[tor-relays] Relay with VPN
deadcow at tuta.io
deadcow at tuta.io
Thu Nov 29 22:24:31 UTC 2018
Hi
thanks for the answers.
I understand your answers. I can not agree or disagree because I have no idea about it so I believe you and I wont do Relay with VPN :)
I am using VPN all the time and I wanted to try run relay.... what you say make sense, so for the time I try, i'll disconnect VPN.
I just want to see that my internet is good enough to run it 10/1 but as i've read in the instructions maybe bridge would be better for me ...
i have access to internet 120/10 so i could set up relay on that but i need a PC with linux and remote control so getting complicated ...
first try out what i have, if cool, later try more and more :)
I love the concept of tor, I'd like to promote it :)
question: can be laptop ? i think why not, but maybe i'm wrong
thanks for helps :)
---
Google, Facebook, The government and others are spying on your emails!
DO YOU LIKE IT? If not, CHANGE!
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com
Nov 28, 2018, 11:53 PM by tor-relays-request at lists.torproject.org:
> Send tor-relays mailing list submissions to
> > tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>
>
> To subscribe or unsubscribe via the World Wide Web, visit
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
> or, via email, send a message with subject or body 'help' to
> > tor-relays-request at lists.torproject.org <mailto:tor-relays-request at lists.torproject.org>
>
> You can reach the person managing the list at
> > tor-relays-owner at lists.torproject.org <mailto:tor-relays-owner at lists.torproject.org>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tor-relays digest..."
>
>
> Today's Topics:
>
> 1. Re: Relay with VPN (s7r)
> 2. Compatibility issue with OpenSSL 1.1.1a (Nick Mathewson)
> 3. Re: Relay with VPN (Roger Dingledine)
> 4. Re: tor relay warning - what is mean ? (> dlugasny at protonmail.com <mailto:dlugasny at protonmail.com>> )
> 5. Re: Relay with VPN (teor)
> 6. Re: tor relay warning - what is mean ? (teor)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 28 Nov 2018 14:23:38 +0200
> From: s7r <> s7r at sky-ip.org <mailto:s7r at sky-ip.org>> >
> To: > tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>
> Subject: Re: [tor-relays] Relay with VPN
> Message-ID: <> eba112e6-f60b-6278-2bf3-e86c34dc0dc4 at sky-ip.org <mailto:eba112e6-f60b-6278-2bf3-e86c34dc0dc4 at sky-ip.org>> >
> Content-Type: text/plain; charset="utf-8"
>
> 11:18 PM, > deadcow at tuta.io <mailto:deadcow at tuta.io>> wrote:
>
>> Hi everyone, first time ever using mailing lists. Please let me know if something I'm doing wrong.
>>
>> I'd like to run a middle relay.
>> I'm using Linux mint 19
>>
>> The question. Can i set up relay through VPN? (nordvpn)
>> Or if i want relay i have to stop using vpn?
>> Thank you for help
>>
>>
>> ---
>> Google, Facebook, The government and others are spying on your emails!
>> DO YOU LIKE IT? If not, CHANGE!
>> Securely sent with Tutanota. Claim your encrypted mailbox today!
>> https://tutanota.com <https://tutanota.com>
>>
>
> Hello,
>
> Thanks for your interest in running a relay.
>
> You say you want to run a middle relay, why do you want to run it behind
> a VPN in this case? Middle relays get no abuse complaints or anything as
> they can not be used as exit points. Maybe you can explain to us why you
> think you need to run your middle relay behind a VPN, do you have a
> particular reason? Because for Tor running a relay behind a VPN is not a
> + on security or privacy at all, instead it just complicates things.
>
> Secondly, if you have justified reason to still want to use a VPN on a
> middle relay, here are some things you need to take into consideration
> as well as disadvantages:
>
> - you will have higher latency;
> - the bandwidth of your relay will be of the speed of the VPN itself,
> and shared VPN usually are slow for high grade server connections that
> run 24x7 with constant bandwidth usage;
> - when the VPN tunnel will fail, due to an endpoint problem or internet
> connectivity problem or route to destination problem, etc., the relay
> will update its descriptor with the real IP address instead of the VPN
> address, and when the VPN tunnel connects again change again and so on
> until clients will be confused. One way around this is for your to
> specify 'Address' in torrc and bind to explicit <address>:<port>.
>
> - you don't need just any VPN, you need a VPN with a public and static
> IP address, so that you can actually open ports on that IP address
> applications can bind and listen to certain ports. A normal shared VPN
> that just changes the IP address for browsing is not sufficient, because
> that does not assign a public static IP address directly.
>
> There are VPN services out there that offer public and static IP
> addresses, but they are more expensive.
>
> - you should tell the VPN provider that you plan to use the maximum
> available bandwidth 24x7, because all say it's unlimited because they
> think "nobody will use that much", but when running Tor relays this is
> not true.
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 488 bytes
> Desc: OpenPGP digital signature
> URL: <> http://lists.torproject.org/pipermail/tor-relays/attachments/20181128/43627415/attachment-0001.sig <http://lists.torproject.org/pipermail/tor-relays/attachments/20181128/43627415/attachment-0001.sig>> >
>
> ------------------------------
>
> Message: 2
> Date: Wed, 28 Nov 2018 07:47:05 -0500
> From: Nick Mathewson <> nickm at torproject.org <mailto:nickm at torproject.org>> >
> To: > tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>
> Subject: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
> Message-ID:
> <> CAKDKvuzKfLRS+eNwGSFjdCWMnLZ=MBGZcZQTAqs9VV+zQKgvWg at mail.gmail.com <mailto:CAKDKvuzKfLRS+eNwGSFjdCWMnLZ=MBGZcZQTAqs9VV+zQKgvWg at mail.gmail.com>> >
> Content-Type: text/plain; charset="UTF-8"
>
> Hi, folks!
>
> You should know that there is a compatibility issue between Tor and
> OpenSSL 1.1.1a, when TLS 1.3 is in use. Only OpenSSL 1.1.1a is
> affected; other OpenSSL versions are not. The effect here is that Tor
> relays using this version of OpenSSL will not be able to negotiate TLS
> 1.3 connections with one another.
>
> This is caused by a regression in OpenSSL 1.1.1a's implementation of
> tls13_hkdf_expand() function. For more information, see
> https://trac.torproject.org/projects/tor/ticket/28616 <https://trac.torproject.org/projects/tor/ticket/28616>
>
> We're looking into possible mitigations.
>
> best wishes,
> --
> Nick
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 28 Nov 2018 15:10:58 -0500
> From: Roger Dingledine <> arma at mit.edu <mailto:arma at mit.edu>> >
> To: > tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>
> Subject: Re: [tor-relays] Relay with VPN
> Message-ID: <> 20181128201058.GN25350 at moria.seul.org <mailto:20181128201058.GN25350 at moria.seul.org>> >
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, Nov 28, 2018 at 02:23:38PM +0200, s7r wrote:
>
>> as well as disadvantages:
>>
>> - you will have higher latency;
>> - the bandwidth of your relay will be of the speed of the VPN itself,
>> and shared VPN usually are slow for high grade server connections that
>> run 24x7 with constant bandwidth usage;
>>
>
> Another disadvantage to consider: if you run your relay via a VPN, then
> you are expanding the surface area of who around the internet gets to
> see the Tor traffic flowing through your relay. It's encrypted, yes, but
> encryption doesn't hide traffic characteristics like timing and volume.
>
> So it's not just a performance issue, it's also a security issue. The
> farther away from your relay the VPN is, the more the traffic is
> traversing parts of the network it doesn't really need to, and the more
> appealing it becomes to instead "just run a relay where the VPN is".
>
> --Roger
>
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 28 Nov 2018 21:29:21 +0000
> From: > dlugasny at protonmail.com <mailto:dlugasny at protonmail.com>
> To: "> tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>> "
> <> tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>> >
> Subject: Re: [tor-relays] tor relay warning - what is mean ?
> Message-ID:
> <> zlGqdFsz512KxN9MuJfUefEPa5oqT6cm8NM3wF2VVcOBDKFNuliEw4u5QEJnLlx3byAH78_SIN9dswdbZtYPoPeXSThHNPOaUTfE8AR-CJw=@protonmail.com <mailto:zlGqdFsz512KxN9MuJfUefEPa5oqT6cm8NM3wF2VVcOBDKFNuliEw4u5QEJnLlx3byAH78_SIN9dswdbZtYPoPeXSThHNPOaUTfE8AR-CJw=@protonmail.com>> >
>
> Content-Type: text/plain; charset=UTF-8
>
> Hi,
>
> today I have found this. If You need more informations please let me know.
>
>
> 16:48:56 [WARN] {BUG} Bug: 0x1076f25 <_start+0xa5> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: 0x1077119 <main+0x19> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: 0x107727c <tor_main+0x4c> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: 0x107bfe9 <tor_run_main+0xb9> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: 0x107a221 <do_main_loop+0x411> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: 0x801b4de1f <event_base_loop+0x51f> at /usr/local/lib/libevent-2.1.so.6 (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: 0x801b51cd2 <event_base_assert_ok_nolock_+0xa92> at /usr/local/lib/libevent-2.1.so.6 (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: 0x107fc3e <tor_run_main+0x3d0e> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: 0x107e55b <tor_run_main+0x262b> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: 0x11caf6a <tor_bug_occurred_+0x10a> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: 0x11aff98 <log_backtrace+0x48> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} Bug: Non-fatal assertion !(connection_is_reading(conn)) failed in conn_close_if_marked at src/or/main.c:1047. Stack trace: (on Tor 0.3.4.9
> │ 4ac3ccf2863b86e7)
> │ 16:48:56 [WARN] {BUG} tor_bug_occurred_: Bug: src/or/main.c:1047: conn_close_if_marked: Non-fatal assertion !(connection_is_reading(conn)) failed. (on Tor 0.3.4.9
> │ 4ac3ccf2863b86e7)
>
> Cheers
> Dlugasny
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Wednesday, November 28, 2018 5:02 AM, teor <> teor at riseup.net <mailto:teor at riseup.net>> > wrote:
>
>> Hi,
>>
>> Thanks for reporting this bug.
>>
>> > On 28 Nov 2018, at 04:10, >> dlugasny at protonmail.com <mailto:dlugasny at protonmail.com>>> wrote:
>> > does any could tell me what is mean that Warn ?
>> > 16:32:33 [WARN] {BUG} Bug: 0x1076f25 <_start+0xa5> at /usr/local/bin/tor (on Tor 0.3.4.9 4ec3ccf2863b86e7)
>> > │ 16:32:33 [WARN] {BUG} Bug: 0x1077119 <main+0x19> at /usr/local/bin/tor (on Tor 0.3.4.9 4ec3ccf2863b86e7)
>> > │ 16:32:33 [WARN] {BUG} Bug: 0x107727c <tor_main+0x4c> at /usr/local/bin/tor (on Tor 0.3.4.9 4ec3ccf2863b86e7)
>> > │ 16:32:33 [WARN] {BUG} Bug: 0x107bfe9 <tor_run_main+0xb9> at /usr/local/bin/tor (on Tor 0.3.4.9 4ec3ccf2863b86e7)
>> > │ 16:32:33 [WARN] {BUG} Bug: 0x107a221 <do_main_loop+0x411> at /usr/local/bin/tor (on Tor 0.3.4.9 4ec3ccf2863b86e7)
>> > ─┘ 16:32:33 [WARN] {BUG} Bug: 0x801b4de1f <event_base_loop+0x51f> at /usr/local/lib/libevent-2.1.so.6 (on Tor 0.3.4.9 4ec3ccf2863b86e7)
>>
>> Tor bugs come with a log message that tells us the assertion that failed.
>> Is there any more log output around this bug?
>>
>> > I extracted that from Nyx.
>> > FreeBSD 11.1
>>
>> We recently fixed a FreeBSD bug with a similar stacktrace.
>> We're testing the fix in 0.3.5 before we backport it.
>>
>> https://trac.torproject.org/projects/tor/ticket/27750 <https://trac.torproject.org/projects/tor/ticket/27750>
>>
>> T
>>
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 29 Nov 2018 08:48:18 +1000
> From: teor <> teor at riseup.net <mailto:teor at riseup.net>> >
> To: > tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>
> Subject: Re: [tor-relays] Relay with VPN
> Message-ID: <> 86A827DB-F7BA-4419-8C5A-449E4EF2527E at riseup.net <mailto:86A827DB-F7BA-4419-8C5A-449E4EF2527E at riseup.net>> >
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> Just one clarification:
>
>> On 28 Nov 2018, at 22:23, s7r <>> s7r at sky-ip.org <mailto:s7r at sky-ip.org>>> > wrote:
>>
>> You say you want to run a middle relay, why do you want to run it behind
>> a VPN in this case? Middle relays get no abuse complaints or anything as
>> they can not be used as exit points.
>>
>
> Occasionally, clients will ask middle relays to connect to another server
> as if it was a relay. We don't know why this happens: it could be a custom
> Tor client bug. It's a pretty useless attack, because it's slow, and it
> provides very little information about the server.
>
> It's very unlikely you will get an abuse notice from activity like this.
>
> T
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 833 bytes
> Desc: Message signed with OpenPGP
> URL: <> http://lists.torproject.org/pipermail/tor-relays/attachments/20181129/87079614/attachment-0001.sig <http://lists.torproject.org/pipermail/tor-relays/attachments/20181129/87079614/attachment-0001.sig>> >
>
> ------------------------------
>
> Message: 6
> Date: Thu, 29 Nov 2018 08:53:47 +1000
> From: teor <> teor at riseup.net <mailto:teor at riseup.net>> >
> To: > tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>
> Subject: Re: [tor-relays] tor relay warning - what is mean ?
> Message-ID: <> CA109058-D223-4CC3-B5A5-D36AA567DE90 at riseup.net <mailto:CA109058-D223-4CC3-B5A5-D36AA567DE90 at riseup.net>> >
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
>> On 29 Nov 2018, at 07:29, >> dlugasny at protonmail.com <mailto:dlugasny at protonmail.com>>> wrote:
>>
>> today I have found this. If You need more informations please let me know.
>>
>>
>> 16:48:56 [WARN] {BUG} Bug: 0x1076f25 <_start+0xa5> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: 0x1077119 <main+0x19> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: 0x107727c <tor_main+0x4c> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: 0x107bfe9 <tor_run_main+0xb9> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: 0x107a221 <do_main_loop+0x411> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: 0x801b4de1f <event_base_loop+0x51f> at /usr/local/lib/libevent-2.1.so.6 (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: 0x801b51cd2 <event_base_assert_ok_nolock_+0xa92> at /usr/local/lib/libevent-2.1.so.6 (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: 0x107fc3e <tor_run_main+0x3d0e> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: 0x107e55b <tor_run_main+0x262b> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: 0x11caf6a <tor_bug_occurred_+0x10a> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: 0x11aff98 <log_backtrace+0x48> at /usr/local/bin/tor (on Tor 0.3.4.9 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} Bug: Non-fatal assertion !(connection_is_reading(conn)) failed in conn_close_if_marked at src/or/main.c:1047. Stack trace: (on Tor 0.3.4.9
>> │ 4ac3ccf2863b86e7)
>> │ 16:48:56 [WARN] {BUG} tor_bug_occurred_: Bug: src/or/main.c:1047: conn_close_if_marked: Non-fatal assertion !(connection_is_reading(conn)) failed. (on Tor 0.3.4.9
>> │ 4ac3ccf2863b86e7)
>>
>>> ...
>>>
>>>> I extracted that from Nyx.
>>>> FreeBSD 11.1
>>>>
>>>
>>> We recently fixed a FreeBSD bug with a similar stacktrace.
>>> We're testing the fix in 0.3.5 before we backport it.
>>>
>>> https://trac.torproject.org/projects/tor/ticket/27750 <https://trac.torproject.org/projects/tor/ticket/27750>
>>>
>
> It looks like bug #27750.
>
> It is safe to ignore these warnings.
>
> The bug should be fixed in the next 0.3.4 release, or you can use 0.3.3.10 or
> 0.3.5.5-alpha.
>
> T
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 833 bytes
> Desc: Message signed with OpenPGP
> URL: <> http://lists.torproject.org/pipermail/tor-relays/attachments/20181129/e5119907/attachment.sig <http://lists.torproject.org/pipermail/tor-relays/attachments/20181129/e5119907/attachment.sig>> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
>
>
> ------------------------------
>
> End of tor-relays Digest, Vol 94, Issue 37
> ******************************************
>
More information about the tor-relays
mailing list