[tor-relays] Extreme Exit Policy
Mirimir
mirimir at riseup.net
Fri Dec 21 14:50:25 UTC 2018
On 12/18/2018 09:32 PM, grarpamp wrote:
>>> Another more surprising impact for you is that your ssh connections would,
>>> counterintuitively, die more often.
>>>
>>> That's because Tor has a LongLivedPorts option, where streams for those
>>> destination ports use circuits with all Stable-flagged relays, and 22
>>> is in the list but 443 is not:
>>>
>>> LongLivedPorts PORTS
>>> A list of ports for services that tend to have long-running
>>> connections (e.g. chat and interactive shells). Circuits for
>>> streams that use these ports will contain only high-uptime
>>> nodes,
>>> to reduce the chance that a node will go down before the stream
>>> is
>>> finished. Note that the list is also honored for circuits (both
>>> client and service side) involving hidden services whose
>>> virtual
>>> port is in this list. (Default: 21, 22, 706, 1863, 5050, 5190,
>>> 5222, 5223, 6523, 6667, 6697, 8300)
>
>> And re .onion services, it's interesting that OnionCat port 8060 isn't
>> on the list.
>
> Nice. Considering all that is, and can be, stuffed over
> OnionCat, including the above, 8060 could probably be
> added to the list. Similar could perhaps be said for
> any tunneling protocols... OpenVPN, etc.
Well, I just use a bash wrapper for OnionCat. Basically, it checks "ip
a" (or ping6 an OnionCat heartbeat server). If the test fails, it checks
Tor status. And then it restarts Tor (if necessary) and then OnionCat.
More information about the tor-relays
mailing list