Re: [tor-relays] Please enable IPv6 on your relay!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I just enabled four relays, who has the next two? ^_^ //Brian Ana Lucia Cortez: > > On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote: > > Come on guys, we only need 6 more IPv6 relays to help Moritz out > of his depression ... > > >> We still have a depressingly low number of relays that support >> IPv6 (currently only ~120 of ~1900 relays). > > Thats 6.3% IPv6 adoption rate amongst Tor relays, while todays > global overall IPv6 adoption rate is 6.6% according to > https://www.google.com/intl/en/ipv6/statistics.html. > > ___ tor-relays mailing > list tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJVUuTrAAoJEFjBjkteF9VaeSUP/jvhXTqCxz67Re8T7Md/j3Mc GWoiEo4sgOXsa7lD4XrJNslkGf3niwLrNk/tXQf7Jl5xTlo2aO1F9927lyO690Nm Z2Qo4rZMJK/XQy7SAO+BFCQLUJwk2zUHuBcQ2b0icA+zM1/9T7L9x6aeVvlXwER/ xgmYDFrVgHPUdi0yHGnUhbSEeahc47z7pSdXNU8vA7Srsy+FsBuF+02MRC6dmTQp nZnDbJOEMUeE4VTX0X9ID0ERO+VyzHvj+NtYFB7h3HOn5Tx4OmcVuEBZXyerbyGo mm4Her59X21WcCLHSqj1dtvOitsXD2b3OzeQCa0ULDTFeSWZxYZ3QAYVgS61l60u P9nuKRk8e6Cwi0Wv9hBI3KwJGOt1AT+f79LrMX+k+5si9jB/fiPEr2BFdx8PC9rS N7w3HGKG4tuR0/iBgp01lVxdpJONqUZ5tueFUUIQcrsF/mClLoGvp8eezuub2c3L 5/h5CpopxUpJ4pQBwsuLHP9EW0mxH0INOqRJqoo/6tNSHDVBG/xvHvRXU6hDAEn2 a3GpXKDLF0Qd6+YkDbM7+jk47i9ViB0PmwFDNOHMYAqokp4AxMzFmwaoxOBnnnsa vMoqubOyWjUHxlyHmboRHywkV46XuDXB4dGPg9qy0cAs+jXgpgWTaAihBVnUCYqF 16laWRMOogy27AgbDuAd =flm3 -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please enable IPv6 on your relay!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote: Come on guys, we only need 6 more IPv6 relays to help Moritz out of his depression ... > > We still have a depressingly low number of relays that support > IPv6 (currently only ~120 of ~1900 relays). Thats 6.3% IPv6 adoption rate amongst Tor relays, while todays global overall IPv6 adoption rate is 6.6% according to https://www.google.com/intl/en/ipv6/statistics.html. -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJVUrmsXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1ODMzNjFDQzQ3RjU4RjJGRTVEMzFERUM3 NDk4QUQzNjFFNDA3NzFFAAoJEHSYrTYeQHceeDEP+wWfwoz2qihd32VMduKFrRTb NBpYviwcwZ7hpDWuW8ffUaSkhpQaq39s9v3eRv8t/GlPHp69KwhSCqDCAlyEK4rP jW9butfhm//9/m73X6pY0NJvlU/zo0k1bCfOVaqgRsTeYV/ibqJ0MeXub8RtNLU8 axSfdMsn4rBaDIMux1vJgtf+PxPS45AIuYcipN6XKZq1latogWHhK1bWWiUexqXE 1Qa8Jlv60bdJ0Yi3zjiVQ7mDWFFeUa24Wj/hEHbIDzHQHkcmNkknsLE2wo6O78Ne YwlvAYvuGbjieEFLAht/vZZaTrmVWDpq2ioeoGlc6thIUqzJXOhmQOKoCLcix2n2 uKp6KivaDEUphDeU6aLmO/rRDHah+DgeOlBbVC+zno6cfSGVA3rm1XthnBtowz5S PBhMK5J9YTCaY25xIAWKHkKB9jj/+3CQPcIrt+d3OPqKK4tcUXlSsimhVW3qOqQX 6lQP17F4mioK0+l9bAkdsw2LOfiQVMTINAMxQyhde8UOzQvJN7M6fQjwflsK62q6 ZIwATKyvwrwyd7Q9MIKLdLjNg2z4BPdXzUM2YwUtVKFz0dZrhlZ1FPF8mexToKi7 GZMt9syGZFrHQO0QTOQlNRu5WQ8JJjc/oiIMKYpDTWbC/5CCLoU58Y9XmXiRBIBV AAdkU23drbH69ezssmw6 =7Fxj -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Authdir is rejecting routers in this range
Hi Tim, > On 12 May 2015, at 21:52, Tim Semeijn wrote: > In my venture to find more ISPs to house Tor Exit nodes I have > recently set up a node in Switzerland (Private Layer - 179.43.160.41). > When running Tor 6 out of 9 Authdirs are rejecting the node: thanks for running a relay. The IP address is part of a block of addresses blocked since some time in 2014 due to an active sybil attack originating there. > Can anyone shed some light on why this range would be blocked and if > there is any chance it will get accepted again in the near future? Please send mail to the bad-relays list to coordinate a possible lift of the block, especially considering the attacking relays are most likely gone now. Cheers Sebastian signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please enable IPv6 on your relay!
Aaron Hopkins: > I tried configuring this a while ago, but got confused by what > appeared to be conflicting documentation for IPv6 exit policies. Is > the ExitPolicy for IPv6 completely separate (only using > accept6/reject6 lines) or does it also make use of lines like > "ExitPolicy accept *:80" which mention a port but not an IPv4 IP? Wildcard accept/reject policies seem to catch both IPv6 and v4 going from the comment (and code) in src/or/routerparse.c[1]: > /** Parse the addr policy in the string s and return it. If > * assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or > * ADDR_POLICY_REJECT) for items that specify no action. > * > * The addr_policy_t returned by this function can have its address set to > * AF_UNSPEC for '*'. Use policy_expand_unspec() to turn this into a pair > * of AF_INET and AF_INET6 items. > */ [1] https://gitweb.torproject.org/tor.git/tree/src/or/routerparse.c?id=tor-0.2.7.1-alpha#n3354 (Opening that link may hang tbb for a bit) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Port configuration on non-exit relay
Hi all, I'm running a non-exit on Amazon EC2. I followed the (out-of-date) docs online (which are no longer online!), which instructed me to open the following inbound ports in the security policy: 52176, 40872, 22, 443. Obviously 22 is for SSH, and 443 seems to be the standard choice for ORPort. What are the other two for? They don't seem to be used; should I disable them? The other thing is: I've enabled obfsproxy with obfs3 and obfs4 bound to different ports on 0.0.0.0: ServerTransportListenAddr obfs3 0.0.0.0:587 ServerTransportListenAddr obfs4 0.0.0.0:80 Is that optimal? Presumably also: - I should add additional lines for listening on [::] on the same ports to enable ipv6 obfsproxy connections; - I should also open these ports in the security policy? Best wishes, allicoder -- PGP key available on request signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please enable IPv6 on your relay!
Hi all, On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote: > We still have a depressingly low number of relays that support IPv6 > (currently only ~120 of ~1900 relays). If your host supports IPv6, > please enable it, especially if you run an exit! This has to be done > explicitly. Thanks for the nudge! So I'm trying to do this and hit a few snags (noob alert!): 0. I'm using the ec2 config; I think this is quite old, as it has both an ORPort and an ORListenAddress line, and the man page says the latter is deprecated. Furthermore, adding another ORPort line makes it choke on reading it: May 12 23:04:48.219 [warn] ORListenAddress can't be used when there are multiple ORPort lines May 12 23:04:48.219 [warn] Failed to parse/validate config: Invalid ORPort/ORListenAddress configuration May 12 23:04:48.219 [err] Reading config failed--see warnings above. Commenting out ORListenAddress seems to make it work - but I'm not quite sure why it was there. Should I be worried? I had ORPort 443 ORListenAddress 0.0.0.0:9001 1. IPv6 address: my first thought was to get this from the ipv6 address listed for eth0 in ifconfig. No such luck - it gives me a link-local address, and tor doesn't like that. May 12 23:07:35.311 [warn] Could not bind to fe80::443: Invalid argument May 12 23:07:35.311 [warn] Failed to parse/validate config: Failed to bind one of the listener ports. May 12 23:07:35.311 [err] Reading config failed--see warnings above. 2. So I put in :: and it works - restarts OK and I can see tor listening on both ipv4 and ipv6 addresses in netstat. Is this bad, though? Listening on lo is obviously fine, and the only other possibility is eth0 which is what I want - but is this good practice? I have some further questions about ports but I'll put those in a separate email. Best wishes, allicoder -- PGP key available on request signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please enable IPv6 on your relay!
On Wed, 13 May 2015, Moritz Bartl wrote: In short, you add: ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:* (or a more open exit policy respectively) I tried configuring this a while ago, but got confused by what appeared to be conflicting documentation for IPv6 exit policies. Is the ExitPolicy for IPv6 completely separate (only using accept6/reject6 lines) or does it also make use of lines like "ExitPolicy accept *:80" which mention a port but not an IPv4 IP? -- Aaron ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please enable IPv6 on your relay!
If atlas shows an IPv6 ORPort, that means it's working correctly, right? -tom On 12 May 2015 at 17:09, Moritz Bartl wrote: > Hi! > > We still have a depressingly low number of relays that support IPv6 > (currently only ~120 of ~1900 relays). If your host supports IPv6, > please enable it, especially if you run an exit! This has to be done > explicitly. > > https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto > > In short, you add: > > ORPort [IPv6::address]:port > IPv6Exit 1 > ExitPolicy reject6 *:* > > (or a more open exit policy respectively) > > Thanks! > -- > Moritz Bartl > https://www.torservers.net/ > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please enable IPv6 on your relay!
On Wednesday 13 May 2015 00:09:45 Moritz Bartl wrote: > If your host supports IPv6, > please enable it, especially if you run an exit! This has to be done Done. Thanks for remembering! -- Bandie Kojote Encrypted and signed messages are welcome. GPG: 0x0607E094 signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Please enable IPv6 on your relay!
Hi! We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly. https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto In short, you add: ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:* (or a more open exit policy respectively) Thanks! -- Moritz Bartl https://www.torservers.net/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Authdir is rejecting routers in this range
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In my venture to find more ISPs to house Tor Exit nodes I have recently set up a node in Switzerland (Private Layer - 179.43.160.41). When running Tor 6 out of 9 Authdirs are rejecting the node: - May 12 20:31:02.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '86.59.21.38:80'. Please correct. May 12 20:31:02.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '131.188.40.189:80'. Please correct. May 12 20:31:02.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '171.25.193.9:443'. Please correct. May 12 20:31:02.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '208.83.223.34:443'. Please correct. May 12 20:31:02.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '199.254.238.52:80'. Please correct. May 12 20:32:04.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '154.35.175.225:80'. Please correct. - I looked through the mailing lists and blog posts to find out if this range was mentioned somewhere to see why it gets rejected but I could not find anything. Can anyone shed some light on why this range would be blocked and if there is any chance it will get accepted again in the near future? Best regards, - -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJVUloCAAoJEIZioqpbik3fc/UQAKWstydq4S2OjRko7jhd1oXS kcde4a39nk1lvB/YtHCZJtHVkyypnLbdjmvPlcVSIk3Qqaj/40lu05caWThq5ZgI y90SEnumUHaWslYtKVUAFmgQAXv7lkAs6Svf3ZxZ9PT+NQMpWhyrrlmJ2hakF01Q /z46NU9YhL2dqCXG/w75gmrP87aYZ/2jOMIEZxi4ZIp6OlJXIGoaI8lCQrYWFstH zuC1JDnPwgGhqnB//JBKilrwEalk/kXZDodWpHvllUDqywvn1OOn/Do2JRETqxuV czVy7Ez/s19fk1ltWZyblDS6xsT0gYowH3c0zYovY/s0G1Y7KD50Jr1MEVpiv19/ 9NBHErEUEec8C+h6UoiSXoDKg5Q999uEtMJNJ0/AzlvyWN3+eXtNc/XmBpxzbIGR gQ+w30vyQNwXJFZkpq0wGIXSbXWpsgKYyxNRnokCNFx/AQpjGFUBauXDj5EcpzXJ m3on4LHH9IYbek3EKjhivJ2MjK5lRfjtINtoBx8nanliOY21Pf9js+bAxDFhorhZ wFdijEVGvoUlu/SWOlEuaQlNSBoVXxqBQQo/MVSgJpMUNRngshQslg9qI42Bd5Pn pxJ44X161/PUdChWc6hQ01dAXLNFR07+1OT/9vnSRBaaHFsstU3gI99hFZ1chhps BK+QwwxupISJchliUZZ1 =nWDs -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays