Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[gus]

Hello,

Another update:

As it's very hard to get a vantage point in the country[1], we've asked
feedback from users to understand what works there. But, if by any chance
you have access to a machine hosted there, do let me know! You can
contact me in private. :)

Based on user feedback, we learned that obfs4 bridges running on
residential connections + port 80, 443 or 8080 works in Turkmenistan.
Last week I asked some operators to change their bridge obfs4 port and
it worked!

Unfortunately, users reported that censors blocked some bridges. You can
even see that on Tor Metrics graph. For example:
- 
https://metrics.torproject.org/rs.html#details/D1302AC19A71BED956C568AC79DF0048E61D8A2E
 
- 
https://metrics.torproject.org/rs.html#details/A811AAB7771434CE0DD4D3942173E65DEC49B962

If you're operating these bridges and can easily rotate the IP address, please
do!

Finally, if you want to learn more about censorship in Turkmenistan, you
can check this great presentation[2] from last year.

Thanks for running bridges!
Gus

[1] https://ntc.party/t/vps/2804/9
[2] https://drive.google.com/file/d/1odIO1Bi9laU-B-JZMoZFWGEwkTl95oq9/view

On Thu, Mar 23, 2023 at 01:00:17PM -0300, gus wrote:
> Hello, just a quick update:
> 
> Some friends from Turkmenistan told me that they don't think this new
> round of online censorship is related to the upcoming elections,
> because it's just a "formal" event. In general, they said, shutdowns and
> internet disruptions are motivated by other events like:
>  - when Russian Duma speaker arrived in TM
>  - the wedding day of the president's grandson
> 
> Anyway, today we tested some of bridges that you shared with us and I replied
> back saying which ones worked and which ones didn't.
> 
> Thank you for running a bridge!,
> Gus
> 
> On Wed, Mar 22, 2023 at 04:25:05PM -0300, gus wrote:
> > Dear Relay operators community,
> > 
> > The parliamentary elections in Turkmenistan are coming up very soon on
> > March 26th[1], and the Turkmen government has tightened internet censorship
> > and restrictions even more. In the last few months, the Anti-censorship
> > community has learned that different pluggable transports, like
> > Snowflake, and entire IP ranges, have been blocked in the country.
> > Therefore, running a bridge on popular hosting providers like Hetzner,
> > Digital Ocean, Linode, and AWS won't help as these providers' IP ranges
> > are completely blocked in Turkmenistan.
> > 
> > Recently, we learned from the Anti-censorship community[2] and via Tor user
> > support channels that Tor bridges running on residential connections
> > were working fine. Although they were blocked after some days or a week,
> > these bridges received a lot of users and were very important to keep
> > Turkmens connected.
> > 
> > How to help Turkmens to access the Internet
> > ===
> > 
> > You can help Turkmens to access the free and open internet by running an
> > obfs4 Tor bridge! But here's the trick: you need to run it on a
> > residential connection -- you won't need a static IPv4 --, and it would
> > ideally be run on more robust hardware than just a Raspberry Pi
> > (although that can help, we have found they can get overloaded).
> > 
> > You can set up an obfs4 bridge by following our official guide:
> > https://community.torproject.org/relay/setup/bridge/
> > 
> > After you setup a new bridge, you can share your bridge line with the
> > Tor support team at frontd...@torproject.org, and we will share it with
> > users.
> > 
> > A complete bridge line is composed of:
> > 
> > IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0
> > 
> > Check this documentation to learn how to share your bridge line:
> > https://community.torproject.org/relay/setup/bridge/post-install/
> > 
> > Just sharing your bridge fingerprint is not the best, but it's fine.
> > 
> > You can read more about censorship against Tor in Turkmenistan here:
> >   - 
> > https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40029
> >   - Snowflake blocked:
> > 
> > https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024
> > 
> > Thank you for your support in helping to keep the internet free and open
> > for everyone.
> > 
> > Gus
> > 
> > [1] https://en.wikipedia.org/wiki/2023_Turkmen_parliamentary_election
> > [2] 
> > https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17
> > https://github.com/net4people/bbs/issues/80
> > 
> > -- 
> > The Tor Project
> > Community Team Lead
> 
> 
> 
> > ___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> -- 
> The Tor Project
> Community Team Lead



-- 
The Tor Project
Community Team Lead


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torpro

Re: [tor-relays] Relay Bandwidth

[Bauruine]

Hi

You can use AccountingMax [0] for this. Note that if you set this to 
2900 Gbytes (You should leave some bandwidth for overhead and OS updates 
etc.) it will use 2900 Gbytes outgoing and 2900 Gbytes incoming. 
Depending on how DO calculates traffic you have do divide it by 2 or set 
AccountingRule to not go over the 3TB limit. "man tor" has a detailed 
descriptions for the possible options.


Bauruine

[0] https://support.torproject.org/relay-operators/limit-total-bandwidth/

On 31.03.23 21:34, sysmanager7 via tor-relays wrote:

Greetings all!

Setting up a new Digital Ocean Tor Relay. DO is giving me 3000 Gig a 
month. Is there a tutorial that I can use to calculate the bandwidth? 
I've searched around the web and for some reason people seem to dance 
around the question.  They give examples not relevant to me and zero 
math showing how the came to their answer.


As usual, any help will be appreciated :-)

Sysmanager7

Sent with Proton Mail  secure email.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Relay Bandwidth

[sysmanager7 via tor-relays]

Greetings all!

Setting up a new Digital Ocean Tor Relay. DO is giving me 3000 Gig a month. Is 
there a tutorial that I can use to calculate the bandwidth? I've searched 
around the web and for some reason people seem to dance around the question. 
They give examples not relevant to me and zero math showing how the came to 
their answer.

As usual, any help will be appreciated :-)

Sysmanager7

Sent with [Proton Mail](https://proton.me/) secure email.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Selecting Exit Addresses

[denny . obreham]

OK, finally got a configuration that looks like it works:

Address 209.141.39.157
OutboundBindAddress 209.141.39.157
ORPort  209.141.39.157:9001 IPv4Only
ORPort  XXX.XXX.XXX.XXX:443 NoListen
ORPort  XXX.XXX.XXX.XXX:9001 NoListen

Where XXX.XXX.XXX.XXX is the IP I didn't want to be used by my Tor exit relay. 
(The IPv4 flag is probably useless, I just didn't think to take it out after 
adding the IP to the port.)

I'll see if abuse reports for my second IP will stop showing up on 
abuseipdb.com.

Unless you find I did something wrong, thanks for helping,

Denny


denny.obre...@a-n-o-n-y-m-e.net wrote ..
> The second IP is still in "Exit Addresses" with the new configuration ... 
> https://metrics.torproject.org/rs.html#details/3B85067588C3F017D5CCF7D8F65B5881B7D4C97C
>
> torrc:
>
> Address 209.141.39.157
> OutboundBindAddress 209.141.39.157
> ORPort  9001 IPv4Only
>
> Denny
>
> denny.obre...@a-n-o-n-y-m-e.net wrote ..
> > Thanks Marco.
> >
> > First, I had to change my ORPort to 9001 with your proposed configuration 
> > because
> > using 443 caused an error => "Could not bind to 0.0.0.0:443: Address already
> in
> > use. Is Tor already running?"
> > Probably because my other Tor instance (hidden service) is using it.
> >
> > Now I'm just waiting for the metrics to update to see if everything is as 
> > expected.
> >
> > Finally, thanks for the help with IPv6 because I cannot get it to work. 
> > Somehow
> > when I try to check IPv6 availability ( 
> > https://community.torproject.org/relay/setup/post-install/
> > ), I get "ping6: connect: Network is unreachable". I don't have time to set 
> > it
> > up right now (I already spent hours last week) so I'll get back to you for 
> > that.
> >
> > Denny
> >
> > li...@for-privacy.net wrote ..
> > > Hi denny,
> > >
> > > > Hi,
> > > >
> > > > I just activated my first exit relay. (
> > > > https://metrics.torproject.org/rs.html#details/3B85067588C3F017D5CCF7D8F65B
> > > > 5881B7D4C97C ) I had the following in my torrc (plus some other things):
> > >
> > > I've answered the rest to the list.
> > > If you want to enable IPv6 at Frantech/BuyVM:
> > >
> > > First create one in Stallion from your given subnet.
> > > This is what my /etc/network/interfaces looks like at Frantech
> > >
> > >
> > > # This file describes the network interfaces available on your system
> > > # and how to activate them. For more information, see interfaces(5).
> > >
> > > source /etc/network/interfaces.d/*
> > >
> > > # The loopback network interface
> > > auto lo
> > > iface lo inet loopback
> > >
> > > # The primary network interface
> > > allow-hotplug eth0
> > > iface eth0 inet static
> > >   address 104.244.73.43/24
> > >   gateway 104.244.73.1
> > > # dns-* options are implemented by the resolvconf package, if 
> > > installed
> > > dns-nameservers 127.0.0.1 107.189.0.68 107.189.0.69
> > > dns-search for-privacy.net
> > >
> > > iface eth0 inet6 static
> > > address 2605:6400:0030:f78b::2/64
> > > up  ip -6 route add 2605:6400:0030::1 dev eth0
> > > up  ip -6 route add default via 2605:6400:0030::1
> > > down ip -6 route del default via 2605:6400:0030::1
> > > down ip -6 route del 2605:6400:0030::1 dev eth0
> > > dns-nameservers ::1 IPv6ns1 IPv6ns2
> > >
> > >
> > > --
> > > ╰_╯ Ciao Marco!
> > >
> > > Debian GNU/Linux
> > >
> > > It's free software and it gives you freedom!
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays