Re: [tor-relays] stats
Hi Armand, Thank you for running an exit. 128 MB RAM is low, I usually recommend at least 256 MB RAM. If you want to push more (and if your line allows it), you need more RAM. I would say don't worry about the difference in display. On 07.07.2013 04:40, Armand wrote: Sent from my Cricket smart phone ma...@mykolab.com wrote: hello, i'm running an exit node from 2 or 3 month, in UA, on a vps, xeon 2650 2Ghz, 128mb RAM, debian 6 tor v0.2.3.25-1 on atlas there is some stat on those days it's seem to be at max 100Kb/s //atlas.torproject.org/#details/62C3FB37C44555E55A62BBD7CDDD97FE4894F317 but on arm or with iftop i'm beetween 300 and 900Kb/s download and the same in upload my load average is 4.74, 2.97, 2.98 there is just tor on this server this append form the beguining, there is a problem? who is right? can you help me to verify if my node is fine configured? thanks PS: sorry for my english is not my first language ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Moritz Bartl https://www.torservers.net/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] stats
hello Moritz, thanks for your reply, I take the smallest offer in vps, to decrease the swapping and consum of ram i have to decrease RelayBandwidthRate? for the moment it's at 1000 KB and the burst at 1500 KB, it's better to put it to 500 KB ? that will give fluidity to the machine? but if i let like that is detrimental for tor network? PS: i forgot there is a munin node and apache2 for the exitnode page. Le 07.07.2013 13:58, Moritz Bartl a écrit : Hi Armand, Thank you for running an exit. 128 MB RAM is low, I usually recommend at least 256 MB RAM. If you want to push more (and if your line allows it), you need more RAM. I would say don't worry about the difference in display. On 07.07.2013 04:40, Armand wrote: Sent from my Cricket smart phone ma...@mykolab.com wrote: hello, i'm running an exit node from 2 or 3 month, in UA, on a vps, xeon 2650 2Ghz, 128mb RAM, debian 6 tor v0.2.3.25-1 on atlas there is some stat on those days it's seem to be at max 100Kb/s tlas.torproject.org/#details/62C3FB37C44555E55A62BBD7CDDD97FE4894F317 but on arm or with iftop i'm beetween 300 and 900Kb/s download and the same in upload my load average is 4.74, 2.97, 2.98 there is just tor on this server this append form the beguining, there is a problem? who is right? can you help me to verify if my node is fine configured? thanks PS: sorry for my english is not my first language ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Circuit creation storms overwhelming Raspberry Pi?
Hi torsion, I'm also running a tor relay on a raspberry pi and keep getting these storm creation events which crash the box. You said you made some adjustments to the configs to get a more stable system? Can you please email me copies of the configs or maybe list the changes you made? I'm trying to get my pi stable and then perhaps role out a few more relay nodes to friends and colleagues. Thanks, T On 4 May 2013 22:07, tors...@ftml.net wrote: I did a lot of tuning on the Raspberry Pi and it's now much, much more stable as a Tor relay, but just now I had another circuit creation storm. Interestingly, the Pi remained up, and my *router* crashed. I've also seen huge bursts of circuit creation on a relay I run on a VPS, but as it's a much more powerful box it rarely complains (and thus I rarely notice). This many circuits and outbound connections is highly unusual for the small relay I'm running on the Pi. And this behavior definitely occurs in bursts. Is this an outbound DDOS or an attack on Tor itself? If the former (or maybe the latter), is there some way I could perhaps use iptables to temporarily clamp the ability to open TCP connections when Tor (or anything on the Pi) opens a number over some threshold in some short period of time? Here's log output (via 'arm') from the relay after my router crashed twice, I went to the admin panel and noted hundreds of outbound connections from my Tor box. Time is America/Los_Angeles. │ 13:55:00 [ARM_NOTICE] Relay unresponsive (last heartbeat: Sat May 4 13:54:14 2013) │ 13:52:25 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [404 similar message(s) suppressed in last 60 seconds] │ 13:51:07 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [75 similar message(s) suppressed in last 60 seconds] │ 13:50:52 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [601 similar message(s) suppressed in last 60 seconds] │ 13:48:39 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [99 similar message(s) suppressed in last 60 seconds] │ 13:47:34 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [22 similar message(s) suppressed in last 60 seconds] │ 13:46:17 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [253 similar message(s) suppressed in last 60 seconds] │ 13:43:47 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [1396 similar message(s) suppressed in last 60 │ seconds] │ 13:42:48 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [16 similar message(s) suppressed in last 60 seconds] Here's how it crashed my router (blowing ip_conntrack limits is sufficient only to mess up many of my TCP connections, but eventually the router runs out of memory and starts killing processes): May 4 13:51:24 dedmaus user.warn kernel: ip_conntrack: table full, dropping packet. May 4 13:51:24 dedmaus user.warn kernel: ip_conntrack: table full, dropping packet. May 4 13:51:24 dedmaus user.warn kernel: ip_conntrack: table full, dropping packet. May 4 13:51:25 dedmaus user.warn kernel: ip_conntrack: table full, dropping packet. May 4 13:51:29 dedmaus user.warn kernel: NET: 152 messages suppressed. May 4 13:51:29 dedmaus user.warn kernel: ip_conntrack: table full, dropping packet. May 4 13:51:34 dedmaus user.warn kernel: NET: 193 messages suppressed. May 4 13:51:34 dedmaus user.warn kernel: ip_conntrack: table full, dropping packet. May 4 13:51:39 dedmaus user.warn kernel: NET: 227 messages suppressed. ...ad infinitum with the number of messages suppressed per 5 sec increasing until the router crashes. On Mon, Mar 18, 2013, at 06:18 PM, tors...@ftml.net wrote: I'm also seeing occasional messages like this on the Pi (it never lasts long): 18:13:24 [ARM_NOTICE] Relay resumed 18:13:18 [ARM_NOTICE]
Re: [tor-relays] Circuit creation storms overwhelming Raspberry Pi?
Hi, Yes. This is absolutely on my to-do list. I've had a family medical emergency and about 2 or 3 other things recently about that level of stress, but BELIEVE me, a strategy for getting a Raspberry Pi to be a rock solid relay is of paramount importance to me. I'm hoping to figure out all the tweaks I did, and then make an alpha version of some iptables rules to defend against the storms, within the next couple of weeks. Please don't hesitate to bug me about this at my direct email. (The old one is no longer valid, I've dropped pseudonyms on the tor lists.) Thanks much, -Gordon M. Thomas Hand: Hi torsion, I'm also running a tor relay on a raspberry pi and keep getting these storm creation events which crash the box. You said you made some adjustments to the configs to get a more stable system? Can you please email me copies of the configs or maybe list the changes you made? I'm trying to get my pi stable and then perhaps role out a few more relay nodes to friends and colleagues. Thanks, T On 4 May 2013 22:07, tors...@ftml.net wrote: I did a lot of tuning on the Raspberry Pi and it's now much, much more stable as a Tor relay, but just now I had another circuit creation storm. Interestingly, the Pi remained up, and my *router* crashed. I've also seen huge bursts of circuit creation on a relay I run on a VPS, but as it's a much more powerful box it rarely complains (and thus I rarely notice). This many circuits and outbound connections is highly unusual for the small relay I'm running on the Pi. And this behavior definitely occurs in bursts. Is this an outbound DDOS or an attack on Tor itself? If the former (or maybe the latter), is there some way I could perhaps use iptables to temporarily clamp the ability to open TCP connections when Tor (or anything on the Pi) opens a number over some threshold in some short period of time? Here's log output (via 'arm') from the relay after my router crashed twice, I went to the admin panel and noted hundreds of outbound connections from my Tor box. Time is America/Los_Angeles. │ 13:55:00 [ARM_NOTICE] Relay unresponsive (last heartbeat: Sat May 4 13:54:14 2013) │ 13:52:25 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [404 similar message(s) suppressed in last 60 seconds] │ 13:51:07 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [75 similar message(s) suppressed in last 60 seconds] │ 13:50:52 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [601 similar message(s) suppressed in last 60 seconds] │ 13:48:39 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [99 similar message(s) suppressed in last 60 seconds] │ 13:47:34 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [22 similar message(s) suppressed in last 60 seconds] │ 13:46:17 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [253 similar message(s) suppressed in last 60 seconds] │ 13:43:47 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [1396 similar message(s) suppressed in last 60 │ seconds] │ 13:42:48 [WARN] Your computer is too slow to handle this many circuit creation │ requests! Please consider using the MaxAdvertisedBandwidth config option or choosing │ a more restricted exit policy. [16 similar message(s) suppressed in last 60 seconds] Here's how it crashed my router (blowing ip_conntrack limits is sufficient only to mess up many of my TCP connections, but eventually the router runs out of memory and starts killing processes): May 4 13:51:24 dedmaus user.warn kernel: ip_conntrack: table full, dropping packet. May 4 13:51:24 dedmaus user.warn kernel: ip_conntrack: table full, dropping packet. May 4 13:51:24 dedmaus user.warn kernel: ip_conntrack: table full, dropping packet. May 4 13:51:25 dedmaus user.warn kernel: ip_conntrack: table full, dropping packet. May 4 13:51:29 dedmaus user.warn kernel: NET: 152 messages suppressed. May 4
Re: [tor-relays] Relay identity
On 7/7/2013 9:35 AM, Jochen wrote: Hello, I want to create a Raspberry PI image with preinstalled TOR relay for some friends. I will also include a config script to customize torrc (Nickname etc.). I also need to generate a new identity key in this script, so that every node is unique. But I don't know how to generate a new identity. Is there a command to do that, or must I remove /var/lib/*tor*/keys/? Just don't include any keys in the image. New keys/fingerprints are generated during the bootstrapping process if they don't already exist, and are independent of anything in the torrc, so not including any keys in the image will cause each new relay to generate their own unique keys the first time they run. ~Justin Aplin ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
