Re: [tor-relays] Pool of IP Addresses
> It is not uncommon that a login session is tied to an IP address, so not > having a fixed exit IP address is probably a bad idea now that I think > more about it (or at least not without tor handling how exit IPs are used). Yes randomly changing source IPs without stream awareness is a bad idea. Tor Browser avoids changing source IP for a given destination for this very reason. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Pool of IP Addresses
Hi, On 04/05/2019 23:32, amytain wrote: > So I could possibly use a firewall/ip-asa rule to go through the ips and just > specify one in the torrc then Exactly. I'm not sure about ASA specifically, but I know Cisco IOS supports "pools" for NATs. One issue that might happen here though is if this is distributing per connection then users might find they get logged out of services with different IP addresses showing up at the server. It is not uncommon that a login session is tied to an IP address, so not having a fixed exit IP address is probably a bad idea now that I think more about it (or at least not without tor handling how exit IPs are used). Thanks, Iain. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Support tunneling
Would it be possible to support gre tunneling for the inbound IP for the exit and outbound ips? Sent with [ProtonMail](https://protonmail.com) Secure Email.___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Pool of IP Addresses
amytain: > Is it possible to have a pool of ip addresses as the outbound ip > addresses instead of just one? it is currently not possible but it would be worthwhile to have that feature in tor. I wrote about this last year on the tor-dev mailing list and I'd like to write a proposal for it eventually. This will not be in tor anytime soon though. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Pool of IP Addresses
So I could possibly use a firewall/ip-asa rule to go through the ips and just specify one in the torrc then Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Saturday, May 4, 2019 9:47 PM, Iain Learmonth wrote: > Hi, > > On 04/05/2019 22:17, amytain wrote: > > > Is it possible to have a pool of ip addresses as the outbound ip > > addresses instead of just one? > > Not as I understand it from reading the torrc manual page, although you > might be able to implement something like this through NAT rules on your > firewall. > > You can advertise multiple OR ports for incoming connections (I think) > but if you advertise too many your server descriptor will become too > large (it contains all your OR port addresses) and will not be accepted. > Every time your addresses change in server descriptors it resets a bunch > of timers, and the directory authorities see you as less "stable", so > it's best to not make regular changes there. > > Thanks, > Iain. > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Pool of IP Addresses
Hi, On 04/05/2019 22:17, amytain wrote: > Is it possible to have a pool of ip addresses as the outbound ip > addresses instead of just one? Not as I understand it from reading the torrc manual page, although you might be able to implement something like this through NAT rules on your firewall. You can advertise multiple OR ports for incoming connections (I think) but if you advertise too many your server descriptor will become too large (it contains all your OR port addresses) and will not be accepted. Every time your addresses change in server descriptors it resets a bunch of timers, and the directory authorities see you as less "stable", so it's best to not make regular changes there. Thanks, Iain. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Pool of IP Addresses
Is it possible to have a pool of ip addresses as the outbound ip addresses instead of just one?___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Updates
Hi, Just on the Tor updates side of your mail: On 04/05/2019 21:06, Keifer Bly wrote: > So I am aware a new version of tor is now available, but am wondering, > is there a way for relay / bridge operators to be notified when a new > version of tor is available? Right now, it seems like the only way of > knowing if an update for tor is available for our OS is to manually > check. Thanks. Yes! There is a low traffic mailing list for exactly this purpose: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce I've been thinking about Nagios plugins again, but I'm not sure how many relay operators are using Nagios. I wonder if we should have some JSON somewhere that allows you to check the latest stable or LTS Tor releases to compare to the version you have installed (by Onionoo, control port, package manager, or otherwise). Thanks, Iain. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Concern Over Bridge Distribution And Tor Updates
Hello, So I am aware a new version of tor is now available, but am wondering, is there a way for relay / bridge operators to be notified when a new version of tor is available? Right now, it seems like the only way of knowing if an update for tor is available for our OS is to manually check. Thanks. I also wanted to say, I noticed that an available email provider to request bridges from is Yahoo Mail. Here’s my thought, Yahoo (alongside AOL) was bought by Verizon, so they are now owned by a phone carrier / ISP. This makes me wonder if Yahoo is still a safe email provider to send bridges to, seeing as their new privacy policy is essentially allowing them to use emails as public knowledge. Just a thought. Thanks all. --Keifer ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] 10 Years Torservers.net: Death or Future?
* Moritz Bartl: > This is a call for help! I offered to help last year, but my email to your support address did not result in an answer, so I pretty much shrugged it off. I'm sure I can find that message and forward it to you. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] 10 Years Torservers.net: Death or Future?
tl;dr: torservers.net needs a new home! I started torservers.net after a random chat at a local bar some time early 2010. I wore a Tor shirt, and the guy next to me asked if that was "The Onion", the satire magazine. He became pretty excited about Tor after I told him what it was about, opened his wallet and gave me a 100€ bill "to put towards the network". Eventually it turned out that he was an Oracle software developer, so it's kind of funny to think about this as "one of the few good things Oracle has ever done". I thought about it for a bit, and then decided to take the money, which cemented the idea that I have had for quite some time: to get a more beefy machine to "properly" run a Tor exit, sharing the costs with others. Only a few days after I announced this idea on or-talk [1] in May 2010, some crazy Swede wired me another 1000€ (Thanks!). So, bad luck, I really had to do this now! I am still surprised at how successful the fundraising was. In fact, when we finally created a legal envelope of protection around me by starting the Zwiebelfreunde association in 2011, it was already clear that we needed to find others to do the same, instead of growing larger ourselves. The network was a lot different then, and some people tell me we had 80% of the overall exit capacity for quite some time after Olaf shut down his fast Blutmagie exit. So I went on a tour to inspire others. So, here we are, almost 10 years later, with 23 partner organizations in 15 countries. [2] After I got a "real job" in 2013 (that quickly grew into "more than full-time"), and at the same time the first grant money for torservers.net, we tried in many different ways to "recruit" others to "take over". Looking back, of course a lot of things happened and it was a crazy (and fun!) time, but long story short, until now nobody stepped up to take over the core role of a "coordinator" of activities. There are many many offers for help, and even more ideas of what torservers.net could do and be, but all people involved heavily at the beginning (Thanks!) don't have time to coordinate all the wonderful help, and do a proper handover. We tried a couple of times, only to spend a lot of time "training" a poor person to get them somewhat up to speed, but eventually everyone decided they had better things to do than to become frustrated at trying to walk blindly without much guidance. This is not an easy role to step into. If we take the May 2010 announcement as "launch date", the 10 years anniversary will be on May 10th, 2020. My dream would be to celebrate this with a fresh board at Zwiebelfreunde that has taken over the association, and another group that coordinates the international platform that torservers.net was meant to be(come). Of course we will not simply give away the domains and the legal entity and all our exit relays to just anyone. But, hm, yeah, truth is, probably almost anyone! ;-) For some years now, we've talked about the idea of a "relaunch". The most promising idea is to organize a proper Tor Relay Operators Retreat, maybe 50 people or so, with all the great people who have dedicated their lives to this project at some point, and all the great new folks who are as excited as all of us were back then about contributing to the Tor network. It would likely to be possible to convince Open Technology Fund or some other money source to sponsor travel and venue. I've always imagined this to happen in a nice "holiday" setting. At some point, I *will* go with a group of people to this fine venue [3], as an example of how this could look like. So far, I've tried to talk to individuals about it in smaller groups, and never announced it to the broader community in the way I do now. However, I still believe that this can only really be moved forward _in person_. I will do my best to ignore all mails you write to me or in this thread. Please write, coordinate, do everything that you think would be good to do to move this forward, but I don't really have the capacity to lead a good discussion. The only capacity I can offer is that we *need* someone to step up, and grab me at some event in meatspace. Ideally at that point that person is willing to have the A record pointed at some new place under their control, and we can begin the transition. Otherwise we will probably simply kill it for the 10 years anniversary, and finally make room for something new altogether. This is a call for help! Thanks. :-) Moritz P.S.: I will at some point soon post another mail about what I was up to the past years, and what I will be up to in the next few years. Don't worry, I'll still be around. [1] http://archives.seul.org/or/talk/May-2010/msg00058.html [2] https://torservers.net/partners.html [3] For a real Tor Relay Retreat, we would need something larger, but I think this gives you a pretty good idea of how I imagine it to look like: https://www.homeaway.co.uk/p868562 ___ tor-relays mailing