Hi, I've been running a new tor relay for about a week now and I've got some questions. 1) I plan on running other services than tor on my server, including a (private) mail system. Other than the general possibility of tor having security holes and my server (and its IP address) being public and thus possibly target of attacks, are there security implications I should consider? 2) I would be interested to eventually run a directory/bandwith authority, so I read about them in [1] and [2], but the places seemed a bit odd (hidserv-perf branch in tor svn/torflow repo) so I thought I better ask here: Would I really just have to follow the steps in [1] to become a dirauth? Is there currently a need for auths, would contribution be welcomed? Thanks for your answers! Regards Tobias [1] https://svn.torproject.org/svn/tor/branches/hidserv-perf/doc/v3-authority-ho... [2] https://gitweb.torproject.org/torflow.git/blob/HEAD:/NetworkScanners/BwAutho...
On 03/02/2014 04:06 PM, Tobias Markus wrote:
I've been running a new tor relay for about a week now
Great. Thank you!
1) I plan on running other services than tor on my server, including a (private) mail system. Other than the general possibility of tor having security holes and my server (and its IP address) being public and thus possibly target of attacks, are there security implications I should consider?
Unfortunately, many sites block Tor relay IPs regardless of their exit policy. So, if you share one IP between the relay and other services, your might be impacted. This is especially true for exit relays.
2) I would be interested to eventually run a directory/bandwith authority, so I read about them in [1] and [2], but the places seemed a bit odd (hidserv-perf branch in tor svn/torflow repo) so I thought I better ask here: Would I really just have to follow the steps in [1] to become a dirauth? Is there currently a need for auths, would contribution be welcomed?
The offer is well appreciated. In the current design, directory authorities and bandwidth authorities play a very special role. There are several ideas on how to improve the situation and then open participation to the broader community, but for the time being, authorities can only be run by people very close to the core dev team. -- Moritz Bartl https://www.torservers.net/
Hi, sorry for replying rather late! In response to 1): Thinking about it, I think the main (possible) problem is that my MTA is rejected by SMTP servers it connects to because of a Tor blacklist. Is this probable? Has someone got experience running a complete mail system and a (public) Tor relay on the same host/IP? About 2): That is indeed very unfortunate, but at the same time a reason to start contributing to Tor! (Sadly, I am presently occupied by various other projects, but I think Tor is definitely worth a 'visit'.) Now about something else. I recently had to restart my server for unrelated reasons. (The relay had the Guard and Stable flag at that time.) I sadly forgot to add the Tor service to the default runlevel, so it was not started at boot time. I went to bed thinking everything was OK and was only able to start Tor about 12 hours later. Unfortunately, my relay got no flags since then -- not even "Running"! The Tor consensus website confirms this: Three Auths voted for all previous/normal flags except Guard, the others only for Valid and V2Dir leading to my relay getting no flags! I cannot really explain this to myself. What is going on here? Tobias On Sun, Mar 02, 2014 at 07:32:17PM +0100, Moritz Bartl wrote:
On 03/02/2014 04:06 PM, Tobias Markus wrote:
I've been running a new tor relay for about a week now
Great. Thank you!
1) I plan on running other services than tor on my server, including a (private) mail system. Other than the general possibility of tor having security holes and my server (and its IP address) being public and thus possibly target of attacks, are there security implications I should consider?
Unfortunately, many sites block Tor relay IPs regardless of their exit policy. So, if you share one IP between the relay and other services, your might be impacted. This is especially true for exit relays.
2) I would be interested to eventually run a directory/bandwith authority, so I read about them in [1] and [2], but the places seemed a bit odd (hidserv-perf branch in tor svn/torflow repo) so I thought I better ask here: Would I really just have to follow the steps in [1] to become a dirauth? Is there currently a need for auths, would contribution be welcomed?
The offer is well appreciated. In the current design, directory authorities and bandwidth authorities play a very special role. There are several ideas on how to improve the situation and then open participation to the broader community, but for the time being, authorities can only be run by people very close to the core dev team.
Hi, just wanted to inform you that I could resolve the issue simply by deleting the tor data folder (thus getting a new fingerprint). PS: I actually replied to Bryan, but forgot to CC tor-relays. Sadly I can't find the message anymore, otherwise I would have resent it. On 03/13/2014 11:08 PM, Tobias Markus wrote:
Hi,
sorry for replying rather late!
In response to 1): Thinking about it, I think the main (possible) problem is that my MTA is rejected by SMTP servers it connects to because of a Tor blacklist. Is this probable? Has someone got experience running a complete mail system and a (public) Tor relay on the same host/IP?
About 2): That is indeed very unfortunate, but at the same time a reason to start contributing to Tor! (Sadly, I am presently occupied by various other projects, but I think Tor is definitely worth a 'visit'.)
Now about something else. I recently had to restart my server for unrelated reasons. (The relay had the Guard and Stable flag at that time.) I sadly forgot to add the Tor service to the default runlevel, so it was not started at boot time. I went to bed thinking everything was OK and was only able to start Tor about 12 hours later. Unfortunately, my relay got no flags since then -- not even "Running"! The Tor consensus website confirms this: Three Auths voted for all previous/normal flags except Guard, the others only for Valid and V2Dir leading to my relay getting no flags! I cannot really explain this to myself. What is going on here?
Tobias
On Sun, Mar 02, 2014 at 07:32:17PM +0100, Moritz Bartl wrote:
On 03/02/2014 04:06 PM, Tobias Markus wrote:
I've been running a new tor relay for about a week now
Great. Thank you!
1) I plan on running other services than tor on my server, including a (private) mail system. Other than the general possibility of tor having security holes and my server (and its IP address) being public and thus possibly target of attacks, are there security implications I should consider?
Unfortunately, many sites block Tor relay IPs regardless of their exit policy. So, if you share one IP between the relay and other services, your might be impacted. This is especially true for exit relays.
2) I would be interested to eventually run a directory/bandwith authority, so I read about them in [1] and [2], but the places seemed a bit odd (hidserv-perf branch in tor svn/torflow repo) so I thought I better ask here: Would I really just have to follow the steps in [1] to become a dirauth? Is there currently a need for auths, would contribution be welcomed?
The offer is well appreciated. In the current design, directory authorities and bandwidth authorities play a very special role. There are several ideas on how to improve the situation and then open participation to the broader community, but for the time being, authorities can only be run by people very close to the core dev team.
-- Tobias Markus "They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790)
Hi, Great that it finally worked out, welcome to thd brother/sisterhood. And btw. what are you doing with my mail signature ? That seems to be the more important issue to me ;-))) Hi, just wanted to inform you that I could resolve the issue simply by deleting the tor data folder (thus getting a new fingerprint). PS: I actually replied to Bryan, but forgot to CC tor-relays. Sadly I can't find the message anymore, otherwise I would have resent it. On 03/13/2014 11:08 PM, Tobias Markus wrote:
Hi, sorry for replying rather late! In response to 1): Thinking about it, I think the main (possible) problem is that my MTA is rejected by SMTP servers it connects to because of a Tor blacklist. Is this probable? Has someone got experience running a complete mail system and a (public) Tor relay on the same host/IP? About 2): That is indeed very unfortunate, but at the same time a reason to start contributing to Tor! (Sadly, I am presently occupied by various other projects, but I think Tor is definitely worth a 'visit'.) Now about something else. I recently had to restart my server for unrelated reasons. (The relay had the Guard and Stable flag at that time.) I sadly forgot to add the Tor service to the default runlevel, so it was not started at boot time. I went to bed thinking everything was OK and was only able to start Tor about 12 hours later. Unfortunately, my relay got no flags since then -- not even "Running"! The Tor consensus website confirms this: Three Auths voted for all previous/normal flags except Guard, the others only for Valid and V2Dir leading to my relay getting no flags! I cannot really explain this to myself. What is going on here? Tobias On Sun, Mar 02, 2014 at 07:32:17PM +0100, Moritz Bartl wrote:
On 03/02/2014 04:06 PM, Tobias Markus wrote:
I've been running a new tor relay for about a week now
Great. Thank you!
1) I plan on running other services than tor on my server, including a (private) mail system. Other than the general possibility of tor having security holes and my server (and its IP address) being public and thus possibly target of attacks, are there security implications I should consider?
Unfortunately, many sites block Tor relay IPs regardless of their exit policy. So, if you share one IP between the relay and other services, your might be impacted. This is especially true for exit relays.
2) I would be interested to eventually run a directory/bandwith authority, so I read about them in [1] and [2], but the places seemed a bit odd (hidserv-perf branch in tor svn/torflow repo) so I thought I better ask here: Would I really just have to follow the steps in [1] to become a dirauth? Is there currently a need for auths, would contribution be welcomed?
The offer is well appreciated. In the current design, directory authorities and bandwidth authorities play a very special role. There are several ideas on how to improve the situation and then open participation to the broader community, but for the time being, authorities can only be run by people very close to the core dev team.
-- Tobias Markus "They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Sebastian, now that you say it -- yes, it seems we both choose the same quote :D (Really, I didn't copy you. I've read it somewhere else a while ago and adopted it because I liked it. But really, you didn't read hundreds of quote books just to suddenly stumble on Franklin's quote, did you?) But another thing: Do you still need participating relays for TTTT? Tobias Am 17.03.2014 16:24, schrieb Sebastian Urbach:
Hi,
Great that it finally worked out, welcome to thd brother/sisterhood. And btw. what are you doing with my mail signature ? That seems to be the more important issue to me ;-)))
Hi,
just wanted to inform you that I could resolve the issue simply by deleting the tor data folder (thus getting a new fingerprint).
PS: I actually replied to Bryan, but forgot to CC tor-relays. Sadly I can't find the message anymore, otherwise I would have resent it.
On 03/13/2014 11:08 PM, Tobias Markus wrote:
Hi, sorry for replying rather late! In response to 1): Thinking about it, I think the main (possible) problem is that my MTA is rejected by SMTP servers it connects to because of a Tor blacklist. Is this probable? Has someone got experience running a complete mail system and a (public) Tor relay on the same host/IP? About 2): That is indeed very unfortunate, but at the same time a reason to start contributing to Tor! (Sadly, I am presently occupied by various other projects, but I think Tor is definitely worth a 'visit'.) Now about something else. I recently had to restart my server for unrelated reasons. (The relay had the Guard and Stable flag at that time.) I sadly forgot to add the Tor service to the default runlevel, so it was not started at boot time. I went to bed thinking everything was OK and was only able to start Tor about 12 hours later. Unfortunately, my relay got no flags since then -- not even "Running"! The Tor consensus website confirms this: Three Auths voted for all previous/normal flags except Guard, the others only for Valid and V2Dir leading to my relay getting no flags! I cannot really explain this to myself. What is going on here? Tobias On Sun, Mar 02, 2014 at 07:32:17PM +0100, Moritz Bartl wrote:
On 03/02/2014 04:06 PM, Tobias Markus wrote:
I've been running a new tor relay for about a week now
Great. Thank you!
1) I plan on running other services than tor on my server, including a (private) mail system. Other than the general possibility of tor having security holes and my server (and its IP address) being public and thus possibly target of attacks, are there security implications I should consider?
Unfortunately, many sites block Tor relay IPs regardless of their exit policy. So, if you share one IP between the relay and other services, your might be impacted. This is especially true for exit relays.
2) I would be interested to eventually run a directory/bandwith authority, so I read about them in [1] and [2], but the places seemed a bit odd (hidserv-perf branch in tor svn/torflow repo) so I thought I better ask here: Would I really just have to follow the steps in [1] to become a dirauth? Is there currently a need for auths, would contribution be welcomed?
The offer is well appreciated. In the current design, directory authorities and bandwidth authorities play a very special role. There are several ideas on how to improve the situation and then open participation to the broader community, but for the time being, authorities can only be run by people very close to the core dev team.
- -- Tobias Markus "They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iEYEARECAAYFAlMnMtoACgkQAO6N0EYmC9a66QCfSE+zXecw9aFJpOx7NNwnBnhZ imoAn0rbxsbu+NeiiJnxz82TUFe3vlWg =ZBIk -----END PGP SIGNATURE-----
Hi I would like to set up a Tor Bridge but I have run into a few problems. Can anyone give me a few recommendations on what to do? Raising maximum number of filedescriptors (ulimit -n) to 32768. Starting tor daemon: tor... ABORTED: Tor configuration invalid: Mar 17 10:56:35.546 [notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Mar 17 10:56:35.548 [warn] Option 'SocksPort' used more than once; all but the last value will be ignored. Mar 17 10:56:35.548 [warn] Failed to parse/validate config: Unknown option 'ServerTransportPlugin'. Failing. Mar 17 10:56:35.548 [err] Reading config failed--see warnings above. ________________________________ От: Tobias Markus <tobias@markus-regensburg.de> Кому: Sebastian Urbach <sebastian@urbach.org> Копия: tor-relays@lists.torproject.org Отправлено: понедельник, 17 марта 2014 10:37 Тема: Re: [tor-relays] New tor relay, some questions -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Sebastian, now that you say it -- yes, it seems we both choose the same quote :D (Really, I didn't copy you. I've read it somewhere else a while ago and adopted it because I liked it. But really, you didn't read hundreds of quote books just to suddenly stumble on Franklin's quote, did you?) But another thing: Do you still need participating relays for TTTT? Tobias Am 17.03.2014 16:24, schrieb Sebastian Urbach:
Hi,
Great that it finally worked out, welcome to thd brother/sisterhood. And btw. what are you doing with my mail signature ? That seems to be the more important issue to me ;-)))
Hi,
just wanted to inform you that I could resolve the issue simply by deleting the tor data folder (thus getting a new fingerprint).
PS: I actually replied to Bryan, but forgot to CC tor-relays. Sadly I can't find the message anymore, otherwise I would have resent it.
On 03/13/2014 11:08 PM, Tobias Markus wrote:
Hi, sorry for replying rather late! In response to 1): Thinking about it, I think the main (possible) problem is that my MTA is rejected by SMTP servers it connects to because of a Tor blacklist. Is this probable? Has someone got experience running a complete mail system and a (public) Tor relay on the same host/IP? About 2): That is indeed very unfortunate, but at the same time a reason to start contributing to Tor! (Sadly, I am presently occupied by various other projects, but I think Tor is definitely worth a 'visit'.) Now about something else. I recently had to restart my server for unrelated reasons. (The relay had the Guard and Stable flag at that time.) I sadly forgot to add the Tor service to the default runlevel, so it was not started at boot time. I went to bed thinking everything was OK and was only able to start Tor about 12 hours later. Unfortunately, my relay got no flags since then -- not even "Running"! The Tor consensus website confirms this: Three Auths voted for all previous/normal flags except Guard, the others only for Valid and V2Dir leading to my relay getting no flags! I cannot really explain this to myself. What is going on here? Tobias On Sun, Mar 02, 2014 at 07:32:17PM +0100, Moritz Bartl wrote:
On 03/02/2014 04:06 PM, Tobias Markus wrote:
I've been running a new tor relay for about a week now
Great. Thank you!
1) I plan on running other services than tor on my server, including a (private) mail system. Other than the general possibility of tor having security holes and my server (and its IP address) being public and thus possibly target of attacks, are there security implications I should consider?
Unfortunately, many sites block Tor relay IPs regardless of their exit policy. So, if you share one IP between the relay and other services, your might be impacted. This is especially true for exit relays.
2) I would be interested to eventually run a directory/bandwith authority, so I read about them in [1] and [2], but the places seemed a bit odd (hidserv-perf branch in tor svn/torflow repo) so I thought I better ask here: Would I really just have to follow the steps in [1] to become a dirauth? Is there currently a need for auths, would contribution be welcomed?
The offer is well appreciated. In the current design, directory authorities and bandwidth authorities play a very special role. There are several ideas on how to improve the situation and then open participation to the broader community, but for the time being, authorities can only be run by people very close to the core dev team.
- -- Tobias Markus "They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iEYEARECAAYFAlMnMtoACgkQAO6N0EYmC9a66QCfSE+zXecw9aFJpOx7NNwnBnhZ imoAn0rbxsbu+NeiiJnxz82TUFe3vlWg =ZBIk -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Mon, Mar 17, 2014 at 6:58 PM, Eric Giannini <eric.giannini@yahoo.com> wrote:
Hi
I would like to set up a Tor Bridge but I have run into a few problems. Can anyone give me a few recommendations on what to do?
Raising maximum number of filedescriptors (ulimit -n) to 32768. Starting tor daemon: tor... ABORTED: Tor configuration invalid: Mar 17 10:56:35.546 [notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Mar 17 10:56:35.548 [warn] Option 'SocksPort' used more than once; all but the last value will be ignored. Mar 17 10:56:35.548 [warn] Failed to parse/validate config: Unknown option 'ServerTransportPlugin'. Failing. Mar 17 10:56:35.548 [err] Reading config failed--see warnings above.
Your Tor version is very old. It doesn't support pluggable trransports. Please upgrade to latest of the 0.2.4 branch, or use the 0.2.5 alpha
Hi, I updated to 0.2.4 service tor start returned the following: /etc/init.d/tor: line 140: ulimit: open files: cannot modify limit: Operation not permitted ...fail! Any suggestions? Eric ________________________________ От: Grozdan <neutrino8@gmail.com> Кому: tor-relays@lists.torproject.org Отправлено: понедельник, 17 марта 2014 11:22 Тема: Re: [tor-relays] Setting up Tor Bridge On Mon, Mar 17, 2014 at 6:58 PM, Eric Giannini <eric.giannini@yahoo.com> wrote:
Hi
I would like to set up a Tor Bridge but I have run into a few problems. Can anyone give me a few recommendations on what to do?
Raising maximum number of filedescriptors (ulimit -n) to 32768. Starting tor daemon: tor... ABORTED: Tor configuration invalid: Mar 17 10:56:35.546 [notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Mar 17 10:56:35.548 [warn] Option 'SocksPort' used more than once; all but the last value will be ignored. Mar 17 10:56:35.548 [warn] Failed to parse/validate config: Unknown option 'ServerTransportPlugin'. Failing. Mar 17 10:56:35.548 [err] Reading config failed--see warnings above.
Your Tor version is very old. It doesn't support pluggable trransports. Please upgrade to latest of the 0.2.4 branch, or use the 0.2.5 alpha _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi, Your open file limit is to low and the user that is starting tor does not have the proper permissions to raise the limit. On March 17, 2014 11:02:31 PM Eric Giannini <eric.giannini@yahoo.com> wrote:
Hi,
I updated to 0.2.4
service tor start returned the following: /etc/init.d/tor: line 140: ulimit: open files: cannot modify limit: Operation not permitted ...fail!
Any suggestions?
Eric
________________________________ От: Grozdan <neutrino8@gmail.com> Кому: tor-relays@lists.torproject.org Отправлено: понедельник, 17 марта 2014 11:22 Тема: Re: [tor-relays] Setting up Tor Bridge
On Mon, Mar 17, 2014 at 6:58 PM, Eric Giannini <eric.giannini@yahoo.com> wrote:
Hi
I would like to set up a Tor Bridge but I have run into a few problems. Can anyone give me a few recommendations on what to do?
Raising maximum number of filedescriptors (ulimit -n) to 32768. Starting tor daemon: tor... ABORTED: Tor configuration invalid: Mar 17 10:56:35.546 [notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Mar 17 10:56:35.548 [warn] Option 'SocksPort' used more than once; all but the last value will be ignored. Mar 17 10:56:35.548 [warn] Failed to parse/validate config: Unknown option 'ServerTransportPlugin'. Failing. Mar 17 10:56:35.548 [err] Reading config failed--see warnings above.
Your Tor version is very old. It doesn't support pluggable trransports. Please upgrade to latest of the 0.2.4 branch, or use the 0.2.5 alpha
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Eric Giannini:
Mar 17 10:56:35.546 [notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d).
Please use at least the stable Tor branch (0.2.4) and eventually the current development branch (0.2.5) which enables more statistics to be collected from bridge users. -- Lunar <lunar@torproject.org>
participants (6)
-
Eric Giannini -
Grozdan -
Lunar -
Moritz Bartl -
Sebastian Urbach -
Tobias Markus