[tor-relays] Relay with VPN

s7r s7r at sky-ip.org
Wed Nov 28 12:23:38 UTC 2018

11:18 PM, deadcow at tuta.io wrote:
> Hi everyone, first time ever using mailing lists. Please let me know if something I'm doing wrong. 
> I'd like to run a middle relay. 
> I'm using Linux mint 19
> The question. Can i set up relay through VPN? (nordvpn) 
> Or if i want relay i have to stop using vpn? 
>  Thank you for help
> ---
> Google, Facebook, The government and others are spying on your emails! 
> Securely sent with Tutanota. Claim your encrypted mailbox today! 
> https://tutanota.com


Thanks for your interest in running a relay.

You say you want to run a middle relay, why do you want to run it behind
a VPN in this case? Middle relays get no abuse complaints or anything as
they can not be used as exit points. Maybe you can explain to us why you
think you need to run your middle relay behind a VPN, do you have a
particular reason? Because for Tor running a relay behind a VPN is not a
 + on security or privacy at all, instead it just complicates things.

Secondly, if you have justified reason to still want to use a VPN on a
middle relay, here are some things you need to take into consideration
as well as disadvantages:

- you will have higher latency;
- the bandwidth of your relay will be of the speed of the VPN itself,
and shared VPN usually are slow for high grade server connections that
run 24x7 with constant bandwidth usage;
- when the VPN tunnel will fail, due to an endpoint problem or internet
connectivity problem or route to destination problem, etc., the relay
will update its descriptor with the real IP address instead of the VPN
address, and when the VPN tunnel connects again change again and so on
until clients will be confused. One way around this is for your to
specify 'Address' in torrc and bind to explicit <address>:<port>.

- you don't need just any VPN, you need a VPN with a public and static
IP address, so that you can actually open ports on that IP address
applications can bind and listen to certain ports. A normal shared VPN
that just changes the IP address for browsing is not sufficient, because
that does not assign a public static IP address directly.

There are VPN services out there that offer public and static IP
addresses, but they are more expensive.

- you should tell the VPN provider that you plan to use the maximum
available bandwidth 24x7, because all say it's unlimited because they
think "nobody will use that much", but when running Tor relays this is
not true.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20181128/43627415/attachment.sig>

More information about the tor-relays mailing list