[tor-dev] Vanguard Plugin Options

Mike Perry mikeperry at torproject.org
Wed Jan 29 13:32:06 UTC 2020


On 1/16/20 5:01 PM, procmem at riseup.net wrote:
> 
> Hi. We are rolling out the vanguard plugin for our users and wanted to
> understand some options we can enable.
> 
> * In many parts of the Security README setting *circ_max_megabytes* is
> recommended. Though it is discouraged for usecases involving Onionshare
> and Securedrop which we support. What is a reasonable limit to set? What
> happens is the max ceiling gets hit? Does it permanently disrupt the
> upload/download?

Setting circ_max_megabytes means that no circuit can be used to transmit
more than that many megabytes. As soon as that limit is hit, the circuit
will be force-closed.

I do not recommend using this option in your case, as you cannot
anticipate the max file size that a securedrop or onionshare user may
use, and the failure more here is non-obvious (their upload/download
will just fail).

> * "High load onion services may consider using 4 layer2 guards by
> changing the *num_layer2_guards* option in the configuration file
> <https://github.com/mikeperry-tor/vanguards/blob/master/vanguards-example.conf>,
> but going beyond that is not recommended."
> Does this benefit clients too? We would like to enable options that
> mimic the configuration used by actual high load onion services to
> provide them with more cover.

Using more layer2 guards will not improve client performance. I
recommend staying with the defaults, as they are backed by asn's
analysis. Any other choice would be arbitrary or specific to a custom
circumstance, and thus provide less cover.

-- 
Mike Perry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20200129/0a80fc59/attachment.sig>


More information about the tor-dev mailing list