Hi,
So my bridge at https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D... says it has “none “, though the torrc file has it set to be distributed publicly. I'm wondering why the bridge would say that, when it obviously is being used as it's apparently blocked in Russia? I have not personally given the bridge to anyone. Thanks.
--Keifer
On Donnerstag, 16. Februar 2023 06:15:02 CET Keifer Bly wrote:
So my bridge at https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D 4C8C91923AB says it has “none “,
Well, then you have configured BridgeDistribution (Default: any) to none.
though the torrc file has it set to be distributed publicly.
PublishServerDescriptor has nothing to do with BridgeDistribution method, 'man torrc' explains the config options.
I have not personally given the bridge to anyone.
Then nobody can use the bridge except you :-( You can also see this in the metrics history or in /var/lib/tor/stats/bridge- stats.
Ok. Here is the torrc file:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 5 GB ContactInfo keiferdodderblyyatgmaildoddercom
Where in this torrc file is that configured? And how would it be blocked in Russia already if it hasn't even been used? Thanks.
--Keifer
On Sat, Feb 18, 2023 at 4:34 AM lists@for-privacy.net wrote:
On Donnerstag, 16. Februar 2023 06:15:02 CET Keifer Bly wrote:
So my bridge at
https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D
4C8C91923AB says it has “none “,
Well, then you have configured BridgeDistribution (Default: any) to none.
though the torrc file has it set to be distributed publicly.
PublishServerDescriptor has nothing to do with BridgeDistribution method, 'man torrc' explains the config options.
I have not personally given the bridge to anyone.
Then nobody can use the bridge except you :-( You can also see this in the metrics history or in /var/lib/tor/stats/bridge- stats.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote:
Ok. Here is the torrc file:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 5 GB ContactInfo keiferdodderblyyatgmaildoddercom
Where in this torrc file is that configured?
Then set it to 'any' and wait 24-48 hours to see what happens. Maybe there was an error in the db.
If your bridge is still not distributed, it could be due to the outdated obfs4proxy or because of 'AccountingMax 5 GB'. Sorry but, 5 GB is a 'fart in the wind' the accounting period would only be a few hours a month. It's not even worth distributing them because it would only frustrate the users.
And how would it be blocked in Russia already if it hasn't even been used?
Why should this new feature of the bridgedb, more precisely the rdsys backend, have anything to do with whether someone uses a bridge? This is a bridgedb distribution method introduced by meskio.
Where in the torrc file would I set it to any? I am looking for a way to run a bridge without being charged a huge amount of money for it, and I was curious how it would have been detected by Russia if noone had used the bridge there? Thanks. --Keifer
On Mon, Feb 20, 2023 at 8:45 AM lists@for-privacy.net wrote:
On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote:
Ok. Here is the torrc file:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 5 GB ContactInfo keiferdodderblyyatgmaildoddercom
Where in this torrc file is that configured?
Then set it to 'any' and wait 24-48 hours to see what happens. Maybe there was an error in the db.
If your bridge is still not distributed, it could be due to the outdated obfs4proxy or because of 'AccountingMax 5 GB'. Sorry but, 5 GB is a 'fart in the wind' the accounting period would only be a few hours a month. It's not even worth distributing them because it would only frustrate the users.
And how would it be blocked in Russia already if it hasn't even been used?
Why should this new feature of the bridgedb, more precisely the rdsys backend, have anything to do with whether someone uses a bridge? This is a bridgedb distribution method introduced by meskio.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
Your torrc is correct wrt to distribution mechanism (your bridge is indicating "bridge-distribution-request any" in the descriptor it sends), but for the record, the line would have been "BridgeDistribution any". A bridge uses less bandwidth than a relay, but it's still a proxy. At 5GB per month, you'd be providing a steady 16kbps over the month, or a single mbps for little over 11 hours. That's very little, if you can't have more bandwidth (by using a provider with no bandwidth accounting, or one that gives better pricing per bandwidth), I fear your bridge won't be very useful at all. Mine consumes between a few hundred GB and a few TB depending on the distribution mechanism.
Are you sure your bridge is reachable? Bridgestrap reports suggest it isn't. As the bridge operator, you should know its bridge line. Can you test it with Tor Browser to make sure? Given your accounting limits, it could be unreachable because currently hibernating. Or you could have a firewall issue, or something else. I believe not passing bridgestrap can explain not being assigned a distribution mechanism.
It might also explain why it would be considered blocked in Russia: if it's not reachable from anywhere, it's not reachable from Russia. An other possibility, given you use 443 for your ORPort, is that your bridge was indeed detected by just scanning the whole internet. The ORPort is very recognizable (enough that some of my former bridges ended up tagged "tor" on Shodan) so it should be put on a port that's less likely to be scanned.
Regards, trinity-1686a
On Mon, 20 Feb 2023 at 21:29, Keifer Bly keifer.bly@gmail.com wrote:
Where in the torrc file would I set it to any? I am looking for a way to run a bridge without being charged a huge amount of money for it, and I was curious how it would have been detected by Russia if noone had used the bridge there? Thanks. --Keifer
On Mon, Feb 20, 2023 at 8:45 AM lists@for-privacy.net wrote:
On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote:
Ok. Here is the torrc file:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 5 GB ContactInfo keiferdodderblyyatgmaildoddercom
Where in this torrc file is that configured?
Then set it to 'any' and wait 24-48 hours to see what happens. Maybe there was an error in the db.
If your bridge is still not distributed, it could be due to the outdated obfs4proxy or because of 'AccountingMax 5 GB'. Sorry but, 5 GB is a 'fart in the wind' the accounting period would only be a few hours a month. It's not even worth distributing them because it would only frustrate the users.
And how would it be blocked in Russia already if it hasn't even been used?
Why should this new feature of the bridgedb, more precisely the rdsys backend, have anything to do with whether someone uses a bridge? This is a bridgedb distribution method introduced by meskio.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Well,
So I just changed my torrc to this:
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Trying to avoid being charged a huge amount for traffic as these VPS providers can be ridiculous when it comes to that, which is why it was set to so little. Ran killall -HUP tor to reload it and see that happens in the next day or so. And the reason why it's on port 443 is so as to be on a port that's not likely blocked by network administrators. Thank you. --Keifer
On Mon, Feb 20, 2023 at 2:23 PM trinity pointard trinity.pointard@gmail.com wrote:
Hi,
Your torrc is correct wrt to distribution mechanism (your bridge is indicating "bridge-distribution-request any" in the descriptor it sends), but for the record, the line would have been "BridgeDistribution any". A bridge uses less bandwidth than a relay, but it's still a proxy. At 5GB per month, you'd be providing a steady 16kbps over the month, or a single mbps for little over 11 hours. That's very little, if you can't have more bandwidth (by using a provider with no bandwidth accounting, or one that gives better pricing per bandwidth), I fear your bridge won't be very useful at all. Mine consumes between a few hundred GB and a few TB depending on the distribution mechanism.
Are you sure your bridge is reachable? Bridgestrap reports suggest it isn't. As the bridge operator, you should know its bridge line. Can you test it with Tor Browser to make sure? Given your accounting limits, it could be unreachable because currently hibernating. Or you could have a firewall issue, or something else. I believe not passing bridgestrap can explain not being assigned a distribution mechanism.
It might also explain why it would be considered blocked in Russia: if it's not reachable from anywhere, it's not reachable from Russia. An other possibility, given you use 443 for your ORPort, is that your bridge was indeed detected by just scanning the whole internet. The ORPort is very recognizable (enough that some of my former bridges ended up tagged "tor" on Shodan) so it should be put on a port that's less likely to be scanned.
Regards, trinity-1686a
On Mon, 20 Feb 2023 at 21:29, Keifer Bly keifer.bly@gmail.com wrote:
Where in the torrc file would I set it to any? I am looking for a way to
run a bridge without being charged a huge amount of money for it, and I was curious how it would have been detected by Russia if noone had used the bridge there? Thanks.
--Keifer
On Mon, Feb 20, 2023 at 8:45 AM lists@for-privacy.net wrote:
On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote:
Ok. Here is the torrc file:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 5 GB ContactInfo keiferdodderblyyatgmaildoddercom
Where in this torrc file is that configured?
Then set it to 'any' and wait 24-48 hours to see what happens. Maybe
there was
an error in the db.
If your bridge is still not distributed, it could be due to the outdated obfs4proxy or because of 'AccountingMax 5 GB'. Sorry but, 5 GB is a 'fart in the wind' the accounting period would
only be a
few hours a month. It's not even worth distributing them because it
would only
frustrate the users.
And how would it be blocked in Russia already if it hasn't even been used?
Why should this new feature of the bridgedb, more precisely the rdsys
backend,
have anything to do with whether someone uses a bridge? This is a
bridgedb
distribution method introduced by meskio.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you
freedom!_______________________________________________
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
And the reason why it's on port 443 is so as to be on a port that's not likely blocked by network administrators.
That might be useful for the ORPort of a relay, and for the obfs4 port of a bridge, but not for the ORPort of a bridge. Clients are not supposed to connect to it. The only reason it's exposed is because the bridge authority still requires it to verify the bridge is reachable. See https://gitlab.torproject.org/tpo/core/tor/-/issues/7349. You are better of using 443 for the ServerTransportListenAddr, and some high port for ORPort.
On Tue, 21 Feb 2023 at 03:05, Keifer Bly keifer.bly@gmail.com wrote:
Well,
So I just changed my torrc to this:
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Trying to avoid being charged a huge amount for traffic as these VPS providers can be ridiculous when it comes to that, which is why it was set to so little. Ran killall -HUP tor to reload it and see that happens in the next day or so. And the reason why it's on port 443 is so as to be on a port that's not likely blocked by network administrators. Thank you. --Keifer
On Mon, Feb 20, 2023 at 2:23 PM trinity pointard trinity.pointard@gmail.com wrote:
Hi,
Your torrc is correct wrt to distribution mechanism (your bridge is indicating "bridge-distribution-request any" in the descriptor it sends), but for the record, the line would have been "BridgeDistribution any". A bridge uses less bandwidth than a relay, but it's still a proxy. At 5GB per month, you'd be providing a steady 16kbps over the month, or a single mbps for little over 11 hours. That's very little, if you can't have more bandwidth (by using a provider with no bandwidth accounting, or one that gives better pricing per bandwidth), I fear your bridge won't be very useful at all. Mine consumes between a few hundred GB and a few TB depending on the distribution mechanism.
Are you sure your bridge is reachable? Bridgestrap reports suggest it isn't. As the bridge operator, you should know its bridge line. Can you test it with Tor Browser to make sure? Given your accounting limits, it could be unreachable because currently hibernating. Or you could have a firewall issue, or something else. I believe not passing bridgestrap can explain not being assigned a distribution mechanism.
It might also explain why it would be considered blocked in Russia: if it's not reachable from anywhere, it's not reachable from Russia. An other possibility, given you use 443 for your ORPort, is that your bridge was indeed detected by just scanning the whole internet. The ORPort is very recognizable (enough that some of my former bridges ended up tagged "tor" on Shodan) so it should be put on a port that's less likely to be scanned.
Regards, trinity-1686a
On Mon, 20 Feb 2023 at 21:29, Keifer Bly keifer.bly@gmail.com wrote:
Where in the torrc file would I set it to any? I am looking for a way to run a bridge without being charged a huge amount of money for it, and I was curious how it would have been detected by Russia if noone had used the bridge there? Thanks. --Keifer
On Mon, Feb 20, 2023 at 8:45 AM lists@for-privacy.net wrote:
On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote:
Ok. Here is the torrc file:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 5 GB ContactInfo keiferdodderblyyatgmaildoddercom
Where in this torrc file is that configured?
Then set it to 'any' and wait 24-48 hours to see what happens. Maybe there was an error in the db.
If your bridge is still not distributed, it could be due to the outdated obfs4proxy or because of 'AccountingMax 5 GB'. Sorry but, 5 GB is a 'fart in the wind' the accounting period would only be a few hours a month. It's not even worth distributing them because it would only frustrate the users.
And how would it be blocked in Russia already if it hasn't even been used?
Why should this new feature of the bridgedb, more precisely the rdsys backend, have anything to do with whether someone uses a bridge? This is a bridgedb distribution method introduced by meskio.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Ok, changed to port 8080 and upped my allowed traffic a bit:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Yes, I have limited bandwidth I can give so as to avoid being massively charged for traffic. Perhaps there is a way to set tor to only allow traffic with a small connection? Thanks.
--Keifer
On Tue, Feb 21, 2023 at 1:29 AM trinity pointard trinity.pointard@gmail.com wrote:
And the reason why it's on port 443 is so as to be on a port that's not
likely blocked by network administrators.
That might be useful for the ORPort of a relay, and for the obfs4 port of a bridge, but not for the ORPort of a bridge. Clients are not supposed to connect to it. The only reason it's exposed is because the bridge authority still requires it to verify the bridge is reachable. See https://gitlab.torproject.org/tpo/core/tor/-/issues/7349. You are better of using 443 for the ServerTransportListenAddr, and some high port for ORPort.
On Tue, 21 Feb 2023 at 03:05, Keifer Bly keifer.bly@gmail.com wrote:
Well,
So I just changed my torrc to this:
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Trying to avoid being charged a huge amount for traffic as these VPS
providers can be ridiculous when it comes to that, which is why it was set to so little. Ran killall -HUP tor to reload it and see that happens in the next day or so. And the reason why it's on port 443 is so as to be on a port that's not likely blocked by network administrators. Thank you.
--Keifer
On Mon, Feb 20, 2023 at 2:23 PM trinity pointard <
trinity.pointard@gmail.com> wrote:
Hi,
Your torrc is correct wrt to distribution mechanism (your bridge is indicating "bridge-distribution-request any" in the descriptor it sends), but for the record, the line would have been "BridgeDistribution any". A bridge uses less bandwidth than a relay, but it's still a proxy. At 5GB per month, you'd be providing a steady 16kbps over the month, or a single mbps for little over 11 hours. That's very little, if you can't have more bandwidth (by using a provider with no bandwidth accounting, or one that gives better pricing per bandwidth), I fear your bridge won't be very useful at all. Mine consumes between a few hundred GB and a few TB depending on the distribution mechanism.
Are you sure your bridge is reachable? Bridgestrap reports suggest it
isn't.
As the bridge operator, you should know its bridge line. Can you test it with Tor Browser to make sure? Given your accounting limits, it could be unreachable because currently hibernating. Or you could have a firewall issue, or something else. I believe not passing bridgestrap can explain not being assigned a distribution mechanism.
It might also explain why it would be considered blocked in Russia: if it's not reachable from anywhere, it's not reachable from Russia. An other possibility, given you use 443 for your ORPort, is that your bridge was indeed detected by just scanning the whole internet. The ORPort is very recognizable (enough that some of my former bridges ended up tagged "tor" on Shodan) so it should be put on a port that's less likely to be scanned.
Regards, trinity-1686a
On Mon, 20 Feb 2023 at 21:29, Keifer Bly keifer.bly@gmail.com wrote:
Where in the torrc file would I set it to any? I am looking for a way
to run a bridge without being charged a huge amount of money for it, and I was curious how it would have been detected by Russia if noone had used the bridge there? Thanks.
--Keifer
On Mon, Feb 20, 2023 at 8:45 AM lists@for-privacy.net wrote:
On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote:
Ok. Here is the torrc file:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 5 GB ContactInfo keiferdodderblyyatgmaildoddercom
Where in this torrc file is that configured?
Then set it to 'any' and wait 24-48 hours to see what happens. Maybe
there was
an error in the db.
If your bridge is still not distributed, it could be due to the
outdated
obfs4proxy or because of 'AccountingMax 5 GB'. Sorry but, 5 GB is a 'fart in the wind' the accounting period would
only be a
few hours a month. It's not even worth distributing them because it
would only
frustrate the users.
And how would it be blocked in Russia already if it hasn't even been used?
Why should this new feature of the bridgedb, more precisely the
rdsys backend,
have anything to do with whether someone uses a bridge? This is a
bridgedb
distribution method introduced by meskio.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you
freedom!_______________________________________________
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi Keifer,
You can't use the same port.
Here is a simple example:
BridgeRelay 1 ORPort 56331 ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:53333 ExtORPort auto ContactInfo keiferdodderblyyatgmaildoddercom Log notice file /var/log/tor/notices.log BridgeDistribution email Nickname gbridge AccountingStart day 12:00 AccountingMax 50 GB
Example: Let's say you want to allow 50 GB of traffic every day in each direction and the accounting should reset at noon each day:
For more details about AccountinMax, see this Support doc: https://support.torproject.org/relay-operators/limit-total-bandwidth/
Did you also install obfs4proxy package? Because on Metrics it says that your bridge don't have any 'transport protocol'.
cheers, Gus
On Tue, Feb 21, 2023 at 08:23:44AM -0800, Keifer Bly wrote:
Ok, changed to port 8080 and upped my allowed traffic a bit:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Yes, I have limited bandwidth I can give so as to avoid being massively charged for traffic. Perhaps there is a way to set tor to only allow traffic with a small connection? Thanks.
--Keifer
On Tue, Feb 21, 2023 at 1:29 AM trinity pointard trinity.pointard@gmail.com wrote:
And the reason why it's on port 443 is so as to be on a port that's not
likely blocked by network administrators.
That might be useful for the ORPort of a relay, and for the obfs4 port of a bridge, but not for the ORPort of a bridge. Clients are not supposed to connect to it. The only reason it's exposed is because the bridge authority still requires it to verify the bridge is reachable. See https://gitlab.torproject.org/tpo/core/tor/-/issues/7349. You are better of using 443 for the ServerTransportListenAddr, and some high port for ORPort.
On Tue, 21 Feb 2023 at 03:05, Keifer Bly keifer.bly@gmail.com wrote:
Well,
So I just changed my torrc to this:
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Trying to avoid being charged a huge amount for traffic as these VPS
providers can be ridiculous when it comes to that, which is why it was set to so little. Ran killall -HUP tor to reload it and see that happens in the next day or so. And the reason why it's on port 443 is so as to be on a port that's not likely blocked by network administrators. Thank you.
--Keifer
On Mon, Feb 20, 2023 at 2:23 PM trinity pointard <
trinity.pointard@gmail.com> wrote:
Hi,
Your torrc is correct wrt to distribution mechanism (your bridge is indicating "bridge-distribution-request any" in the descriptor it sends), but for the record, the line would have been "BridgeDistribution any". A bridge uses less bandwidth than a relay, but it's still a proxy. At 5GB per month, you'd be providing a steady 16kbps over the month, or a single mbps for little over 11 hours. That's very little, if you can't have more bandwidth (by using a provider with no bandwidth accounting, or one that gives better pricing per bandwidth), I fear your bridge won't be very useful at all. Mine consumes between a few hundred GB and a few TB depending on the distribution mechanism.
Are you sure your bridge is reachable? Bridgestrap reports suggest it
isn't.
As the bridge operator, you should know its bridge line. Can you test it with Tor Browser to make sure? Given your accounting limits, it could be unreachable because currently hibernating. Or you could have a firewall issue, or something else. I believe not passing bridgestrap can explain not being assigned a distribution mechanism.
It might also explain why it would be considered blocked in Russia: if it's not reachable from anywhere, it's not reachable from Russia. An other possibility, given you use 443 for your ORPort, is that your bridge was indeed detected by just scanning the whole internet. The ORPort is very recognizable (enough that some of my former bridges ended up tagged "tor" on Shodan) so it should be put on a port that's less likely to be scanned.
Regards, trinity-1686a
On Mon, 20 Feb 2023 at 21:29, Keifer Bly keifer.bly@gmail.com wrote:
Where in the torrc file would I set it to any? I am looking for a way
to run a bridge without being charged a huge amount of money for it, and I was curious how it would have been detected by Russia if noone had used the bridge there? Thanks.
--Keifer
On Mon, Feb 20, 2023 at 8:45 AM lists@for-privacy.net wrote:
On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote: > Ok. Here is the torrc file: > > GNU nano 3.2 /etc/tor/torrc > > > Nickname gbridge > ORPort 443 > SocksPort 0 > BridgeRelay 1 > PublishServerDescriptor bridge > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > ServerTransportListenAddr obfs4 0.0.0.0:8080 > ExtOrPort auto > Log notice file /var/log/tor/notices.log > ExitPolicy reject *:* > AccountingMax 5 GB > ContactInfo keiferdodderblyyatgmaildoddercom > > > Where in this torrc file is that configured? Then set it to 'any' and wait 24-48 hours to see what happens. Maybe
there was
an error in the db.
If your bridge is still not distributed, it could be due to the
outdated
obfs4proxy or because of 'AccountingMax 5 GB'. Sorry but, 5 GB is a 'fart in the wind' the accounting period would
only be a
few hours a month. It's not even worth distributing them because it
would only
frustrate the users.
> And how would it be blocked in > Russia already if it hasn't even been used? Why should this new feature of the bridgedb, more precisely the
rdsys backend,
have anything to do with whether someone uses a bridge? This is a
bridgedb
distribution method introduced by meskio.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you
freedom!_______________________________________________
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
So yes I had obfs4 installed. I accidentally set it to the same port as tor without relazing, silly me. Here is my new torrc:
Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8081 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
I am wanting to limit to 50GB per month to avoid being overcharged. Would this do that? Thanks. --Keifer
On Thu, Feb 23, 2023 at 4:43 AM gus gus@torproject.org wrote:
Hi Keifer,
You can't use the same port.
Here is a simple example:
BridgeRelay 1 ORPort 56331 ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:53333 ExtORPort auto ContactInfo keiferdodderblyyatgmaildoddercom Log notice file /var/log/tor/notices.log BridgeDistribution email Nickname gbridge AccountingStart day 12:00 AccountingMax 50 GB
Example: Let's say you want to allow 50 GB of traffic every day in each direction and the accounting should reset at noon each day:
For more details about AccountinMax, see this Support doc: https://support.torproject.org/relay-operators/limit-total-bandwidth/
Did you also install obfs4proxy package? Because on Metrics it says that your bridge don't have any 'transport protocol'.
cheers, Gus
On Tue, Feb 21, 2023 at 08:23:44AM -0800, Keifer Bly wrote:
Ok, changed to port 8080 and upped my allowed traffic a bit:
GNU nano 3.2 /etc/tor/torrc
Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Yes, I have limited bandwidth I can give so as to avoid being massively charged for traffic. Perhaps there is a way to set tor to only allow traffic with a small connection? Thanks.
--Keifer
On Tue, Feb 21, 2023 at 1:29 AM trinity pointard <
trinity.pointard@gmail.com>
wrote:
And the reason why it's on port 443 is so as to be on a port that's
not
likely blocked by network administrators.
That might be useful for the ORPort of a relay, and for the obfs4 port of a bridge, but not for the ORPort of a bridge. Clients are not supposed to connect to it. The only reason it's exposed is because the bridge authority still requires it to verify the bridge is reachable. See https://gitlab.torproject.org/tpo/core/tor/-/issues/7349. You are better of using 443 for the ServerTransportListenAddr, and some high port for ORPort.
On Tue, 21 Feb 2023 at 03:05, Keifer Bly keifer.bly@gmail.com wrote:
Well,
So I just changed my torrc to this:
Nickname gbridge ORPort 443 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8080 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Trying to avoid being charged a huge amount for traffic as these VPS
providers can be ridiculous when it comes to that, which is why it was
set
to so little. Ran killall -HUP tor to reload it and see that happens
in the
next day or so. And the reason why it's on port 443 is so as to be on a port that's not likely blocked by network administrators. Thank you.
--Keifer
On Mon, Feb 20, 2023 at 2:23 PM trinity pointard <
trinity.pointard@gmail.com> wrote:
Hi,
Your torrc is correct wrt to distribution mechanism (your bridge is indicating "bridge-distribution-request any" in the descriptor it sends), but for the record, the line would have been "BridgeDistribution any". A bridge uses less bandwidth than a relay, but it's still a proxy.
At
5GB per month, you'd be providing a steady 16kbps over the month,
or a
single mbps for little over 11 hours. That's very little, if you
can't
have more bandwidth (by using a provider with no bandwidth
accounting,
or one that gives better pricing per bandwidth), I fear your bridge won't be very useful at all. Mine consumes between a few hundred GB and a few TB depending on the distribution mechanism.
Are you sure your bridge is reachable? Bridgestrap reports suggest
it
isn't.
As the bridge operator, you should know its bridge line. Can you
test
it with Tor Browser to make sure? Given your accounting limits, it could be unreachable because currently hibernating. Or you could have a firewall issue, or something else. I believe not passing bridgestrap can explain not being assigned a distribution mechanism.
It might also explain why it would be considered blocked in Russia:
if
it's not reachable from anywhere, it's not reachable from Russia. An other possibility, given you use 443 for your ORPort, is that your bridge was indeed detected by just scanning the whole internet. The ORPort is very recognizable (enough that some of my former bridges ended up tagged "tor" on Shodan) so it should be put on a port
that's
less likely to be scanned.
Regards, trinity-1686a
On Mon, 20 Feb 2023 at 21:29, Keifer Bly keifer.bly@gmail.com
wrote:
Where in the torrc file would I set it to any? I am looking for a
way
to run a bridge without being charged a huge amount of money for it,
and I
was curious how it would have been detected by Russia if noone had
used the
bridge there? Thanks.
--Keifer
On Mon, Feb 20, 2023 at 8:45 AM lists@for-privacy.net wrote: > > On Samstag, 18. Februar 2023 18:56:00 CET Keifer Bly wrote: > > Ok. Here is the torrc file: > > > > GNU nano 3.2 /etc/tor/torrc > > > > > > Nickname gbridge > > ORPort 443 > > SocksPort 0 > > BridgeRelay 1 > > PublishServerDescriptor bridge > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > > ServerTransportListenAddr obfs4 0.0.0.0:8080 > > ExtOrPort auto > > Log notice file /var/log/tor/notices.log > > ExitPolicy reject *:* > > AccountingMax 5 GB > > ContactInfo keiferdodderblyyatgmaildoddercom > > > > > > Where in this torrc file is that configured? > Then set it to 'any' and wait 24-48 hours to see what happens.
Maybe
there was
> an error in the db. > > If your bridge is still not distributed, it could be due to the
outdated
> obfs4proxy or because of 'AccountingMax 5 GB'. > Sorry but, 5 GB is a 'fart in the wind' the accounting period
would
only be a
> few hours a month. It's not even worth distributing them because
it
would only
> frustrate the users. > > > And how would it be blocked in > > Russia already if it hasn't even been used? > Why should this new feature of the bridgedb, more precisely the
rdsys backend,
> have anything to do with whether someone uses a bridge? This is a
bridgedb
> distribution method introduced by meskio. > > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you
freedom!_______________________________________________
> tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- The Tor Project Community Team Lead _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Donnerstag, 23. Februar 2023 13:43:29 CET gus wrote:
AccountingStart day 12:00 AccountingMax 50 GB
Example: Let's say you want to allow 50 GB of traffic every day in each direction and the accounting should reset at noon each day:
Hi Gus, I think Keifer meant the 5GB limit or now 50GB per month. ;-)
I would recommend checking here more often: https://lowendbox.com/blog/2-usd-vps-cheap-vps-under-2-month/ Server Host: 2048MB RAM, 1000Mbps Unmetered Port (^^ make sure to use the coupon code!)
There are always offers for Easter, Christmas or Black Friday. (VPS unlimited for 10-30 dollars/year)
Or:
Yes, Frantech should actually be avoided. But in Miami there are few Tor relays. A SLICE 512 for $2.00/m or $20.00/y is sufficient for a bridge. https://buyvm.net/kvm-dedicated-server-slices/
For more details about AccountinMax, see this Support doc: https://support.torproject.org/relay-operators/limit-total-bandwidth/
Did you also install obfs4proxy package? Because on Metrics it says that your bridge don't have any 'transport protocol'.
@Keifer read my message how you check that: https://lists.torproject.org/pipermail/tor-relays/2023-January/020979.html
Yes, the limit is 50GB per month, but for some reason the distribution mechanism is not updating and the bridge keeps going offline despite the new torrc. --Keifer
On Thu, Feb 23, 2023 at 1:43 PM lists@for-privacy.net wrote:
On Donnerstag, 23. Februar 2023 13:43:29 CET gus wrote:
AccountingStart day 12:00 AccountingMax 50 GB
Example: Let's say you want to allow 50 GB of traffic every day in each direction and the accounting should reset at noon each day:
Hi Gus, I think Keifer meant the 5GB limit or now 50GB per month. ;-)
I would recommend checking here more often: https://lowendbox.com/blog/2-usd-vps-cheap-vps-under-2-month/ Server Host: 2048MB RAM, 1000Mbps Unmetered Port (^^ make sure to use the coupon code!)
There are always offers for Easter, Christmas or Black Friday. (VPS unlimited for 10-30 dollars/year)
Or:
Yes, Frantech should actually be avoided. But in Miami there are few Tor relays. A SLICE 512 for $2.00/m or $20.00/y is sufficient for a bridge. https://buyvm.net/kvm-dedicated-server-slices/
For more details about AccountinMax, see this Support doc: https://support.torproject.org/relay-operators/limit-total-bandwidth/
Did you also install obfs4proxy package? Because on Metrics it says that your bridge don't have any 'transport protocol'.
@Keifer read my message how you check that: https://lists.torproject.org/pipermail/tor-relays/2023-January/020979.html
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Freitag, 24. Februar 2023 04:11:27 CET Keifer Bly wrote:
Yes, the limit is 50GB per month, but for some reason the distribution mechanism is not updating and the bridge keeps going offline despite the new torrc.
What comes to my mind without logs (& your 'killall -HUP' of a systemd service is not optimal), your wrong config (2x same Port) has maxed out 'Restart=on- failure'.
Try: ~# systemctl stop tor ~# systemctl list-units --failed
if not zero than: ~# systemctl reset-failed ~# systemctl start tor
To see if the tor.service has finished successfully: ~# systemctl status tor
if not, read log: journalctl -xe
Hi,
So I had changed the listener port for obfs4, it's now 8181.
Upon running your steps, and systemctl status tor, it returns the following:
● tor.service - Anonymizing overlay network for TCP (multi-instance-master) Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled) Active: active (exited) since Tue 2023-02-28 05:42:48 UTC; 18s ago Process: 15314 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 15314 (code=exited, status=0/SUCCESS)
Feb 28 05:42:48 instance-1 systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)... Feb 28 05:42:48 instance-1 systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).
Will check it in a few hours, but is there a way to limit the bridge to only connections of a certain size? Thanks. --Keifer
On Sun, Feb 26, 2023 at 3:16 AM lists@for-privacy.net wrote:
On Freitag, 24. Februar 2023 04:11:27 CET Keifer Bly wrote:
Yes, the limit is 50GB per month, but for some reason the distribution mechanism is not updating and the bridge keeps going offline despite the new torrc.
What comes to my mind without logs (& your 'killall -HUP' of a systemd service is not optimal), your wrong config (2x same Port) has maxed out 'Restart=on- failure'.
Try: ~# systemctl stop tor ~# systemctl list-units --failed
if not zero than: ~# systemctl reset-failed ~# systemctl start tor
To see if the tor.service has finished successfully: ~# systemctl status tor
if not, read log: journalctl -xe
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Yep, and after that the same still happens, it is still going offline despite the also different ports and having followed the listed steps. --Keifer
On Mon, Feb 27, 2023 at 9:45 PM Keifer Bly keifer.bly@gmail.com wrote:
Hi,
So I had changed the listener port for obfs4, it's now 8181.
Upon running your steps, and systemctl status tor, it returns the following:
● tor.service - Anonymizing overlay network for TCP (multi-instance-master) Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled) Active: active (exited) since Tue 2023-02-28 05:42:48 UTC; 18s ago Process: 15314 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 15314 (code=exited, status=0/SUCCESS)
Feb 28 05:42:48 instance-1 systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)... Feb 28 05:42:48 instance-1 systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).
Will check it in a few hours, but is there a way to limit the bridge to only connections of a certain size? Thanks. --Keifer
On Sun, Feb 26, 2023 at 3:16 AM lists@for-privacy.net wrote:
On Freitag, 24. Februar 2023 04:11:27 CET Keifer Bly wrote:
Yes, the limit is 50GB per month, but for some reason the distribution mechanism is not updating and the bridge keeps going offline despite the new torrc.
What comes to my mind without logs (& your 'killall -HUP' of a systemd service is not optimal), your wrong config (2x same Port) has maxed out 'Restart=on- failure'.
Try: ~# systemctl stop tor ~# systemctl list-units --failed
if not zero than: ~# systemctl reset-failed ~# systemctl start tor
To see if the tor.service has finished successfully: ~# systemctl status tor
if not, read log: journalctl -xe
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Dienstag, 28. Februar 2023 19:02:38 CET Keifer Bly wrote:
Yep, and after that the same still happens, it is still going offline
In the syslog is why tor aborts.
To help you, you should post your logs to a pastbin page. From the start of the tor daemon until it goes offline.
Wheres the pastebin page? Thanks. --Keifer
On Fri, Mar 3, 2023 at 7:47 AM lists@for-privacy.net wrote:
On Dienstag, 28. Februar 2023 19:02:38 CET Keifer Bly wrote:
Yep, and after that the same still happens, it is still going offline
In the syslog is why tor aborts.
To help you, you should post your logs to a pastbin page. From the start of the tor daemon until it goes offline.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Samstag, 4. März 2023 02:09:19 CET Keifer Bly wrote:
Wheres the pastebin page? Thanks.
$websearch pastebin
https://paste.debian.net/ https://paste.systemli.org/ https://pastebin.mozilla.org/ ...
Well so here is the current torrc file:
Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8081 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Strangely, nothing whatsoever is being written to the notices.log file, upon checking it it is completely empty, nothing there. I wonder why that would happen and how else to tell what's going on? Tor is running as root so it's not a permission issue, and I also set up a port forwarding rule for the obfs4 port. Thanks.
--Keifer
On Fri, Mar 3, 2023 at 7:47 AM lists@for-privacy.net wrote:
On Dienstag, 28. Februar 2023 19:02:38 CET Keifer Bly wrote:
Yep, and after that the same still happens, it is still going offline
In the syslog is why tor aborts.
To help you, you should post your logs to a pastbin page. From the start of the tor daemon until it goes offline.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wednesday, March 8, 2023, 11:13:08 AM MST, Keifer Bly keifer.bly@gmail.com wrote:
Well so here is the current torrc file: Nickname gbridge ORPort 8080 SocksPort 0 BridgeRelay 1 PublishServerDescriptor bridge BridgeDistribution email ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:8081 ExtOrPort auto Log notice file /var/log/tor/notices.log ExitPolicy reject *:* AccountingMax 50 GB ContactInfo keiferdodderblyyatgmaildoddercom
Strangely, nothing whatsoever is being written to the notices.log file, upon checking it it is completely empty, nothing there. I wonder why that would happen and how else to tell what's going on? Tor is running as root so it's not a permission issue, and I also set up a port forwarding rule for the obfs4 port. Thanks.
--Keifer
Keifer, Have you tried starting the Tor process manually (without the startup script)? Example:
/opt/sbin/tor -f /tmp/torrc
Starting Tor manually is a great way of diagnosing torrc startup issues.
Keep at it. You're almost there.
Kind Regards,
Gary— This Message Originated by the Sun. iBigBlue 63W Solar Array (~12 Hour Charge) + 2 x Charmast 26800mAh Power Banks = iPhone XS Max 512GB (~2 Weeks Charged)
On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote:
Strangely, nothing whatsoever is being written to the notices.log file, upon checking it it is completely empty, nothing there.
That can't be, please post: ~# ls -A /var/log/tor
In general, everything is always written to /var/log/syslog & systemd-journald to /var/log/journal (binaries). ~$ man journalctl
I wonder why that
Read what _logrotate_ does. Every tor restart creates a new empty log file.
would happen and how else to tell what's going on? Tor is running as root
Why do you change security-related default settings? Default tor user is: debian-tor. (On Debian and Ubuntu systems)
so it's not a permission issue, and I also set up a port forwarding rule
Why? You have a server in the data center. You only need forwarding on a router! Packet forwarding is also disabled in /etc/sysctl.conf per default.
Your iptables must start like this. *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] ... -A INPUT -p tcp --dport <Your-Tor-ORPort> -j ACCEPT ...
No FORWARD, no OUTPUT rules.
I do not use any scripts to start tor, I just type tor to start the process on debian. And yes the datacenter I run in has an external firewall which requires setting up port forwarding.
The result of running ls -A /var/log/tor
root@instance-1:/home/keifer_bly# ls -A /var/log/tor notices.log notices.log.1 notices.log.2.gz notices.log.3.gz notices.log.4.gz notices.log.5.gz root@instance-1:/home/keifer_bly#
So it's creating separate .gz files for some reason. I don't know why that is or what to do from here. Thanks.
--Keifer
On Fri, Mar 10, 2023 at 8:15 AM lists@for-privacy.net wrote:
On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote:
Strangely, nothing whatsoever is being written to the notices.log file, upon checking it it is completely empty, nothing there.
That can't be, please post: ~# ls -A /var/log/tor
In general, everything is always written to /var/log/syslog & systemd-journald to /var/log/journal (binaries). ~$ man journalctl
I wonder why that
Read what _logrotate_ does. Every tor restart creates a new empty log file.
would happen and how else to tell what's going on? Tor is running as root
Why do you change security-related default settings? Default tor user is: debian-tor. (On Debian and Ubuntu systems)
so it's not a permission issue, and I also set up a port forwarding rule
Why? You have a server in the data center. You only need forwarding on a router! Packet forwarding is also disabled in /etc/sysctl.conf per default.
Your iptables must start like this. *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] ... -A INPUT -p tcp --dport <Your-Tor-ORPort> -j ACCEPT ...
No FORWARD, no OUTPUT rules.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sonntag, 12. März 2023 04:45:21 CET Keifer Bly wrote:
I do not use any scripts to start tor, I just type tor to start the process on debian.
That's where your problems begin. You start a 2nd tor process as root that doesn't take the default configs from: /usr/share/tor/tor-service-defaults-torrc & /etc/tor/torrc
You have a systemd system & tor.service is activated by default. You don't have to do anything, tor runs automatically after a reboot|server start.
The systemd services are controlled with the following commands: systemctl start tor.service systemctl stop tor.service systemctl restart tor.service systemctl reload tor.service systemctl status tor.service
And yes the datacenter I run in has an external firewall which requires setting up port forwarding.
Ok, anything in the customer interface for the datacenter router.
The result of running ls -A /var/log/tor
root@instance-1:/home/keifer_bly# ls -A /var/log/tor notices.log notices.log.1 notices.log.2.gz notices.log.3.gz notices.log.4.gz notices.log.5.gz
There are 6 log files of one of the tor processes. Both write to syslog.
So it's creating separate .gz files for some reason. I don't know why that is or what to do from here. Thanks.
I wrote, learn what _logrotate_ does. Hint: without that, the hd fills up. man logrotate
--Keifer
On Fri, Mar 10, 2023 at 8:15 AM lists@for-privacy.net wrote:
On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote:
Strangely, nothing whatsoever is being written to the notices.log file, upon checking it it is completely empty, nothing there.
That can't be, please post: ~# ls -A /var/log/tor
In general, everything is always written to /var/log/syslog & systemd-journald to /var/log/journal (binaries). ~$ man journalctl
I wonder why that
Read what _logrotate_ does. Every tor restart creates a new empty log file.
would happen and how else to tell what's going on? Tor is running as root
Why do you change security-related default settings? Default tor user is: debian-tor. (On Debian and Ubuntu systems)
so it's not a permission issue, and I also set up a port forwarding rule
Why? You have a server in the data center. You only need forwarding on a router! Packet forwarding is also disabled in /etc/sysctl.conf per default.
Your iptables must start like this. *filter
:INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0]
... -A INPUT -p tcp --dport <Your-Tor-ORPort> -j ACCEPT ...
No FORWARD, no OUTPUT rules.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Ok, so when this happens, what would be the best command to use for reading the newest tor log?
I am also needing this for another relay, my middle relay at https://metrics.torproject.org/rs.html#search/udeserveprivacy also keeps going offline with no warning and nothing written to the log file. Thanks. --Keifer
On Sun, Mar 12, 2023 at 3:39 PM lists@for-privacy.net wrote:
On Sonntag, 12. März 2023 04:45:21 CET Keifer Bly wrote:
I do not use any scripts to start tor, I just type tor to start the
process
on debian.
That's where your problems begin. You start a 2nd tor process as root that doesn't take the default configs from: /usr/share/tor/tor-service-defaults-torrc & /etc/tor/torrc
You have a systemd system & tor.service is activated by default. You don't have to do anything, tor runs automatically after a reboot|server start.
The systemd services are controlled with the following commands: systemctl start tor.service systemctl stop tor.service systemctl restart tor.service systemctl reload tor.service systemctl status tor.service
And yes the datacenter I run in has an external firewall which requires setting up port forwarding.
Ok, anything in the customer interface for the datacenter router.
The result of running ls -A /var/log/tor
root@instance-1:/home/keifer_bly# ls -A /var/log/tor notices.log notices.log.1 notices.log.2.gz notices.log.3.gz notices.log.4.gz notices.log.5.gz
There are 6 log files of one of the tor processes. Both write to syslog.
So it's creating separate .gz files for some reason. I don't know why
that
is or what to do from here. Thanks.
I wrote, learn what _logrotate_ does. Hint: without that, the hd fills up. man logrotate
--Keifer
On Fri, Mar 10, 2023 at 8:15 AM lists@for-privacy.net wrote:
On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote:
Strangely, nothing whatsoever is being written to the notices.log
file,
upon checking it it is completely empty, nothing there.
That can't be, please post: ~# ls -A /var/log/tor
In general, everything is always written to /var/log/syslog & systemd-journald to /var/log/journal (binaries). ~$ man journalctl
I wonder why that
Read what _logrotate_ does. Every tor restart creates a new empty log file.
would happen and how else to tell what's going on? Tor is running as root
Why do you change security-related default settings? Default tor user
is:
debian-tor. (On Debian and Ubuntu systems)
so it's not a permission issue, and I also set up a port forwarding
rule
Why? You have a server in the data center. You only need forwarding on
a
router! Packet forwarding is also disabled in /etc/sysctl.conf per default.
Your iptables must start like this. *filter
:INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0]
... -A INPUT -p tcp --dport <Your-Tor-ORPort> -j ACCEPT ...
No FORWARD, no OUTPUT rules.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Well so the bridge now jumped to being online for 18 days. But despite the torrc it is now saying it's still no distribution mechanism??
Thanks. --Keifer
On Tue, Mar 14, 2023 at 10:23 AM Keifer Bly keifer.bly@gmail.com wrote:
Ok, so when this happens, what would be the best command to use for reading the newest tor log?
I am also needing this for another relay, my middle relay at https://metrics.torproject.org/rs.html#search/udeserveprivacy also keeps going offline with no warning and nothing written to the log file. Thanks. --Keifer
On Sun, Mar 12, 2023 at 3:39 PM lists@for-privacy.net wrote:
On Sonntag, 12. März 2023 04:45:21 CET Keifer Bly wrote:
I do not use any scripts to start tor, I just type tor to start the
process
on debian.
That's where your problems begin. You start a 2nd tor process as root that doesn't take the default configs from: /usr/share/tor/tor-service-defaults-torrc & /etc/tor/torrc
You have a systemd system & tor.service is activated by default. You don't have to do anything, tor runs automatically after a reboot|server start.
The systemd services are controlled with the following commands: systemctl start tor.service systemctl stop tor.service systemctl restart tor.service systemctl reload tor.service systemctl status tor.service
And yes the datacenter I run in has an external firewall which requires setting up port forwarding.
Ok, anything in the customer interface for the datacenter router.
The result of running ls -A /var/log/tor
root@instance-1:/home/keifer_bly# ls -A /var/log/tor notices.log notices.log.1 notices.log.2.gz notices.log.3.gz notices.log.4.gz notices.log.5.gz
There are 6 log files of one of the tor processes. Both write to syslog.
So it's creating separate .gz files for some reason. I don't know why
that
is or what to do from here. Thanks.
I wrote, learn what _logrotate_ does. Hint: without that, the hd fills up. man logrotate
--Keifer
On Fri, Mar 10, 2023 at 8:15 AM lists@for-privacy.net wrote:
On Mittwoch, 8. März 2023 18:13:01 CET Keifer Bly wrote:
Strangely, nothing whatsoever is being written to the notices.log
file,
upon checking it it is completely empty, nothing there.
That can't be, please post: ~# ls -A /var/log/tor
In general, everything is always written to /var/log/syslog & systemd-journald to /var/log/journal (binaries). ~$ man journalctl
I wonder why that
Read what _logrotate_ does. Every tor restart creates a new empty log file.
would happen and how else to tell what's going on? Tor is running as root
Why do you change security-related default settings? Default tor user
is:
debian-tor. (On Debian and Ubuntu systems)
so it's not a permission issue, and I also set up a port forwarding
rule
Why? You have a server in the data center. You only need forwarding
on a
router! Packet forwarding is also disabled in /etc/sysctl.conf per default.
Your iptables must start like this. *filter
:INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0]
... -A INPUT -p tcp --dport <Your-Tor-ORPort> -j ACCEPT ...
No FORWARD, no OUTPUT rules.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Gary C. New -
gus -
Keifer Bly -
lists@for-privacy.net -
trinity pointard