Hello,
i have been running a new relay for a short time period now and would like to bring to your attention the issues faced, that finally led me to refrain from keeping this up any longer:
* Documentation was ok (on torproject.org) and the installation (using deb on ubuntu) was easy. * It took quite some time to understand the implications (opening ports in the router, hazarding security to my computers, as i was - to this date - relying on the routers firewall working) - This job of mine basically got delayed until later, when i would have learned, what is needed in that respect. * Next, i noticed a frequent (daily) behavior of the Tor server dropping traffic to around zero. Inspecting this, let me to understand, my provider was disconnecting me and reassigning a new IP on a daily basis, which took some time to propagate. Even worse: It did not propagate on its own, i needed to restart the tor service to reinitialise... * Asking in the online channel, i was guided to change my "Nickname" torrc config to match the dyndns entry corresponding to my server. * But this never made it to the directories, thus forcing me to manually restart Tor on a daily basis in order to force the changing IP address into them. * Finally, i was told, this behavior would be disruptive to the network, i therefore brought the service down for good, wasting the bandwith, i was willing to spend, for the near future. :-) * Ok, otherwise, i would have to pay additional fees to rent a server off-site with a permanent IP, but that would be giving more, than what was easily affordable, as my machine is running 24/7 and the connections open anyway. Thus Tor doesnt seem to be able to absorb the kind of bandwith, i was willing to share long time.
This is leaving a sad taste on me, who is pretty much interested in privacy, anonymosity, which led me to avoid the mailing lists with a durable email-address. But just using a read-only one wouldnt allow me to post to the list. That is why i created this one temporarily, just to let you know about my experiences...
NewTorKidOnTheBlock (this was the name of my Tor relay)
You can contact your ISP and ask for a static IP. It's possible they may charge you for one, but it's also possible they may not. My ISP for example allows me one static IP for free. I use that for my Tor relay, and it works great.
On Thu, Feb 25, 2016 at 9:15 PM, torserver@datakanja.de wrote:
Hello,
i have been running a new relay for a short time period now and would like to bring to your attention the issues faced, that finally led me to refrain from keeping this up any longer:
- Documentation was ok (on torproject.org) and the installation (using deb on ubuntu) was easy.
- It took quite some time to understand the implications (opening ports in the router, hazarding security to my computers, as i was - to this date - relying on the routers firewall working) - This job of mine basically got delayed until later, when i would have learned, what is needed in that respect.
- Next, i noticed a frequent (daily) behavior of the Tor server dropping traffic to around zero. Inspecting this, let me to understand, my provider was disconnecting me and reassigning a new IP on a daily basis, which took some time to propagate. Even worse: It did not propagate on its own, i needed to restart the tor service to reinitialise...
- Asking in the online channel, i was guided to change my "Nickname" torrc config to match the dyndns entry corresponding to my server.
- But this never made it to the directories, thus forcing me to manually restart Tor on a daily basis in order to force the changing IP address into them.
- Finally, i was told, this behavior would be disruptive to the network, i therefore brought the service down for good, wasting the bandwith, i was willing to spend, for the near future. :-)
- Ok, otherwise, i would have to pay additional fees to rent a server off-site with a permanent IP, but that would be giving more, than what was easily affordable, as my machine is running 24/7 and the connections open anyway. Thus Tor doesnt seem to be able to absorb the kind of bandwith, i was willing to share long time.
This is leaving a sad taste on me, who is pretty much interested in privacy, anonymosity, which led me to avoid the mailing lists with a durable email-address. But just using a read-only one wouldnt allow me to post to the list. That is why i created this one temporarily, just to let you know about my experiences...
NewTorKidOnTheBlock (this was the name of my Tor relay)
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
That's just strange that your ISP would keep changing your IP address that often. It seems to me that the daily change was the only major problem you were facing. On Feb 25, 2016 10:39 PM, torserver@datakanja.de wrote:
Hello,
i have been running a new relay for a short time period now and would like to bring to your attention the issues faced, that finally led me to refrain from keeping this up any longer:
- Documentation was ok (on torproject.org) and the installation (using deb on ubuntu) was easy.
- It took quite some time to understand the implications (opening ports in the router, hazarding security to my computers, as i was - to this date - relying on the routers firewall working) - This job of mine basically got delayed until later, when i would have learned, what is needed in that respect.
- Next, i noticed a frequent (daily) behavior of the Tor server dropping traffic to around zero. Inspecting this, let me to understand, my provider was disconnecting me and reassigning a new IP on a daily basis, which took some time to propagate. Even worse: It did not propagate on its own, i needed to restart the tor service to reinitialise...
- Asking in the online channel, i was guided to change my "Nickname" torrc config to match the dyndns entry corresponding to my server.
- But this never made it to the directories, thus forcing me to manually restart Tor on a daily basis in order to force the changing IP address into them.
- Finally, i was told, this behavior would be disruptive to the network, i therefore brought the service down for good, wasting the bandwith, i was willing to spend, for the near future. :-)
- Ok, otherwise, i would have to pay additional fees to rent a server off-site with a permanent IP, but that would be giving more, than what was easily affordable, as my machine is running 24/7 and the connections open anyway. Thus Tor doesnt seem to be able to absorb the kind of bandwith, i was willing to share long time.
This is leaving a sad taste on me, who is pretty much interested in privacy, anonymosity, which led me to avoid the mailing lists with a durable email-address. But just using a read-only one wouldnt allow me to post to the list. That is why i created this one temporarily, just to let you know about my experiences...
NewTorKidOnTheBlock (this was the name of my Tor relay)
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Many ISPs change IP addresses on a regular basis. This seems to be the center of your problem as the other issues can be worked out with a little effort. To our advantage, IPSs are regularly requested by users to assign a permanent IP address for game operators. Try calling your ISP and asking for an assigned IP and not a NAT or re-assignable address. Work the other issues out in a single evening.
Good luck.
On 2/25/2016 8:15 PM, torserver@datakanja.de wrote:
Hello,
i have been running a new relay for a short time period now and would like to bring to your attention the issues faced, that finally led me to refrain from keeping this up any longer:
- Documentation was ok (on torproject.org) and the installation (using deb on ubuntu) was easy.
- It took quite some time to understand the implications (opening ports in the router, hazarding security to my computers, as i was - to this date - relying on the routers firewall working) - This job of mine basically got delayed until later, when i would have learned, what is needed in that respect.
- Next, i noticed a frequent (daily) behavior of the Tor server dropping traffic to around zero. Inspecting this, let me to understand, my provider was disconnecting me and reassigning a new IP on a daily basis, which took some time to propagate. Even worse: It did not propagate on its own, i needed to restart the tor service to reinitialise...
- Asking in the online channel, i was guided to change my "Nickname" torrc config to match the dyndns entry corresponding to my server.
- But this never made it to the directories, thus forcing me to manually restart Tor on a daily basis in order to force the changing IP address into them.
- Finally, i was told, this behavior would be disruptive to the network, i therefore brought the service down for good, wasting the bandwith, i was willing to spend, for the near future. :-)
- Ok, otherwise, i would have to pay additional fees to rent a server off-site with a permanent IP, but that would be giving more, than what was easily affordable, as my machine is running 24/7 and the connections open anyway. Thus Tor doesnt seem to be able to absorb the kind of bandwith, i was willing to share long time.
This is leaving a sad taste on me, who is pretty much interested in privacy, anonymosity, which led me to avoid the mailing lists with a durable email-address. But just using a read-only one wouldnt allow me to post to the list. That is why i created this one temporarily, just to let you know about my experiences...
NewTorKidOnTheBlock (this was the name of my Tor relay)
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
On 26 Feb 2016, at 05:15, torserver@datakanja.de wrote:
- Next, i noticed a frequent (daily) behavior of the Tor server dropping traffic to around zero. Inspecting this, let me to understand, my provider was disconnecting me and reassigning a new IP on a daily basis, which took some time to propagate. Even worse: It did not propagate on its own, i needed to restart the tor service to reinitialise…
It should take tor about an hour to realise your address has changed, and another hour for it to propagate to the rest of the network.
- Asking in the online channel, i was guided to change my "Nickname" torrc config to match the dyndns entry corresponding to my server.
I hope you mean "Address" here. The "Nickname" is what your relay is called, the "Address" is where it is.
- But this never made it to the directories, thus forcing me to manually restart Tor on a daily basis in order to force the changing IP address into them.
This could be an issue with your relay's DNS, or some of the other settings. Did you wait an hour or two?
- Finally, i was told, this behavior would be disruptive to the network, i therefore brought the service down for good, wasting the bandwith, i was willing to spend, for the near future. :-)
That's a shame, tor will use relays that are only up for short periods of time for the middle of a circuit, and for rendezvous points for short-lived hidden service circuits. So it's not disruptive or useless. (It might slow down a few clients who try your relay for the few hours each day it takes to find its new IP address.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On 26.02.2016 05:15, torserver@datakanja.de wrote:
- Next, i noticed a frequent (daily) behavior of the Tor server dropping traffic to around zero. Inspecting this, let me to understand, my provider was disconnecting me and reassigning a new IP on a daily basis, which took some time to propagate. Even worse: It did not propagate on its own, i needed to restart the tor service to reinitialise...
Instead of a Tor Relay, you can operate a Tor Bridge, perhaps with obfs4. A regularly changing IP address is less of a problem for bridges. It may even be of advantage. Once its IP address gets blacklisted by adversarial actors, you already have a new one. (Of course they could still simply block the whole /16 or whatever your ISP has)
A bridge will get a lot less traffic than a relay though. Mine is sometimes idle for weeks, some other time is get a couple GB per month.
On 26 Feb 2016, at 11:52, Random Tor Node Operator tor@unterderbruecke.de wrote:
On 26.02.2016 05:15, torserver@datakanja.de mailto:torserver@datakanja.de wrote:
- Next, i noticed a frequent (daily) behavior of the Tor server dropping traffic to around zero. Inspecting this, let me to understand, my provider was disconnecting me and reassigning a new IP on a daily basis, which took some time to propagate. Even worse: It did not propagate on its own, i needed to restart the tor service to reinitialise...
Instead of a Tor Relay, you can operate a Tor Bridge, perhaps with obfs4. A regularly changing IP address is less of a problem for bridges. It may even be of advantage. Once its IP address gets blacklisted by adversarial actors, you already have a new one.
But how do users find that new address? (For some users, the bridge authority might tell them when provided with the bridge's fingerprint, but only if their other bridges work.)
(Of course they could still simply block the whole /16 or whatever your ISP has)
Typically only the IP and port are blocked.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On 26.02.2016 11:54, Tim Wilson-Brown - teor wrote:
On 26 Feb 2016, at 11:52, Random Tor Node Operator <tor@unterderbruecke.de mailto:tor@unterderbruecke.de> wrote:
On 26.02.2016 05:15, torserver@datakanja.de mailto:torserver@datakanja.de wrote:
- Next, i noticed a frequent (daily) behavior of the Tor server dropping traffic to around zero. Inspecting this, let me to understand, my provider was disconnecting me and reassigning a new IP on a daily basis, which took some time to propagate. Even worse: It did not propagate on its own, i needed to restart the tor service to reinitialise...
Instead of a Tor Relay, you can operate a Tor Bridge, perhaps with obfs4. A regularly changing IP address is less of a problem for bridges. It may even be of advantage. Once its IP address gets blacklisted by adversarial actors, you already have a new one.
But how do users find that new address? (For some users, the bridge authority might tell them when provided with the bridge's fingerprint, but only if their other bridges work.)
Yes, that's the thing when being within a censored environment. A user needs to have at least one bridge or other way to find their way into the Tor network.
Imagine a world where all Tor bridges have a static IP. After a while, the adversarial actors would have a complete list of all bridges and successfully block all access to the Tor network. (Except when a brand new bridge pops up) Every bridge would only be useful until first detection by the adversary.
But with bridges with dynamic IP, the adversary has to play whack-a-mole with the bridges and chances are, the user within the censored environment will have *some* moles (bridges) which haven't been whacked yet, allowing them access to the Tor network.
So in terms of censorship resistance, bridges with occasionally changing IP are better for the Tor network than those with static IP.
On Fri, 26 Feb 2016 12:27:07 +0100 Random Tor Node Operator tor@unterderbruecke.de wrote:
So in terms of censorship resistance, bridges with occasionally changing IP are better for the Tor network than those with static IP.
EVERY DAY != "occasionally".
Your idea may have some reason to it, but when the IP changes daily, users won't learn about the bridge's new IP in time to even get any good use out of it (few hours at most?) before it changes again.
Does not help that getting and adding bridges to the client is not an automated but an entirely manual process currently (as perhaps it needs to be).
If there's a DNS name for this bridge, with dynamic IP, no problem... There are several free DNS services like http://freedns.afraid.org/ Server admin can use a script (called by cron every 30min for example) to update the server's IP.
But as always, if the censor is able to find the DNS name somewhere, it's f*ed.....
Le 26/02/2016 13:50, Roman Mamedov a écrit :
On Fri, 26 Feb 2016 12:27:07 +0100 Random Tor Node Operator tor@unterderbruecke.de wrote:
So in terms of censorship resistance, bridges with occasionally changing IP are better for the Tor network than those with static IP.
EVERY DAY != "occasionally".
Your idea may have some reason to it, but when the IP changes daily, users won't learn about the bridge's new IP in time to even get any good use out of it (few hours at most?) before it changes again.
Does not help that getting and adding bridges to the client is not an automated but an entirely manual process currently (as perhaps it needs to be).
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 26.02.2016 13:50, Roman Mamedov wrote:
On Fri, 26 Feb 2016 12:27:07 +0100 Random Tor Node Operator tor@unterderbruecke.de wrote:
So in terms of censorship resistance, bridges with occasionally changing IP are better for the Tor network than those with static IP.
EVERY DAY != "occasionally".
Your idea may have some reason to it, but when the IP changes daily, users won't learn about the bridge's new IP in time to even get any good use out of it (few hours at most?) before it changes again.
Yes, the time span in which the bridge will be useful is limited, but that is no reason not to keep up the bridge. A bridge that is useful for a couple hours each day is more useful than a bridge which is not available at all. Such short-lived bridge IPs are increasingly important against quickly responding adversaries, which are fast at blacklisting bridge IPs. In such a scenario, short-lived bridges will be the only ones that a user can reach.
Does not help that getting and adding bridges to the client is not an automated but an entirely manual process currently (as perhaps it needs to be).
That is a completely different issue.
tor-relays@lists.torproject.org
-
Arisbe -
Jamis Hartley -
Pierre L. -
Random Tor Node Operator -
Roman Mamedov -
Tim Wilson-Brown - teor -
torserver@datakanja.de -
Tristan