys (https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKe...) the security of your node is greatly enhanced. As long as you have direct root access to the VM, you’re fine. Also, most VM use OSS HyperVisors such as KVM or Xen.
So the reason why I was thinking to do so is that I wanted to run a small exit relay on a device running only open source software, like Olimex Lime2 does, and under my direct control.
If you really want to use this device as an exit, I would strongly suggest that you don’t do it at home, there’s actually a few companies that specialize in colocation for small hardware platforms such as the Lime2.
The latency from my home and the VM is not so high (45-50 ms), and I was pretty sure that with a proper configuration I didn't risk that users exit through my home connection. But If you say that with a so small bandwidth It can't run properly, I trust you, so I keep a non-exit relay.
That’s actually very high latency to add to the hop because you’re going to add SSH encryption on top of it, which will add more latency, just to get to the VM? I wouldn’t consider it feasible.
Now that I’m thinking about it, you could try finding a VPN provider that allows Tor and using that VPN provider on your Lime2.
-Conrad
Anyway thanks for your advices
Il 22/05/19 11:05, nusenu ha scritto:
tor-relay@riseup.net :
I'm running a non exit relay on a debian machine (in the next few months I will switch to *BSD) on a Lime2.
I assume you are referring to a relay run at home.
I'm running an exit relay too on a remote VM.
I would turn my non-exit relay in an exit one, but for obvious reasons, I don't want to run It from my shitty ISP IP. I could give 10-14 mbps from my home connection, so I think that the lime2 would be powerful enough to run It properly.
I would discourage such a setup for the following reasons:
- this setup includes the risk that users will exit
through your home broadband IP address (bad!) if tunnels break down
- such setups that introduce an additional hop decrease the user-experience
- most users will not be happy with an "10-14mbps" exit at a home broadband connection
- it is not clear to me why you would involve your home IP at all for your exit
if you have a VM in a datacenter
nonetheless, thanks for running relays, nusenu
tor-relays mailing list
tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays