[tor-relays] Exit from Different IP from OR Port
Dr Gerard Bulger
gerard at bulger.co.uk
Sat Nov 25 12:45:58 UTC 2017
Direct Exit to a different IP.
I naively thought that the proxy lines in torrc could to that via an https proxy. Alas that's not what that line is for!
I got an impression from earlier chats a while ago that exiting to a non-advertised IP was regarded as simply not cricket, in that the internet should know the IP or Tor exits exiting. The trouble now is too many are sites apply blanket bans on Tor exits.
I failed get a Tor on my VPS to use a VPN as the final exit, as my knowledge of routing is too limited. I kept cutting myself off from the branch I was sitting on fiddling with this remotely.
As some exits to do manage this, I wonder if anyone can post be a script or point me in the right direction as to how they do it.
Scenario: Set up a VPN connection. Have a script that in effect offers split tunnelling for TOR to allow exit via the VPN.
The OR port needs to remain local fixed IP. The default route of the VPN server remains local.
Doing everything in and out via most VPNs would not be useful as these services have very dynamic IPs.
Gerry
>>>Detecting exit nodes is error prone, as you point out. Some exit
>>> nodes have their traffic exit a different address than their
>>> listening port. Hey does Exonerator handle these?
>> Right. It's not trivial for tor to figure out what exit relays are
>> multi-homed -- at least not without actually establishing circuits
>> and fetching content over each exit relay.
>>
>> I just finished an exitmap scan and found 17 exit relays that exit
>> from an IP address that is different from what's listed in the
>> consensus:
> This mode of operation, regardless of how it happens, is not in itself
> a problem, nor cause for alarm. In fact, the nature of these "exit IP
> different than ORPort" relays can and often does assist users in
> circumventing censorship... a fundamental use case of Tor.
> For instance, the arbitrary automated and blind blocking via dumb
> blocklists that prevent even such most basic user activity and human
> right to knowledge as simply reading websites via Tor. Such blocking
> examples can often be found here:
> https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBl
> ockingTor
>
> It's also entirely up to the exit operator to determine if the third
> party non contractual / SLA exonerator service is of any particular
> use or benefit to them or not... perhaps they have other notary means,
> or are immune or not subject to any such legal or jurisdictional
> issues, for which it becomes moot.
>
> Similarly, realtime TorDNSEL and the like could be considered to be
> censorship enabling tools.
>
-----Original Message-----
From: tor-relays [mailto:tor-relays-bounces at lists.torproject.org] On Behalf Of teor
Sent: 25 November 2017 07:31
To: tor-relays at lists.torproject.org
Subject: Re: [tor-relays] Tor Metrics issue
> On 25 Nov 2017, at 17:36, Arisbe <arisbe at cni.net> wrote:
>
> In the immediate past I monitored both my relays and my bridges through atlas. So, now with Tor Metrics, I don't see my bridges. Am I doing something wrong or are they not in the data base?
How do you search for your relays and bridges?
T
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list