Tor server


why

The crisis in the Ukraine triggert me to provide Tor relays.

My view:
Freedom needs free press. Free press needs whistle-blowing. Whistle-blowing needs anonymity. And anonymity is provided by Tor.

But my motivation is much bigger (and few inches in size): the Stasi observation files about my parents - few hundred pages. In contrast here are the ridiculous 9 (and mostly blackened) spy pages about my person.

status

The status of my Tor relays is at metrics.torproject.org.

setup

Look here for an official guide.

my setup

Two relays are running at a stable hardened Gentoo Linux under a recent stable vanilla kernel with a monolithic kernel. kernek is configured without USB because of this, no graphics, neither serial nor parallel interfaces, no unused drivers, file systems etc. and with LibreSSL instead of OpenSSL and OpenRC instead of systemd.
To achieve this boot into a kernel made with make defconfig, strip down the kernel .config using make localmodconfig and /usr/src/linux/scripts/kconfig/streamline_config.pl, remove check the .config using this tool.
furthermore:
  • /tmp is a tmpfs, swap is encrypted
  • network: IPv4 and IPv6 have static ip addresses (Hint: request an additional IPv4/IPv6 address pair for Tor, b/c Tor addresses will be added to certain black lists asap)
  • unbound is used to have DNSSEC, btw here's the DNSSEC Authentication Chain for my domain
  • incoming ports except ssh, DirPort and ORPort are closed
  • sshd listens at a non-default port, root login is forbidden, password login is forbidden at all
  • a Tor exit notice is provided at IPv4 and at IPv6 DirPort(s) of both relays (IPv4, IPv4:9030, IPv6, IPv6:9030), here's the link to a wiki with a "reduced exit policy".
  • homepage is legal-checked (contact, impressum and disclaimer)
  • Another relay is configured as a Tor bridge. It runs under Debian.

    misc

    An unusual behavior happened at 6th of Nov 2014 where the BOINC software was involved too. And here're few DDoS examples from the past:
    27th of April 2015 (>300 MBit/s), 20th of Nov 2015 (34 MBit/s, more), 30th of Jan 2016 (>500 MBit/s), 20th of March 2016 (>900 MBit/s, values), 13th of Jun 2016 (>65 MBit/s), 7th of Jun 2016 (>275 MBit/s), 21th of Jul 2016 (>180 MBit/s, values and graph), 22th of Jul 2016 (>250 Kpck/s, graph)

    "Tor" and the "Onion Logo" are registered trade marks of Torproject, Inc.

    back to my home page