Maybe the next step in russian Tor discrimination
Hello, i have a relay at profitserver.ru at their Chelyabinsk location and recently the relay fell out of the consensus. I can ping all authorities with IPv4 and IPv6 and torproject.org is not blocked. I opened the ControlPort and tried to manually create circuits to the authorities. extendcircuit 0 authoritynickname getinfo circuit-status I observed that i can successfully create circuits to no more than three authorities and it seems to change to which authorities i can create circuits. The unsuccessful circuits stay in EXTENDED but never reach BUILT until Tor gives up eventually. Currently no other of my russian relays are affected. I am not an expert with the ControlPort but i hope this is proving what i tried to prove. Here is the conversation with the support: me: Hello, I am running a (non-exit) Tor relay on the VPS and it stopped working a few weeks ago. I can ping the Tor authorities IP addresses but when i try to manually create a Tor circuit it seems to timeout 6 out of 9 times which indicates some blocking attempts on your (or your upstream providers) side. I have a couple of other Tor relays in russia and i have never seen routinely failing manually created circuits to the Tor authorities. Do you block Tor or do you otherwise mess with Tor traffic? support agent: Hello, i can't say something about TOR network, now. We have black box from government, which can control traffic, and perhaps block TOR. Ourselves don't block TOR me: Thanks for your answer. The TSPU from Roskomnadzor that is doing Deep Packet Inspection? I feel with you and all the russian citizens... :( Good luck support agent: Maybe it's a black box If this is indeed their blackbox messing with Tor traffic then it is quite subtile because it does not block torproject.org and pings to the authorities are going through. The relay suddenly was online for one consensus in the last weeks and i can still use it when i manually set it as a Guard in my Tor client. So if you run a relay in russia and you experience weird stuff with it then you may not only want to check if you can reach the authorities by ping but you may want to try to manually craft a circuit to all of them. Hope that helps anyone Cheers
Very interesting! I have two VPS at different locations with justhost.ru (IQ Data St. Petersburg and DataLine Moscow - AS51659) and have also noticed a change: - on December 30th, both servers could not reach deb.torproject.org and the torproject.org web page. Both IPv4 and IPv6 were blocked. - I tried again today and everything worked fine. I even downloaded the tor browser bundle for Windows over one of the servers just to see if it works. It does and the signature also checks out (verified on a different server outside Russia) - running tor nodes at both locations continues to work Best Regards, Kristian Jan 2, 2022, 08:22 by torrelaysaregreat@gmail.com:
Hello,
i have a relay at > profitserver.ru <http://profitserver.ru>> at their Chelyabinsk location and recently the relay fell out of the consensus.
I can ping all authorities with IPv4 and IPv6 and > torproject.org <http://torproject.org>> is not blocked. I opened the ControlPort and tried to manually create circuits to the authorities.
extendcircuit 0 authoritynickname getinfo circuit-status
I observed that i can successfully create circuits to no more than three authorities and it seems to change to which authorities i can create circuits. The unsuccessful circuits stay in EXTENDED but never reach BUILT until Tor gives up eventually.
Currently no other of my russian relays are affected. I am not an expert with the ControlPort but i hope this is proving what i tried to prove.
Here is the conversation with the support: me:
Hello, I am running a (non-exit) Tor relay on the VPS and it stopped working a few weeks ago. I can ping the Tor authorities IP addresses but when i try to manually create a Tor circuit it seems to timeout 6 out of 9 times which indicates some blocking attempts on your (or your upstream providers) side. I have a couple of other Tor relays in russia and i have never seen routinely failing manually created circuits to the Tor authorities. Do you block Tor or do you otherwise mess with Tor traffic? support agent: Hello, i can't say something about TOR network, now. We have black box from government, which can control traffic, and perhaps block TOR. Ourselves don't block TOR> me: Thanks for your answer. The TSPU from Roskomnadzor that is doing Deep Packet Inspection? I feel with you and all the russian citizens... :( Good luck> > > support agent: Maybe it's a black box
If this is indeed their blackbox messing with Tor traffic then it is quite subtile because it does not block > torproject.org <http://torproject.org>> and pings to the authorities are going through. The relay suddenly was online for one consensus in the last weeks and i can still use it when i manually set it as a Guard in my Tor client. So if you run a relay in russia and you experience weird stuff with it then you may not only want to check if you can reach the authorities by ping but you may want to try to manually craft a circuit to all of them.
Hope that helps anyone Cheers
Hi, I've made the same experience with my node in RU. Greetings, Sebastian Elisa On 02.01.2022 16:09, abuse--- via tor-relays wrote:
Very interesting!
I have two VPS at different locations with justhost.ru (IQ Data St. Petersburg and DataLine Moscow - AS51659) and have also noticed a change:
- on December 30th, both servers could not reach deb.torproject.org and the torproject.org web page. Both IPv4 and IPv6 were blocked.
- I tried again today and everything worked fine. I even downloaded the tor browser bundle for Windows over one of the servers just to see if it works. It does and the signature also checks out (verified on a different server outside Russia)
- running tor nodes at both locations continues to work
Best Regards,
Kristian
Jan 2, 2022, 08:22 by torrelaysaregreat@gmail.com:
Hello,
i have a relay at profitserver.ru [1] at their Chelyabinsk location and recently the relay fell out of the consensus.
I can ping all authorities with IPv4 and IPv6 and torproject.org [2] is not blocked.
I opened the ControlPort and tried to manually create circuits to the authorities.
extendcircuit 0 authoritynickname
getinfo circuit-status
I observed that i can successfully create circuits to no more than three authorities and it seems to change to which authorities i can create circuits.
The unsuccessful circuits stay in EXTENDED but never reach BUILT until Tor gives up eventually.
Currently no other of my russian relays are affected.
I am not an expert with the ControlPort but i hope this is proving what i tried to prove.
Here is the conversation with the support:
me:
Hello,
I am running a (non-exit) Tor relay on the VPS and it stopped working a few weeks ago.
I can ping the Tor authorities IP addresses but when i try to manually create a Tor circuit it seems to timeout 6 out of 9 times which indicates some blocking attempts on your (or your upstream providers) side.
I have a couple of other Tor relays in russia and i have never seen routinely failing manually created circuits to the Tor authorities.
Do you block Tor or do you otherwise mess with Tor traffic?
support agent: Hello, i can't say something about TOR network, now. We have black box from government, which can control traffic, and perhaps block TOR. Ourselves don't block TOR
me: Thanks for your answer. The TSPU from Roskomnadzor that is doing Deep Packet Inspection? I feel with you and all the russian citizens... :( Good luck
support agent:
Maybe it's a black box
If this is indeed their blackbox messing with Tor traffic then it is quite subtile because it does not block torproject.org [2] and pings to the authorities are going through. The relay suddenly was online for one consensus in the last weeks and i can still use it when i manually set it as a Guard in my Tor client.
So if you run a relay in russia and you experience weird stuff with it then you may not only want to check if you can reach the authorities by ping but you may want to try to manually craft a circuit to all of them.
Hope that helps anyone
Cheers
Links: ------ [1] http://profitserver.ru [2] http://torproject.org _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I can confirm that profitserver.ru at Chelyabinsk location has TSPU (government) DPI system, at least on one of their links for some of the destination IPs. On that link the filtering is the same as a residential connection from ER-Telecom. The TSPU could be detected by 307 HTTP reply with Location header and nothing more: # curl -v rutracker.org * Trying 45.132.105.85:80... * TCP_NODELAY set * Connected to rutracker.org (45.132.105.85) port 80 (#0)
GET / HTTP/1.1 Host: rutracker.org User-Agent: curl/7.68.0 Accept: */*
* Mark bundle as not supporting multiuse < HTTP/1.1 307 Temporary Redirect < Location: http://lawfilter.ertelecom.ru/ * no chunk, no close, no size. Assume close to signal end Contrary to torproject.org request, which doesn't seem to be routed via TSPU (but via another DPI box, at Megafon): # curl -v torproject.org * Trying 95.216.163.36:80... * TCP_NODELAY set * Connected to torproject.org (95.216.163.36) port 80 (#0)
GET / HTTP/1.1 Host: torproject.org User-Agent: curl/7.68.0 Accept: */*
* Mark bundle as not supporting multiuse < HTTP/1.1 302 Found < Location: http://m.megafonpro.ru/rkn?channel=3 * no chunk, no close, no size. Assume close to signal end The IP addresses of blocked Tor relays and bridges are not reachable over Chelyabinsk profitserver as well.
participants (5)
-
abuse@lokodlare.com -
Josh Lawson -
newsletter@unicorncloud.org -
Tor Relays -
ValdikSS