Re: [tor-relays] Bridge operator iat_mode setting
I just added that feature to my bridge today! That line of code should be on the tor site so that bridge runners can automatically add it to their torrc files. Sent from ProtonMail mobile Original Message On Feb 25, 2021, 12:30 PM, Toralf Förster wrote: > On 2/24/21 9:34 PM, William Kane wrote: >> Thank you for running obfs4 bridges with iat_mode != 0, only very few >> obfs4 bridges support the additional traffic obfuscation in both >> directions. > SO why is this not the default? > > -- > Toralf > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6
Roman Mamedov a écrit : > On Thu, 25 Feb 2021 16:54:50 +0100 > Casper wrote: > > > I found a "kind of solution" about that. > > > > Behind my fibre optique, I took 26000-26999 tcp ports with the NAT for > > IPv4 > > > > so I have 1 relay using pop3/pop3s for IPv4/IPv6, and many "little" > > relays on the range 26000-26999 for IPv4/IPv6. > > The network will only accept 2 relays per each IPv4, so "many" relays on the > same IPv4 but on different port will be unworkable, there can be just one > more. For now I have exactly 2 relays on 1 IPv4, but I planned to provide more. Is there any workaround to bypass this limitation ? -- GnuPG: AE157E0B29F0BEF2 at keys.openpgp.org CA Cert: https://dl.casperlefantom.net/pub/ssl/root.der signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
On 2/25/21 6:32 PM, niftybunny wrote: And why did I read about this the first time in a mailing list? +1 -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
> On 25. Feb 2021, at 18:30, Toralf Förster wrote: > > On 2/24/21 9:34 PM, William Kane wrote: >> Thank you for running obfs4 bridges with iat_mode != 0, only very few >> obfs4 bridges support the additional traffic obfuscation in both >> directions. > SO why is this not the default? And why did I read about this the first time in a mailing list? > > -- > Toralf > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
On 2/24/21 9:34 PM, William Kane wrote: Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. SO why is this not the default? -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6
On Thu, 25 Feb 2021 16:54:50 +0100 Casper wrote: > I found a "kind of solution" about that. > > Behind my fibre optique, I took 26000-26999 tcp ports with the NAT for > IPv4 > > so I have 1 relay using pop3/pop3s for IPv4/IPv6, and many "little" > relays on the range 26000-26999 for IPv4/IPv6. The network will only accept 2 relays per each IPv4, so "many" relays on the same IPv4 but on different port will be unworkable, there can be just one more. -- With respect, Roman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6
David Goulet a écrit : > On 24 Feb (12:02:11), Dr Gerard Bulger wrote: > > I am sure I am not alone in having much wasted bandwidth that could be put > > to good Tor use but they are only accessible via IPv6, while they can exit > > of course IPv4 and IPv6 I found a "kind of solution" about that. Behind my fibre optique, I took 26000-26999 tcp ports with the NAT for IPv4 so I have 1 relay using pop3/pop3s for IPv4/IPv6, and many "little" relays on the range 26000-26999 for IPv4/IPv6. talking about port range, here is my question: is there a better range to use and to make tor traffic as discret as possible ? Best regards, Casper -- GnuPG: AE157E0B29F0BEF2 at keys.openpgp.org CA Cert: https://dl.casperlefantom.net/pub/ssl/root.der signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6
"One of the property that the network should have (even though it is not always true) is that every relays should be able to talk to every other relays. And thus if we have IPv4 only relays that cannot talk to IPv6 relays only, we partition the network and this is no good." A very good point, but means we are stuck with IPv4 "both ways" forever. There are many situations now (CGNAT for example) where only way in to potential server is via an IPv6 address via pinhole on the router. A device with IPv6 only OR port input route can almost always connect outgoing to all IPv4 addresses.I was not thinking of entirely IPv6. Just being able to define the OR port as IPv6 when not having a viable IPv4 route in, IPv4 out is OK. For other purposes I have SOCAT on my VPS running so IPv4 ran reach my IPv6 machines behind the Fibre internet company's shared IPv4 CGNAT "firewall"). I cannot have my personal VPS seen as a Tor node, so cannot do that. Gerry -Original Message- From: tor-relays On Behalf Of David Goulet Sent: 25 February 2021 13:16 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] IPv6 On 24 Feb (12:02:11), Dr Gerard Bulger wrote: > Thinking of IPv6: > > How far has the team got in implementing IPv6 only OR port facility ? As of tor 0.4.5.x release, IPv6 is fully supported for tor clients and relays. > > Currently you can only run tor relay of any sort if there is open IPv4 > OR port to the internet. This is getting a bit quaint. That is one piece of it. We still require an IPv4 as in a relay can not run with *only* an IPv6 at the moment. One of the property that the network should have (even though it is not always true) is that every relays should be able to talk to every other relays. And thus if we have IPv4 only relays that can not talk to IPv6 relays only, we partition the network and this is no good. > > I am sure I am not alone in having much wasted bandwidth that could be > put to good Tor use but they are only accessible via IPv6, while they > can exit of course IPv4 and IPv6 > > I realise that so far, despite IPv6 being open on my main exit for > some years, there is still little IPv6 traffic, but that might suddenly change. As the network migrates to tor >= 0.4.5.x, inter relay communication will start to ramp up on IPv6. Cheers! David -- E7wflFgKE/E5SRn+WXE1QvJTtRMvCV3b2OGyVzMvXSY= ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6 auto-discovery vs. privacy extensions
On 24 Feb (11:08:15), Onion Operator wrote: > Saluton, > > My relay started to log this message since 0.4.5.5: > > Auto-discovered IPv6 address [...]:443 has not been found reachable. However, > IPv4 address is reachable. Publishing server descriptor without IPv6 address. > [2 similar message(s) suppressed in last 2400 seconds] > > I think it started with the introduction of IPv6 auto-discovery. > > The problem, as I understand it, is that my relay has IPv6 privacy > extensions enabled and therefore the IPv6 detection logic gets > fooled. Indeed the IPv6 I see in the logs is one of the temporary > addresses used as client towards other relays. > > Relevant config is: > > ORPort 443 IPv4Only > ORPort [...]:443 IPv6Only > > I added the IPv{4,6}Only options only in searching a solution to this > problem, before 0.4.5.5 the IPv6 relay worked perfectly without. > > In reading the documentation of AddressDisableIPv6 I got the > impression that if (any?) ORPort is configured with IPv4Only the > IPv6 auto-discovery gets disabled but evidence does not support my > understanding. Is it a bug? > > Any other way to disable IPv6 auto-discovery? "AddressDisableIPv6 1" should do it. Also, "ORPort 443 IPv4Only" _only_ should also not make your tor auto-discover IPv6 at all. If it does, we have a bug! Sending us debug logs (even in private to my address) would be helpful in that case. The last option is to "pin" an IPv6 by using either "Address" or directly in the ORPort with "ORPort IP:PORT". Thanks! David -- E7wflFgKE/E5SRn+WXE1QvJTtRMvCV3b2OGyVzMvXSY= signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6
On 24 Feb (12:02:11), Dr Gerard Bulger wrote: > Thinking of IPv6: > > How far has the team got in implementing IPv6 only OR port facility ? As of tor 0.4.5.x release, IPv6 is fully supported for tor clients and relays. > > Currently you can only run tor relay of any sort if there is open IPv4 OR > port to the internet. This is getting a bit quaint. That is one piece of it. We still require an IPv4 as in a relay can not run with *only* an IPv6 at the moment. One of the property that the network should have (even though it is not always true) is that every relays should be able to talk to every other relays. And thus if we have IPv4 only relays that can not talk to IPv6 relays only, we partition the network and this is no good. > > I am sure I am not alone in having much wasted bandwidth that could be put > to good Tor use but they are only accessible via IPv6, while they can exit > of course IPv4 and IPv6 > > I realise that so far, despite IPv6 being open on my main exit for some > years, there is still little IPv6 traffic, but that might suddenly change. As the network migrates to tor >= 0.4.5.x, inter relay communication will start to ramp up on IPv6. Cheers! David -- E7wflFgKE/E5SRn+WXE1QvJTtRMvCV3b2OGyVzMvXSY= signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
"ServerTransportOptions obfs4 iat-mode=2" in torrc On February 25, 2021 11:16:52 AM GMT+03:00, "Toralf Förster" wrote: >On 2/24/21 9:34 PM, William Kane wrote: >> Thank you for running obfs4 bridges with iat_mode != 0, only very few >> obfs4 bridges support the additional traffic obfuscation in both >> directions. > >At my client I have iat_mode=2 set but I do wonder how to set that as >default at a bridge? > >-- >Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
On 2/24/2021 12:34 PM, William Kane wrote: Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. Kudos to you my friend. - William Should I take this as a recommendation to update my bridges to support iat_mode=2. Cheers. 2021-02-23 1:18 GMT, torjoy : Hi All, I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it? Best regards, Luiz Sent with [ProtonMail](https://protonmail.com) Secure Email. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- This e-mail was checked for spam by the freeware edition of CleanMail. The freeware edition is restricted to personal and non-commercial use. You can remove this notice by purchasing a commercial license: http://antispam.byteplant.com/products/cleanmail/index.html ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
On 2/24/21 9:34 PM, William Kane wrote: Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. At my client I have iat_mode=2 set but I do wonder how to set that as default at a bridge? -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays