Re: [tor-relays] new installation of an established TOR relay (RJ Hofmann)

2020-12-28 Thread Wilton Gorske 

Hey RJH,

Yep. This has happened to me with my Raspberry Pi too (nickname: 
mutualaid). Be sure you make a copy somewhere safe of kitchenaid's keys 
found in /var/lib/tor/keys to pick up where you left off next time.


Given the network's extra capacity, I doubt core developers and the 
community will focus on finding a way to fasttrack a relay's reputation, 
let alone backing up the private keys in a secure way.


It's up to relay operators to create copies of their keys. 
Alternatively, you can also just do period backups of the entire SD card 
for the Raspberry Pi relay. Either way, thanks for running one.


In solidarity,
Wilton

tor-relays-requ...@lists.torproject.org:

Message: 2
Date: Sun, 27 Dec 2020 13:50:03 +0100
From: RJ Hofmann
To:tor-relays@lists.torproject.org
Subject: [tor-relays] new installation of an established TOR relay
Message-ID:<04381f44-8483-4ace-8928-6e008fb88...@weltzustand.de>
Content-Type: text/plain; charset="utf-8"

Hello there,

caused by a temporary failure of the raspberry I had to completely renew 
installation of my TOR relay nicknamed mosaik.

The new installtion is already up and running, but since I had no copies of 
keys and fingerprints the new relay is completely new in terms of consensus 
weight etc..

I wonder if it is helpful in any way to inform you about this change as to 
accelerate the relay?s ?reputation? to make it fully functional for the 
community on the fast track.

Anyway the relay will work its way up to its former capabilities.

The old relay named ?mosaik? (see screenshot) is no longer existing, the new 
one is now called ?kitchenaid? (see screenshot) and active at its former speed.

with best wishes
RJH

-- next part --
An HTML attachment was scrubbed...
URL:
-- next part --
A non-text attachment was scrubbed...
Name: mosaik history.png
Type: image/png
Size: 284723 bytes
Desc: not available
URL:
-- next part --
A non-text attachment was scrubbed...
Name: kitchenaid history.png
Type: image/png
Size: 221570 bytes
Desc: not available
URL:
--




OpenPGP_signature
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Multiple obsf4 Bridge Relays on macOS

2020-04-14 Thread Wilton Gorske 
Hi all,

Firstly, I hope you're taking care and staying safe (against pandemics
and surveillance, especially considering how the latter is taking
advantage of the former).

Secondly, and mainly, I am working on setting up ten obsf4 bridge relays
on macOS and keep running into port issues, so I'm hoping to get some
general advice and guidance about how to set this up in the absence of
updated macOS tutorials online.

These bridge relays are going to run on one macOS server. Knowing that
they can each have their own dedicated IP address, could someone advise
how to best set up these multiple obsf4 bridge instances so each can be
run (tor -f /usr/local/etc/tor/torrc.1, torrc.2, torrc.3, etc...) under
one non-root user with only two public ports open on the data center
network (80 and 443)? I'm getting stuck at the port reachability phase,
and even more so when trying to run multiple instances with
forwarding/binding warnings.

The Application Level Firewall allows certain granted programs
(tor/tor-gencert/tor-print-ed-signing-cert/tor-resolve/torify/obfs4proxy)
the ability to open or accept a network socket. By editing the macOS
network system settings to route port 80 to 9005, and noting ORPort 80
NoListen ORPort 0.0.0.0:9005 NoAdvertise in the torrc, that works
correctly (including routing 443 for obfs4proxy). Running a second
instance is where it seems to break down. Is there a way to have
multiple tor instances sharing a port?

My guess is the main issue is that at the system routing level, I need a
way to note each IP and port so it goes to the right tor instance.
Currently, the forwarding is set up like:
rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port
9005
I'm guessing I need some way to designate IP XX.XXX.XX.120 -> port 9005
(torrc.1), XX.XXX.XX.121 -> port 9006 (torrc.2), XX.XXX.XX.122 -> port
9007 (torrc.3), etc. Is that correct?

A copy of my notes and configurations so far can be found here:
http://5jp7xtmox6jyoqd5.onion/p/ISjeXEW-vt8H1s89bwSW

Please feel free to make suggestions or edits directly in that etherpad.
I'm sure there are multiple ways to do this, but I definitely want to
make sure I am using the most secure method as opposed to the easiest or
quickest... Thanks for any help in advance.

All the best,
Wilton



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays