[tor-relays] Why is my Tor bridge relay not getting any traffic?
tux at hikari.me
tux at hikari.me
Wed Aug 28 13:44:49 UTC 2019
Thanks a lot for taking the time to explain me!
Quoting teor <teor at riseup.net>:
> Hi,
>
>> On 28 Aug 2019, at 14:21, Hikari <tux at hikari.me> wrote:
>>
>> So, it's just that few people receive my bridge from BridgeDB. So
>> it's a guard relay, right? What am I lacking to receive a guard flag?
>
> Guards and Bridges are different.
>
> Bridges are secret entry nodes for a few Tor clients.
>
> Guards are public entry nodes for any Tor client.
> But they are easier to block, because they are public.
>
>> And what about being a middle relay? Shouldn't it be used more
>> frequently in this mode?
>
> Middle relays are public middle nodes for any Tor client.
>
> Bridges can't be used as middles, because bridge addresses are secret.
Now I get it.
Is it worthy running a public middle relay at home? Or is it possible
sites will block my IP and I should stick with a bridge as it is now?
I suppose a guard relay isn't advised, right?
>> I have obfs3 and obfs4 enabled, but I've never tested them. And
>> never got any error message either.
>
> You can test them with Tor Browser, but it takes a bit of cut and paste work.
> Look up the obfs4 instructions for the location of the bridge line file.
Does Tor Browser for Windows come with obfs4? How to enable it?
I could also try running Tails on a VM if it has obfs4.
> If you'd like to get more bridge traffic, start another few bridges
> on different
> ports on the same IP, or different IPs.
Do you know any tutorial teaching how to run multiple Tor instances? I
did it with Transmission and had some trouble but did it.
I suppose I'll need to duplicate /etc/tor and /var/log/tor and have 2
systemctl files pointing to the correct torrc.
And also point nyx to the correct instance. I just run it without parameters.
>> Another question. I currently have Address setting on torrc
>> pointing to a domain handled by no-ip. I have 2 ISPs in load
>> balancing, and before this setting I was having very frequent log
>> messages saying my IP had changed, because each time Tor made its
>> test it was using a different route. Isn't it possible to use Tor
>> in load balancing?
>
> There are different kinds of load balancing.
>
> Tor relays and bridges can only advertise a single IPv4 address.
> Tor relays can also advertise an IPv6 address.
> We're working on dual-stack advertised addresses for bridges.
>
> So Tor works well when your AS announces your relay's IP address on multiple
> upstream routers.
What's an AS?
I'm still working on getting IPv6 working. My Cisco RV340's WebUI
doesn't have settings for enabling ULA and neither for delegating
global prefix. I just bought a new router and will try to put OpenWRT
on it, and hope to be able to setup everything then.
In early monitorings I'm noticing that one of my ISPs, the one I'm
able to use global prefix, hasn't changed mine for over a week. But my
server's IP is changing a few times every day inside the same prefix.
When (and if) I get everything working, I hope to have 1 no-ip domain
for each ISP IPv4 address, and get 1 fixed IPv6 ULA and an equivalent
global IP for each ISP global prefix and keep it fixed as long as ISPs
don't change their prefix.
It's gonna take a few months to set it all.
Regarding Tor, maybe I'll need to run 1 instance for each ISP's
IPv4+IPv6 combination. IPv4 will be easy, IDK how to make it know
which IPv6 to use, if I'm unable to get no-ip working for IPv6.
> If you have different IP addresses for each upstream, you can:
> * Run a separate Tor instance for each address, or
> * Set (inbound) Address to one upstream, and OutboundBindAddress to another.
Sorry I didn't understand the second option.
>> I'm buying a Ubiquiti EdgeRouter X to put OpenWRT. If everything
>> works, in the near future I'll have IPv6 and load balancing
>> working, but no-ip seems to not support IPv6. How should I setup my
>> relay to use both ISPs and IPv4 + IPv6 with dynamic addresses?
>
> Address supports DNS for IPv4 addresses.
>
> IPv6 is only supported for ORPort (relays) and
> ServerTransportListenAddr (bridges).
> Tor doesn't have support for dynamic IPv6 yet.
Well that's troubling lol so I think I won't be able to use IPv6,
unless ISPs leave static global prefixes and I'm able to set a
relative fixed ULA.
Is it possible to set Tor to use a specific network device?
> Can your provider allocate static IPv6?
> It should have a pool of millions of IPv6 addresses, so static
> should be easy.
As I said, I'm monitoring IPv6 and the working ISP's global prefix
hasn't changed in a week, but IPv6 addr is changing.
They won't wanna provide fixed global prefix, because they wanna
charge for fixed IP. They are also serving only a /64 prefix. And
blocking some most common ports.
My guess is that they haven't get dynamic global prefix allocation
working yet, so they are just leaving it be for now. I also haven't
tried turning modem off to see that forces prefix to change.
> We're trying to make IPv6 support better, but I don't know when we will
> get funding to fix these particular issues.
Yeah I understand it. Most ppl and even teleco companies aren't
worried with IPv6. Some routers as mine don't have proper UI for IPv6
settings either.
More information about the tor-relays
mailing list