-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi
Glad you understood what you are doing wrong. In this case, you can use your relay as a guard for the clients in your network. See in my previous email suggestion #2, and all your clients will have the desired guard. Install Tor browser on each client and don't use proxy setting, connect directly with StrictNodes and EntryNode. Cheers! On 5/23/2015 3:14 PM, Tor User wrote: > Hi s7r, > > Thank you for your reply. There's a lot of good info in it and > I'll be reconfiguring the clients. > > The fact that I've been doing Tor-through-Tor unawares explains a > lot. It did seem odd to have polipo in the mix, but it makes sense > now, that would only be if the LAN clients weren't already running > their own Tor clients (running TBB). > > Our public Tor relay is an entry guard. We don't allow any exiting > with it but it's stable, fast, HSDir, etc. and has the guard flag. > > > > On 05/20/2015 07:05 AM, s7r wrote: Hello, > > On 5/20/2015 12:07 PM, Tor User wrote: >>>> Hello, >>>> >>>> We have been operating a moderately successful public tor >>>> relay for a while now. Having read about how TOR works back >>>> a couple of years ago, I was more or less sold on the idea >>>> that if traffic originating on your local network uses your >>>> own TOR relay as the first hop (entry node), then by the time >>>> your traffic has left your tor relay, people in the middle >>>> can't tell the difference between traffic originating from >>>> your network and other (relayed) traffic passing through your >>>> TOR relay. >>>> > It's Tor, not TOR or tor. > >>>> I also understand that this still doesn't protect you from an >>>> exit node being able to see your traffic (and why you should >>>> use HTTPS with a high-quality cipher if it's really >>>> important), and that there are other ways your traffic can be >>>> analyzed -- but all in all, I would rather our TOR traffic >>>> enter the TOR network through a relay I *KNOW* I can trust >>>> (mine!) than leave it to chance. >>>> > You could run your own *Exit* node on your network, and use that as > a static exit point, which will mix the traffic in your local > network with the traffic of other Tor users, and you won't have to > fear that the Exit node you are using is malicious and is logging > your traffic or doing strange stuff with it. > >>>> We have polipo running on our public TOR relay, configured >>>> to accept traffic from our local subnets. We've basically >>>> followed the info in this TOR doco: >>>> >>>> https://trac.torproject.org/projects/tor/wiki/doc/CentralizedTorSer ver >>>> >>>> >>>> The TOR browser bundle appears to function correctly, ie, it is >>>> able to start up, open circuits, etc. and we get the >>>> expected Congratulations! page opening a new browser window. >>>> But when clicking the green onion to show the circuit of >>>> relays handling the browser's connection, our relay is never >>>> the first hop. >>>> >>>> I'm using TBB 5.01a on one particular system, and for an >>>> example, it shows this for the circuit: >>>> >>>> - This browser - Austria (aa.bb.cc.dd) - Germany >>>> (ee.ff.gg.hh) - Guatemala (ii.jj.kk.ll) - Internet >>>> > The way I understand it, it looks to me that you are confusing 2 > things. When you enabled polipo on the Tor relay in your network, > you just enabled a http-proxy which forwards the requests to the > Socks5 proxy opened by the Tor client running on that relay (same > Tor instance). When you run a Tor relay, the client functionality > is also enabled by default, unless you specify SocksPort 0 in the > torrc file. > > The Centralized Tor Server allows you to have one Tor > client/instance for multiple computers in the same network. You > need to run only one Tor instance on one server, and the other > users in the network do not need to run own local Tor client > instances, otherwise they will just be using Tor-through-Tor which > is a terrible idea and it hurts anonymity in an unknown way. > > The relay you are running can never be the first hop, because the > second Tor client running on your workstation is selecting another > first hop and it is using it through the polipo proxy you've > provided. In simple words, you are doing Tor-through-Tor and it is > very very wrong . > > >>>> I have tried defining an EntryNodes statement with the >>>> $fingerprint of our TOR relay and setting StrictNodes 1 in >>>> the TBB's torrc file, but it can't ever establish a circuit >>>> when I try this. We get messages like this logged on the >>>> browser's tor: >>>> >>>> 05/20/2015 04:21:20.700 [WARN] Failed to find node for hop 0 >>>> of our path. Discarding this circuit. 05/20/2015 04:21:20.700 >>>> [WARN] Failed to find node for hop 0 of our path. Discarding >>>> this circuit. 05/20/2015 04:21:20.900 [NOTICE] Closing >>>> no-longer-configured Socks listener on 127.0.0.1:9150 >>>> 05/20/2015 04:21:20.900 [NOTICE] DisableNetwork is set. Tor >>>> will not make or accept non-control network connections. >>>> Shutting down all existing connections. 05/20/2015 >>>> 04:21:20.900 [NOTICE] Closing old Socks listener on >>>> 127.0.0.1:9150 05/20/2015 04:21:21.700 [NOTICE] Delaying >>>> directory fetches: DisableNetwork is set. >>>> > Of course, you are trying to connect to server let's call it 'Bob' > via a polipo proxy running also on the same server 'Bob', e.g. > trying to connect back to self in a strange way which Tor forbids > for security reasons. > >>>> Is it possible to define your desired entry node via IP >>>> address and port, or some other way that does not require a >>>> successful directory connection/circuit first? (so it can >>>> find the relay by its fingerprint)? It seems like a chicken >>>> vs. egg problem... Or what about defining a directory for >>>> the client to use by its IP/port? We are operating a public >>>> directory as well. >>>> > No, that is not possible. Does your relay have the Guard flag so > it can be used as the first hop? Check on > https://atlas.torproject.org/ and let us know what flags you have > for your relay. It needs to be fast and up most of the time in > order to get the Guard flag. > >>>> I can't find any info about this or other approaches >>>> anywhere. >>>> >>>> So I always end up removing the EntryNodes and StrictNodes >>>> statement from TBB's torrc file, leaving only the HTTPSProxy >>>> aa.bb.cc.dd:<polipo-listen-port> statement in there with the >>>> DataDirectory, GeoIPFile, and GeoIPv6File statements. It >>>> gets the TBB's on our network to the local polipo proxy, >>>> which in turn forwards the traffic to our public TOR relay. >>>> TBB works fine, but I don't think our TOR relay is the one >>>> getting to see our traffic with the original source address >>>> with this setup. >>>> > I explained above why. You are using Tor through Tor. Running a > Tor client on a computer in your network via another Tor client > running in the same instance with the Tor relay (and polipo > proxy). > > >>>> It is definitely possible, likely even, that I am >>>> misunderstanding parts of how this is supposed to work or how >>>> a central TOR relay/proxy is supposed to be configured. But >>>> it doesn't seem to me that proxying our local network's TBB >>>> clients' traffic through the polipo instance on our public >>>> TOR relay means that our TOR traffic is being "anonymized" as >>>> to where it originated from before it gets to the first node >>>> in the circuit - or we would be seeing our TOR relay as the >>>> first hop when we look at the circuit in "the green onion >>>> button". >>>> >>>> If I'm wrong about this, that's great - I'd love to see some >>>> documentation to explain it better if you have any links >>>> handy. But if I'm right, how can I configure our TBB clients >>>> to actually MAKE them use our TOR proxy as their entry node? >>>> > I do not see any benefits in using a Guard on your local network, > I just don't see the point of it. You can do the following: > > 1. The centralized Tor server, as explained above, means you have > to run only one Tor instance for all the computers in your network. > This means you don't need Tor on all of the other computers in > your network, and the entry point (Guard) needs to be defined on > the Tor centralized server (in your case relay) only, and it will > affect all the clients in the network using it. You will not be > able to see circuit info (such as path) on the computers using this > centralized Tor server because they won't have access to the Tor > control port, which is totally normal. > > On the computers in your network you can just use Firefox with > some privacy plugins and route all traffic (including DNS) through > the polipo proxy, running on the Tor centralized server / relay. > > If the centralized Tor server is also a relay, it cannot also be > its first hop. E.r. client -> relay-on-the-same-instance-as-client > -> middle -> exit ;; this will not work for obvious reasons. > > Want a centralized Tor server and a Guard relay at the same time? > Just run the relay someplace else, and use StrictNodes and > EntryNode on that server. I doubt this is what you want since you > installed Tor Browser on the computers in the network as well. > > You can run a centralized Tor server with polipo and a Tor relay > on the same server, but that Tor client cannot use its relay > functionality running on the same machine as the first hop. > > 2. Disable the polipo proxy on your Tor relay, you do not need > that. Use Tor Browser on every computer in your network with > normal settings, no proxy setup, just direct connection and > StrictNodes and EntryNode $fingerprint-of-your-relay. For this, > your relay needs the Guard flag. If you are behind NAT, it will use > the public IP to connect to the relay on your network since that is > what your Tor client(s) will understand from the consensus data > file. > > 3. Disable the polipo proxy on the Tor relay in your network, you > do not need that. Run a bridge instead of a relay. Make it a non > public bride (PublishServerDescriptor 0) and run Tor Browser on all > the computers in your network with UseBridges 1 and define the > ip:port of your bridge and connect it directly, no proxy setting. > This way other 'strangers' won't be able to use your bridge and you > will also not need the Guard flag or uptime and bandwidth > requirements. > > > Hope this helps. If you don't understand something, please ask > again, it's important for you to understand what you are doing not > just follow instructions. > >>>> Thanks, Tor User >>>> >>>> >>>> >>>> >>>> _______________________________________________ tor-relays >>>> mailing list tor-relays@lists.torproject.org >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>> >> >>>> _______________________________________________ >> tor-relays mailing list tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > > _______________________________________________ tor-relays mailing > list tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJVYMkrAAoJEIN/pSyBJlsRqxgH/jDCZLkFSzX6xcLje8npVnW4 70gEy5UPufyeE6oGvWEK3of9lFTFOHyYy5jWk33vDVLOYnHzZiecoHHpxtSH/vno 6C7SpGN7u6FkVwoYQdACDaswkkDLCCZTZbJ/BD4rpdPVkstd1NiObHeXrwZSQT0U hgKPZGwUrOuotnzLLdu4g7PBRuAqD1CUBbKaLOg77GG9d+luP2yhtWCJ/zQlarK+ PohH9k/IE7dAxUUBiwJV2JeZDadxt4FgRMYuwmD2sCXAvzGvPoqDhdAOBa90vpr+ d9m328C+d+3FHmy9dy8j9a9jLwUAIOIGezZrRaOoBEAku4ExF3WWm0eojQski3c= =1r4z -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
