Re: [tor-relays] Trying to set up a relay at home, but get no connections

[Vasilis]

Hi,

Gunnar Wolf:
> I guess my nest step will be to talk to their end-user
> service. It's... Well, it's very very very much not fun to sit by the
> phone for ~30 minutes to have them repeat to me to use only a
> reasonably new Windows version and make sure I don't have a virus :-P
> But I will try.

Did anything come out from the support service?

> I'm thinking, although this bridges into a different project, whether
> this should be covered by the OONI tests (for which I also run a probe).

Looking at the TCP connect test results may shed some more light.

BTw thank you for running relay(s) and probe(s).


Cheers,
~Vasilis
-- 
Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[Keifer Bly]

Yes, I would agree that running an obfuscated bridge would be a good idea, as 
the network could use some more of those.

I could only find the instructions for running a vanilla (non obfuscated) 
bridge on the tor website, but did some research, and found a guide to running 
an obfuscated bridge here

https://www.youtube.com/watch?v=vVZ_NEC6Bp4 


The OS he is performing this from is Linux, which is what most relays are 
running off of. I would suggest you try seeing how this works out and then 
contacting back,

Let us know what you think.


> On Jun 14, 2018, at 11:46 PM, teor  wrote:
> 
> 
>> On 12 Jun 2018, at 04:29, Gunnar Wolf  wrote:
>> 
>> So, it seems my ISP does not want us to run relays ☹ Can you think of
>> any way my connection (oversized for my regular uses) can be put to
>> use for Tor? I guess it would not work as a bridge either, would it?
> 
> Your relay will work as a bridge if the bridge authority is reachable from 
> your IP address.
> 
> Otherwise, you could run a private bridge, or a snowflake reflector.
> 
> T
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[teor]

> On 12 Jun 2018, at 04:29, Gunnar Wolf  wrote:
> 
> So, it seems my ISP does not want us to run relays ☹ Can you think of
> any way my connection (oversized for my regular uses) can be put to
> use for Tor? I guess it would not work as a bridge either, would it?

Your relay will work as a bridge if the bridge authority is reachable from your 
IP address.

Otherwise, you could run a private bridge, or a snowflake reflector.

T
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[Gunnar Wolf]

Neel Chauhan dijo [Mon, Jun 11, 2018 at 05:38:31PM -0400]:
> Do you have an alternative choice of ISP? In many countries, you often do
> (e.g. Europe, East Asia). In others, you usually don't (e.g. USA, small
> island nations). If you don't, another option is a VPN with a public IP
> address (that is, if you are willing to pay for one).

I do have a choice, but to be honest, it's a hassle; I want to run my
relay from my home connection; our current ISP is by far the country's
leading provider, and it is among the few to offer service over
fiber. 

I guess my nest step will be to talk to their end-user
service. It's... Well, it's very very very much not fun to sit by the
phone for ~30 minutes to have them repeat to me to use only a
reasonably new Windows version and make sure I don't have a virus :-P
But I will try.

> Maybe your ISP hates Tor and doesn't want you to run a relay. Most broadband
> ISPs in countries which don't block Tor usually let you run a relay even if
> their TOS says it's not allowed, but if you don't have net neutrality in
> your country, an ISP can freely block consensus nodes to prevent you from
> being a relay. Unfortunate, but probably is true in your case. If you are
> willing to get political, you should push for net neutrality in your
> country.

Right. I will find it out. In fact, looking at the terms of service, I
see this point broadly prohibits being a Tor relay:


(for a non-commercial, home kind of line, clients will not)
(...)
Give telecommunications services and/or carry activities such as
transport or reorigintation of public switched traffic, originated
in a different city or country, or give call back or bypass
services.

This is in the _telephony_ part of the contract, and it relates to a
very different issue, but it still resounds very much of Tor. (The
same paragraph is repeated, word by word, in the Internet part of the
document - Even though the language comes from the telephony world).

I'm thinking, although this bridges into a different project, whether
this should be covered by the OONI tests (for which I also run a probe).


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[Gunnar Wolf]

r1610091651 dijo [Mon, Jun 11, 2018 at 09:34:55PM +0200]:
> Traceroute requires support by all hops on the way, and that's not a given.
> Try pinging the DA's instead or connecting to their tor ports.
> 
> Only Dizum doesn't respond to ping requests, but it has a "welcome" page on
> 80.
> 
> dannenberg dannenberg.torauth.de 193.23.244.244 80 443
> tor26 86.59.21.38 86.59.21.38 80 443
> longclaw 199.58.81.140 199.58.81.140 80 443
> bastet 204.13.164.118 204.13.164.118 80 443
> maatuska 171.25.193.9 171.25.193.9 443 80
> moria1 128.31.0.34 128.31.0.34 9131 9101
> dizum 194.109.206.212 194.109.206.212 80 443
> gabelmoo 131.188.40.189 131.188.40.189 80 443
> Faravahar 154.35.175.225 154.35.175.225 80 443

OK, thanks for this extra insight. Still, the answer is consistent: I
got ping replies only from longclaw, bastet and moria1. I was also
unable to connect to dizum via HTTP (which I could from my work
connection).


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[Neel Chauhan]

Do you have an alternative choice of ISP? In many countries, you often 
do (e.g. Europe, East Asia). In others, you usually don't (e.g. USA, 
small island nations). If you don't, another option is a VPN with a 
public IP address (that is, if you are willing to pay for one).


Once Verizon FiOS (US FTTH ISP) blocked the consensus node tor26 
(86.59.21.38) and just tor26 and I thought that was absurd, but this is 
on a whole another level. At least Verizon still let me run a Tor relay 
(they technically ban it, but nobody enforces it), and I did get tor26 
unblocked after posting on the NANOG mailing list. At least I still had 
the cable company here as well, but in the US cable usually sucks (some 
have cable as their only option if you don't want 1.5-6mbps DSL).


Maybe your ISP hates Tor and doesn't want you to run a relay. Most 
broadband ISPs in countries which don't block Tor usually let you run a 
relay even if their TOS says it's not allowed, but if you don't have net 
neutrality in your country, an ISP can freely block consensus nodes to 
prevent you from being a relay. Unfortunate, but probably is true in 
your case. If you are willing to get political, you should push for net 
neutrality in your country.


-Neel Chauhan

===

https://www.neelc.org/

On 2018-06-11 14:29, Gunnar Wolf wrote:

Graeme Neilson dijo [Sat, Jun 09, 2018 at 11:53:20AM +1200]:

See if you can route to all the authorities.
Tor requires that all relays are able to contact all directory 
authorities.


In my case tcptraceroute would not get to all the authorities. For 
some

authorities my ISP was not routing to them.


This seems to be the issue - I'm attaching a screenshot of «mtr»
trying to reach all of the directory authorities from said server.

So, it seems my ISP does not want us to run relays ☹ Can you think of
any way my connection (oversized for my regular uses) can be put to
use for Tor? I guess it would not work as a bridge either, would it?

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[r1610091651]

On Mon, 11 Jun 2018 at 20:30 Gunnar Wolf  wrote:

> Graeme Neilson dijo [Sat, Jun 09, 2018 at 11:53:20AM +1200]:
> > See if you can route to all the authorities.
> > Tor requires that all relays are able to contact all directory
> authorities.
> >
> > In my case tcptraceroute would not get to all the authorities. For some
> > authorities my ISP was not routing to them.
>
> This seems to be the issue - I'm attaching a screenshot of «mtr»
> trying to reach all of the directory authorities from said server.
>
> So, it seems my ISP does not want us to run relays ☹ Can you think of
> any way my connection (oversized for my regular uses) can be put to
> use for Tor? I guess it would not work as a bridge either, would it?
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Hi

Traceroute requires support by all hops on the way, and that's not a given.
Try pinging the DA's instead or connecting to their tor ports.

Only Dizum doesn't respond to ping requests, but it has a "welcome" page on
80.

dannenberg dannenberg.torauth.de 193.23.244.244 80 443
tor26 86.59.21.38 86.59.21.38 80 443
longclaw 199.58.81.140 199.58.81.140 80 443
bastet 204.13.164.118 204.13.164.118 80 443
maatuska 171.25.193.9 171.25.193.9 443 80
moria1 128.31.0.34 128.31.0.34 9131 9101
dizum 194.109.206.212 194.109.206.212 80 443
gabelmoo 131.188.40.189 131.188.40.189 80 443
Faravahar 154.35.175.225 154.35.175.225 80 443

Regards
Seb
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[Gunnar Wolf]

Graeme Neilson dijo [Sat, Jun 09, 2018 at 11:53:20AM +1200]:
> See if you can route to all the authorities.
> Tor requires that all relays are able to contact all directory authorities.
> 
> In my case tcptraceroute would not get to all the authorities. For some
> authorities my ISP was not routing to them.

This seems to be the issue - I'm attaching a screenshot of «mtr»
trying to reach all of the directory authorities from said server.

So, it seems my ISP does not want us to run relays ☹ Can you think of
any way my connection (oversized for my regular uses) can be put to
use for Tor? I guess it would not work as a bridge either, would it?


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[Keifer Bly]

One thought. Try making sure you are running the newest version of the tor 
software. I say this because I know directory authorities recently started 
rejecting relays running older versions of tor. Another thing I might check if 
possible is if your router has a limit for how many simultaneous connections it 
can handle as if your router has a limit in this, this can cause issues with 
running a tor server as tor can require hundreds of connections at once.

Sent from my iPhone

> On Jun 8, 2018, at 4:53 PM, Graeme Neilson  wrote:
> 
> See if you can route to all the authorities. 
> Tor requires that all relays are able to contact all directory authorities.
> 
> In my case tcptraceroute would not get to all the authorities. For some 
> authorities my ISP was not routing to them.
> 
> 
>> On 8 June 2018 at 17:35, Gunnar Wolf  wrote:
>> Roger Dingledine dijo [Fri, Jun 08, 2018 at 01:20:19AM -0400]:
>> > First, did your relay find itself reachable (both ORPort and DirPort)
>> > at startup? Look for lines like
>> > 
>> > Jun 05 12:47:50.013 [notice] Self-testing indicates your ORPort is 
>> > reachable from the outside. Excellent.
>> > 
>> > and
>> > 
>> > Jun 05 12:48:43.824 [notice] Self-testing indicates your DirPort is 
>> > reachable from the outside. Excellent. Publishing server descriptor.
>> 
>> Jun 06 15:36:26.000 [notice] Self-testing indicates your DirPort is 
>> reachable from the outside. Excellent.
>> Jun 06 15:36:27.000 [notice] Self-testing indicates your ORPort is reachable 
>> from the outside. Excellent. Publishing server descriptor.
>> 
>> So, yes :)
>> 
>> > Second, assuming yes for the first question, I wonder if the directory
>> > authorities are (still) finding it reachable. You can check the recent
>> > votes at
>> > https://collector.torproject.org/recent/relay-descriptors/votes/
>> > or try the (easier to use if it works for you) interface at the bottom of
>> > https://consensus-health.torproject.org/#relayinfo
>> > 
>> > Maybe your port forwarding is expiring after a little while?
>> 
>> My fingerprint is C0417071C3754885296F4A5935AC1BC1CABDBC31. I see all
>> authorities give me "V2Dir" and "Valid", but only three (longc,
>> bastet, moria1) give "Running".
>> 
>> I use my ISP-provided fiber modem. Maybe it is expiring the
>> connections when idle. Is there a way to request a heartbeat to be
>> sent?
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[Graeme Neilson]

See if you can route to all the authorities.
Tor requires that all relays are able to contact all directory authorities.

In my case tcptraceroute would not get to all the authorities. For some
authorities my ISP was not routing to them.


On 8 June 2018 at 17:35, Gunnar Wolf  wrote:

> Roger Dingledine dijo [Fri, Jun 08, 2018 at 01:20:19AM -0400]:
> > First, did your relay find itself reachable (both ORPort and DirPort)
> > at startup? Look for lines like
> >
> > Jun 05 12:47:50.013 [notice] Self-testing indicates your ORPort is
> reachable from the outside. Excellent.
> >
> > and
> >
> > Jun 05 12:48:43.824 [notice] Self-testing indicates your DirPort is
> reachable from the outside. Excellent. Publishing server descriptor.
>
> Jun 06 15:36:26.000 [notice] Self-testing indicates your DirPort is
> reachable from the outside. Excellent.
> Jun 06 15:36:27.000 [notice] Self-testing indicates your ORPort is
> reachable from the outside. Excellent. Publishing server descriptor.
>
> So, yes :)
>
> > Second, assuming yes for the first question, I wonder if the directory
> > authorities are (still) finding it reachable. You can check the recent
> > votes at
> > https://collector.torproject.org/recent/relay-descriptors/votes/
> > or try the (easier to use if it works for you) interface at the bottom of
> > https://consensus-health.torproject.org/#relayinfo
> >
> > Maybe your port forwarding is expiring after a little while?
>
> My fingerprint is C0417071C3754885296F4A5935AC1BC1CABDBC31. I see all
> authorities give me "V2Dir" and "Valid", but only three (longc,
> bastet, moria1) give "Running".
>
> I use my ISP-provided fiber modem. Maybe it is expiring the
> connections when idle. Is there a way to request a heartbeat to be
> sent?
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[Gunnar Wolf]

Roger Dingledine dijo [Fri, Jun 08, 2018 at 01:20:19AM -0400]:
> First, did your relay find itself reachable (both ORPort and DirPort)
> at startup? Look for lines like
> 
> Jun 05 12:47:50.013 [notice] Self-testing indicates your ORPort is reachable 
> from the outside. Excellent.
> 
> and
> 
> Jun 05 12:48:43.824 [notice] Self-testing indicates your DirPort is reachable 
> from the outside. Excellent. Publishing server descriptor.

Jun 06 15:36:26.000 [notice] Self-testing indicates your DirPort is reachable 
from the outside. Excellent.
Jun 06 15:36:27.000 [notice] Self-testing indicates your ORPort is reachable 
from the outside. Excellent. Publishing server descriptor.

So, yes :)

> Second, assuming yes for the first question, I wonder if the directory
> authorities are (still) finding it reachable. You can check the recent
> votes at
> https://collector.torproject.org/recent/relay-descriptors/votes/
> or try the (easier to use if it works for you) interface at the bottom of
> https://consensus-health.torproject.org/#relayinfo
> 
> Maybe your port forwarding is expiring after a little while?

My fingerprint is C0417071C3754885296F4A5935AC1BC1CABDBC31. I see all
authorities give me "V2Dir" and "Valid", but only three (longc,
bastet, moria1) give "Running".

I use my ISP-provided fiber modem. Maybe it is expiring the
connections when idle. Is there a way to request a heartbeat to be
sent?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Trying to set up a relay at home, but get no connections

[Roger Dingledine]

On Thu, Jun 07, 2018 at 11:37:26PM -0500, Gunnar Wolf wrote:
> The following happens every couple of hours:

All of these log entries are fine and normal except this one:

> Jun 07 09:36:19.000 [notice] Heartbeat: It seems like we are not in the 
> cached consensus.
> Jun 07 15:36:19.000 [notice] Heartbeat: It seems like we are not in the 
> cached consensus.
> Jun 07 21:36:19.000 [notice] Heartbeat: It seems like we are not in the 
> cached consensus.

First, did your relay find itself reachable (both ORPort and DirPort)
at startup? Look for lines like

Jun 05 12:47:50.013 [notice] Self-testing indicates your ORPort is reachable 
from the outside. Excellent.

and

Jun 05 12:48:43.824 [notice] Self-testing indicates your DirPort is reachable 
from the outside. Excellent. Publishing server descriptor.

Second, assuming yes for the first question, I wonder if the directory
authorities are (still) finding it reachable. You can check the recent
votes at
https://collector.torproject.org/recent/relay-descriptors/votes/
or try the (easier to use if it works for you) interface at the bottom of
https://consensus-health.torproject.org/#relayinfo

Maybe your port forwarding is expiring after a little while?

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Trying to set up a relay at home, but get no connections

[Gunnar Wolf]

Hello,

I have set up a VM at my home server (via fiber DSL) to work as a Tor
relay. I have set up port forwarding for ORport and DirPort (defaults,
9001 and 9030). The logs don't give me any useful information — or,
possibly, I fail to grok anything useful ;-)

The following happens every couple of hours:

Jun 07 09:36:19.000 [notice] Heartbeat: It seems like we are not in the 
cached consensus.
Jun 07 09:36:19.000 [notice] Heartbeat: Tor's uptime is 17:59 hours, with 0 
circuits open. I've sent 2.71 MB and received 32.26 MB.
Jun 07 09:36:19.000 [notice] Average packaged cell fullness: 13.454%. TLS 
write overhead: 12%
Jun 07 09:36:19.000 [notice] Circuit handshake stats since last time: 0/0 
TAP, 14/14 NTor.
Jun 07 09:36:19.000 [notice] Since startup, we have initiated 0 v1 
connections, 0 v2 connections, 0 v3 connections, and 21 v4 connections; and 
received 0 v1 connections, 0 v2 connections, 0 v3 connections, and 216 v4 
connections.
Jun 07 09:36:19.000 [notice] DoS mitigation since startup: 0 circuits 
rejected, 0 marked addresses. 0 connections closed. 0 single hop clients 
refused.
Jun 07 15:36:19.000 [notice] Heartbeat: It seems like we are not in the 
cached consensus.
Jun 07 15:36:19.000 [notice] Heartbeat: Tor's uptime is 23:59 hours, with 0 
circuits open. I've sent 3.18 MB and received 42.36 MB.
Jun 07 15:36:19.000 [notice] Average packaged cell fullness: 13.454%. TLS 
write overhead: 14%
Jun 07 15:36:19.000 [notice] Circuit handshake stats since last time: 0/0 
TAP, 0/0 NTor.
Jun 07 15:36:19.000 [notice] Since startup, we have initiated 0 v1 
connections, 0 v2 connections, 0 v3 connections, and 21 v4 connections; and 
received 0 v1 connections, 0 v2 connections, 0 v3 connections, and 284 v4 
connections.
Jun 07 15:36:19.000 [notice] DoS mitigation since startup: 0 circuits 
rejected, 0 marked addresses. 0 connections closed. 0 single hop clients 
refused.
Jun 07 21:36:19.000 [notice] Heartbeat: It seems like we are not in the 
cached consensus.
Jun 07 21:36:19.000 [notice] Heartbeat: Tor's uptime is 1 day 5:59 hours, 
with 0 circuits open. I've sent 3.66 MB and received 53.04 MB.
Jun 07 21:36:19.000 [notice] Average packaged cell fullness: 13.454%. TLS 
write overhead: 16%
Jun 07 21:36:19.000 [notice] Circuit handshake stats since last time: 0/0 
TAP, 0/0 NTor.
Jun 07 21:36:19.000 [notice] Since startup, we have initiated 0 v1 
connections, 0 v2 connections, 0 v3 connections, and 21 v4 connections; and 
received 0 v1 connections, 0 v2 connections, 0 v3 connections, and 351 v4 
connections.
Jun 07 21:36:19.000 [notice] DoS mitigation since startup: 0 circuits 
rejected, 0 marked addresses. 0 connections closed. 0 single hop clients 
refused.

What should I look into?

Thanks,
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays