Bridge replacement question

I had to rebuild a bridge relay with a new OS in order to get the new tor version. I kept the keys so that didn’t change in the new one, but it took some support tickets to get it up again. I’m running it as a moat distribution type, which it was before. However, I seem to have lost everyone (I had an average of 2,000 connections a day) but a few.
This relay was up for 3-4 years. I have another in the same position: unupgradable FreeBSD (something they can’t fix in the pkd update system), and 1500 avg daily connections. Up for 3.4 years now also. I’ve hated not to continue as I feel a loyalty to those who have set this up for themselves, but it looks as though I’ve pulled the rug out from under them anyway.

But here’s the larger question:
Have both these bridges been most likely “found out” by now and I should retire them and start with new ips? How long should a bridge last? I have a couple more in Latvia that are also 3 years old now with 500 and 1000 avg. connections, so all 4 of these are “in use”.

1 Like

Hey @torix, that’s a great question. If you have an average of 1500 daily connections, it seems your bridge is very useful, and rotating the IP address might not help more users. You can check your bridge’s country stats in this file: /var/lib/tor/stats/bridge-stats or on *BSD: /var/db/tor/stats/bridge-stats.

If you find that most users are coming from countries that block Tor (Russia, Iran…), I’d say that rotating the IP will frustrate a lot of users more than it will help.

Maybe you could allocate a new bridge and monitor when the IP is blocked in China, then it? Usually when the GFW detects a bridge, it blocks the IP address (and not just IP:Port). You can use this site to test your bridge’s reachability: https://www.itdog.cn/ping/.

Thanks for running bridges!

1 Like

Gus, I don’t have any /var/lib(db)/tor/stats directory in my bridges. Is this part of the monitoring additions that you can install on your relay? I tried adding them twice, following the instructions, but the relays fell over and wouldn’t come back up until I took it out of the configuration. Are we talking about the same thing?

So what I have is a homebrew system - avg of the day’s connection taken every 5 min. with a cron job, and then the number of users taken from the tor log every 6 hours. So I have no idea where these connections come from; I’ve never wanted to screw up anonymity, and I’m never sure what can be correlated with something that I know nothing about.

I’d love to know how to set it up to tell me what countries connections are coming from.

–Torix
p.s. all chinese ping site is a little intimidating, but I assume that red means blocked, and taiwan’s yellow means partly blocked?

···

On Thursday, March 28th, 2024 at 7:01 PM, Gus via Tor Project Forum noreply@forum.torproject.org wrote:

gus Community Team lead
March 28

torix:

Have both these bridges been most likely “found out” by now and I should retire them and start with new ips? How long should a bridge last?

Hey @torix, that’s a great question. If you have an average of 1500 daily connections, it seems your bridge is very useful, and rotating the IP address might not help more users. You can check your bridge’s country stats in this file: /var/lib/tor/stats/bridge-stats or on *BSD: /var/db/tor/stats/bridge-stats.

If you find that most users are coming from countries that block Tor (Russia, Iran…), I’d say that rotating the IP will frustrate a lot of users more than it will help.

Maybe you could allocate a new bridge and monitor when the IP is blocked in China, then it? Usually when the GFW detects a bridge, it blocks the IP address (and not just IP:Port). You can use this site to test your bridge’s reachability: https://www.itdog.cn/ping/.

Thanks for running bridges!


Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

On Debian based systems, you need to install the package tor-geoipdb and it will generate bridge stats every day in that directory. You do not need to edit your torrc to have these stats.

On FreeBSD, if you installed tor using pkg, I believe you may have ‘tor-geoipdb’ too:

# pkg info -l tor
tor-0.4.8.10_1:
        /usr/local/bin/tor
        /usr/local/bin/tor-gencert
        /usr/local/bin/tor-print-ed-signing-cert
        /usr/local/bin/tor-resolve
        /usr/local/bin/torify
        /usr/local/etc/rc.d/tor
        /usr/local/etc/tor/torrc.sample
        /usr/local/share/doc/tor/tor-gencert.html
        /usr/local/share/doc/tor/tor-print-ed-signing-cert.html
        /usr/local/share/doc/tor/tor-resolve.html
        /usr/local/share/doc/tor/tor.html
        /usr/local/share/doc/tor/torify.html
        /usr/local/share/licenses/tor-0.4.8.10_1/BSD3CLAUSE
        /usr/local/share/licenses/tor-0.4.8.10_1/LICENSE
        /usr/local/share/licenses/tor-0.4.8.10_1/catalog.mk
        /usr/local/share/man/man1/tor-gencert.1.gz
        /usr/local/share/man/man1/tor-print-ed-signing-cert.1.gz
        /usr/local/share/man/man1/tor-resolve.1.gz
        /usr/local/share/man/man1/tor.1.gz
        /usr/local/share/man/man1/torify.1.gz
        /usr/local/share/tor/geoip
        /usr/local/share/tor/geoip6

Yes, red means unreachable/blocked. Yellow means that the ping latency was high, but the IP is reachable.

You can find other public tests services here:

1 Like

Gus, thanks very much for your helpful reply - I made a 2 line bash script that gives me the top 10 and % for these 2 geoip files - works like a charm on my bridges.

I also think the link to the set of probing tools to be gold; I knew almost none of them. I wonder if that link might be helpful in the post-install docs somewhere.

Again, many thanks,

–Torix

···

On Friday, March 29th, 2024 at 12:24 PM, Gus via Tor Project Forum noreply@forum.torproject.org wrote:

gus Community Team lead
March 29

On Debian based systems, you need to install the package tor-geoipdb and it will generate bridge stats every day in that directory. You do not need to edit your torrc to have these stats.

On FreeBSD, if you installed tor using pkg, I believe you may have ‘tor-geoipdb’ too:

# pkg info -l tor
tor-0.4.8.10_1:
        /usr/local/bin/tor
        /usr/local/bin/tor-gencert
        /usr/local/bin/tor-print-ed-signing-cert
        /usr/local/bin/tor-resolve
        /usr/local/bin/torify
        /usr/local/etc/rc.d/tor
        /usr/local/etc/tor/torrc.sample
        /usr/local/share/doc/tor/tor-gencert.html
        /usr/local/share/doc/tor/tor-print-ed-signing-cert.html
        /usr/local/share/doc/tor/tor-resolve.html
        /usr/local/share/doc/tor/tor.html
        /usr/local/share/doc/tor/torify.html
        /usr/local/share/licenses/tor-0.4.8.10_1/BSD3CLAUSE
        /usr/local/share/licenses/tor-0.4.8.10_1/LICENSE
        /usr/local/share/licenses/tor-0.4.8.10_1/catalog.mk
        /usr/local/share/man/man1/tor-gencert.1.gz
        /usr/local/share/man/man1/tor-print-ed-signing-cert.1.gz
        /usr/local/share/man/man1/tor-resolve.1.gz
        /usr/local/share/man/man1/tor.1.gz
        /usr/local/share/man/man1/torify.1.gz
        /usr/local/share/tor/geoip
        /usr/local/share/tor/geoip6

torix:

p.s. all chinese ping site is a little intimidating, but I assume that red means blocked, and taiwan’s yellow means partly blocked?

Yes, red means unreachable/blocked. Yellow means that the ping latency was high, but the IP is reachable.

You can find other public tests services here:

NTC – 19 Mar 24

Ping, TCP, HTTP public test services, looking glassCensorship circumvention methods & software Tools for researchers and developers

Small list of useful public services which could ping and execute TCP/HTTP requests using different set of probes: check-host.net Show IP information from DB-IP, MaxMind, IPGeolocation.io, IP2Location, IPInfo.io databases ICMP Ping TCP port…


Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

1 Like