[tor-relays] Hello new exit operator F3 Netze

Sat Mar 24 14:23:54 UTC 2018

Hi Nusenu

Am Samstag, den 24.03.2018, 13:51 +0000 schrieb nusenu:
> Hi Tim,
> 
> > > I saw you recently added 8 new 
> > > tor exit instances and wanted to thank you for
> > > contributing exit bandwidth to the tor network!
> > 
> > At the moment this is a (small) Host with 10 GBE and multiple
> > addresses. I hope the computing power is enough to handle a bunch
> > of
> > Tor traffic. We need to get a bit more experience with that.
> 
> May I ask what CPU you use and how much memory the system has?

At time of writing, the VM has 4 cores of Xeon E3-1230 V2 @ 3.30GHz
with 8 GB of main memory. The VM has 4 IPv4 addresses and a complete
/48 IPv6 prefix.

The system is not operated in a data center and the physical space is
limited so it's not as powerful as we would like to.

My plan is to observe the system a bit over the next weeks. If it's
clear to low computing power, I would love to make a 'Plan B'.

> > > I saw your have IPv6 addresses [2]. If your connectivity/routing
> > > allows also
> > > for IPv6 exiting and ORPorts, enabling IPv6 on your exits would
> > > be
> > > great and appreciated.
> > 
> > Currently we still building up the network. So, yes, it's planned
> > and
> > in the last hour we configured the addresses. But it will take some
> > time until the prefix is announced completely.
> 
> Note that if you enable IPv6 without having proper IPv6 connectivity
> your
> relays will drop out of consensus, so it is best to ensure proper 
> IPv6 connectivity before enabling IPv6 on your relays.
Yes, thanks for the advice. I will wait until the reachability is good.

> > Yes, it's the ansible-relayor. Great work, and btw: Thank you!
> > 
> > But unfortunately, atlas recognized only the two instances on the
> > main
> > IP. 
> 
> You can _not_ have more than two tor instances per public IPv4
> address.
The system has 4 public IPv4 addresses.

> This is to avoid that someone adds many instances on a single IP
> (Sybil attack).
> Unless you modify it, ansible-relayor makes sure you do not configure
> more than 2 instances per IPv4.
We have 8 instances for 4 public IP's. So 2 instances per IP.

> > So I manipulated the template a bit, so that the 'Address'-config
> > is added to the torrc. I'm currently unsure if it's a bug or if
> > I've a
> > misunderstanding. Still learning.. ;)
> 
> Unless you have some unusual NAT you should never need to add the
> "Address"
> config (ansible-relayor supports it after someone with a rather
> unusual 
> network setup requested it).
There is no NAT.

I don't know, but it seemed to me, that Tor wasn't able to use the
correct IPs:
--- %< ---
Mär 22 02:19:47 tor Tor-185.220.100.253_9000[586]: Your server (185.220.100.252:9000) has not managed to conf
irm that its ORPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Ple
ase check your firewalls, ports, address, /etc/hosts file, etc.
--- >% ---

This looked to me that the instance on 185.220.100.253:9000 "thought"
it has the 185.220.100.252:9000. That's the reason for my idea to add
the 'Address'-setting.

> If I'm misunderstanding you, or if there is a bug in ansible-relayor
> please let me know.
Don't know. Currently I'm not able to decide. ;)

Tim

>  
> > > thanks for joining the network and happy packet forwarding!
> > 
> > Please don't hesitate to contact me if there is any problem with
> > our
> > Tor relay.
> 
> It is always good to be able to reach relay operators, thanks.
> nusenu
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180324/2b7ebdab/attachment.sig>