Re: [tor-relays] Reduced exit and not IPv4 exit traffic at all
Afaik this is not possible. To get the exit flag you need both IPv4 and IPv6 or only IPv4, but IPv6 only relays are not possible. Greetings On 16.02.2022 13:45, yl wrote: Hello all, how can I used a reduced exit policy and don't allow any IPv4 exit traffic? The following line in the top of all the ExitPolicy lines in torrc seems not to work. ExitPolicy reject 0.0.0.0:* What is the order I needed here, first "reject" and then accept or the other way around? Reduced Exit policy like here: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/ReducedExitPolicy Webtropia was a bit unhappy lately when UCEprotect listed the whole /24 for some reason I still don't understand. But then I thought, why not disable IPv4 exit traffic, there is so many IPv6 resources that a IPv6 only Exit should still be fine. Thanks yl ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Home Tor Middle Relay Blacklisted
Hey, afaik it is discouraged to "recycle" an IP that was already known to be a Tor node as a bridge. Also I don't think it is possible to run a node IPv6 only. That being said, if you give have to give up IPv4 for IPv6 depends entirely on your ISP; with mine at home I can choose either IPv4 only or DS-Lite, my parents recently got Dual-Stack IPv6. Greetings Sebastian Elisa On 10.01.2022 02:46, Gary C. New via tor-relays wrote: Fellow Tor Operators: After about 9 months of running Tor as a Middle Relay from my home network, I'm beginning to experience signs of my public semi-static IPv4 address being blacklisted with 403 Forbidden errors from Reuters and Venmo. I've confirmed by successfully accessing both sites with my mobile internet connection. I'm not surprised that Venmo is blacklisting, but extremely surprised I'm being blocked by Reuters. You would think such a organization would be a proponent of free speech. I wouldn't be surprised if Reuters used Tor in some capacity. It doesn't make sense. When Googling my public semi-static IPv4 address, it appears in several Tor blacklists. That being said, I'm at the point that, at a minimum, I will have to ask my ISP to freshen my public semi-static IPv4 address. Previously, when speaking with my ISP, they mentioned offering a static IPv6 address at no cost. I'm wondering if that offer was with the expectation that I would have to give up my existing IPv4 semi-static address? If they provided both IPv4 and IPv6 addresses, at no cost, I'd like to run a Tor Bridge using the semi-static IPv4 address and configure my existing Middle Tor Relay to use the new static IPv6 address. That way, I'll be able to browse unimpeded through the semi-static IPv4 address and not have to be concerned with the static IPv6 address being blacklisted. Are other Tor Operators experiencing similar issues? Will I continue to experience blacklisting issues, even after migrating to a Tor Bridge? What are best practices in moving an existing Tor Relay to a new address, while avoiding the loss of flags? As always, I appreciate the feedback. Respectfully, Gary — This Message Originated by the Sun. iBigBlue 63W Solar Array (~12 Hour Charge) + 2 x Charmast 26800mAh Power Banks = iPhone XS Max 512GB (~2 Weeks Charged) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Maybe the next step in russian Tor discrimination
Hi, I've made the same experience with my node in RU. Greetings, Sebastian Elisa On 02.01.2022 16:09, abuse--- via tor-relays wrote: Very interesting! I have two VPS at different locations with justhost.ru (IQ Data St. Petersburg and DataLine Moscow - AS51659) and have also noticed a change: - on December 30th, both servers could not reach deb.torproject.org and the torproject.org web page. Both IPv4 and IPv6 were blocked. - I tried again today and everything worked fine. I even downloaded the tor browser bundle for Windows over one of the servers just to see if it works. It does and the signature also checks out (verified on a different server outside Russia) - running tor nodes at both locations continues to work Best Regards, Kristian Jan 2, 2022, 08:22 by torrelaysaregr...@gmail.com: Hello, i have a relay at profitserver.ru [1] at their Chelyabinsk location and recently the relay fell out of the consensus. I can ping all authorities with IPv4 and IPv6 and torproject.org [2] is not blocked. I opened the ControlPort and tried to manually create circuits to the authorities. extendcircuit 0 authoritynickname getinfo circuit-status I observed that i can successfully create circuits to no more than three authorities and it seems to change to which authorities i can create circuits. The unsuccessful circuits stay in EXTENDED but never reach BUILT until Tor gives up eventually. Currently no other of my russian relays are affected. I am not an expert with the ControlPort but i hope this is proving what i tried to prove. Here is the conversation with the support: me: Hello, I am running a (non-exit) Tor relay on the VPS and it stopped working a few weeks ago. I can ping the Tor authorities IP addresses but when i try to manually create a Tor circuit it seems to timeout 6 out of 9 times which indicates some blocking attempts on your (or your upstream providers) side. I have a couple of other Tor relays in russia and i have never seen routinely failing manually created circuits to the Tor authorities. Do you block Tor or do you otherwise mess with Tor traffic? support agent: Hello, i can't say something about TOR network, now. We have black box from government, which can control traffic, and perhaps block TOR. Ourselves don't block TOR me: Thanks for your answer. The TSPU from Roskomnadzor that is doing Deep Packet Inspection? I feel with you and all the russian citizens... :( Good luck support agent: Maybe it's a black box If this is indeed their blackbox messing with Tor traffic then it is quite subtile because it does not block torproject.org [2] and pings to the authorities are going through. The relay suddenly was online for one consensus in the last weeks and i can still use it when i manually set it as a Guard in my Tor client. So if you run a relay in russia and you experience weird stuff with it then you may not only want to check if you can reach the authorities by ping but you may want to try to manually craft a circuit to all of them. Hope that helps anyone Cheers Links: -- [1] http://profitserver.ru [2] http://torproject.org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Time Logging
On 05.02.2021 03:05, Kathi wrote: How do I change the time on my tor relay to local time? I'm not into the military/UTC thing at all. It's actually annoying for me. thanks for help!! Hi Kathi, afaik Tor is using the system time(zone). What operating system are you using? If it's something Debian like, try dpkg-reconfigure tzdata as root. Or if you are using systemd timedatectl set-timezone Europe/Vienna should also work.. Greetings ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question: RAM requirement for an exit relay
Hey, I run relays with less RAM and it works fine. A problem with a SoC might be that the hardware cant "help" with crypto stuff (but I am not sure, I've read that somewhere). Also, this sounds like you are planning to run an exit from home, which you shouldn't. Greetings On 15.12.2020 01:44, Amadeus Ramazotti wrote: hey, partly related to original question: I'm planning to set up a new exit. My very first relay. I'm planning to use a small SoC with 2GB ram. Something running on ARM like a raspberry pi. Is this feasible or even a good idea? Regards On 14 Dec 2020, at 15:10, to...@protonmail.com wrote: I have several 1 G RAM exits running unbound without a problem. They never seem to hit swap, either. On FreeBSD: last pid: 83973; load averages: 0.86, 0.71, 0.62 up 130+15:44:28 16:02:04 23 processes: 2 running, 21 sleeping CPU: 43.1% user, 0.0% nice, 2.7% system, 5.5% interrupt, 48.6% idle Mem: 101M Active, 734M Inact, 444M Wired, 151M Buf, 210M Free Swap: 512M Total, 512M Free Go for it, --Torix ‐‐‐ Original Message ‐‐‐ On Monday, December 14, 2020 1:11 PM, wrote: On 14.12.2020 13:58, li...@for-privacy.net wrote: grep VmPeak/proc/$PID/status = 181836 kB A non exit has less: grep VmPeak/proc/$PID/status = 57336 kB tor-proxy-02.for-privacy.net ^^ --- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor relay
On 12.03.2020 08:14, Станислав wrote: 11.03.2020, 22:57, "Sean Greenslade" : On March 9, 2020 3:55:38 AM PDT, "Станислав" wrote: hi.I start second instance of tor, but for some reason it stopped working.after updating the firmware on board pc engines apu2 Mar 09 13:48:46.000 [notice] Bootstrapped 0% (starting): Starting Mar 09 13:49:03.000 [notice] Starting with guard context "default" Mar 09 13:49:03.000 [warn] Unable to parse '/etc/resolv.conf', or no nameservers in '/etc/resolv.conf' (1) Mar 09 13:49:03.000 [warn] Couldn't set up any working nameservers. Network not up yet? Will try again soon. Mar 09 13:49:03.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Mar 09 13:49:04.000 [notice] Bootstrapped 5% (conn): Connecting to a relay Mar 09 13:49:04.000 [warn] Unable to parse '/etc/resolv.conf', or no nameservers in '/etc/resolv.conf' (1) Mar 09 13:49:04.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay Mar 09 13:49:04.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay Mar 09 13:49:05.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done Mar 09 13:49:05.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits Mar 09 13:49:05.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits Mar 09 13:49:05.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit Mar 09 13:49:06.000 [notice] Bootstrapped 100% (done): Done Mar 09 13:50:05.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Publishing server descriptor. Mar 09 13:50:08.000 [notice] Performing bandwidth self-test...done. Mar 09 13:51:32.000 [notice] Received reload signal (hup). Reloading config and resetting internal state. Mar 09 13:51:32.000 [notice] Read configuration file "/etc/tor/torrc1". Mar 09 13:51:32.000 [notice] Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is misconfigured or something else goes wrong. Mar 09 13:51:32.000 [warn] MyFamily is set but ContactInfo is not configured. ContactInfo should always be set when MyFamily option is too. Mar 09 13:51:32.000 [notice] Tor 0.4.2.5 opening log file. Mar 09 13:51:32.000 [warn] Unable to parse '/etc/resolv.conf', or no nameservers in '/etc/resolv.conf' (1) Mar 09 13:51:32.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.4.2.5 ) Mar 09 13:51:32.000 [err] Reading config failed--see warnings above. For usage, try -h. Mar 09 13:51:32.000 [warn] Restart failed (config error?). Exiting. Well, these lines look like a good place to start: Mar 09 13:49:03.000 [warn] Unable to parse '/etc/resolv.conf', or no nameservers in '/etc/resolv.conf' (1) Mar 09 13:49:03.000 [warn] Couldn't set up any working nameservers. Network not up yet? Will try again soon. What are the contents of /etc/resolv.conf ? --Sean ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays С уважением, Станислав 127.0.0.1 ::1 but the errors continue.I run of odhcpd+unbound.on a unbound works dns-over-tls in log torrc these errors.are what could be the problem? Mar 09 15:13:37.000 [warn] Unable to parse '/etc/resolv.conf', or no nameservers in '/etc/resolv.conf' (1) Mar 09 15:23:37.000 [warn] Unable to parse '/etc/resolv.conf', or no nameservers in '/etc/resolv.conf' (1) Mar 09 15:33:37.000 [warn] Unable to parse '/etc/resolv.conf', or no nameservers in '/etc/resolv.conf' (1) Hi, /etc/resolv.conf needs to be formatted like this: nameserver 1.2.3.4 nameserver 4.3.2.1 All the best Sebastian ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays