On 06/25/2015 02:38 AM, Mike Perry wrote:
> I've added them back in,
May I ask, why 465 was added onto a the same line as kpasswd - are they
connected to each other ?
--
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E
___
tor-relays
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hhm,
found this in the log:
Jun 28 03:58:37.000 [warn] Our clock is 1 minutes, 23 seconds behind the time
published in the consensus network status document (2015-06-28 02:00:00 UTC).
Tor needs an accurate clock to work correctly. Please check y
I do wonder, why a python script [1], lines 22 and 113, nowadays returns
"00:00:00" for the uptime of my exit relay, when the system was rebooted,
whereas in former times '00:01:01' (= 61 sec) was returned.
FWIW the only local change before reboot here was to switch from Gentoo
hardened kernel 4
On 06/28/2015 04:36 PM, s7r wrote:
> Are you using a virtual machine as well? If yes, the answer might be
> that the host is overwriting your guest (vm) clock. You can either
> disable hwclock, either disable ntp on guest (vm) operating system and
> rely on the clock of your host server.
Nope, it
Reading "[tor-relays] unflagged BAD EXIT nodes" /me wonders, such a feature
would makes sense.
Technically this could yield to a ./torrc.d config directory, where tor users
could store the (regular updated) list/s they do trusts.
--
Toralf, pgp key: 872AE508 0076E94E
__
Starting with 12th ojf June I do get at my tor relay a lot of sslog entries
like :
Jul 14 14:35:49 tor-relay kernel: [68591.883586] nf_conntrack: falling back to
vmalloc.
Jul 14 14:35:49 tor-relay kernel: [68591.884749] nf_conntrack: falling back to
vmalloc.
Jul 14 14:41:11 tor-relay kernel: [6
On 07/17/2015 10:41 AM, fatal wrote:
> Hello,
>
> I got an abuse report from Webiron requesting me to block a /24 subnet.
> Accordingly I added "ExitPolicy reject xxx.xxx.xxx.0/24:*" to my torrc
> file. Looking at the Exit Policy Information at atlas and torstatus
> xxx.xxx.xxx.0/24 doesn't get li
On 07/17/2015 05:53 PM, Speak Freely wrote:
> Hi Jonathan,
>
> It is a relatively common question, I ask it all the time.
>
> There are a few things you can try to do. Read all 4 before you make a
> decision.
>
> 1) Try turning your exit relay into a guard relay (ExitPolicy reject
> *:*). If no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/19/2015 10:47 PM, Tim Semeijn wrote:
> All bigger Tor relay operators will probably already do it this way,
Hhm, I just used dnsmasq here, isn't that enough ?
If not: where is a preferred /best practise solution documented in the WIKI ?
- -
-BEGIN PGP MESSAGE-
Charset: utf-8
Version: GnuPG v2
hQQOA9vCYl42+L0WEBAArg1D4faK3HdxN9Zqql89LPgFAdUVfIuyS+HdMpeHYGcU
bHuEAiFA20YWtXTqvEQZ3T1FFCN5tX3psIJdfSUmvIEo8Q8vvK18g2wAiyXUp+aG
Rvm4KLfjVIYVNTO4jc3t9rFiaIhE1OtF9IY41Cr9UPZ4ICkg2Yszvy49F9FVPrjY
vEvu0ng3FIdFVdNTXFg+UZ+qN7Rvv/P2cWlcgLfltE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/23/2015 02:26 PM, Pascal Terjan wrote:
> You message seems encrypted with your own key so only you can read it.
Ick, again here just signed :
Got the warnings messages today morning for the first time -I'm just curioius
if somebody else was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/23/2015 03:38 PM, Steve Snyder wrote:
> Seen with v0.2.6.10.
yep, 0.2.6.10 here too
- --
Toralf, pgp key: 872AE508 0076E94E
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlWxNL0ACgkQxOrN3gB26U4eBQEAh8Vdxp1dxod0hYpmiCIEPJkV
9jw
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/23/2015 09:59 PM, Roger Dingledine wrote:
> If your DirPorts are on port 80, it might even just be a random bad
> person on the Internet who thinks he is attacking webservers, and
> doesn't even know it is Tor.
>
indeed - port 80 here.
> I gu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/25/2015 08:40 PM, Roman Mamedov wrote:
> Hello,
>
> If anyone is planning to spin up a new VM or dedi to run a Tor relay and want
> it to be put instantly into good use (without wasting couple of weeks to a
> month for the whole "unmeasured re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/15/2015 09:42 PM, spiros_spi...@freemail.gr wrote:
> I am now receiving average of 2-3 per week.
Got about a dozen after I opened port 80 for a day or so. Had to close
that port again.
- --
Toralf, pgp key: 872AE508 0076E94E
-BEGIN PGP S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/15/2015 10:36 PM, but...@gmx.de wrote:
>
> So I decided to go a controversial way - I installed an IDS/IPS + strong
> firewall rules.
Great cinema, this violates point "3." of
http://www.gesetze-im-internet.de/tmg/__8.html
- --
Toralf, pg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Looking at the daily traffic stats got from my ISP I had an Incoming of 50
GB/day and Outgoing of 1.6 GB with version 0.2.6.10 whereas the -rc now gives 8
GB Incoming and 0.06 Outgoing.
Anybody with similar experiences ?
- --
Toralf, pgp key: 87
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/28/2015 09:07 PM, Roman Mamedov wrote:
> You forgot to mention what IPv6 has to do with any of this, i.e. why do you
> think that this difference is specifically IPv6-related.
My exit relay F1BE15429B3CE696D6807F4D4A58B1BFEC45C822 has an overa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/28/2015 10:53 PM, Marcin Cieslak wrote:
> Could this be something related to
> https://trac.torproject.org/projects/tor/ticket/17149 ?
The version I run here is already fixed (that issue was in a pre-release of
0.2.7.3-rc - I'm the bug report
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Recently I realized these log messages
tor-relay ~ # zgrep SYN /var/log/kern*
/var/log/kern.log:Oct 11 13:43:47 tor-relay kernel: [132045.057945] TCP:
request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check
SNMP counters.
/v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/12/2015 07:04 PM, ZEROF wrote:
> Hi,
>
> Or your server can't eat all traffic or you are under attack time to
> time. Check this:
>
> http://blog.dubbelboer.com/2012/04/09/syn-cookies.html
>
Ah thx,
So b/c I do just serve a DirPort on port
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/19/2015 11:03 PM, Josef Stautner wrote:
> ExitPolicy reject 5.133.182.0/24 # WebIron report
Put this *before* any accept line
- --
Toralf, pgp key: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlYlXQ8ACgkQxOr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/22/2015 09:29 PM, Josef Stautner wrote:
> Hi LB,
>
> SSH attacks happen 24/7 and are just stupid brute force mostly without
> any reason.
The most stupid of them you can avoid/ignore by just choosing a ssh port != 22.
- --
Toralf, pgp key: C
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/26/2015 04:50 AM, ZEROF wrote:
> First rule is to use some firewall,
No.
At least for German exits you'll violate
http://www.gesetze-im-internet.de/tmg/__8.html in that case.
for more information go to
https://trac.torproject.org/projects/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/28/2015 05:43 PM, David Schulz wrote:
> i got some questions. can i get problems as an german citizen with an
> non exit tor relay in germany with an italien ip? not realy or? i think
> of TMG § 8.
>
just check their "terms and conditions" wr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I opened my exit for IPv6 after Moritz encouraged us to do so here at this list.
I do observe a traffic of 1-2 GB. for IPv6, IPv4 is always abound 300 GB/day.
The exit is configure for 8 MB/sec throughgput (==20 TB/month).
I do wonder, what are exp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/15/2015 07:25 PM, Tim Wilson-Brown - teor wrote:
>
> This is wise. Tor will block your own IPv6 address, but it doesn't
> know about your subnet:
>
>> ExitPolicy reject6 [2A02:168:4A06::]/42:* # Block my subnet
>
Just clarify it for me : t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/12/2015 07:39 PM, Tim Wilson-Brown - teor wrote:
> Is your DNS resolver correctly returning records along with A
> records for all sites that have them?
Ah - good hint. The commands 'nslookup' and 'host' works fine AFAICS.
Nevertheless I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/20/2015 06:06 PM, Toralf Förster wrote:
> t. The commands 'nslookup' and 'host' works fine
correction:
tor-relay ~ # host -t google.com
google.com has IPv6 address 2a00:1450:4001:800::1003
tor-relay ~ #
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This is the second time in a row that I suddenly can't see any longer anything
on that side using my current ff profile.
With an emptied/new profile it works well.
B/c it happens now again I do wonder about the culprit.
- --
Toralf, pgp: C4EACDDE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/29/2015 12:53 PM, Tim Wilson-Brown - teor wrote:
>
> I don't know of any other attack or request that amplifies outbound
> traffic via tor or otherwise, but there may be some.
I did experienced too a gap of incoming versus outgoing of about 3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/12/2016 05:35 AM, Tim Wilson-Brown - teor wrote:
> If you run an under-utilised exit, we encourage you to opt-in as a
> fallback directory.
> We've also fixed a major bug that excluded some relays from the list.
Well, I to amintain an exit wit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/12/2016 05:54 PM, Aeris wrote:
> Hum… Don’t know how is it possible, this relay has the same IP/port since it
> creation 1 year ago.
Ah - and much more important, I probably will change its IP address in the near
future, b/c 1 of 2 hard disk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/20/2016 12:09 PM, Dr. Who wrote:
> but it seems after updating to 0.2.7.6 it only gives my unknown as result.
Maybe something changed in 0.2.7.x and you should look for the successor of
"arm" called "nyx" - ask "atagar" in #tor about that.
F
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 02/07/2016 09:17 PM, Roland 'ValiDOM' Jungnickel wrote:
> So to say... these rules work. But most probably somebody with more
> iptables experience might adjust them to be even more effective AND less
> "problematic".
Again - it is problematic in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Given the numbers of https://torstatus.blutmagie.de/index.php there are about
40 Tor exits which covers 1/3 of the whole bandwidth of all exit relays.
I do wonder if under-weighting the big relays in favour of many smaller relays
would make it hard
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Louie Cardone-Noott:
> Those like me running debian and putting off doing a reboot might find
> needrestart (package of same name) and checkrestart (package
> debian-goodies) useful.
Under Gentoo "lib_users -s" is a useful command IMO to see if a in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Stephen R Guglielmo:
> NTPd is not running (I've tried, but the kernel does not have permission to
> set the clock; I assume this is due to the hypervisor setup).
Hhm, ntp should be able to set the unix time for and within your virtual
machine. It
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Tim Wilson-Brown - teor:
> In 0.2.8, every relay is potentially a hidden service directory and
> a directory mirror.
But with this configuration :
# 20 TB/month: echo "20 * 1024^4 / 31 / 24 / 60 / 60 / 1024^2" | bc
# == 8017
#
#BandwidthRate 8 MB
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Tim Wilson-Brown - teor:
> * if the AccountingRule is not "in".
Thx for the explanation - the above I do not understood - may I ask what "in"
means in detail ?
- --
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Tim Wilson-Brown - teor:
> * if the AccountingRule is not "in".
Ah,
AccountingRule in
was meant. I did not set that config option in the past due to the impact of
network-in-attacks as is seen in [1].
Because I do have to pay just for outg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Me do wonder, if it has an advantage or not.
- --
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlchyBQACgkQxOrN3gB26U5eFwD/aVEuQ5OeGYSVq/IaQK4GabhP
PUjH+RiTMvgAzk+7KoUA/1zVS89sS2k
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 04/28/2016 11:14 AM, Tim Wilson-Brown - teor wrote:
> Ports in, or ports out?
Ports in I meant, sry.
> Closing inbound ports is a security precaution
The question is - if there's no program listening on that port, does filtering
that in-port has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/01/2016 01:20 AM, Moritz Bartl wrote:
> Maybe it is simply too crazy for many jurisdictions to believe,
> but police in Germany in most cases actually treats you well and is
> not your enemy. There's no point in turning every occasion into a
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/07/2016 08:27 PM, Yawning Angel wrote:
> Apart from accounts that have grandfathered free bandwidth, where
> is this mentioned?
>
from https://www.digitalocean.com/legal/terms/ :
Notwithstanding the foregoing, Subscribers of Grandfathered Ac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/12/2016 09:05 PM, Javantea wrote:
> ail.ru own so many blocks that I can't hope to block all of them
> without spending a lot of time producing a list. Has someone else
> produced such a list?
I added these 3 lines to my torrc few months ago -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/15/2016 08:37 PM, Philipp Winter wrote:
> . Instead, set up your own resolver,
> or at least use the one provided by your ISP.
Just to double ensure, using a local dnsmasq is one of the possible solutions,
right ?
- --
Toralf
PGP: C4EACDD
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/16/2016 03:40 PM, Philipp Winter wrote:
> Dnsmasq is just a DNS forwarder, no?
well, it has a cache too (but limited to 5000 entries as I learnt yesterday).
It uses the resolver defined in /etc/rsolv.conf - which do point to my ISP DNS
only.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/20/2016 05:12 PM, Dr Gerard Bulger wrote:
> I like to respond in a robust manner.
What hinder you to answer politely ?
- --
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF0EAREIAAYFAlc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/05/2016 01:28 PM, Fabio Pietrosanti (naif) - lists wrote:
> In /etc/tor/torrc:
> HardwareAccel 1
Reading
https://lists.torproject.org/pipermail/tor-relays/2012-March/001260.html I do
wonder if setting that option is helpful ?
- --
Toralf
PG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/14/2016 07:03 AM, Markus Koch wrote:
> 4 of my 5 tor servers are under a incoming DDOS attack. Am I the only
> one or is anyone else feeling the "love"?
>
attacks with about 100 MBit/sec over a minute or so happen here nearly daily,
attacks >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/14/2016 02:59 PM, Petrusko wrote:
> So if the server is attacked, I think it will show some big spikes in
> those graphs...?
My ISP provides traffic data/graphs.
And I do use sysstat[1] to monitor my server, which gives among other
statistics
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/19/2016 09:59 PM, pa011 wrote:
> Or are there better working solutions?
I do have only 127.0.0.1 set in my resolv.conf and do use dnsmasq together with
strict DNSSEC.
works like a charm and DNSSEC is really a good thing IMO.
The configuratio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I do run a Tor exit relay under a 64 bit hardened Gentoo as OS and do wonder
about a Trac issue reported in [1]. About 2/3 of all closed onion connections
returns IOERROR instead of DONE as seen using [2]. That's why I'm asking here
if other made
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/03/2016 03:51 PM, Zack Weinberg wrote:
> However, I personally think it is inappropriate to run a DNS cache
> on an exit node, because that preserves a record on the exit node
> of what people are using it for.
IMO both statement aren't correct
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Currently I do have for an exit relay defined:
DirPort 80
DirPort [2a01:4f8:190:514a::2]:80 NoAdvertise
What would happen if I would NoAdvertise the ipv4 port instead of the ipv6 port
?
- --
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/05/2016 04:01 AM, Tim Wilson-Brown - teor wrote:
> In 0.2.8.3-aplha, "clients, onion services, and bridge relays always use an
> encrypted begindir connection for directory requests".
> Encrypted beginner connections are made over the ORPort.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/06/2016 11:10 PM, nusenu wrote:
> I find https://compass.torproject.org more convenient for that
> task.
+1
The bubbles aren't useful IMO.
- --
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'm just curious, why at my exit relay the bandwidth is constantly around 8
MByte/sec in both directions with a 2-3% higher value for the inbound bw
whereas the amount of incoming packets is 25% and more higher more than the
outgoing packet amount
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/12/2016 09:29 PM, Juuso Lapinlampi wrote:
> They would have allowed me to continue having an exit on ports 80 and
> 443, but I didn't see that to do much good so I've turned my relay into
> a middle relay
Why ?
And didn't you consider to run an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
To run an exit, you can start w/ 443 and 6667.
That's all.
And it helps.
- --
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAleFZ3YACgkQxOrN3gB26U4VlgD9HGI6Lw7bDRftRhpqd3IU4Zu6
D
On 12/6/22 19:44, Roger Dingledine wrote:
We
could start by encouraging directory authority operators to participate
in the monthly virtual relay operator meetups.
I'd appreciate it.
--
Toralf
OpenPGP_signature
Description: OpenPGP digital signature
___
On 12/6/22 19:44, Roger Dingledine wrote:
But it seems
like this role separation never quite matches up well to the security
issues that arise in practice, whereas it definitely adds complexity
both to the design and to operation. This piece of the design could use
some new ideas.
So the concep
On 12/9/22 07:02, David Fifield wrote:
But now there is rdsys and bridgestrap, which may have the ability to
test the obfs4 port rather than the ORPort. I cannot say whether that
removes the requirement to expose the ORPort.
Would be a step toward to make scanning for bridges harder IMO, if the
On 12/20/22 15:27, Anonforpeace via tor-relays wrote:
Dec 20 08:55:16 mxh-HP-Compaq-Pro-6300-SFF kernel: [137278.310446]
audit: type=1400 audit(1671544516.974:36): apparmor="DENIED"
operation="open" profile="system_tor"
name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=17728
comm="obf
tl;dr;
restricted access + usage of an exit
longer:
An exit is sooner or later abused. A reduced exit policy does not
prevent that.
What about setup a tor exit relay with 'PublishServerDescriptor = 0' ?
Having an access line like for bridges would restrict the access. An
alternative could b
On 3/4/23 17:29, gus wrote:
What's the goal? To have a private exit that only you can use?
Indeed, similar goal as for private bridges.
There is this very interesting paper and project called HebTor:
https://dl.acm.org/doi/10.1145/3372297.3417245
Thx, so I have sth to read.
--
Toralf
On 3/15/23 03:19, Jeff Teitel wrote:
Conntrack.sh shows count: 65535.
You can increase that size, look at [1] for an example.
[1] https://github.com/toralf/torutils/blob/main/ipv4-rules.sh#L157
--
Toralf
___
tor-relays mailing list
tor-relays@lists
I found the time and wrote a Bash script [1] to export iptables and
ipset metrics to Prometheus/Grafana.
It works at least with [2].
[1] https://github.com/toralf/torutils/blob/main/metrics.sh
[2] https://github.com/toralf/torutils#readme
--
Toralf
__
On 3/22/23 20:25, gus wrote:
But here's the trick: you need to run it on a
residential connection -- you won't need a static IPv4 --,
So the local bridge reports its (eg at 4 o'clock in the morning changed)
ip to the bridge db asap? And then ?
--
Toralf
_
Given that hosters of a VPS often gives a big /48, /56 or /64 ipv6
subnet to a VPS I do wonder if the BridgeLine for ipv6 could benefit
from that?
With
ip6tables -t nat -I PREROUTING -p tcp -j DNAT --to-destination [obfs4
address]
/usr/sbin/ip6tables-save > /etc/iptables/rules.v6
all in
On 6/26/23 23:44, gus wrote:
- Recommendation: Do not run snowflake proxy on the same IP as a
relay/bridge. It's a good call to run it on a machine with public
dynamic IP address.
I setup 6 snowflakes as VPS with a fixed IP.
After which time those IPs should be changed ?
--
Toralf
On 8/1/23 18:54, li...@for-privacy.net wrote:
== Announcements ==
rdsys is ignoring the running flag now :)
* To hide your bridge's ORPort:
ORPort 127.0.0.1:auto
AssumeReachable 1
I do assume I can ignore this log message ? :
"Aug 01 17:18:19.000 [warn] The IPv4 ORPort address 127.0.0.1 does
On 8/1/23 19:38, li...@for-privacy.net wrote:
Yes ;-)
cool - this simplifies my Ansible role (I randomly choosed an ORPort
between 30K and 62K)
Unfortunately, they come every 1-2 hours
np - I'll ignore that
Thx !
--
Toralf
___
tor-relays mailing l
Few days ago the throughput of my Tor relay went down to nearly zero for
about 3 minutes. It turned out that the reason (maybe) was a change here
in my iptables rules. Especially I switched these 2 lines:
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -m conntrack
On 9/7/23 14:12, telekobold wrote:
A bit research reveled that apparently, an automatic update set the
systemd setting "NoNewPrivileges=no" in
/lib/systemd/system/tor@default.service and tor@.service [1] back to yes,
You probably need another entry too (grabed from [1]):
[Service]
NoNewPriv
Yesterday I stumbled together 2-3 dashboards [1] for Tor relay(s), Tor
Snowflake(s) and the DDoS solution [2].
Feedback is welcome.
[1] https://github.com/toralf/torutils/tree/main/dashboards
[2] https://github.com/toralf/torutils/tree/main
--
Toralf
On 10/3/23 10:24, Fran via tor-relays wrote:
Any ideas?
yes - DNAT the remote prometheus ip to the local address [1]
[1]
https://github.com/toralf/tor-relays/blob/main/playbooks/roles/setup-snowflake/tasks/firewall.yaml#L10
--
Toralf
___
tor-relay
I do run 2 exits at the same hardware [1] and do use systat [2] to monitor
system data.
2 questions:
A)
Since a while (months) I do observe a periodic pattern in the network
load. An example is the graph (SVG format, made with [3]) of the data from
yesterday.
Is this typical? I
On 07/28/2018 07:59 PM, Tobias Sachs wrote:
> Hibernation is set to 19 TB’s of outgoing Traffic. Hetzner Cloud shows ~16TB
> outgoing traffic
Hetzner doesn't bill outgoing traffic to other Hetzner servers, so
relay-to-relay communication might be counted by Tor, but not by Hetzner IMO.
--
Tora
On 07/29/2018 10:13 PM, Tobias Sachs wrote:
> ExitPolicy reject *:*
> ExitPolicy reject6 *:*
completely OT, but
ExitRelay 0
should made it too.
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-
On 07/29/2018 12:57 PM, Toralf Förster wrote:
> An example is the graph (SVG format, made with [3])
And in [4] is the link to the SVG file (1.6M == too big for this list).
[4] https://zwiebeltoralf.de/pub/network-2018-07-26.svg
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Descript
On 08/12/2018 04:23 PM, nusenu wrote:
> The bw scanner system is currently also being replaced
> by a new scanner software (sbws).
When will this be finished?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
to
I do wonder about any changes in the algorithm which drops the cw of a
relay [1] by a magnitude within 1 year as seen in [2]?
[1]
https://metrics.torproject.org/rs.html#details/1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA
[2]
https://screenshotscdn.firefoxusercontent.com/images/040958f1-a5be-4630-9551
On 8/19/18 11:58 AM, nusenu wrote:
> If your relay is doing great as usual and others add 50 Gbit/s of capacity
> you might see
> your cw fraction and exit probability go down.
>
> Your cw fraction and exit probability is decreasing since several month, at
> the same time the
> the overall tor n
On 6/26/18 6:40 PM, Colin Childs wrote:
> Hello Tor Relay Operators,
>
> Do you want your relay to be a Tor fallback directory mirror?
> Will it have the same address and port for the next 2 years?
> Just reply to this email with your relay's fingerprint.
>
Due to a recent hardware change I swit
On 7/5/18 1:49 AM, teor wrote:
> But there seems to be a bug right now:
> https://trac.torproject.org/projects/tor/ticket/26542
>
>> Will they then operate somewhat in the fashion of guards without
>> published metrics?
>
> They will appear on Relay Search under the hash of their fingerprint.
> (
I do wonder if the advice [1] is ok or wrong.
[1] https://tor.stackexchange.com/questions/6370/how-to-run-an-obfs4-bridge
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lis
On 10/15/18 11:49 PM, teor wrote:
> The post contains conflicting advice.
Said that, is the following a good choice for a bridge? :
# torrc
RunAsDaemon 1
SocksPort 0
ControlPort 9051
ORPort auto
BridgeRelay 1
Exitpolicy reject *:*
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
--
To
On 10/20/18 5:07 AM, Conrad Rockenhaus wrote:
> Would you make a recommendation of running unbound on the local exit nodes to
> resolve local DNS server congestion to get around this issue?
What about diversity?
Running unbound at every Tor relay sounds like a bad idea.
--
Toralf
PGP C4EACDDE 00
Get this at my exit relay since yesterday:
# head /tmp/warn.log
Oct 23 23:30:17.000 [notice] Tor 0.3.5.3-alpha opening new log file.
Oct 23 23:30:33.000 [warn] parse error: internal NUL character.
Oct 23 23:30:33.000 [warn] Unparseable microdescriptor
Oct 23 23:30:33.000 [warn] parse error: intern
On 11/3/18 8:01 PM, Roman Mamedov wrote:
> What you can do right off the bat, is to run a second Tor instance on the same
> IP address (of course on a different port). You can run two per IP, and it is
> most often a no-brainer to do so. I would expect it to get around the same 4-5
> MB/sec usage o
I do wonder why 2 exit relays (at the same IP address) dropped down from about
8,000 connections to about 1,000 connections after exactly 1 month + 2 hours
after they were installed.
Furthermore metrics.t.o shows:
IPv4 Exit Policy Summary
reject
1-65535
It is a hardened Gentoo with L
On 11/8/18 7:57 PM, Toralf Förster wrote:
> I do wonder why 2 exit relays (at the same IP address) dropped down from
> about 8,000 connections to about 1,000 connections after exactly 1 month + 2
> hours after they were installed.
Hhm, is this tghe reason? :
/tmp/info.log:Nov 08 20:
On 11/8/18 8:22 PM, nusenu wrote:
> can you give an absolute datetime for when the amount of connections started
> to drop?
> are these numbers for each tor instance or for both together? (since they run
> on the same box)
> (-mm-dd hh:mm UT
2018-11-06 21:00 UTC
(I do have the sysstat value
On 11/8/18 9:12 PM, nusenu wrote:
>> 2018-11-06 21:00 UTC
> are you sure this is UTC?
>
ick, it was 21:00 CET (the dropdown may even started at 20:00 CET), but obvious
it was an hour later
>I did not look at the underlying descriptor data but onionoo data suggests that
>an exit policy change oc
On 11/9/18 12:43 AM, teor wrote:
> 2. If you reject enough IP addresses in your exit policy:
>
> If your exit blocks enough /8 networks, then its exit policy summary becomes
> reject all.
>
> If the exit policy summary is too long, then it is truncated to a list of
> accept ports. (That doesn't s
I do wonder,
if it makes sense under such circumstances to have 1 non-exit and 1 exit -or-
would it be better to have 2 exits?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-re
On 12/11/18 10:54 PM, nusenu wrote:
> from their fingerprints
I'm just curious that the fingerprints starts with the same sequence. I was
under the impression that the fingerprint is somehow unique like a hash?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signa
The Tails installer asked me for the bridge line (a bridge maintained by
myself), but didn't accepted the ":auto" behind the ip address.
I do wonder how to proceed?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
_
201 - 300 of 474 matches
Mail list logo
