Re: [tor-relays] Tor Relay Automatic PMTU Testing
On Donnerstag, 22. Februar 2024 08:03:54 CET pasture_clubbed242--- via tor-relays wrote: > I believe there is a larger sized guard relay that has been having MTU > issues for about a week. You are welcome to post the fingerprint or IP of the relay with MTU issues. Or write to him directly if he has a contact address in Tor Metrics. If a relay operator has an error in the config, he would like to correct it. It is quite possible that someone has a typo in ip-/nftables because of the DDOS countermeasures. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] VPS w/FDE suggestions?
On Mittwoch, 21. Februar 2024 18:08:32 CET Bartosz Zieba wrote: > > Don't know what FDE is, but at Frantech/BuyVM you can install everything > > because you can upload your own ISO. > > FDE means Full Disk Encryption. > > Remember, running FDE in virtual environment we give access to > encryption keys to admin of the host machine :) Any admin can make a full backup of a 24/7/365 running KVM or cloud machine. Regardless of whether it is encrypted or not. ;-) Also with dedicated servers or in colocation: Encrypting a Tor relay hd, especially exits, is NOT recommended! In the event of a seizure, it could take months or years to get your server back. We don't host files, we don't have logs. A Tor relay is a dumb router that forwards encrypted traffic. Other than the master identity key's, there is nothing interesting on a Tor relay. Therefore, use offline relay identity keys: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorRelaySecurity/OfflineKeys -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Relay Automatic PMTU Testing
Usually lower MTUs are not a problem for properly configured networks, as even lower MTU systems should begin fragmenting traffic. The issue comes where there is a mismatch, and suddenly, larger than expected packets are dropped. So I think the tor protocol does not need to support identifying relay MTUs, but I'm also unsure if it tests the largest cell size against relays either. Testing a very large cell size should identify if a relay is properly configured. Original Message On Feb 22, 2024, 5:47 AM, s7r - s7r at sky-ip.org wrote: > pasture_clubbed242--- via tor-relays wrote: > Greetings, > > I believe there > is a larger sized guard relay that has been having MTU > issues for about a > week. All connections with packets above a certain > size are dropped. This > results in partially loaded or broken webpages, > broken file downloads, etc. > Do Tor directory authorities test MTU > (implicitly by speed test?) when > testing relays? > > Wondering if anyone else noticed this or if it would be > handled > automatically by dir authorities. > > Thanks all > This is indeed > very interesting. I never experienced this problem but now that you mention > it I will setup a test environment with some non standard MTU values. I doubt > the directory authorities test also the MTU, but it's an interesting > question, let's hope someone hosting a bandwidth authority will reply to > this. Also, I'm not sure and I'm very curios what the bandwidth authorities > should do about this? What if a relay has super good speed but very low MTU? > Should it be excluded and marked as not running? Because it will be very hard > for Tor to also include MTU in the router descriptors and be aware about it. > ___ tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Relay Automatic PMTU Testing
pasture_clubbed242--- via tor-relays wrote: Greetings, I believe there is a larger sized guard relay that has been having MTU issues for about a week. All connections with packets above a certain size are dropped. This results in partially loaded or broken webpages, broken file downloads, etc. Do Tor directory authorities test MTU (implicitly by speed test?) when testing relays? Wondering if anyone else noticed this or if it would be handled automatically by dir authorities. Thanks all This is indeed very interesting. I never experienced this problem but now that you mention it I will setup a test environment with some non standard MTU values. I doubt the directory authorities test also the MTU, but it's an interesting question, let's hope someone hosting a bandwidth authority will reply to this. Also, I'm not sure and I'm very curios what the bandwidth authorities should do about this? What if a relay has super good speed but very low MTU? Should it be excluded and marked as not running? Because it will be very hard for Tor to also include MTU in the router descriptors and be aware about it. OpenPGP_signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Tor Relay Automatic PMTU Testing
Greetings, I believe there is a larger sized guard relay that has been having MTU issues for about a week. All connections with packets above a certain size are dropped. This results in partially loaded or broken webpages, broken file downloads, etc. Do Tor directory authorities test MTU (implicitly by speed test?) when testing relays? Wondering if anyone else noticed this or if it would be handled automatically by dir authorities. Thanks all___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays