subject:"\[tor\-bugs\] #29258 \[Circumvention\/Snowflake\]\: Provide an IPv6 address for the Snowflake broker"

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

2020-01-02 Thread Tor Bug Tracker & Wiki

#29258: Provide an IPv6 address for the Snowflake broker
+--
 Reporter:  ahf |  Owner:  dcf
 Type:  task| Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Snowflake |Version:
 Severity:  Normal  | Resolution:  fixed
 Keywords:  anti-censorship-roadmap-august  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
|  Sponsor28-must
+--
Changes (by dcf):

 * status:  reopened => closed
 * resolution:   => fixed


Comment:

 Replying to [comment:19 cohosh]:
 > Reopening because I think we still need to think about logs?

 Copied logs in comment:1:ticket:32502.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

2019-11-22 Thread Tor Bug Tracker & Wiki

#29258: Provide an IPv6 address for the Snowflake broker
+--
 Reporter:  ahf |  Owner:  dcf
 Type:  task| Status:  reopened
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Snowflake |Version:
 Severity:  Normal  | Resolution:
 Keywords:  anti-censorship-roadmap-august  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
|  Sponsor28-must
+--
Changes (by cohosh):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 Reopening because I think we still need to think about logs?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

2019-11-21 Thread Tor Bug Tracker & Wiki

#29258: Provide an IPv6 address for the Snowflake broker
+--
 Reporter:  ahf |  Owner:  dcf
 Type:  task| Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Snowflake |Version:
 Severity:  Normal  | Resolution:  fixed
 Keywords:  anti-censorship-roadmap-august  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
|  Sponsor28-must
+--
Changes (by cohosh):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 I'm going to close this because everything looks like it's switched over
 :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

2019-11-14 Thread Tor Bug Tracker & Wiki

#29258: Provide an IPv6 address for the Snowflake broker
+--
 Reporter:  ahf |  Owner:  dcf
 Type:  task| Status:  merge_ready
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Snowflake |Version:
 Severity:  Normal  | Resolution:
 Keywords:  anti-censorship-roadmap-august  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
|  Sponsor28-must
+--

Comment (by dcf):

 Replying to [comment:16 dcf]:
 > After the DNS changes propagate, I need to restart snowflake-proxy-
 restartless.

 I just did `sv restart snowflake-proxy-restartless`. I'm planning to let
 the others just restart themselves naturally. One of them must have
 already done so, because https://snowflake-broker.torproject.net/debug is
 currently (2019-11-14 22:10:00) showing 2 standalone proxies:
 {{{
 current snowflakes available: 7
 standalone proxies: 2
 browser proxies: 5
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

2019-11-14 Thread Tor Bug Tracker & Wiki

#29258: Provide an IPv6 address for the Snowflake broker
+--
 Reporter:  ahf |  Owner:  dcf
 Type:  task| Status:  merge_ready
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Snowflake |Version:
 Severity:  Normal  | Resolution:
 Keywords:  anti-censorship-roadmap-august  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
|  Sponsor28-must
+--

Comment (by dcf):

 At 2019-11-14 21:23:00, applied these changes:

 ||= domain name =||= record type =||= old address =||= new address =||
 ||snowflake-broker.bamsoftware.com ||A ||37.218.240.96 ||37.218.245.111 ||
 ||snowflake-broker.bamsoftware.com || ||none
 ||2a00:c6c0:0:154:4:d8aa:b4e6:c89f ||

 After the DNS changes propagate, I need to restart snowflake-proxy-
 restartless. If I'm not mistaken, all other proxies will restart
 themselves and update on their own.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

2019-10-25 Thread Tor Bug Tracker & Wiki

#29258: Provide an IPv6 address for the Snowflake broker
+--
 Reporter:  ahf |  Owner:  dcf
 Type:  task| Status:  merge_ready
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Snowflake |Version:
 Severity:  Normal  | Resolution:
 Keywords:  anti-censorship-roadmap-august  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
|  Sponsor28-must
+--
Changes (by cohosh):

 * status:  needs_review => merge_ready


Comment:

 Okay I think we can go ahead and finish switching hosts now.

 >About logs, I'm thinking we just let the log files happen in parallel on
 the old and new hosts. Then after we've made the switch, we check the old
 logs for sanitization and publish them. Logs we publish in the future from
 the new broker will partially temporally overlap those from the old, but
 that should be no problem.

 The metrics logs will be the largest problem (see #322131). I propose this
 for the switch:
 - stop the broker process on the new and old host
 - copy over all metrics log files from the old host to the new host
 - start the new host

 We're going to lose partial metrics for the collection period that
 overlaps with the switch, but that actually happens every time we restart
 the broker since metrics for the time period (which is one) are stored in
 memory until the time period ends at which point they are written to a
 file.

 So, maybe the better question to ask here is: is that okay and if not how
 do we solve it more generally?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

2019-10-23 Thread Tor Bug Tracker & Wiki

#29258: Provide an IPv6 address for the Snowflake broker
+--
 Reporter:  ahf |  Owner:  dcf
 Type:  task| Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Snowflake |Version:
 Severity:  Normal  | Resolution:
 Keywords:  anti-censorship-roadmap-august  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
|  Sponsor28-must
+--

Comment (by cohosh):

 Uh oh, just realized we've been losing metrics. CollecTor uses the
 torproject.new domain for the broker. Created this ticket: #32231

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

2019-10-17 Thread Tor Bug Tracker & Wiki

#29258: Provide an IPv6 address for the Snowflake broker
+--
 Reporter:  ahf |  Owner:  dcf
 Type:  task| Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Snowflake |Version:
 Severity:  Normal  | Resolution:
 Keywords:  anti-censorship-roadmap-august  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
|  Sponsor28-must
+--

Comment (by dcf):

 Replying to [comment:12 dcf]:
 > Today we decided to start by pointing the snowflake-
 broker.torproject.net DNS, which is currently unused, at the new broker,
 so we can test it ourselves.
 >
 > #32128 is for that.

 snowflake-broker.torproject.net is now set up for us. Using the following
 proxy-go command and torrc I was able (using an IPv6 connection to the
 broker) to connect to myself and bootstrap to 100%.

 {{{
 ./proxy-go -broker https://snowflake-broker.torproject.net
 }}}

 {{{
 UseBridges 1
 DataDirectory datadir

 ClientTransportPlugin snowflake exec ./client \
 -url https://snowflake-broker.torproject.net/ \
 -ice stun:stun.l.google.com:19302 \
 -log snowflake.log \
 -max 3

 Bridge snowflake 0.0.3.0:1
 }}}

 I did have to first upgrade the version of
 golang.org/x/crypto/acme/autocert compiled into the broker, for a protocol
 change:
 {{{
 go get -u golang.org/x/crypto/acme/autocert
 }}}
 Before doing this, I was getting these errors in the broker logs, linking
 to https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430.
 {{{
 2019/10/17 19:37:32 http: TLS handshake error from [scrubbed]: 403
 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled.
 Please upgrade your ACME client to a version that supports ACMEv2 / RFC
 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-
 acmev1/88430 for details.
 2019/10/17 19:37:37 http: TLS handshake error from [scrubbed]:
 acme/autocert: missing certificate
 2019/10/17 19:37:41 http: TLS handshake error from [scrubbed]:
 acme/autocert: missing certificate
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

2019-10-17 Thread Tor Bug Tracker & Wiki

#29258: Provide an IPv6 address for the Snowflake broker
+--
 Reporter:  ahf |  Owner:  dcf
 Type:  task| Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Snowflake |Version:
 Severity:  Normal  | Resolution:
 Keywords:  anti-censorship-roadmap-august  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
|  Sponsor28-must
+--

Comment (by dcf):

 Replying to [comment:11 dcf]:
 > Now the question is what to do about handling the migration. We can talk
 about this at the next meeting on Thursday.

 Today we decided to start by pointing the snowflake-broker.torproject.net
 DNS, which is currently unused, at the new broker, so we can test it
 ourselves.

 #32128 is for that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker (was: What is the IPv6 story with Snowflake)

2019-10-15 Thread Tor Bug Tracker & Wiki

#29258: Provide an IPv6 address for the Snowflake broker
+--
 Reporter:  ahf |  Owner:  dcf
 Type:  task| Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Snowflake |Version:
 Severity:  Normal  | Resolution:
 Keywords:  anti-censorship-roadmap-august  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
|  Sponsor28-must
+--
Changes (by dcf):

 * status:  needs_information => needs_review


Comment:

 I got the IPv6 situation sorted out. (Just needed a different prefix.)
 Here's the information. After we've switched to this new host, I'll update
 the SSH fingerprints in
 [[org/teams/AntiCensorshipTeam/SnowflakeBrokerSurvivalGuide]].

 {{{
 37.218.245.111
 2a00:c6c0:0:154:4:d8aa:b4e6:c89f

 RSA:  2048 SHA256:dp0Xo/oN1qZfMuZnqgKEbeOsbU2qpDR60B5MLIRaAgg
 DSA:  1024 SHA256:DF5ofogjGur02gv8/ciU3wFA+YHNuAhUlel9Uv2KBlo
 ECDSA: 256 SHA256:6cskO6ch/kv2RbIMhTdwqpsd9vB8npzlZTlkWZJLoek
 }}}

 Now the question is what to do about handling the migration. We can talk
 about this at the next meeting on Thursday. All that's needed is to point
 the following DNS names to the new IPv4 and IPv6 addresses:
  * snowflake-broker.bamsoftware.com
  * snowflake-broker.freehaven.net (currently a CNAME for snowflake-
 broker.bamsoftware.com)
  * snowflake-broker.torproject.net
 About logs, I'm thinking we just let the log files happen in parallel on
 the old and new hosts. Then after we've made the switch, we check the old
 logs for sanitization and publish them. Logs we publish in the future from
 the new broker will partially temporally overlap those from the old, but
 that should be no problem.

 I've copied over the contents of people's home directories.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker

Re: [tor-bugs] #29258 [Circumvention/Snowflake]: Provide an IPv6 address for the Snowflake broker (was: What is the IPv6 story with Snowflake)

10 matches

Site Navigation

Mail list logo

Footer information