Re: [tor-relays] Confusing bridge signs...
On Donnerstag, 16. Februar 2023 06:15:02 CET Keifer Bly wrote: > So my bridge at > https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D > 4C8C91923AB says it has “none “, Well, then you have configured BridgeDistribution (Default: any) to none. > though the torrc file has it set to be distributed publicly. PublishServerDescriptor has nothing to do with BridgeDistribution method, 'man torrc' explains the config options. > I have not personally given the bridge to anyone. Then nobody can use the bridge except you :-( You can also see this in the metrics history or in /var/lib/tor/stats/bridge- stats. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Ok. Here is the torrc file: GNU nano 3.2 /etc/tor/torrc Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 5 GB ContactInfo keiferdodderblyyatgmaildoddercom Where in this torrc file is that configured? And how would it be blocked in Russia already if it hasn't even been used? Thanks. --Keifer On Sat, Feb 18, 2023 at 4:34 AM wrote: > On Donnerstag, 16. Februar 2023 06:15:02 CET Keifer Bly wrote: > > > So my bridge at > > > https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D > > 4C8C91923AB says it has “none “, > Well, then you have configured BridgeDistribution (Default: any) to none. > > > though the torrc file has it set to be distributed publicly. > PublishServerDescriptor has nothing to do with BridgeDistribution method, > 'man torrc' explains the config options. > > > I have not personally given the bridge to anyone. > Then nobody can use the bridge except you :-( > You can also see this in the metrics history or in > /var/lib/tor/stats/bridge- > stats. > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you > freedom!___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote: > Ok. Here is the torrc file: > > GNU nano 3.2 /etc/tor/torrc > > > Nickname gbridge > ORPort 443 > SocksPort 0 > BridgeRelay 1 > PublishServerDescriptor bridge > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > ServerTransportListenAddr obfs4 0.0.0.0:8080 > ExtOrPort auto > Log notice file /var/log/tor/notices.log > ExitPolicy reject *:* > AccountingMax 5 GB > ContactInfo keiferdodderblyyatgmaildoddercom > > > Where in this torrc file is that configured? Then set it to 'any' and wait 24-48 hours to see what happens. Maybe there was an error in the db. If your bridge is still not distributed, it could be due to the outdated obfs4proxy or because of 'AccountingMax 5 GB'. Sorry but, 5 GB is a 'fart in the wind' the accounting period would only be a few hours a month. It's not even worth distributing them because it would only frustrate the users. > And how would it be blocked in > Russia already if it hasn't even been used? Why should this new feature of the bridgedb, more precisely the rdsys backend, have anything to do with whether someone uses a bridge? This is a bridgedb distribution method introduced by meskio. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Where in the torrc file would I set it to any? I am looking for a way to run a bridge without being charged a huge amount of money for it, and I was curious how it would have been detected by Russia if noone had used the bridge there? Thanks. --Keifer On Mon, Feb 20, 2023 at 8:45 AM wrote: > On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote: > > Ok. Here is the torrc file: > > > > GNU nano 3.2 /etc/tor/torrc > > > > > > Nickname gbridge > > ORPort 443 > > SocksPort 0 > > BridgeRelay 1 > > PublishServerDescriptor bridge > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > > ServerTransportListenAddr obfs4 0.0.0.0:8080 > > ExtOrPort auto > > Log notice file /var/log/tor/notices.log > > ExitPolicy reject *:* > > AccountingMax 5 GB > > ContactInfo keiferdodderblyyatgmaildoddercom > > > > > > Where in this torrc file is that configured? > Then set it to 'any' and wait 24-48 hours to see what happens. Maybe there > was > an error in the db. > > If your bridge is still not distributed, it could be due to the outdated > obfs4proxy or because of 'AccountingMax 5 GB'. > Sorry but, 5 GB is a 'fart in the wind' the accounting period would only > be a > few hours a month. It's not even worth distributing them because it would > only > frustrate the users. > > > And how would it be blocked in > > Russia already if it hasn't even been used? > Why should this new feature of the bridgedb, more precisely the rdsys > backend, > have anything to do with whether someone uses a bridge? This is a bridgedb > distribution method introduced by meskio. > > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you > freedom!___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Hi, Your torrc is correct wrt to distribution mechanism (your bridge is indicating "bridge-distribution-request any" in the descriptor it sends), but for the record, the line would have been "BridgeDistribution any". A bridge uses less bandwidth than a relay, but it's still a proxy. At 5GB per month, you'd be providing a steady 16kbps over the month, or a single mbps for little over 11 hours. That's very little, if you can't have more bandwidth (by using a provider with no bandwidth accounting, or one that gives better pricing per bandwidth), I fear your bridge won't be very useful at all. Mine consumes between a few hundred GB and a few TB depending on the distribution mechanism. Are you sure your bridge is reachable? Bridgestrap reports suggest it isn't. As the bridge operator, you should know its bridge line. Can you test it with Tor Browser to make sure? Given your accounting limits, it could be unreachable because currently hibernating. Or you could have a firewall issue, or something else. I believe not passing bridgestrap can explain not being assigned a distribution mechanism. It might also explain why it would be considered blocked in Russia: if it's not reachable from anywhere, it's not reachable from Russia. An other possibility, given you use 443 for your ORPort, is that your bridge was indeed detected by just scanning the whole internet. The ORPort is very recognizable (enough that some of my former bridges ended up tagged "tor" on Shodan) so it should be put on a port that's less likely to be scanned. Regards, trinity-1686a On Mon, 20 Feb 2023 at 21:29, Keifer Bly wrote: > > Where in the torrc file would I set it to any? I am looking for a way to run > a bridge without being charged a huge amount of money for it, and I was > curious how it would have been detected by Russia if noone had used the > bridge there? Thanks. > --Keifer > > > On Mon, Feb 20, 2023 at 8:45 AM wrote: >> >> On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote: >> > Ok. Here is the torrc file: >> > >> > GNU nano 3.2 /etc/tor/torrc >> > >> > >> > Nickname gbridge >> > ORPort 443 >> > SocksPort 0 >> > BridgeRelay 1 >> > PublishServerDescriptor bridge >> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy >> > ServerTransportListenAddr obfs4 0.0.0.0:8080 >> > ExtOrPort auto >> > Log notice file /var/log/tor/notices.log >> > ExitPolicy reject *:* >> > AccountingMax 5 GB >> > ContactInfo keiferdodderblyyatgmaildoddercom >> > >> > >> > Where in this torrc file is that configured? >> Then set it to 'any' and wait 24-48 hours to see what happens. Maybe there >> was >> an error in the db. >> >> If your bridge is still not distributed, it could be due to the outdated >> obfs4proxy or because of 'AccountingMax 5 GB'. >> Sorry but, 5 GB is a 'fart in the wind' the accounting period would only be a >> few hours a month. It's not even worth distributing them because it would >> only >> frustrate the users. >> >> > And how would it be blocked in >> > Russia already if it hasn't even been used? >> Why should this new feature of the bridgedb, more precisely the rdsys >> backend, >> have anything to do with whether someone uses a bridge? This is a bridgedb >> distribution method introduced by meskio. >> >> >> -- >> ╰_╯ Ciao Marco! >> >> Debian GNU/Linux >> >> It's free software and it gives you >> freedom!___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Well, So I just changed my torrc to this: Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom Trying to avoid being charged a huge amount for traffic as these VPS providers can be ridiculous when it comes to that, which is why it was set to so little. Ran killall -HUP tor to reload it and see that happens in the next day or so. And the reason why it's on port 443 is so as to be on a port that's not likely blocked by network administrators. Thank you. --Keifer On Mon, Feb 20, 2023 at 2:23 PM trinity pointard wrote: > Hi, > > Your torrc is correct wrt to distribution mechanism (your bridge is > indicating "bridge-distribution-request any" in the descriptor it > sends), but for the record, the line would have been > "BridgeDistribution any". > A bridge uses less bandwidth than a relay, but it's still a proxy. At > 5GB per month, you'd be providing a steady 16kbps over the month, or a > single mbps for little over 11 hours. That's very little, if you can't > have more bandwidth (by using a provider with no bandwidth accounting, > or one that gives better pricing per bandwidth), I fear your bridge > won't be very useful at all. Mine consumes between a few hundred GB > and a few TB depending on the distribution mechanism. > > Are you sure your bridge is reachable? Bridgestrap reports suggest it > isn't. > As the bridge operator, you should know its bridge line. Can you test > it with Tor Browser to make sure? > Given your accounting limits, it could be unreachable because > currently hibernating. Or you could have a firewall issue, or > something else. > I believe not passing bridgestrap can explain not being assigned a > distribution mechanism. > > It might also explain why it would be considered blocked in Russia: if > it's not reachable from anywhere, it's not reachable from Russia. An > other possibility, given you use 443 for your ORPort, is that your > bridge was indeed detected by just scanning the whole internet. The > ORPort is very recognizable (enough that some of my former bridges > ended up tagged "tor" on Shodan) so it should be put on a port that's > less likely to be scanned. > > Regards, > trinity-1686a > > On Mon, 20 Feb 2023 at 21:29, Keifer Bly wrote: > > > > Where in the torrc file would I set it to any? I am looking for a way to > run a bridge without being charged a huge amount of money for it, and I was > curious how it would have been detected by Russia if noone had used the > bridge there? Thanks. > > --Keifer > > > > > > On Mon, Feb 20, 2023 at 8:45 AM wrote: > >> > >> On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote: > >> > Ok. Here is the torrc file: > >> > > >> > GNU nano 3.2 /etc/tor/torrc > >> > > >> > > >> > Nickname gbridge > >> > ORPort 443 > >> > SocksPort 0 > >> > BridgeRelay 1 > >> > PublishServerDescriptor bridge > >> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > >> > ServerTransportListenAddr obfs4 0.0.0.0:8080 > >> > ExtOrPort auto > >> > Log notice file /var/log/tor/notices.log > >> > ExitPolicy reject *:* > >> > AccountingMax 5 GB > >> > ContactInfo keiferdodderblyyatgmaildoddercom > >> > > >> > > >> > Where in this torrc file is that configured? > >> Then set it to 'any' and wait 24-48 hours to see what happens. Maybe > there was > >> an error in the db. > >> > >> If your bridge is still not distributed, it could be due to the outdated > >> obfs4proxy or because of 'AccountingMax 5 GB'. > >> Sorry but, 5 GB is a 'fart in the wind' the accounting period would > only be a > >> few hours a month. It's not even worth distributing them because it > would only > >> frustrate the users. > >> > >> > And how would it be blocked in > >> > Russia already if it hasn't even been used? > >> Why should this new feature of the bridgedb, more precisely the rdsys > backend, > >> have anything to do with whether someone uses a bridge? This is a > bridgedb > >> distribution method introduced by meskio. > >> > >> > >> -- > >> ╰_╯ Ciao Marco! > >> > >> Debian GNU/Linux > >> > >> It's free software and it gives you > freedom!___ > >> tor-relays mailing list > >> tor-relays@lists.torproject.org > >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > ___ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing l
Re: [tor-relays] Confusing bridge signs...
> And the reason why it's on port 443 is so as to be on a port that's not > likely blocked by network administrators. That might be useful for the ORPort of a relay, and for the obfs4 port of a bridge, but not for the ORPort of a bridge. Clients are not supposed to connect to it. The only reason it's exposed is because the bridge authority still requires it to verify the bridge is reachable. See https://gitlab.torproject.org/tpo/core/tor/-/issues/7349. You are better of using 443 for the ServerTransportListenAddr, and some high port for ORPort. On Tue, 21 Feb 2023 at 03:05, Keifer Bly wrote: > > Well, > > So I just changed my torrc to this: > > Nickname gbridge > ORPort 443 > SocksPort 0 > BridgeRelay 1 > PublishServerDescriptor bridge > BridgeDistribution email > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > ServerTransportListenAddr obfs4 0.0.0.0:8080 > ExtOrPort auto > Log notice file /var/log/tor/notices.log > ExitPolicy reject *:* > AccountingMax 50 GB > ContactInfo keiferdodderblyyatgmaildoddercom > > Trying to avoid being charged a huge amount for traffic as these VPS > providers can be ridiculous when it comes to that, which is why it was set to > so little. Ran killall -HUP tor to reload it and see that happens in the next > day or so. And the reason why it's on port 443 is so as to be on a port > that's not likely blocked by network administrators. Thank you. > --Keifer > > > On Mon, Feb 20, 2023 at 2:23 PM trinity pointard > wrote: >> >> Hi, >> >> Your torrc is correct wrt to distribution mechanism (your bridge is >> indicating "bridge-distribution-request any" in the descriptor it >> sends), but for the record, the line would have been >> "BridgeDistribution any". >> A bridge uses less bandwidth than a relay, but it's still a proxy. At >> 5GB per month, you'd be providing a steady 16kbps over the month, or a >> single mbps for little over 11 hours. That's very little, if you can't >> have more bandwidth (by using a provider with no bandwidth accounting, >> or one that gives better pricing per bandwidth), I fear your bridge >> won't be very useful at all. Mine consumes between a few hundred GB >> and a few TB depending on the distribution mechanism. >> >> Are you sure your bridge is reachable? Bridgestrap reports suggest it isn't. >> As the bridge operator, you should know its bridge line. Can you test >> it with Tor Browser to make sure? >> Given your accounting limits, it could be unreachable because >> currently hibernating. Or you could have a firewall issue, or >> something else. >> I believe not passing bridgestrap can explain not being assigned a >> distribution mechanism. >> >> It might also explain why it would be considered blocked in Russia: if >> it's not reachable from anywhere, it's not reachable from Russia. An >> other possibility, given you use 443 for your ORPort, is that your >> bridge was indeed detected by just scanning the whole internet. The >> ORPort is very recognizable (enough that some of my former bridges >> ended up tagged "tor" on Shodan) so it should be put on a port that's >> less likely to be scanned. >> >> Regards, >> trinity-1686a >> >> On Mon, 20 Feb 2023 at 21:29, Keifer Bly wrote: >> > >> > Where in the torrc file would I set it to any? I am looking for a way to >> > run a bridge without being charged a huge amount of money for it, and I >> > was curious how it would have been detected by Russia if noone had used >> > the bridge there? Thanks. >> > --Keifer >> > >> > >> > On Mon, Feb 20, 2023 at 8:45 AM wrote: >> >> >> >> On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote: >> >> > Ok. Here is the torrc file: >> >> > >> >> > GNU nano 3.2 /etc/tor/torrc >> >> > >> >> > >> >> > Nickname gbridge >> >> > ORPort 443 >> >> > SocksPort 0 >> >> > BridgeRelay 1 >> >> > PublishServerDescriptor bridge >> >> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy >> >> > ServerTransportListenAddr obfs4 0.0.0.0:8080 >> >> > ExtOrPort auto >> >> > Log notice file /var/log/tor/notices.log >> >> > ExitPolicy reject *:* >> >> > AccountingMax 5 GB >> >> > ContactInfo keiferdodderblyyatgmaildoddercom >> >> > >> >> > >> >> > Where in this torrc file is that configured? >> >> Then set it to 'any' and wait 24-48 hours to see what happens. Maybe >> >> there was >> >> an error in the db. >> >> >> >> If your bridge is still not distributed, it could be due to the outdated >> >> obfs4proxy or because of 'AccountingMax 5 GB'. >> >> Sorry but, 5 GB is a 'fart in the wind' the accounting period would only >> >> be a >> >> few hours a month. It's not even worth distributing them because it would >> >> only >> >> frustrate the users. >> >> >> >> > And how would it be blocked in >> >> > Russia already if it hasn't even been used? >> >> Why should this new feature of the bridgedb, more precisely the rdsys >> >> backend, >> >> have anything to do with whether someone uses a bridge? This is a bridgedb >> >> distribution met
Re: [tor-relays] Confusing bridge signs...
Ok, changed to port 8080 and upped my allowed traffic a bit: GNU nano 3.2 /etc/tor/torrc Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom Yes, I have limited bandwidth I can give so as to avoid being massively charged for traffic. Perhaps there is a way to set tor to only allow traffic with a small connection? Thanks. --Keifer On Tue, Feb 21, 2023 at 1:29 AM trinity pointard wrote: > > And the reason why it's on port 443 is so as to be on a port that's not > likely blocked by network administrators. > > That might be useful for the ORPort of a relay, and for the obfs4 port > of a bridge, but not for the ORPort of a bridge. Clients are not > supposed to connect to it. > The only reason it's exposed is because the bridge authority still > requires it to verify the bridge is reachable. See > https://gitlab.torproject.org/tpo/core/tor/-/issues/7349. > You are better of using 443 for the ServerTransportListenAddr, and > some high port for ORPort. > > On Tue, 21 Feb 2023 at 03:05, Keifer Bly wrote: > > > > Well, > > > > So I just changed my torrc to this: > > > > Nickname gbridge > > ORPort 443 > > SocksPort 0 > > BridgeRelay 1 > > PublishServerDescriptor bridge > > BridgeDistribution email > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > > ServerTransportListenAddr obfs4 0.0.0.0:8080 > > ExtOrPort auto > > Log notice file /var/log/tor/notices.log > > ExitPolicy reject *:* > > AccountingMax 50 GB > > ContactInfo keiferdodderblyyatgmaildoddercom > > > > Trying to avoid being charged a huge amount for traffic as these VPS > providers can be ridiculous when it comes to that, which is why it was set > to so little. Ran killall -HUP tor to reload it and see that happens in the > next day or so. And the reason why it's on port 443 is so as to be on a > port that's not likely blocked by network administrators. Thank you. > > --Keifer > > > > > > On Mon, Feb 20, 2023 at 2:23 PM trinity pointard < > trinity.point...@gmail.com> wrote: > >> > >> Hi, > >> > >> Your torrc is correct wrt to distribution mechanism (your bridge is > >> indicating "bridge-distribution-request any" in the descriptor it > >> sends), but for the record, the line would have been > >> "BridgeDistribution any". > >> A bridge uses less bandwidth than a relay, but it's still a proxy. At > >> 5GB per month, you'd be providing a steady 16kbps over the month, or a > >> single mbps for little over 11 hours. That's very little, if you can't > >> have more bandwidth (by using a provider with no bandwidth accounting, > >> or one that gives better pricing per bandwidth), I fear your bridge > >> won't be very useful at all. Mine consumes between a few hundred GB > >> and a few TB depending on the distribution mechanism. > >> > >> Are you sure your bridge is reachable? Bridgestrap reports suggest it > isn't. > >> As the bridge operator, you should know its bridge line. Can you test > >> it with Tor Browser to make sure? > >> Given your accounting limits, it could be unreachable because > >> currently hibernating. Or you could have a firewall issue, or > >> something else. > >> I believe not passing bridgestrap can explain not being assigned a > >> distribution mechanism. > >> > >> It might also explain why it would be considered blocked in Russia: if > >> it's not reachable from anywhere, it's not reachable from Russia. An > >> other possibility, given you use 443 for your ORPort, is that your > >> bridge was indeed detected by just scanning the whole internet. The > >> ORPort is very recognizable (enough that some of my former bridges > >> ended up tagged "tor" on Shodan) so it should be put on a port that's > >> less likely to be scanned. > >> > >> Regards, > >> trinity-1686a > >> > >> On Mon, 20 Feb 2023 at 21:29, Keifer Bly wrote: > >> > > >> > Where in the torrc file would I set it to any? I am looking for a way > to run a bridge without being charged a huge amount of money for it, and I > was curious how it would have been detected by Russia if noone had used the > bridge there? Thanks. > >> > --Keifer > >> > > >> > > >> > On Mon, Feb 20, 2023 at 8:45 AM wrote: > >> >> > >> >> On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote: > >> >> > Ok. Here is the torrc file: > >> >> > > >> >> > GNU nano 3.2 /etc/tor/torrc > >> >> > > >> >> > > >> >> > Nickname gbridge > >> >> > ORPort 443 > >> >> > SocksPort 0 > >> >> > BridgeRelay 1 > >> >> > PublishServerDescriptor bridge > >> >> > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > >> >> > ServerTransportListenAddr obfs4 0.0.0.0:8080 > >> >> > ExtOrPort auto > >> >> > Log notice file /var/log/tor/notices.log > >> >> > ExitPoli
Re: [tor-relays] Confusing bridge signs...
Hi Keifer, You can't use the same port. Here is a simple example: BridgeRelay 1 ORPort 56331 ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:5 ExtORPort auto ContactInfo keiferdodderblyyatgmaildoddercom Log notice file /var/log/tor/notices.log BridgeDistribution email Nickname gbridge AccountingStart day 12:00 AccountingMax 50 GB Example: Let's say you want to allow 50 GB of traffic every day in each direction and the accounting should reset at noon each day: For more details about AccountinMax, see this Support doc: https://support.torproject.org/relay-operators/limit-total-bandwidth/ Did you also install obfs4proxy package? Because on Metrics it says that your bridge don't have any 'transport protocol'. cheers, Gus On Tue, Feb 21, 2023 at 08:23:44AM -0800, Keifer Bly wrote: > Ok, changed to port 8080 and upped my allowed traffic a bit: > > GNU nano 3.2 > /etc/tor/torrc > > > Nickname gbridge > ORPort 8080 > SocksPort 0 > BridgeRelay 1 > PublishServerDescriptor bridge > BridgeDistribution email > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > ServerTransportListenAddr obfs4 0.0.0.0:8080 > ExtOrPort auto > Log notice file /var/log/tor/notices.log > ExitPolicy reject *:* > AccountingMax 50 GB > ContactInfo keiferdodderblyyatgmaildoddercom > > Yes, I have limited bandwidth I can give so as to avoid being > massively charged for traffic. Perhaps there is a way to set tor to only > allow traffic with a small connection? Thanks. > > > > > > > > > > > --Keifer > > > On Tue, Feb 21, 2023 at 1:29 AM trinity pointard > wrote: > > > > And the reason why it's on port 443 is so as to be on a port that's not > > likely blocked by network administrators. > > > > That might be useful for the ORPort of a relay, and for the obfs4 port > > of a bridge, but not for the ORPort of a bridge. Clients are not > > supposed to connect to it. > > The only reason it's exposed is because the bridge authority still > > requires it to verify the bridge is reachable. See > > https://gitlab.torproject.org/tpo/core/tor/-/issues/7349. > > You are better of using 443 for the ServerTransportListenAddr, and > > some high port for ORPort. > > > > On Tue, 21 Feb 2023 at 03:05, Keifer Bly wrote: > > > > > > Well, > > > > > > So I just changed my torrc to this: > > > > > > Nickname gbridge > > > ORPort 443 > > > SocksPort 0 > > > BridgeRelay 1 > > > PublishServerDescriptor bridge > > > BridgeDistribution email > > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > > > ServerTransportListenAddr obfs4 0.0.0.0:8080 > > > ExtOrPort auto > > > Log notice file /var/log/tor/notices.log > > > ExitPolicy reject *:* > > > AccountingMax 50 GB > > > ContactInfo keiferdodderblyyatgmaildoddercom > > > > > > Trying to avoid being charged a huge amount for traffic as these VPS > > providers can be ridiculous when it comes to that, which is why it was set > > to so little. Ran killall -HUP tor to reload it and see that happens in the > > next day or so. And the reason why it's on port 443 is so as to be on a > > port that's not likely blocked by network administrators. Thank you. > > > --Keifer > > > > > > > > > On Mon, Feb 20, 2023 at 2:23 PM trinity pointard < > > trinity.point...@gmail.com> wrote: > > >> > > >> Hi, > > >> > > >> Your torrc is correct wrt to distribution mechanism (your bridge is > > >> indicating "bridge-distribution-request any" in the descriptor it > > >> sends), but for the record, the line would have been > > >> "BridgeDistribution any". > > >> A bridge uses less bandwidth than a relay, but it's still a proxy. At > > >> 5GB per month, you'd be providing a steady 16kbps over the month, or a > > >> single mbps for little over 11 hours. That's very little, if you can't > > >> have more bandwidth (by using a provider with no bandwidth accounting, > > >> or one that gives better pricing per bandwidth), I fear your bridge > > >> won't be very useful at all. Mine consumes between a few hundred GB > > >> and a few TB depending on the distribution mechanism. > > >> > > >> Are you sure your bridge is reachable? Bridgestrap reports suggest it > > isn't. > > >> As the bridge operator, you should know its bridge line. Can you test > > >> it with Tor Browser to make sure? > > >> Given your accounting limits, it could be unreachable because > > >> currently hibernating. Or you could have a firewall issue, or > > >> something else. > > >> I believe not passing bridgestrap can explain not being assigned a > > >> distribution mechanism. > > >> > > >> It might also explain why it would be considered blocked in Russia: if > > >> it's not reachable from anywhere, it's not reachable from Russia. An > > >> other possibility, given you use 443 for your ORPort, is that your > > >> bridge was indeed detected by just scanning the whole internet. The > > >> ORPort is very recognizable (enough that some of my former bridges > > >> ended up tagg
Re: [tor-relays] Confusing bridge signs...
On Donnerstag, 23. Februar 2023 13:43:29 CET gus wrote: > AccountingStart day 12:00 > AccountingMax 50 GB > > > Example: Let's say you want to allow 50 GB of traffic every day in each > direction and the accounting should reset at noon each day: Hi Gus, I think Keifer meant the 5GB limit or now 50GB per month. ;-) I would recommend checking here more often: https://lowendbox.com/blog/2-usd-vps-cheap-vps-under-2-month/ Server Host: 2048MB RAM, 1000Mbps Unmetered Port (^^ make sure to use the coupon code!) There are always offers for Easter, Christmas or Black Friday. (VPS unlimited for 10-30 dollars/year) Or: Yes, Frantech should actually be avoided. But in Miami there are few Tor relays. A SLICE 512 for $2.00/m or $20.00/y is sufficient for a bridge. https://buyvm.net/kvm-dedicated-server-slices/ > For more details about AccountinMax, see this Support doc: > https://support.torproject.org/relay-operators/limit-total-bandwidth/ > Did you also install obfs4proxy package? Because on Metrics it says > that your bridge don't have any 'transport protocol'. @Keifer read my message how you check that: https://lists.torproject.org/pipermail/tor-relays/2023-January/020979.html -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Hi, So yes I had obfs4 installed. I accidentally set it to the same port as tor without relazing, silly me. Here is my new torrc: Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8081 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom I am wanting to limit to 50GB per month to avoid being overcharged. Would this do that? Thanks. --Keifer On Thu, Feb 23, 2023 at 4:43 AM gus wrote: > Hi Keifer, > > You can't use the same port. > > Here is a simple example: > > BridgeRelay 1 > ORPort 56331 > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > ServerTransportListenAddr obfs4 0.0.0.0:5 > ExtORPort auto > ContactInfo keiferdodderblyyatgmaildoddercom > Log notice file /var/log/tor/notices.log > BridgeDistribution email > Nickname gbridge > AccountingStart day 12:00 > AccountingMax 50 GB > > > Example: Let's say you want to allow 50 GB of traffic every day in each > direction and the accounting should reset at noon each day: > > For more details about AccountinMax, see this Support doc: > https://support.torproject.org/relay-operators/limit-total-bandwidth/ > > Did you also install obfs4proxy package? Because on Metrics it says > that your bridge don't have any 'transport protocol'. > > cheers, > Gus > > On Tue, Feb 21, 2023 at 08:23:44AM -0800, Keifer Bly wrote: > > Ok, changed to port 8080 and upped my allowed traffic a bit: > > > > GNU nano 3.2 > > /etc/tor/torrc > > > > > > Nickname gbridge > > ORPort 8080 > > SocksPort 0 > > BridgeRelay 1 > > PublishServerDescriptor bridge > > BridgeDistribution email > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > > ServerTransportListenAddr obfs4 0.0.0.0:8080 > > ExtOrPort auto > > Log notice file /var/log/tor/notices.log > > ExitPolicy reject *:* > > AccountingMax 50 GB > > ContactInfo keiferdodderblyyatgmaildoddercom > > > > Yes, I have limited bandwidth I can give so as to avoid being > > massively charged for traffic. Perhaps there is a way to set tor to only > > allow traffic with a small connection? Thanks. > > > > > > > > > > > > > > > > > > > > > > --Keifer > > > > > > On Tue, Feb 21, 2023 at 1:29 AM trinity pointard < > trinity.point...@gmail.com> > > wrote: > > > > > > And the reason why it's on port 443 is so as to be on a port that's > not > > > likely blocked by network administrators. > > > > > > That might be useful for the ORPort of a relay, and for the obfs4 port > > > of a bridge, but not for the ORPort of a bridge. Clients are not > > > supposed to connect to it. > > > The only reason it's exposed is because the bridge authority still > > > requires it to verify the bridge is reachable. See > > > https://gitlab.torproject.org/tpo/core/tor/-/issues/7349. > > > You are better of using 443 for the ServerTransportListenAddr, and > > > some high port for ORPort. > > > > > > On Tue, 21 Feb 2023 at 03:05, Keifer Bly wrote: > > > > > > > > Well, > > > > > > > > So I just changed my torrc to this: > > > > > > > > Nickname gbridge > > > > ORPort 443 > > > > SocksPort 0 > > > > BridgeRelay 1 > > > > PublishServerDescriptor bridge > > > > BridgeDistribution email > > > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > > > > ServerTransportListenAddr obfs4 0.0.0.0:8080 > > > > ExtOrPort auto > > > > Log notice file /var/log/tor/notices.log > > > > ExitPolicy reject *:* > > > > AccountingMax 50 GB > > > > ContactInfo keiferdodderblyyatgmaildoddercom > > > > > > > > Trying to avoid being charged a huge amount for traffic as these VPS > > > providers can be ridiculous when it comes to that, which is why it was > set > > > to so little. Ran killall -HUP tor to reload it and see that happens > in the > > > next day or so. And the reason why it's on port 443 is so as to be on a > > > port that's not likely blocked by network administrators. Thank you. > > > > --Keifer > > > > > > > > > > > > On Mon, Feb 20, 2023 at 2:23 PM trinity pointard < > > > trinity.point...@gmail.com> wrote: > > > >> > > > >> Hi, > > > >> > > > >> Your torrc is correct wrt to distribution mechanism (your bridge is > > > >> indicating "bridge-distribution-request any" in the descriptor it > > > >> sends), but for the record, the line would have been > > > >> "BridgeDistribution any". > > > >> A bridge uses less bandwidth than a relay, but it's still a proxy. > At > > > >> 5GB per month, you'd be providing a steady 16kbps over the month, > or a > > > >> single mbps for little over 11 hours. That's very little, if you > can't > > > >> have more bandwidth (by using a provider with no bandwidth > accounting, > > > >> or one that gives better pricing per bandwidth), I fear your bridge > > > >> won't be very useful at all. Mine consumes between a few hundred GB > > > >> and a few TB depending on t
Re: [tor-relays] Confusing bridge signs...
Yes, the limit is 50GB per month, but for some reason the distribution mechanism is not updating and the bridge keeps going offline despite the new torrc. --Keifer On Thu, Feb 23, 2023 at 1:43 PM wrote: > On Donnerstag, 23. Februar 2023 13:43:29 CET gus wrote: > > > AccountingStart day 12:00 > > AccountingMax 50 GB > > > > > > Example: Let's say you want to allow 50 GB of traffic every day in each > > direction and the accounting should reset at noon each day: > Hi Gus, I think Keifer meant the 5GB limit or now 50GB per month. ;-) > > I would recommend checking here more often: > https://lowendbox.com/blog/2-usd-vps-cheap-vps-under-2-month/ > Server Host: 2048MB RAM, 1000Mbps Unmetered Port > (^^ make sure to use the coupon code!) > > There are always offers for Easter, Christmas or Black Friday. (VPS > unlimited > for 10-30 dollars/year) > > Or: > > Yes, Frantech should actually be avoided. But in Miami there are few Tor > relays. A SLICE 512 for $2.00/m or $20.00/y is sufficient for a bridge. > https://buyvm.net/kvm-dedicated-server-slices/ > > > For more details about AccountinMax, see this Support doc: > > https://support.torproject.org/relay-operators/limit-total-bandwidth/ > > > Did you also install obfs4proxy package? Because on Metrics it says > > that your bridge don't have any 'transport protocol'. > > @Keifer read my message how you check that: > https://lists.torproject.org/pipermail/tor-relays/2023-January/020979.html > > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you > freedom!___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
On Freitag, 24. Februar 2023 04:11:27 CET Keifer Bly wrote: > Yes, the limit is 50GB per month, but for some reason the distribution > mechanism is not updating and the bridge keeps going offline despite the > new torrc. What comes to my mind without logs (& your 'killall -HUP' of a systemd service is not optimal), your wrong config (2x same Port) has maxed out 'Restart=on- failure'. Try: ~# systemctl stop tor ~# systemctl list-units --failed if not zero than: ~# systemctl reset-failed ~# systemctl start tor To see if the tor.service has finished successfully: ~# systemctl status tor if not, read log: journalctl -xe -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Hi, So I had changed the listener port for obfs4, it's now 8181. Upon running your steps, and systemctl status tor, it returns the following: ● tor.service - Anonymizing overlay network for TCP (multi-instance-master) Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled) Active: active (exited) since Tue 2023-02-28 05:42:48 UTC; 18s ago Process: 15314 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 15314 (code=exited, status=0/SUCCESS) Feb 28 05:42:48 instance-1 systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)... Feb 28 05:42:48 instance-1 systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master). Will check it in a few hours, but is there a way to limit the bridge to only connections of a certain size? Thanks. --Keifer On Sun, Feb 26, 2023 at 3:16 AM wrote: > On Freitag, 24. Februar 2023 04:11:27 CET Keifer Bly wrote: > > Yes, the limit is 50GB per month, but for some reason the distribution > > mechanism is not updating and the bridge keeps going offline despite the > > new torrc. > > What comes to my mind without logs (& your 'killall -HUP' of a systemd > service > is not optimal), your wrong config (2x same Port) has maxed out > 'Restart=on- > failure'. > > Try: > ~# systemctl stop tor > ~# systemctl list-units --failed > > if not zero than: > ~# systemctl reset-failed > ~# systemctl start tor > > To see if the tor.service has finished successfully: > ~# systemctl status tor > > if not, read log: > journalctl -xe > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you > freedom!___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Yep, and after that the same still happens, it is still going offline despite the also different ports and having followed the listed steps. --Keifer On Mon, Feb 27, 2023 at 9:45 PM Keifer Bly wrote: > Hi, > > So I had changed the listener port for obfs4, it's now 8181. > > Upon running your steps, and systemctl status tor, it returns the > following: > > ● tor.service - Anonymizing overlay network for TCP (multi-instance-master) >Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor > preset: enabled) >Active: active (exited) since Tue 2023-02-28 05:42:48 UTC; 18s ago > Process: 15314 ExecStart=/bin/true (code=exited, status=0/SUCCESS) > Main PID: 15314 (code=exited, status=0/SUCCESS) > > Feb 28 05:42:48 instance-1 systemd[1]: Starting Anonymizing overlay > network for TCP (multi-instance-master)... > Feb 28 05:42:48 instance-1 systemd[1]: Started Anonymizing overlay network > for TCP (multi-instance-master). > > > Will check it in a few hours, but is there a way to limit the bridge to > only connections of a certain size? Thanks. > --Keifer > > > On Sun, Feb 26, 2023 at 3:16 AM wrote: > >> On Freitag, 24. Februar 2023 04:11:27 CET Keifer Bly wrote: >> > Yes, the limit is 50GB per month, but for some reason the distribution >> > mechanism is not updating and the bridge keeps going offline despite the >> > new torrc. >> >> What comes to my mind without logs (& your 'killall -HUP' of a systemd >> service >> is not optimal), your wrong config (2x same Port) has maxed out >> 'Restart=on- >> failure'. >> >> Try: >> ~# systemctl stop tor >> ~# systemctl list-units --failed >> >> if not zero than: >> ~# systemctl reset-failed >> ~# systemctl start tor >> >> To see if the tor.service has finished successfully: >> ~# systemctl status tor >> >> if not, read log: >> journalctl -xe >> >> -- >> ╰_╯ Ciao Marco! >> >> Debian GNU/Linux >> >> It's free software and it gives you >> freedom!___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
On Dienstag, 28. Februar 2023 19:02:38 CET Keifer Bly wrote: > Yep, and after that the same still happens, it is still going offline In the syslog is why tor aborts. To help you, you should post your logs to a pastbin page. From the start of the tor daemon until it goes offline. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Wheres the pastebin page? Thanks. --Keifer On Fri, Mar 3, 2023 at 7:47 AM wrote: > On Dienstag, 28. Februar 2023 19:02:38 CET Keifer Bly wrote: > > Yep, and after that the same still happens, it is still going offline > In the syslog is why tor aborts. > > To help you, you should post your logs to a pastbin page. From the start > of > the tor daemon until it goes offline. > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you > freedom!___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
On Samstag, 4. März 2023 02:09:19 CET Keifer Bly wrote: > Wheres the pastebin page? Thanks. $websearch pastebin https://paste.debian.net/ https://paste.systemli.org/ https://pastebin.mozilla.org/ ... -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Well so here is the current torrc file: Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8081 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom Strangely, nothing whatsoever is being written to the notices.log file, upon checking it it is completely empty, nothing there. I wonder why that would happen and how else to tell what's going on? Tor is running as root so it's not a permission issue, and I also set up a port forwarding rule for the obfs4 port. Thanks. --Keifer On Fri, Mar 3, 2023 at 7:47 AM wrote: > On Dienstag, 28. Februar 2023 19:02:38 CET Keifer Bly wrote: > > Yep, and after that the same still happens, it is still going offline > In the syslog is why tor aborts. > > To help you, you should post your logs to a pastbin page. From the start > of > the tor daemon until it goes offline. > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you > freedom!___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
On Wednesday, March 8, 2023, 11:13:08 AM MST, Keifer Bly wrote: Well so here is the current torrc file: Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8081 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom Strangely, nothing whatsoever is being written to the notices.log file, upon checking it it is completely empty, nothing there. I wonder why that would happen and how else to tell what's going on? Tor is running as root so it's not a permission issue, and I also set up a port forwarding rule for the obfs4 port. Thanks. --Keifer Keifer, Have you tried starting the Tor process manually (without the startup script)? Example: /opt/sbin/tor -f /tmp/torrc Starting Tor manually is a great way of diagnosing torrc startup issues. Keep at it. You're almost there. Kind Regards, Gary— This Message Originated by the Sun. iBigBlue 63W Solar Array (~12 Hour Charge) + 2 x Charmast 26800mAh Power Banks = iPhone XS Max 512GB (~2 Weeks Charged) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote: > Strangely, nothing whatsoever is being written to the notices.log file, > upon checking it it is completely empty, nothing there. That can't be, please post: ~# ls -A /var/log/tor In general, everything is always written to /var/log/syslog & systemd-journald to /var/log/journal (binaries). ~$ man journalctl > I wonder why that Read what _logrotate_ does. Every tor restart creates a new empty log file. > would happen and how else to tell what's going on? Tor is running as root Why do you change security-related default settings? Default tor user is: debian-tor. (On Debian and Ubuntu systems) > so it's not a permission issue, and I also set up a port forwarding rule Why? You have a server in the data center. You only need forwarding on a router! Packet forwarding is also disabled in /etc/sysctl.conf per default. Your iptables must start like this. *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] ... -A INPUT -p tcp --dport -j ACCEPT ... No FORWARD, no OUTPUT rules. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
I do not use any scripts to start tor, I just type tor to start the process on debian. And yes the datacenter I run in has an external firewall which requires setting up port forwarding. The result of running ls -A /var/log/tor root@instance-1:/home/keifer_bly# ls -A /var/log/tor notices.log notices.log.1 notices.log.2.gz notices.log.3.gz notices.log.4.gz notices.log.5.gz root@instance-1:/home/keifer_bly# So it's creating separate .gz files for some reason. I don't know why that is or what to do from here. Thanks. --Keifer On Fri, Mar 10, 2023 at 8:15 AM wrote: > On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote: > > > Strangely, nothing whatsoever is being written to the notices.log file, > > upon checking it it is completely empty, nothing there. > That can't be, please post: > ~# ls -A /var/log/tor > > In general, everything is always written to /var/log/syslog & > systemd-journald > to /var/log/journal (binaries). > ~$ man journalctl > > > I wonder why that > Read what _logrotate_ does. Every tor restart creates a new empty log file. > > > would happen and how else to tell what's going on? Tor is running as root > Why do you change security-related default settings? Default tor user is: > debian-tor. (On Debian and Ubuntu systems) > > > so it's not a permission issue, and I also set up a port forwarding rule > Why? You have a server in the data center. You only need forwarding on a > router! Packet forwarding is also disabled in /etc/sysctl.conf per default. > > Your iptables must start like this. > *filter > :INPUT DROP [0:0] > :FORWARD DROP [0:0] > :OUTPUT ACCEPT [0:0] > ... > -A INPUT -p tcp --dport -j ACCEPT > ... > > No FORWARD, no OUTPUT rules. > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you > freedom!___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
On Sonntag, 12. März 2023 04:45:21 CET Keifer Bly wrote: > I do not use any scripts to start tor, I just type tor to start the process > on debian. That's where your problems begin. You start a 2nd tor process as root that doesn't take the default configs from: /usr/share/tor/tor-service-defaults-torrc & /etc/tor/torrc You have a systemd system & tor.service is activated by default. You don't have to do anything, tor runs automatically after a reboot|server start. The systemd services are controlled with the following commands: systemctl start tor.service systemctl stop tor.service systemctl restart tor.service systemctl reload tor.service systemctl status tor.service > And yes the datacenter I run in has an external firewall which > requires setting up port forwarding. Ok, anything in the customer interface for the datacenter router. > The result of running ls -A /var/log/tor > > root@instance-1:/home/keifer_bly# ls -A /var/log/tor > notices.log notices.log.1 notices.log.2.gz notices.log.3.gz > notices.log.4.gz notices.log.5.gz There are 6 log files of one of the tor processes. Both write to syslog. > > So it's creating separate .gz files for some reason. I don't know why that > is or what to do from here. Thanks. I wrote, learn what _logrotate_ does. Hint: without that, the hd fills up. man logrotate > > > > --Keifer > > On Fri, Mar 10, 2023 at 8:15 AM wrote: > > On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote: > > > Strangely, nothing whatsoever is being written to the notices.log file, > > > upon checking it it is completely empty, nothing there. > > > > That can't be, please post: > > ~# ls -A /var/log/tor > > > > In general, everything is always written to /var/log/syslog & > > systemd-journald > > to /var/log/journal (binaries). > > ~$ man journalctl > > > > > I wonder why that > > > > Read what _logrotate_ does. Every tor restart creates a new empty log > > file. > > > > > would happen and how else to tell what's going on? Tor is running as > > > root > > > > Why do you change security-related default settings? Default tor user is: > > debian-tor. (On Debian and Ubuntu systems) > > > > > so it's not a permission issue, and I also set up a port forwarding rule > > > > Why? You have a server in the data center. You only need forwarding on a > > router! Packet forwarding is also disabled in /etc/sysctl.conf per > > default. > > > > Your iptables must start like this. > > *filter > > > > :INPUT DROP [0:0] > > :FORWARD DROP [0:0] > > :OUTPUT ACCEPT [0:0] > > > > ... > > -A INPUT -p tcp --dport -j ACCEPT > > ... > > > > No FORWARD, no OUTPUT rules. > > > > -- > > ╰_╯ Ciao Marco! > > > > Debian GNU/Linux > > > > It's free software and it gives you > > freedom!___ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom! signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Ok, so when this happens, what would be the best command to use for reading the newest tor log? I am also needing this for another relay, my middle relay at https://metrics.torproject.org/rs.html#search/udeserveprivacy also keeps going offline with no warning and nothing written to the log file. Thanks. --Keifer On Sun, Mar 12, 2023 at 3:39 PM wrote: > On Sonntag, 12. März 2023 04:45:21 CET Keifer Bly wrote: > > I do not use any scripts to start tor, I just type tor to start the > process > > on debian. > That's where your problems begin. You start a 2nd tor process as root that > doesn't take the default configs from: > /usr/share/tor/tor-service-defaults-torrc & /etc/tor/torrc > > You have a systemd system & tor.service is activated by default. You don't > have to do anything, tor runs automatically after a reboot|server start. > > The systemd services are controlled with the following commands: > systemctl start tor.service > systemctl stop tor.service > systemctl restart tor.service > systemctl reload tor.service > systemctl status tor.service > > > And yes the datacenter I run in has an external firewall which > > requires setting up port forwarding. > Ok, anything in the customer interface for the datacenter router. > > > The result of running ls -A /var/log/tor > > > > root@instance-1:/home/keifer_bly# ls -A /var/log/tor > > notices.log notices.log.1 notices.log.2.gz notices.log.3.gz > > notices.log.4.gz notices.log.5.gz > There are 6 log files of one of the tor processes. Both write to syslog. > > > > > So it's creating separate .gz files for some reason. I don't know why > that > > is or what to do from here. Thanks. > I wrote, learn what _logrotate_ does. Hint: without that, the hd fills up. > man logrotate > > > > > > > > > --Keifer > > > > On Fri, Mar 10, 2023 at 8:15 AM wrote: > > > On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote: > > > > Strangely, nothing whatsoever is being written to the notices.log > file, > > > > upon checking it it is completely empty, nothing there. > > > > > > That can't be, please post: > > > ~# ls -A /var/log/tor > > > > > > In general, everything is always written to /var/log/syslog & > > > systemd-journald > > > to /var/log/journal (binaries). > > > ~$ man journalctl > > > > > > > I wonder why that > > > > > > Read what _logrotate_ does. Every tor restart creates a new empty log > > > file. > > > > > > > would happen and how else to tell what's going on? Tor is running as > > > > root > > > > > > Why do you change security-related default settings? Default tor user > is: > > > debian-tor. (On Debian and Ubuntu systems) > > > > > > > so it's not a permission issue, and I also set up a port forwarding > rule > > > > > > Why? You have a server in the data center. You only need forwarding on > a > > > router! Packet forwarding is also disabled in /etc/sysctl.conf per > > > default. > > > > > > Your iptables must start like this. > > > *filter > > > > > > :INPUT DROP [0:0] > > > :FORWARD DROP [0:0] > > > :OUTPUT ACCEPT [0:0] > > > > > > ... > > > -A INPUT -p tcp --dport -j ACCEPT > > > ... > > > > > > No FORWARD, no OUTPUT rules. > > > > > > -- > > > ╰_╯ Ciao Marco! > > > > > > Debian GNU/Linux > > > > > > It's free software and it gives you > > > freedom!___ > > > tor-relays mailing list > > > tor-relays@lists.torproject.org > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you > freedom!___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Confusing bridge signs...
Well so the bridge now jumped to being online for 18 days. But despite the torrc it is now saying it's still no distribution mechanism?? Thanks. --Keifer On Tue, Mar 14, 2023 at 10:23 AM Keifer Bly wrote: > Ok, so when this happens, what would be the best command to use for > reading the newest tor log? > > I am also needing this for another relay, my middle relay at > https://metrics.torproject.org/rs.html#search/udeserveprivacy also keeps > going offline with no warning and nothing written to the log file. Thanks. > --Keifer > > > On Sun, Mar 12, 2023 at 3:39 PM wrote: > >> On Sonntag, 12. März 2023 04:45:21 CET Keifer Bly wrote: >> > I do not use any scripts to start tor, I just type tor to start the >> process >> > on debian. >> That's where your problems begin. You start a 2nd tor process as root >> that >> doesn't take the default configs from: >> /usr/share/tor/tor-service-defaults-torrc & /etc/tor/torrc >> >> You have a systemd system & tor.service is activated by default. You >> don't >> have to do anything, tor runs automatically after a reboot|server start. >> >> The systemd services are controlled with the following commands: >> systemctl start tor.service >> systemctl stop tor.service >> systemctl restart tor.service >> systemctl reload tor.service >> systemctl status tor.service >> >> > And yes the datacenter I run in has an external firewall which >> > requires setting up port forwarding. >> Ok, anything in the customer interface for the datacenter router. >> >> > The result of running ls -A /var/log/tor >> > >> > root@instance-1:/home/keifer_bly# ls -A /var/log/tor >> > notices.log notices.log.1 notices.log.2.gz notices.log.3.gz >> > notices.log.4.gz notices.log.5.gz >> There are 6 log files of one of the tor processes. Both write to syslog. >> >> > >> > So it's creating separate .gz files for some reason. I don't know why >> that >> > is or what to do from here. Thanks. >> I wrote, learn what _logrotate_ does. Hint: without that, the hd fills up. >> man logrotate >> >> > >> > >> > >> > --Keifer >> > >> > On Fri, Mar 10, 2023 at 8:15 AM wrote: >> > > On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote: >> > > > Strangely, nothing whatsoever is being written to the notices.log >> file, >> > > > upon checking it it is completely empty, nothing there. >> > > >> > > That can't be, please post: >> > > ~# ls -A /var/log/tor >> > > >> > > In general, everything is always written to /var/log/syslog & >> > > systemd-journald >> > > to /var/log/journal (binaries). >> > > ~$ man journalctl >> > > >> > > > I wonder why that >> > > >> > > Read what _logrotate_ does. Every tor restart creates a new empty log >> > > file. >> > > >> > > > would happen and how else to tell what's going on? Tor is running as >> > > > root >> > > >> > > Why do you change security-related default settings? Default tor user >> is: >> > > debian-tor. (On Debian and Ubuntu systems) >> > > >> > > > so it's not a permission issue, and I also set up a port forwarding >> rule >> > > >> > > Why? You have a server in the data center. You only need forwarding >> on a >> > > router! Packet forwarding is also disabled in /etc/sysctl.conf per >> > > default. >> > > >> > > Your iptables must start like this. >> > > *filter >> > > >> > > :INPUT DROP [0:0] >> > > :FORWARD DROP [0:0] >> > > :OUTPUT ACCEPT [0:0] >> > > >> > > ... >> > > -A INPUT -p tcp --dport -j ACCEPT >> > > ... >> > > >> > > No FORWARD, no OUTPUT rules. >> > > >> > > -- >> > > ╰_╯ Ciao Marco! >> > > >> > > Debian GNU/Linux >> > > >> > > It's free software and it gives you >> > > freedom!___ >> > > tor-relays mailing list >> > > tor-relays@lists.torproject.org >> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> >> -- >> ╰_╯ Ciao Marco! >> >> Debian GNU/Linux >> >> It's free software and it gives you >> freedom!___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays