Hello everyone,
I have some newbie questions and I hope this is the right place to ask them.
I started operating a relay on my VPS for a bit more than a month and everything seems to be going well. I constantly have about 200 outbound and 2000 inbound connections, but in nyx I almost never see any circuits. What does it mean? Do I see circuits only when someone is actually using my relay, i.e. in Tor Browser?
To further support the project I decided to run a bridge at home using a Raspberry Pi. How do I know when it is being used? I rarely see any traffic. Sometimes I see one outbound connection in nyx and some circuits open, but I never see an inbound connection to port 80 (the obfs4 port I chose). Why does the bridge have open circuits more often than the relay?
I couldn’t find any answers online, so I hope to clear things out here.
Regards,
m. _____________________________________________________________ GPG fingerprint: 6C3B 0069 30C4 0F16 E5F6 690E 7D2E 100E C3C4 7105 https://keys.openpgp.org/vks/v1/by-fingerprint/6C3B006930C40F16E5F6690E7D2E100EC3C47105
On 11/21/19 09:17, Mario Costa wrote:
Hello everyone,
I have some newbie questions and I hope this is the right place to ask them.
I started operating a relay on my VPS for a bit more than a month and everything seems to be going well. I constantly have about 200 outbound and 2000 inbound connections, but in nyx I almost never see any circuits. What does it mean? Do I see circuits only when someone is actually using my relay, i.e. in Tor Browser?
Thanks for supporting the network by running a relay. This is just a guess. I don't have a relay handy to check for myself.
As a relay, Tor probably doesn't export circuit events when it isn't the one creating the circuits. While the relay does know that someone is building a circuit through it and could report this over its control port to nyx, I don't think it does. If I'm wrong and it does report it, perhaps nyx is simply not telling you about it because there would be a *so many* circuits.
Regardless, this isn't indicative of a problem.
To further support the project I decided to run a bridge at home using a Raspberry Pi. How do I know when it is being used? I rarely see any traffic. Sometimes I see one outbound connection in nyx and some circuits open, but I never see an inbound connection to port 80 (the obfs4 port I chose). Why does the bridge have open circuits more often than the relay?
Thanks for running a bridge.
Check Tor's logs to make sure it is actually running and doesn't report issues. Search its hashed fingerprint on https://metrics.torproject.org/rs.html and make sure it is listed as up. Verify you did *not* set 'PublishServerDescriptor 0'. Verify you can use your bridge from outside your home. I once had a residential ISP that blocked inbound port 80 but not 443.
The circuits you see may be the ones the bridge has made for its own purposes (e.g. downloading new consensus documents). Your relay probably had these too sometimes.
If you check and verify that your bridge is running and usable, then you're simply not getting handed out to clients. This is to be expected for 1/4 of bridges IIRC in order to save them for a big censorship event. Even if you *are* getting handed out to clients, AIUI you shouldn't expect much usage and you probably shouldn't expect constant usage because there aren't many bridge users.
If Tor hasn't documented the above prominently on its bridge setup guide, they should. "Why isn't my bridge getting used?" is a FAQ. As outlined above, there's a lot of possible reasons, and one of them is "even though you didn't do anything wrong, this is by design."
Matt
Il giorno 21 nov 2019, alle ore 15:49, Matt Traudt pastly@torproject.org ha scritto:
Thanks for running a bridge.
Check Tor's logs to make sure it is actually running and doesn't report issues. Search its hashed fingerprint on https://metrics.torproject.org/rs.html and make sure it is listed as up. Verify you did *not* set 'PublishServerDescriptor 0'. Verify you can use your bridge from outside your home. I once had a residential ISP that blocked inbound port 80 but not 443.
This actually made me realize that my home router would not properly forward ports 80 and 443 from outside. I could connect to my bridge from the LAN (even using my external IP) but not from outside. I had to change to a non-standard port, unfortunately, because apparently 80 and 443 are used by the router’s web GUI even if I disabled external access to it. That’s a shame because I understand that ports 80 and 443 are less likely to be blocked by censors.
However, it’s still not clear to me how I can confirm anyone is using the bridge. When I connect to it, all I see in nyx are OUTBOUND connections and not even one inbound connection (maybe that’s by design in order to protect connecting users' privacy, I don’t know).
tor-relays@lists.torproject.org
-
Mario Costa -
Matt Traudt