Thanks a lot for taking the time to explain me!
Quoting teor teor@riseup.net:
Hi,
On 28 Aug 2019, at 14:21, Hikari tux@hikari.me wrote:
So, it's just that few people receive my bridge from BridgeDB. So it's a guard relay, right? What am I lacking to receive a guard flag?
Guards and Bridges are different.
Bridges are secret entry nodes for a few Tor clients.
Guards are public entry nodes for any Tor client. But they are easier to block, because they are public.
And what about being a middle relay? Shouldn't it be used more frequently in this mode?
Middle relays are public middle nodes for any Tor client.
Bridges can't be used as middles, because bridge addresses are secret.
Now I get it.
Is it worthy running a public middle relay at home? Or is it possible sites will block my IP and I should stick with a bridge as it is now?
I suppose a guard relay isn't advised, right?
I have obfs3 and obfs4 enabled, but I've never tested them. And never got any error message either.
You can test them with Tor Browser, but it takes a bit of cut and paste work. Look up the obfs4 instructions for the location of the bridge line file.
Does Tor Browser for Windows come with obfs4? How to enable it?
I could also try running Tails on a VM if it has obfs4.
If you'd like to get more bridge traffic, start another few bridges on different ports on the same IP, or different IPs.
Do you know any tutorial teaching how to run multiple Tor instances? I did it with Transmission and had some trouble but did it.
I suppose I'll need to duplicate /etc/tor and /var/log/tor and have 2 systemctl files pointing to the correct torrc.
And also point nyx to the correct instance. I just run it without parameters.
Another question. I currently have Address setting on torrc pointing to a domain handled by no-ip. I have 2 ISPs in load balancing, and before this setting I was having very frequent log messages saying my IP had changed, because each time Tor made its test it was using a different route. Isn't it possible to use Tor in load balancing?
There are different kinds of load balancing.
Tor relays and bridges can only advertise a single IPv4 address. Tor relays can also advertise an IPv6 address. We're working on dual-stack advertised addresses for bridges.
So Tor works well when your AS announces your relay's IP address on multiple upstream routers.
What's an AS?
I'm still working on getting IPv6 working. My Cisco RV340's WebUI doesn't have settings for enabling ULA and neither for delegating global prefix. I just bought a new router and will try to put OpenWRT on it, and hope to be able to setup everything then.
In early monitorings I'm noticing that one of my ISPs, the one I'm able to use global prefix, hasn't changed mine for over a week. But my server's IP is changing a few times every day inside the same prefix.
When (and if) I get everything working, I hope to have 1 no-ip domain for each ISP IPv4 address, and get 1 fixed IPv6 ULA and an equivalent global IP for each ISP global prefix and keep it fixed as long as ISPs don't change their prefix.
It's gonna take a few months to set it all.
Regarding Tor, maybe I'll need to run 1 instance for each ISP's IPv4+IPv6 combination. IPv4 will be easy, IDK how to make it know which IPv6 to use, if I'm unable to get no-ip working for IPv6.
If you have different IP addresses for each upstream, you can:
- Run a separate Tor instance for each address, or
- Set (inbound) Address to one upstream, and OutboundBindAddress to another.
Sorry I didn't understand the second option.
I'm buying a Ubiquiti EdgeRouter X to put OpenWRT. If everything works, in the near future I'll have IPv6 and load balancing working, but no-ip seems to not support IPv6. How should I setup my relay to use both ISPs and IPv4 + IPv6 with dynamic addresses?
Address supports DNS for IPv4 addresses.
IPv6 is only supported for ORPort (relays) and ServerTransportListenAddr (bridges). Tor doesn't have support for dynamic IPv6 yet.
Well that's troubling lol so I think I won't be able to use IPv6, unless ISPs leave static global prefixes and I'm able to set a relative fixed ULA.
Is it possible to set Tor to use a specific network device?
Can your provider allocate static IPv6? It should have a pool of millions of IPv6 addresses, so static should be easy.
As I said, I'm monitoring IPv6 and the working ISP's global prefix hasn't changed in a week, but IPv6 addr is changing.
They won't wanna provide fixed global prefix, because they wanna charge for fixed IP. They are also serving only a /64 prefix. And blocking some most common ports.
My guess is that they haven't get dynamic global prefix allocation working yet, so they are just leaving it be for now. I also haven't tried turning modem off to see that forces prefix to change.
We're trying to make IPv6 support better, but I don't know when we will get funding to fix these particular issues.
Yeah I understand it. Most ppl and even teleco companies aren't worried with IPv6. Some routers as mine don't have proper UI for IPv6 settings either.