Hi all,
I am planning on running a bridge-relay but have a hard 1TB/month outgoing traffic limitation. Can someone help me with a torrc config that works for this setup?
Regards, Kali
Hi Kali,
you could just use the Accounting options like this:
AccountingMax 1 TB AccountingStart month 1 0:00 (<- this is default)
This will cause your relay to suspend until the end of the month after forwarding 1 TB of traffic. You might want to set the limit to 950GB instead.
Another option, if you want to avoid possible suspension at the end of the month, is using the RelayBandwidthRate and RelayBandwidthBurst options to limit the forwarding bandwidth.
Further explanation of the options can be found here: https://www.torproject.org/docs/tor-manual.html.en
Regards, Sven.
On 08/12/2013 06:33 AM, Kali Tor wrote:
Hi all,
I am planning on running a bridge-relay but have a hard 1TB/month outgoing traffic limitation.
Can someone help me with a torrc config that works for this setup?
[snip]
# networking SocksPort 0 ORPort [aaa.bbb.ccc.ddd]:9001 ORPort [0000:0000:0000:0000:0000:0000:0000:0000]:9001
# policy BridgeRelay 1 Exitpolicy reject *:* ContactInfo Not Dental <bridge AT toofar dOt com>
# 96% of (input=500GB + output=500GB) monthly traffic AccountingStart month 01 00:00 AccountingMax 480 GB
------------------------
Notes:
1. Delete IPv6 line if you don't have IPv6 networking.
2. Are you sure it is 1TB output and not 1TB of total monthly traffic?
3. CentOS/RHEL user here, so I can't advise you on the use of obsproxy.
4. In my experience, the chances of you actually moving 1TB/month of bridge traffic is very, very small.
Hope this helps.
Hi Steve,
I am planning on running a bridge-relay but have a hard 1TB/month outgoing traffic limitation.
Can someone help me with a torrc config that works for this setup?
[snip]
# networking SocksPort 0 ORPort [aaa.bbb.ccc.ddd]:9001 ORPort [0000:0000:0000:0000:0000:0000:0000:0000]:9001
# policy BridgeRelay 1 Exitpolicy reject *:* ContactInfo Not Dental <bridge AT toofar dOt com>
# 96% of (input=500GB + output=500GB) monthly traffic AccountingStart month 01 00:00 AccountingMax 480 GB
So I guess for me it will be 0.96*1000GB = 960GB?
- Delete IPv6 line if you don't have IPv6 networking.
Do have IPv6 and will enable.
- Are you sure it is 1TB output and not 1TB of total monthly traffic?
Yup, it is . http://wiki.hetzner.de/index.php/Traffic/en%C2%A0 "The monthly traffic is only calculated with outgoing traffic. Incoming and internal traffic is not calculated."
- CentOS/RHEL user here, so I can't advise you on the use of obsproxy.
I am actually in double minds about using obsproxy. Is there a demand for it?
- In my experience, the chances of you actually moving 1TB/month of
bridge traffic is very, very small.
I realise that but better to know and prepare for the best (?) case scenario.
Hope this helps.
It does indeed. Thanks.
Kali
On 08/13/2013 02:02 AM, Kali Tor wrote:
Hi Steve,
I am planning on running a bridge-relay but have a hard 1TB/month outgoing traffic limitation.
Can someone help me with a torrc config that works for this setup?
[snip]
# networking SocksPort 0 ORPort [aaa.bbb.ccc.ddd]:9001 ORPort [0000:0000:0000:0000:0000:0000:0000:0000]:9001
# policy BridgeRelay 1 Exitpolicy reject *:* ContactInfo Not Dental <bridge AT toofar dOt com>
# 96% of (input=500GB + output=500GB) monthly traffic AccountingStart month 01 00:00 AccountingMax 480 GB
So I guess for me it will be 0.96*1000GB = 960GB?
Yes, though I just made up that 96% figure as being slightly less than 100%, That allows for some non-Tor traffic such as installing OS updates and having bots try to log into your server during the course of the month.
- CentOS/RHEL user here, so I can't advise you on the use of obsproxy.
I am actually in double minds about using obsproxy. Is there a demand
for it?
Yes, there is. Apparently the Chinese authorities have gotten so good at detecting Tor nodes that obsproxy3 is the only way to hide from their detect-and-block program.
On 13.08.2013 08:02, Kali Tor wrote:
I am actually in double minds about using obsproxy. Is there a demand for it?
Yes! Please do set up obfsproxy.
On Tue, Aug 13, 2013 at 2:39 PM, Moritz Bartl moritz@torservers.net wrote:
On 13.08.2013 08:02, Kali Tor wrote:
I am actually in double minds about using obsproxy. Is there a demand
for it?
Yes! Please do set up obfsproxy.
Since obfsproxy bridges are usually really low traffic, I think the combination of an obfsproxy bridge and raspberrypi makes quite a bit of sense (that's what I'm running in any case, no problems so far (I also had to compile Tor for armv6 from source)) :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Kostas Jakeliunas:
On Tue, Aug 13, 2013 at 2:39 PM, Moritz Bartl moritz@torservers.net wrote:
On 13.08.2013 08:02, Kali Tor wrote:
I am actually in double minds about using obsproxy. Is there a demand
for it?
Yes! Please do set up obfsproxy.
Since obfsproxy bridges are usually really low traffic, I think the combination of an obfsproxy bridge and raspberrypi makes quite a bit of sense (that's what I'm running in any case, no problems so far (I also had to compile Tor for armv6 from source)) :)
I'm curious about this: since it appears the Great Firewall of China blocks (IP, port) tuples - is there any reason *not* to run a non-obfsproxy port on a bridge that is also running obfsproxy?
Currently on one of my bridges I run all three - the normal bridge protocol, obfs2 and obfs3 on different ports.
Best, - -Gordon M.
Gordon eo,
On Tue, 13 Aug 2013 08:08:52 -0700, Gordon Morehouse gordon@morehouse.me wrote:
Currently on one of my bridges I run all three - the normal bridge protocol, obfs2 and obfs3 on different ports.
In the hope to help others with a Pi, here my experiences with setting up obfs2 and obfs3.
While running/using Tor 0.2.4.16-rc build from source, I wanted the obfs2 and obfs3 'extensions'. I could have tried to follow the instructions for Debian based systems: https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en#in... but I didn't, I started with the 'build from source' plan: https://www.torproject.org/projects/obfsproxy-instructions.html.en#instructi... This didn't work for me. Although Python 2.7 was already installed on Raspbian, after getting apt-get to install python-pip, apt also installed python2.6-minimal and python2.6. So, I tried to make the binary with `pip install obfsproxy`. The result was there was no binary (forgot the error message). I pulled the source from git (git clone https://git.torproject.org/pluggable-transports/obfsproxy.git) and created the binary (python setup.py install). The binary was there, but after setting up Tor (ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed) I noticed that the binary was broken. What I then did was removing Python 2.6 (dpkg -P python2.6-minimal python2.6 python-pip) , removed the source files (rm -Rf /var/log/tor/build/ /usr/src/obfsproxy/) , did a new git clone and created the binary again (python setup.py install). Then, all was OK and the obfs2 and obfs3 bridges work!
Best regards
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
tor_bridge@mail.md:
Gordon eo,
On Tue, 13 Aug 2013 08:08:52 -0700, Gordon Morehouse gordon@morehouse.me wrote:
Currently on one of my bridges I run all three - the normal bridge protocol, obfs2 and obfs3 on different ports.
In the hope to help others with a Pi, here my experiences with setting up obfs2 and obfs3.
[snip]
Your pain might have been alleviated by using Pythonbrew (or pyenv?)[1] and virtualenv[2], too. On one of my non-Pi, straight Debian bridges, from torrc:
ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy --managed
The cool thing about Pythonbrew is that you can point other programs at the entry point script or the Python binary you want and it will run in the given virtualenv with whatever version of Python you like.
This may be doable, and it's likely always going to be much more up to date for Python projects than $distro's binary (or source!) packages.
It's also a lot more difficult than having binary Raspbian packages, and involves building Python from source on a Pi.
[1] https://github.com/utahta/pythonbrew [2] http://www.virtualenv.org/en/latest/
- -Gordon
tor-relays@lists.torproject.org
-
Gordon Morehouse -
Kali Tor -
Kostas Jakeliunas -
Moritz Bartl -
Steve Snyder -
Sven Reissmann -
tor_bridge@mail.md