Re: [tor-relays] Middle relay IP blocking
Gus, thanks for the advices on both subjects, and the links to the recipes for both the RPI install including TOR updates, and the Snowflake proxy. I 'll try the Snowflake first. Regards, torserver. > Op 08-08-2023 22:39 CEST schreef gus : > > > >Why is there no perfectly detailed instruction to install a relay on the > >Raspberry? > > There are a few projects like pi-relay[1], but if you're using a > Debian-like system, the installation is very straight forward. > > However, the main issue is not the installation. The most significant > issue involves opening and forwarding ports on your modem. Sometimes > this process may require contacting your ISP and asking for support. > > > Snowflake almost uses no data with a few occasional users. I 'd like to use > > my 100 Megabits more efficient. > > If you're seeing just "a few occasional users", maybe you need to check > your NAT settings or your proxy installation. All my snowflake > standalone proxies[2] (NAT type 'unrestricted') are getting more than > 200 connections per hour and ~7 TiB per month. > > cheers, > Gus > > [1] https://github.com/scidsg/pi-relay > [2] https://community.torproject.org/relay/setup/snowflake/standalone/ > > On Tue, Aug 08, 2023 at 07:24:12PM +0200, torserver wrote: > > Roger, > > > > I had the same problem with 3 financial websites blocking my IP address > > while running a middle relay. Exactly 5 days after stopping the relay these > > sites can be reached again. They probably use the same mechanism, visible > > in the TPRB Firefox plug-in. > > > > I run my home relay on a low energy consuming Raspberry Pi. Why is there no > > perfectly detailed instruction to install a relay on the Raspberry? With > > its built-in VNC it can be managed by SSH and remote desktop perfectly. > > Then there is no need for data congestion on a few cheap providers. One > > Watt power consumption only costs 3 Euros a year. > > > > Snowflake almost uses no data with a few occasional users. I 'd like to use > > my 100 Megabits more efficient. > > > > Regards, me. > > > > > Date: Tue, 8 Aug 2023 02:32:03 -0400 > > > From: Roger Dingledine > > > To: tor-relays@lists.torproject.org > > > Subject: Re: [tor-relays] Middle relay IP blocking > > > Message-ID: > > > Content-Type: text/plain; charset=us-ascii > > > > > > On Mon, Aug 07, 2023 at 11:28:32PM +0300, s7r wrote: > > > > While all the above is true, a thing to remember is to make sure we > > > > don't > > > > end up all renting too many VPS'es or dedicated servers in the same > > > > places / > > > > same AS numbers - we need network diversity, it is a very important > > > > factor, > > > > more AS numbers, more providers, more physical locations, etc. So, > > > > running > > > > at home is super good and recommended from this perspective, provides us > > > > with the diversity we need, however not being to login to online > > > > banking to > > > > pay an electricity bill because of a middle relay is also way too > > > > annoying.. > > > > however who can afford the hassle should definitely run a middle relay > > > > or > > > > bridge at home > > > > > > Yes, exactly this. If you are interested in running a non-exit relay at > > > home, and you can tolerate the hassles from occasionally finding that > > > some service doesn't want to hear from you, then you are definitely > > > helping the diversity of the Tor network. > > > > > > Having the Tor traffic concentrated at a few cheapo providers like Hetzner > > > and OVH is not only scary in the sense that too much traffic goes through > > > too few cables, but it's also scary because it increases the appeal for > > > somebody to attack those few companies, either by breaking into their > > > infrastructure to watch traffic or through more traditional insider > > > threats like getting an employee there to help them monitor traffic. > > > > > > The internet already has uncomfortably many bottlenecks -- too few > > > undersea cables, too few Content Distribution Networks (CDNs), too few > > > app stores, etc. > > > > > > > (even Exit relay, I do run an Exit relay at my office place > > > > and I had one police visit in like 8 years or so). > > > > > > Follow this advice only with great cau
Re: [tor-relays] Middle relay IP blocking
On Tuesday, August 8, 2023, 10:24:44 AM MDT, wrote: On Dienstag, 8. August 2023 00:30:38 CEST Gary C. New via tor-relays wrote: > > In addition to network diversity, there is the fact that most individuals > > find it necessary to run an at Home internet connection 24 x 7 x 365. So... > > Other than for the reasons inspired by the subject of this post, why not > > just run a low-resource consuming Tor server at home, too, > Most people definitely have the router on all the time. I saw > this recently >> because I wanted to run a bridge for Turkmenistan at home: > On Ubiquity EdgeOS Router (Vyatta/Debian based) you can > 'apt install tor'> >OPNsense (FreeBSD based): https://docs.opnsense.org/manual/how-tos/tor.html Similarly, Tor can be installed on network devices (i.e., Mikrotik, etc) that use OpenWRT or Entware packages with "opkg install tor". Thanks, again, for dropping some knowledge on us, Marco. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
>Why is there no perfectly detailed instruction to install a relay on the >Raspberry? There are a few projects like pi-relay[1], but if you're using a Debian-like system, the installation is very straight forward. However, the main issue is not the installation. The most significant issue involves opening and forwarding ports on your modem. Sometimes this process may require contacting your ISP and asking for support. > Snowflake almost uses no data with a few occasional users. I 'd like to use > my 100 Megabits more efficient. If you're seeing just "a few occasional users", maybe you need to check your NAT settings or your proxy installation. All my snowflake standalone proxies[2] (NAT type 'unrestricted') are getting more than 200 connections per hour and ~7 TiB per month. cheers, Gus [1] https://github.com/scidsg/pi-relay [2] https://community.torproject.org/relay/setup/snowflake/standalone/ On Tue, Aug 08, 2023 at 07:24:12PM +0200, torserver wrote: > Roger, > > I had the same problem with 3 financial websites blocking my IP address while > running a middle relay. Exactly 5 days after stopping the relay these sites > can be reached again. They probably use the same mechanism, visible in the > TPRB Firefox plug-in. > > I run my home relay on a low energy consuming Raspberry Pi. Why is there no > perfectly detailed instruction to install a relay on the Raspberry? With its > built-in VNC it can be managed by SSH and remote desktop perfectly. Then > there is no need for data congestion on a few cheap providers. One Watt power > consumption only costs 3 Euros a year. > > Snowflake almost uses no data with a few occasional users. I 'd like to use > my 100 Megabits more efficient. > > Regards, me. > > > Date: Tue, 8 Aug 2023 02:32:03 -0400 > > From: Roger Dingledine > > To: tor-relays@lists.torproject.org > > Subject: Re: [tor-relays] Middle relay IP blocking > > Message-ID: > > Content-Type: text/plain; charset=us-ascii > > > > On Mon, Aug 07, 2023 at 11:28:32PM +0300, s7r wrote: > > > While all the above is true, a thing to remember is to make sure we don't > > > end up all renting too many VPS'es or dedicated servers in the same > > > places / > > > same AS numbers - we need network diversity, it is a very important > > > factor, > > > more AS numbers, more providers, more physical locations, etc. So, running > > > at home is super good and recommended from this perspective, provides us > > > with the diversity we need, however not being to login to online banking > > > to > > > pay an electricity bill because of a middle relay is also way too > > > annoying.. > > > however who can afford the hassle should definitely run a middle relay or > > > bridge at home > > > > Yes, exactly this. If you are interested in running a non-exit relay at > > home, and you can tolerate the hassles from occasionally finding that > > some service doesn't want to hear from you, then you are definitely > > helping the diversity of the Tor network. > > > > Having the Tor traffic concentrated at a few cheapo providers like Hetzner > > and OVH is not only scary in the sense that too much traffic goes through > > too few cables, but it's also scary because it increases the appeal for > > somebody to attack those few companies, either by breaking into their > > infrastructure to watch traffic or through more traditional insider > > threats like getting an employee there to help them monitor traffic. > > > > The internet already has uncomfortably many bottlenecks -- too few > > undersea cables, too few Content Distribution Networks (CDNs), too few > > app stores, etc. > > > > > (even Exit relay, I do run an Exit relay at my office place > > > and I had one police visit in like 8 years or so). > > > > Follow this advice only with great caution. :) Many people happily > > run their exit relay from their home, but it only takes one fresh new > > cybercrime detective (trying to make a name for himself by kicking down > > a door at 7am, and with no idea what Tor is) to ruin your day. > > > > --Roger > > > > > > > > -- > > > > Subject: Digest Footer > > > > ___ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > > > -- > > > > End of tor-relays Digest, Vol 151, Issue 9 > > ** > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- The Tor Project Community Team Lead signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
Roger, I had the same problem with 3 financial websites blocking my IP address while running a middle relay. Exactly 5 days after stopping the relay these sites can be reached again. They probably use the same mechanism, visible in the TPRB Firefox plug-in. I run my home relay on a low energy consuming Raspberry Pi. Why is there no perfectly detailed instruction to install a relay on the Raspberry? With its built-in VNC it can be managed by SSH and remote desktop perfectly. Then there is no need for data congestion on a few cheap providers. One Watt power consumption only costs 3 Euros a year. Snowflake almost uses no data with a few occasional users. I 'd like to use my 100 Megabits more efficient. Regards, me. > Date: Tue, 8 Aug 2023 02:32:03 -0400 > From: Roger Dingledine > To: tor-relays@lists.torproject.org > Subject: Re: [tor-relays] Middle relay IP blocking > Message-ID: > Content-Type: text/plain; charset=us-ascii > > On Mon, Aug 07, 2023 at 11:28:32PM +0300, s7r wrote: > > While all the above is true, a thing to remember is to make sure we don't > > end up all renting too many VPS'es or dedicated servers in the same places / > > same AS numbers - we need network diversity, it is a very important factor, > > more AS numbers, more providers, more physical locations, etc. So, running > > at home is super good and recommended from this perspective, provides us > > with the diversity we need, however not being to login to online banking to > > pay an electricity bill because of a middle relay is also way too annoying.. > > however who can afford the hassle should definitely run a middle relay or > > bridge at home > > Yes, exactly this. If you are interested in running a non-exit relay at > home, and you can tolerate the hassles from occasionally finding that > some service doesn't want to hear from you, then you are definitely > helping the diversity of the Tor network. > > Having the Tor traffic concentrated at a few cheapo providers like Hetzner > and OVH is not only scary in the sense that too much traffic goes through > too few cables, but it's also scary because it increases the appeal for > somebody to attack those few companies, either by breaking into their > infrastructure to watch traffic or through more traditional insider > threats like getting an employee there to help them monitor traffic. > > The internet already has uncomfortably many bottlenecks -- too few > undersea cables, too few Content Distribution Networks (CDNs), too few > app stores, etc. > > > (even Exit relay, I do run an Exit relay at my office place > > and I had one police visit in like 8 years or so). > > Follow this advice only with great caution. :) Many people happily > run their exit relay from their home, but it only takes one fresh new > cybercrime detective (trying to make a name for himself by kicking down > a door at 7am, and with no idea what Tor is) to ruin your day. > > --Roger > > > > -- > > Subject: Digest Footer > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > -- > > End of tor-relays Digest, Vol 151, Issue 9 > ** ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On Dienstag, 8. August 2023 00:30:38 CEST Gary C. New via tor-relays wrote: > In addition to network diversity, there is the fact that most individuals > find it necessary to run an at Home internet connection 24 x 7 x 365. So... > Other than for the reasons inspired by the subject of this post, why not > just run a low-resource consuming Tor server at home, too, Most people definitely have the router on all the time. I saw this recently because I wanted to run a bridge for Turkmenistan at home: On Ubiquity EdgeOS Router (Vyatta/Debian based) you can 'apt install tor' OPNsense (FreeBSD based): https://docs.opnsense.org/manual/how-tos/tor.html -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On 8/7/2023 1:28 PM, s7r wrote: li...@for-privacy.net wrote: On Samstag, 5. August 2023 08:40:42 CEST Marco Predicatori wrote: secureh...@gmail.com wrote on 8/4/23 01:46: I tried reporting a similar issue a few months ago (post wasn’t approved by moderator). I was running a relay from my home ISP. After a short while certain websites became inaccessible from other computers in my home network that shared the same public IP. After trial and error with other IP addresses (non-Tor) I realized commercial gateway services had blacklisted our IP address. Same here, middle node. In order to access some sites, I have to shut down briefly my modem in order to obtain a new IP, and for a while all goes smoothly again. Hi @all, Just my 2 cents. Is this worth the hassle? Calculate your power consumption 24x7x30 @home. For 1-5$ you can get a VPS. This exit has 1GB RAM and 1CPU and costs $3.50/month https://metrics.torproject.org/rs.html#details/376DC7CAD597D3A4CBB651999CFAD0E77DC9AE8C Search or ask for offers on LEB & LET: https://lowendbox.com/ https://lowendtalk.com/discussion/185210/tor-relay-bridge $websearch: cheap vps unlimited bandwidth IONOS 1,-EUR/Month - 1GB RAM - 1vCore unlimited bandwidth - prepaid (=no contract term) https://www.ionos.de/server/vps Dedicated server for $15 per month: 4 Cores/4 threads - 16GB DDR3 - 5 usable IPv4 :-) https://www.nocix.net/cart/?id=261 While all the above is true, a thing to remember is to make sure we don't end up all renting too many VPS'es or dedicated servers in the same places / same AS numbers - we need network diversity, it is a very important factor, more AS numbers, more providers, more physical locations, etc. So, running at home is super good and recommended from this perspective, provides us with the diversity we need, however not being to login to online banking to pay an electricity bill because of a middle relay is also way too annoying.. however who can afford the hassle should definitely run a middle relay or bridge at home (even Exit relay, I do run an Exit relay at my office place and I had one police visit in like 8 years or so). The problem here is with the people who treat 1 IP address = 1 person, this assumption which is 3 decades old should disappear once and forever. I cannot imagine what kind of an IT/security expert would use a black list (haha) that contains Tor relays (double haha) and also applies same restrictions to *middle* relays (triple haha). There are so many ways to properly handle an IP address that sends robotic/unrequested traffic which are so obvious I'm not going to spam the list to enumerate them. As much as I would like to laugh along with you, it's clearly the case from my experiences, and some of the folks in this thread, that there are some major outsourced firewall/protection companies who unfortunately do have the IT/security folks you can't imagine. I've spoken to one senior network technician at a major US wide bank because after running a middle relay for 5 years with only minor issues, my wife who works from home for the bank was suddenly blocked from accessing the bank network. He fully understood what a middle relay was and was quite happy for me to run one, but was unable to do anything as they had just outsourced the network "protection" and whoever they had outsourced to was classing the middle relay as a threat, and so blocking her access. Cheers. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On Mon, Aug 07, 2023 at 11:28:32PM +0300, s7r wrote: > While all the above is true, a thing to remember is to make sure we don't > end up all renting too many VPS'es or dedicated servers in the same places / > same AS numbers - we need network diversity, it is a very important factor, > more AS numbers, more providers, more physical locations, etc. So, running > at home is super good and recommended from this perspective, provides us > with the diversity we need, however not being to login to online banking to > pay an electricity bill because of a middle relay is also way too annoying.. > however who can afford the hassle should definitely run a middle relay or > bridge at home Yes, exactly this. If you are interested in running a non-exit relay at home, and you can tolerate the hassles from occasionally finding that some service doesn't want to hear from you, then you are definitely helping the diversity of the Tor network. Having the Tor traffic concentrated at a few cheapo providers like Hetzner and OVH is not only scary in the sense that too much traffic goes through too few cables, but it's also scary because it increases the appeal for somebody to attack those few companies, either by breaking into their infrastructure to watch traffic or through more traditional insider threats like getting an employee there to help them monitor traffic. The internet already has uncomfortably many bottlenecks -- too few undersea cables, too few Content Distribution Networks (CDNs), too few app stores, etc. > (even Exit relay, I do run an Exit relay at my office place > and I had one police visit in like 8 years or so). Follow this advice only with great caution. :) Many people happily run their exit relay from their home, but it only takes one fresh new cybercrime detective (trying to make a name for himself by kicking down a door at 7am, and with no idea what Tor is) to ruin your day. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On Montag, 7. August 2023 22:28:32 CEST s7r wrote: > While all the above is true, a thing to remember is to make sure we > don't end up all renting too many VPS'es or dedicated servers in the > same places / same AS numbers - we need network diversity, Especially at the exits, which unfortunately occur in a few places and in large heaps. Approx 50%: Berlin Germany, Utrecht Netherlands, Roost Luxembourg. > it is a very > important factor, more AS numbers, more providers, more physical > locations, etc. So, running at home is super good and recommended from > this perspective, provides us with the diversity we need, You made a good list of underused ISP's on lowendtalk and on nusenu's OrNetStat there are over 500 AS where only 1 or 2 relays are running. There should be enough data centers in the world to achieve diversity even without running at home. https://nusenu.github.io/OrNetStats/#autonomous-systems-by-cw-fraction Runnig snowflake @home is a nice option. Many relays @home only have kbit/s of bandwidth. In my humble opinion, a Tor relay should offer at least 10 MB/s. > however who can afford the > hassle should definitely run a middle relay or bridge at home Yes, anyone with a good internet connection at home can do this. At least in Germany, every ISP offers its customers a http & ftp proxy. Use them in your browser or OS. This might have less of a problem running Tor relays at home. Because most websites will then see the proxy IP. > (even Exit > relay, I do run an Exit relay at my office place and I had one police > visit in like 8 years or so). @office is different than @home. I wouldn't advise anyone to run an exit at home. It's no fun when the cops ring at 6:00 am and search your whole apartment. And if you're unlucky, they take all computers, cell phones and other 'things'. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On Monday, August 7, 2023, 2:28:56 PM MDT, s7r wrote: li...@for-privacy.net wrote: > On Samstag, 5. August 2023 08:40:42 CEST Marco Predicatori wrote: >> secureh...@gmail.com wrote on 8/4/23 01:46: >>> I tried reporting a similar issue a few months ago (post wasn’t approved >>> by >>> moderator). I was running a relay from my home ISP. After a short while >>> certain websites became inaccessible from other computers in my home >>> network that shared the same public IP. After trial and error with other >>> IP addresses (non-Tor) I realized commercial gateway services had >>> blacklisted our IP address. >> >> Same here, middle node. In order to access some sites, I have to shut down >> briefly my modem in order to obtain a new IP, and for a while all goes >> smoothly again. > > Hi @all, > > Just my 2 cents. Is this worth the hassle? > Calculate your power consumption 24x7x30 @home. > > For 1-5$ you can get a VPS. > This exit has 1GB RAM and 1CPU and costs $3.50/month > https://metrics.torproject.org/rs.html#details/376DC7CAD597D3A4CBB651999CFAD0E77DC9AE8C > > Search or ask for offers on LEB & LET: > https://lowendbox.com/ > https://lowendtalk.com/discussion/185210/tor-relay-bridge > > $websearch: cheap vps unlimited bandwidth > IONOS 1,-EUR/Month - 1GB RAM - 1vCore unlimited bandwidth - prepaid (=no > contract term) > https://www.ionos.de/server/vps > > Dedicated server for $15 per month: 4 Cores/4 threads - 16GB DDR3 - 5 usable > IPv4 :-) > https://www.nocix.net/cart/?id=261> > > While all the above is true, a thing to remember is to make sure we > don't end up all renting too many VPS'es or dedicated servers in the > same places / same AS numbers - we need network diversity, it is a very > important factor, more AS numbers, more providers, more physical > locations, etc. So, running at home is super good and recommended from > this perspective, provides us with the diversity we need, however not > being to login to online banking to pay an electricity bill because of a > middle relay is also way too annoying.. however who can afford the > hassle should definitely run a middle relay or bridge at home (even Exit > relay, I do run an Exit relay at my office place and I had one police > visit in like 8 years or so). Marco... Thanks for the great VPS information. In addition to network diversity, there is the fact that most individuals find it necessary to run an at Home internet connection 24 x 7 x 365. So... Other than for the reasons inspired by the subject of this post, why not just run a low-resource consuming Tor server at home, too, which meets the requirements and continual request for Tor Bridges? Moreover... In the Tor documentation describing the various relays, it might be wise to highly recommend that new at Home operators focus their resources toward Tor Bridges (opposed to Relays) to avoid this common pitfall. Just my 2¢. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
li...@for-privacy.net wrote: On Samstag, 5. August 2023 08:40:42 CEST Marco Predicatori wrote: secureh...@gmail.com wrote on 8/4/23 01:46: I tried reporting a similar issue a few months ago (post wasn’t approved by moderator). I was running a relay from my home ISP. After a short while certain websites became inaccessible from other computers in my home network that shared the same public IP. After trial and error with other IP addresses (non-Tor) I realized commercial gateway services had blacklisted our IP address. Same here, middle node. In order to access some sites, I have to shut down briefly my modem in order to obtain a new IP, and for a while all goes smoothly again. Hi @all, Just my 2 cents. Is this worth the hassle? Calculate your power consumption 24x7x30 @home. For 1-5$ you can get a VPS. This exit has 1GB RAM and 1CPU and costs $3.50/month https://metrics.torproject.org/rs.html#details/376DC7CAD597D3A4CBB651999CFAD0E77DC9AE8C Search or ask for offers on LEB & LET: https://lowendbox.com/ https://lowendtalk.com/discussion/185210/tor-relay-bridge $websearch: cheap vps unlimited bandwidth IONOS 1,-EUR/Month - 1GB RAM - 1vCore unlimited bandwidth - prepaid (=no contract term) https://www.ionos.de/server/vps Dedicated server for $15 per month: 4 Cores/4 threads - 16GB DDR3 - 5 usable IPv4 :-) https://www.nocix.net/cart/?id=261 While all the above is true, a thing to remember is to make sure we don't end up all renting too many VPS'es or dedicated servers in the same places / same AS numbers - we need network diversity, it is a very important factor, more AS numbers, more providers, more physical locations, etc. So, running at home is super good and recommended from this perspective, provides us with the diversity we need, however not being to login to online banking to pay an electricity bill because of a middle relay is also way too annoying.. however who can afford the hassle should definitely run a middle relay or bridge at home (even Exit relay, I do run an Exit relay at my office place and I had one police visit in like 8 years or so). The problem here is with the people who treat 1 IP address = 1 person, this assumption which is 3 decades old should disappear once and forever. I cannot imagine what kind of an IT/security expert would use a black list (haha) that contains Tor relays (double haha) and also applies same restrictions to *middle* relays (triple haha). There are so many ways to properly handle an IP address that sends robotic/unrequested traffic which are so obvious I'm not going to spam the list to enumerate them. OpenPGP_signature Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On Samstag, 5. August 2023 08:40:42 CEST Marco Predicatori wrote: > secureh...@gmail.com wrote on 8/4/23 01:46: > > I tried reporting a similar issue a few months ago (post wasn’t approved > > by > > moderator). I was running a relay from my home ISP. After a short while > > certain websites became inaccessible from other computers in my home > > network that shared the same public IP. After trial and error with other > > IP addresses (non-Tor) I realized commercial gateway services had > > blacklisted our IP address. > > Same here, middle node. In order to access some sites, I have to shut down > briefly my modem in order to obtain a new IP, and for a while all goes > smoothly again. Hi @all, Just my 2 cents. Is this worth the hassle? Calculate your power consumption 24x7x30 @home. For 1-5$ you can get a VPS. This exit has 1GB RAM and 1CPU and costs $3.50/month https://metrics.torproject.org/rs.html#details/376DC7CAD597D3A4CBB651999CFAD0E77DC9AE8C Search or ask for offers on LEB & LET: https://lowendbox.com/ https://lowendtalk.com/discussion/185210/tor-relay-bridge $websearch: cheap vps unlimited bandwidth IONOS 1,-EUR/Month - 1GB RAM - 1vCore unlimited bandwidth - prepaid (=no contract term) https://www.ionos.de/server/vps Dedicated server for $15 per month: 4 Cores/4 threads - 16GB DDR3 - 5 usable IPv4 :-) https://www.nocix.net/cart/?id=261 -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
secureh...@gmail.com wrote on 8/4/23 01:46: I tried reporting a similar issue a few months ago (post wasn’t approved by moderator). I was running a relay from my home ISP. After a short while certain websites became inaccessible from other computers in my home network that shared the same public IP. After trial and error with other IP addresses (non-Tor) I realized commercial gateway services had blacklisted our IP address. Same here, middle node. In order to access some sites, I have to shut down briefly my modem in order to obtain a new IP, and for a while all goes smoothly again. -- https://metrics.torproject.org/rs.html#details/A4E74410D83705EEFF24BC265DE2B2FF39BDA56E ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On Thu, 3 Aug 2023, 15:57 Roman Mamedov, wrote: > On Tue, 1 Aug 2023 23:14:28 +0200 > Eldalië via tor-relays wrote: > > > Hello there! > > I've been running for over 1.5 year a middle relay on an IP address I > also use > > to browse, withous issues. However it's now some weeks since many > websites that > > always refused tor traffic started to also refuse normal traffic from my > IP. I > > suppose this is related to the relay, because I don't run any other > "suspect" > > service on this IP and when I change it the problem is gone for a few > hours. > > My guess is that some widely used black list started including middle > relay > > IPs, but I have no proofs. > > Has anyone had similar experiences? Any thoughts on this? > > For me this has always been the case, since many years ago. It is > surprising > you did not have issues for 1.5 years. > > It is probably this list: https://www.dan.me.uk/tornodes > It has explanation text in bold, but nobody reads that. > Or just the Tor relay lists that can be fetched from the Tor project > directly. > I stopped running a relay at home years ago (due to moving home and going from 1Gbps upload to 10Mbps) but had had the problem with a third party used by an airline starting to use that list. It may be better nowadays as most things are available over IPv6 so I wouldn't care as much if my IPv4 gets blocked and hopefully they wouldn't block more than a /64 for IPv6. > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
I tried reporting a similar issue a few months ago (post wasn’t approved by moderator). I was running a relay from my home ISP. After a short while certain websites became inaccessible from other computers in my home network that shared the same public IP. After trial and error with other IP addresses (non-Tor) I realized commercial gateway services had blacklisted our IP address. After several weeks of running a Relay I shut it down and after a few days we could access the websites again from our IP. The ISP didn’t understand when I reported it and just wanted to upsell me a business plan. Live and learn. The Tor network was the victim. You are correct that by publishing entry, relay and exit node IP addresses for the Tor network, it’s an easy target for commercial services to indiscriminately blacklist any IP addresses associated with Tor. Sharing your IP with a relay and your personal use might get you blocked. I hope this post gets approved. > On Aug 3, 2023, at 7:47 AM, Eldalië via tor-relays > wrote: > > Hello there! > I've been running for over 1.5 year a middle relay on an IP address I also use > to browse, withous issues. However it's now some weeks since many websites > that > always refused tor traffic started to also refuse normal traffic from my IP. I > suppose this is related to the relay, because I don't run any other "suspect" > service on this IP and when I change it the problem is gone for a few hours. > My guess is that some widely used black list started including middle relay > IPs, but I have no proofs. > Has anyone had similar experiences? Any thoughts on this? > Thanks, > > Eldalië > > > -- > Eldalië > My private key is attached. Please, use it and provide me yours! > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
As an at-Home, Middle-Relay operator, I experienced similar issues. Initially, I attempted to solve the problem by using dnsmasq + nginx to reverse proxy the blacklisted sites through a dedicated vpn, which worked... with some issues. As the issues increased, I decided to secure a new IP Address and pivot to an at-Home, Bridge operator, which has been trouble free and much more amenable to at-Home operation. Thanks for running a Tor Relay... or Bridge. On Thursday, August 3, 2023, 1:58:08 PM MDT, telekobold wrote: Hi, On 03.08.23 14:22, Logforme wrote: > My "solution" for now is to use my phone's internet sharing when I have > to contact these sites. Since it only is a few sites which I contact > rarely this works, but as more and more sites outsource their security > to third parties I expect this to be a growing problem. Eventually I > might no longer be able to run a relay. instead of turning down your relay, you could change it to a cloud hoster. I e.g. would suggest the German provider Hetzner [*] - you have 20TB/month free traffic for only a few euros. Since the IP address of your relay is publicly known anyway, it also doesn't matter as much as with a bridge if the relay is running at a cloud provider (e.g. regarding the situation in Turkmenistan). The disadvantage is, of course, less diversity in the number of networks in which the relays are distributed. Kind regards telekobold [*] https://www.hetzner.com/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
Hi, On 03.08.23 14:22, Logforme wrote: My "solution" for now is to use my phone's internet sharing when I have to contact these sites. Since it only is a few sites which I contact rarely this works, but as more and more sites outsource their security to third parties I expect this to be a growing problem. Eventually I might no longer be able to run a relay. instead of turning down your relay, you could change it to a cloud hoster. I e.g. would suggest the German provider Hetzner [*] - you have 20TB/month free traffic for only a few euros. Since the IP address of your relay is publicly known anyway, it also doesn't matter as much as with a bridge if the relay is running at a cloud provider (e.g. regarding the situation in Turkmenistan). The disadvantage is, of course, less diversity in the number of networks in which the relays are distributed. Kind regards telekobold [*] https://www.hetzner.com/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On 2023-08-01 23:14, Eldalië via tor-relays wrote: My guess is that some widely used black list started including middle relay IPs, but I have no proofs. Has anyone had similar experiences? Any thoughts on this? I run a non-exit relay at home and have run into the same issue. Some Swedish government sites use a third party for handling log ins. A few months ago this third party started blocking non-exit relays. I tried to contact the government sites and explain the issue (exit vs non-exit IP lists etc). None of them said it was their policy to block non-exits but naturally pointed at the third party. I tried to contact them but got nowhere, maybe they outsource in their turn. Since sites these days outsource so much it is hopeless to get through to anyone able or willing to fix an issue. I gave up after many emails. My "solution" for now is to use my phone's internet sharing when I have to contact these sites. Since it only is a few sites which I contact rarely this works, but as more and more sites outsource their security to third parties I expect this to be a growing problem. Eventually I might no longer be able to run a relay. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On Tue, 1 Aug 2023 23:14:28 +0200 Eldalië via tor-relays wrote: > Hello there! > I've been running for over 1.5 year a middle relay on an IP address I also use > to browse, withous issues. However it's now some weeks since many websites > that > always refused tor traffic started to also refuse normal traffic from my IP. I > suppose this is related to the relay, because I don't run any other "suspect" > service on this IP and when I change it the problem is gone for a few hours. > My guess is that some widely used black list started including middle relay > IPs, but I have no proofs. > Has anyone had similar experiences? Any thoughts on this? For me this has always been the case, since many years ago. It is surprising you did not have issues for 1.5 years. It is probably this list: https://www.dan.me.uk/tornodes It has explanation text in bold, but nobody reads that. Or just the Tor relay lists that can be fetched from the Tor project directly. -- With respect, Roman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Middle relay IP blocking
Hello there! I've been running for over 1.5 year a middle relay on an IP address I also use to browse, withous issues. However it's now some weeks since many websites that always refused tor traffic started to also refuse normal traffic from my IP. I suppose this is related to the relay, because I don't run any other "suspect" service on this IP and when I change it the problem is gone for a few hours. My guess is that some widely used black list started including middle relay IPs, but I have no proofs. Has anyone had similar experiences? Any thoughts on this? Thanks, Eldalië -- Eldalië My private key is attached. Please, use it and provide me yours! signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays