[tor-relays] Confusing bridge signs...
Keifer Bly
keifer.bly at gmail.com
Thu Feb 23 16:28:00 UTC 2023
Hi,
So yes I had obfs4 installed. I accidentally set it to the same port as tor
without relazing, silly me. Here is my new torrc:
Nickname gbridge
ORPort 8080
SocksPort 0
BridgeRelay 1
PublishServerDescriptor bridge
BridgeDistribution email
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8081
ExtOrPort auto
Log notice file /var/log/tor/notices.log
ExitPolicy reject *:*
AccountingMax 50 GB
ContactInfo keiferdodderblyyatgmaildoddercom
I am wanting to limit to 50GB per month to avoid being overcharged. Would
this do that? Thanks.
--Keifer
On Thu, Feb 23, 2023 at 4:43 AM gus <gus at torproject.org> wrote:
> Hi Keifer,
>
> You can't use the same port.
>
> Here is a simple example:
>
> BridgeRelay 1
> ORPort 56331
> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> ServerTransportListenAddr obfs4 0.0.0.0:53333
> ExtORPort auto
> ContactInfo keiferdodderblyyatgmaildoddercom
> Log notice file /var/log/tor/notices.log
> BridgeDistribution email
> Nickname gbridge
> AccountingStart day 12:00
> AccountingMax 50 GB
>
>
> Example: Let's say you want to allow 50 GB of traffic every day in each
> direction and the accounting should reset at noon each day:
>
> For more details about AccountinMax, see this Support doc:
> https://support.torproject.org/relay-operators/limit-total-bandwidth/
>
> Did you also install obfs4proxy package? Because on Metrics it says
> that your bridge don't have any 'transport protocol'.
>
> cheers,
> Gus
>
> On Tue, Feb 21, 2023 at 08:23:44AM -0800, Keifer Bly wrote:
> > Ok, changed to port 8080 and upped my allowed traffic a bit:
> >
> > GNU nano 3.2
> > /etc/tor/torrc
> >
> >
> > Nickname gbridge
> > ORPort 8080
> > SocksPort 0
> > BridgeRelay 1
> > PublishServerDescriptor bridge
> > BridgeDistribution email
> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> > ServerTransportListenAddr obfs4 0.0.0.0:8080
> > ExtOrPort auto
> > Log notice file /var/log/tor/notices.log
> > ExitPolicy reject *:*
> > AccountingMax 50 GB
> > ContactInfo keiferdodderblyyatgmaildoddercom
> >
> > Yes, I have limited bandwidth I can give so as to avoid being
> > massively charged for traffic. Perhaps there is a way to set tor to only
> > allow traffic with a small connection? Thanks.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > --Keifer
> >
> >
> > On Tue, Feb 21, 2023 at 1:29 AM trinity pointard <
> trinity.pointard at gmail.com>
> > wrote:
> >
> > > > And the reason why it's on port 443 is so as to be on a port that's
> not
> > > likely blocked by network administrators.
> > >
> > > That might be useful for the ORPort of a relay, and for the obfs4 port
> > > of a bridge, but not for the ORPort of a bridge. Clients are not
> > > supposed to connect to it.
> > > The only reason it's exposed is because the bridge authority still
> > > requires it to verify the bridge is reachable. See
> > > https://gitlab.torproject.org/tpo/core/tor/-/issues/7349.
> > > You are better of using 443 for the ServerTransportListenAddr, and
> > > some high port for ORPort.
> > >
> > > On Tue, 21 Feb 2023 at 03:05, Keifer Bly <keifer.bly at gmail.com> wrote:
> > > >
> > > > Well,
> > > >
> > > > So I just changed my torrc to this:
> > > >
> > > > Nickname gbridge
> > > > ORPort 443
> > > > SocksPort 0
> > > > BridgeRelay 1
> > > > PublishServerDescriptor bridge
> > > > BridgeDistribution email
> > > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> > > > ServerTransportListenAddr obfs4 0.0.0.0:8080
> > > > ExtOrPort auto
> > > > Log notice file /var/log/tor/notices.log
> > > > ExitPolicy reject *:*
> > > > AccountingMax 50 GB
> > > > ContactInfo keiferdodderblyyatgmaildoddercom
> > > >
> > > > Trying to avoid being charged a huge amount for traffic as these VPS
> > > providers can be ridiculous when it comes to that, which is why it was
> set
> > > to so little. Ran killall -HUP tor to reload it and see that happens
> in the
> > > next day or so. And the reason why it's on port 443 is so as to be on a
> > > port that's not likely blocked by network administrators. Thank you.
> > > > --Keifer
> > > >
> > > >
> > > > On Mon, Feb 20, 2023 at 2:23 PM trinity pointard <
> > > trinity.pointard at gmail.com> wrote:
> > > >>
> > > >> Hi,
> > > >>
> > > >> Your torrc is correct wrt to distribution mechanism (your bridge is
> > > >> indicating "bridge-distribution-request any" in the descriptor it
> > > >> sends), but for the record, the line would have been
> > > >> "BridgeDistribution any".
> > > >> A bridge uses less bandwidth than a relay, but it's still a proxy.
> At
> > > >> 5GB per month, you'd be providing a steady 16kbps over the month,
> or a
> > > >> single mbps for little over 11 hours. That's very little, if you
> can't
> > > >> have more bandwidth (by using a provider with no bandwidth
> accounting,
> > > >> or one that gives better pricing per bandwidth), I fear your bridge
> > > >> won't be very useful at all. Mine consumes between a few hundred GB
> > > >> and a few TB depending on the distribution mechanism.
> > > >>
> > > >> Are you sure your bridge is reachable? Bridgestrap reports suggest
> it
> > > isn't.
> > > >> As the bridge operator, you should know its bridge line. Can you
> test
> > > >> it with Tor Browser to make sure?
> > > >> Given your accounting limits, it could be unreachable because
> > > >> currently hibernating. Or you could have a firewall issue, or
> > > >> something else.
> > > >> I believe not passing bridgestrap can explain not being assigned a
> > > >> distribution mechanism.
> > > >>
> > > >> It might also explain why it would be considered blocked in Russia:
> if
> > > >> it's not reachable from anywhere, it's not reachable from Russia. An
> > > >> other possibility, given you use 443 for your ORPort, is that your
> > > >> bridge was indeed detected by just scanning the whole internet. The
> > > >> ORPort is very recognizable (enough that some of my former bridges
> > > >> ended up tagged "tor" on Shodan) so it should be put on a port
> that's
> > > >> less likely to be scanned.
> > > >>
> > > >> Regards,
> > > >> trinity-1686a
> > > >>
> > > >> On Mon, 20 Feb 2023 at 21:29, Keifer Bly <keifer.bly at gmail.com>
> wrote:
> > > >> >
> > > >> > Where in the torrc file would I set it to any? I am looking for a
> way
> > > to run a bridge without being charged a huge amount of money for it,
> and I
> > > was curious how it would have been detected by Russia if noone had
> used the
> > > bridge there? Thanks.
> > > >> > --Keifer
> > > >> >
> > > >> >
> > > >> > On Mon, Feb 20, 2023 at 8:45 AM <lists at for-privacy.net> wrote:
> > > >> >>
> > > >> >> On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote:
> > > >> >> > Ok. Here is the torrc file:
> > > >> >> >
> > > >> >> > GNU nano 3.2 /etc/tor/torrc
> > > >> >> >
> > > >> >> >
> > > >> >> > Nickname gbridge
> > > >> >> > ORPort 443
> > > >> >> > SocksPort 0
> > > >> >> > BridgeRelay 1
> > > >> >> > PublishServerDescriptor bridge
> > > >> >> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> > > >> >> > ServerTransportListenAddr obfs4 0.0.0.0:8080
> > > >> >> > ExtOrPort auto
> > > >> >> > Log notice file /var/log/tor/notices.log
> > > >> >> > ExitPolicy reject *:*
> > > >> >> > AccountingMax 5 GB
> > > >> >> > ContactInfo keiferdodderblyyatgmaildoddercom
> > > >> >> >
> > > >> >> >
> > > >> >> > Where in this torrc file is that configured?
> > > >> >> Then set it to 'any' and wait 24-48 hours to see what happens.
> Maybe
> > > there was
> > > >> >> an error in the db.
> > > >> >>
> > > >> >> If your bridge is still not distributed, it could be due to the
> > > outdated
> > > >> >> obfs4proxy or because of 'AccountingMax 5 GB'.
> > > >> >> Sorry but, 5 GB is a 'fart in the wind' the accounting period
> would
> > > only be a
> > > >> >> few hours a month. It's not even worth distributing them because
> it
> > > would only
> > > >> >> frustrate the users.
> > > >> >>
> > > >> >> > And how would it be blocked in
> > > >> >> > Russia already if it hasn't even been used?
> > > >> >> Why should this new feature of the bridgedb, more precisely the
> > > rdsys backend,
> > > >> >> have anything to do with whether someone uses a bridge? This is a
> > > bridgedb
> > > >> >> distribution method introduced by meskio.
> > > >> >>
> > > >> >>
> > > >> >> --
> > > >> >> ╰_╯ Ciao Marco!
> > > >> >>
> > > >> >> Debian GNU/Linux
> > > >> >>
> > > >> >> It's free software and it gives you
> > > freedom!_______________________________________________
> > > >> >> tor-relays mailing list
> > > >> >> tor-relays at lists.torproject.org
> > > >> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > > >> >
> > > >> > _______________________________________________
> > > >> > tor-relays mailing list
> > > >> > tor-relays at lists.torproject.org
> > > >> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > > >> _______________________________________________
> > > >> tor-relays mailing list
> > > >> tor-relays at lists.torproject.org
> > > >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > > >
> > > > _______________________________________________
> > > > tor-relays mailing list
> > > > tor-relays at lists.torproject.org
> > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > > _______________________________________________
> > > tor-relays mailing list
> > > tor-relays at lists.torproject.org
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > >
>
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> --
> The Tor Project
> Community Team Lead
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230223/a3968f03/attachment-0001.htm>
More information about the tor-relays
mailing list