Hello,
Can you run a bride and a middle-relay together on a host? I mean for the safety of users. IPv6 is usually a /64 network and the various IPv4 are usually also from a subnet.
Hey there.
No, im only bridge-relay running, but I need to be obfuscate the bridge,. but i unable to install obfs4proxy
Regards
On Thu, Mar 21, 2019 at 8:43 PM lists@for-privacy.net wrote:
Hello,
Can you run a bride and a middle-relay together on a host? I mean for the safety of users. IPv6 is usually a /64 network and the various IPv4 are usually also from a subnet.
-- Ciao Marco! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Fri, Mar 22, 2019 at 02:43:13AM +0100, lists@for-privacy.net wrote:
Can you run a bride and a middle-relay together on a host? I mean for the safety of users. IPv6 is usually a /64 network and the various IPv4 are usually also from a subnet.
Answer #1: if they're using different IP addresses, sure, go for it.
Answer #2: if they're using the same IP address, you can do it technically, but it's probably not a good move.
Some years ago, it used to be that China blocked Tor relays and bridges by blocking the particular IP:port they listened on.
But in the past year or two, they switched to just blackholing the IP address if there's a Tor thing on it.
So, that means when they learn the relay IP address and blackhole it, if your bridge is on that same IP address, the bridge becomes unreachable too. Not the best outcome.
And, while you're thinking about bridge blocking, here are many other angles to learn about: https://blog.torproject.org/research-problems-ten-ways-discover-tor-bridges
Hope that helps, --Roger
On 3/22/19 8:19 AM, Roger Dingledine wrote:
https://blog.torproject.org/research-problems-ten-ways-discover-tor-bridges
Which means, to avoid few attack vector, a Tor relay operator might run a bridge which points to its own relay always?
Am 22.03.2019 08:19, schrieb Roger Dingledine:
On Fri, Mar 22, 2019 at 02:43:13AM +0100, lists@for-privacy.net wrote:
Can you run a bride and a middle-relay together on a host? I mean for the safety of users. IPv6 is usually a /64 network and the various IPv4 are usually also from a subnet.
Answer #1: if they're using different IP addresses, sure, go for it.
Different IP are a must, that's clear anyway.
But... Normally you get from the provider: some IPv4 fron same subnet: 203.0.113.111 203.0.113.222 203.0.113.333
and one IPv6 Prefix: 2001:0DB8:123:456::/64
After reading that from your link below, I realize it's a bad idea to use similar IP's for Bridge and Gateway.
I came up with the idea, because my server still has a lot of resources available. But I do not have traffic anymore. 2 Tor instaces consume all my 20TB.
https://blog.torproject.org/research-problems-ten-ways-discover-tor-bridges
Thanks. That's exactly the stuff I'm looking for. ;-)
tor-relays@lists.torproject.org
-
Cuco Cuquito -
lists@for-privacy.net -
Roger Dingledine -
Toralf Förster