[tor-relays] New operator

Thu Nov 21 14:49:35 UTC 2019

On 11/21/19 09:17, Mario Costa wrote:
> Hello everyone,
> 
> I have some newbie questions and I hope this is the right place to ask them.
> 
> I started operating a relay on my VPS for a bit more than a month and
> everything seems to be going well. I constantly have about 200 outbound
> and 2000 inbound connections, but in nyx I almost never see any
> circuits. What does it mean? Do I see circuits only when someone is
> actually using my relay, i.e. in Tor Browser?
> 

Thanks for supporting the network by running a relay. This is just a
guess. I don't have a relay handy to check for myself.

As a relay, Tor probably doesn't export circuit events when it isn't the
one creating the circuits. While the relay does know that someone is
building a circuit through it and could report this over its control
port to nyx, I don't think it does. If I'm wrong and it does report it,
perhaps nyx is simply not telling you about it because there would be a
*so many* circuits.

Regardless, this isn't indicative of a problem.

> To further support the project I decided to run a bridge at home using a
> Raspberry Pi. How do I know when it is being used? I rarely see any
> traffic. Sometimes I see one outbound connection in nyx and some
> circuits open, but I never see an inbound connection to port 80 (the
> obfs4 port I chose). Why does the bridge have open circuits more often
> than the relay?
> 
Thanks for running a bridge.

Check Tor's logs to make sure it is actually running and doesn't report
issues. Search its hashed fingerprint on
https://metrics.torproject.org/rs.html and make sure it is listed as up.
Verify you did *not* set 'PublishServerDescriptor 0'. Verify you can use
your bridge from outside your home. I once had a residential ISP that
blocked inbound port 80 but not 443.

The circuits you see may be the ones the bridge has made for its own
purposes (e.g. downloading new consensus documents). Your relay probably
had these too sometimes.

If you check and verify that your bridge is running and usable, then
you're simply not getting handed out to clients. This is to be expected
for 1/4 of bridges IIRC in order to save them for a big censorship
event. Even if you *are* getting handed out to clients, AIUI you
shouldn't expect much usage and you probably shouldn't expect constant
usage because there aren't many bridge users.

If Tor hasn't documented the above prominently on its bridge setup
guide, they should. "Why isn't my bridge getting used?" is a FAQ. As
outlined above, there's a lot of possible reasons, and one of them is
"even though you didn't do anything wrong, this is by design."

Matt