2014-05-30

DDNS and IPv6?

Ever tried setting up DDNS with IPv6? I recently had to learn that there is a remarkable range of tools and services that do not work with IPv6.

ddclient does not support IPv6, nor does inadyn.
inadyn-mt claims to support IPv6, but if that is true, it is at least hard to configure.

Also not all DDNS-Services offer IPv6 support with freedns.afraid.org being one notable exception. This service also allows setting the IPv6 via a URL.

A pragmatic solution to get DDNS working with IPv6 could be running the following Python script periodically using a cronjob:
#!/usr/bin/env python
''' update ipv6 record on freedns.afraid.org '''

import netifaces
import subprocess
import sys

iface_name = "eth0"
pwd_hash = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr"

try:
addrs = netifaces.ifaddresses(iface_name)
ipv6_str = addrs[netifaces.AF_INET6][0]['addr']
#check if link local adress
if ipv6_str[0:5] == "fe80:":
raise Exception()

except:
sys.exit("could not determine ipv6 address");


subprocess.call(
[
"wget",
"-q",
"--read-timeout=0.0",
"--waitretry=5",
"--tries=400",
"https://freedns.afraid.org/dynamic/update.php?"+pwd_hash+"&address="+ipv6_str
]
)

The script can also be downloaded here. It requires the package netifaces, which can be installed using pip. Moreover wget needs to be installed. You need to adjust the interface name and the password hash manually.
$> sudo apt-get install python-pip
$> sudo pip install netifaces

I suggest simply copying the script to /opt, making it executable and adding a cronjob for it.
$> sudo crontab -e

add the following line to the crontab
 */30 * * * *    /opt/ipv6_update.py

and restart the cron daemon
$> sudo /etc/init.d/cron restart

If you are using a network manager, eg. wicd or network-manager, the Python script above can be hooked in there. For wicd the script would have to be copied to
/etc/wicd/scripts/postconnect
Posted by at 1 comment:
Labels: , , , , , , ,

2014-05-06

Experiences from running a Tor intermediate relay

In this post I want to share some basic experiences from running a Tor intermediate relay for 5 months.


Resource Usage

Fortunately Tor's hardware requirements are modest. An old  ASUS EeePC 1101HA netbook with an Intel Atom CPU Z520 @ 1.33GHz and 1GB of RAM was used for the Tor node and found to be sufficient. The node was used in conjunction with a simple cable internet connection (10Mbit/s downstream; 1Mbit/s upstream). Amazingly and despite the cheap hardware, the system worked stable and no system crashes occurred.

Tor's  memory usage is about 210MB and the memory usage of the entire system is only about 250MB.

The  bandwidth usage was around 100kBytes/s on average and a little more than 1GByte/day was up- and downloaded. The bandwidth is mostly consumed in bursts since Tor is designed to reduce latency and then the system goes idle to not exceed the bandwidth limit. The relay was also used to mirror directory information.

The temperature of the CPU was around 27°C, which is not so much above ambient temperature. This conveniently reduces aging and noise from the fan.


Power Consumption

An attempt was made to reduce power consumption by
  • uninstalling unnecessary services (eg. CUPS)
  • configuring DPMS to turn off the screen quickly eg. turning off the screen after 10s:  $> xset dpms 10 0 0
  • alternatively it is possible to turn off the screen using vbetool dpms off , if no X server is present. Strangely the screen will automatically turn itself back on after some time and a cron job is required to keep it turned off permanently.
  • shutting down Wifi and Bluetooth (Fn+... on the keyboard) 
  • using powertop for further optimizations
Assuming a (probably too high) power consumption of 15W and a price for electricity of 0.2€/kWh, the energy bill is increased by around 26€ per year through this act of altruism. For a future relay, I intend to use an old smartphone or tablet computer, which will reduce power consumption significantly.


Configuration

The configuration was pretty usual. Some minor things to be mentioned here:

To be able to use the tor relay from the local network, eg.
SocksPort 192.168.178.42:910
SocksPolicy accept 192.168.178.0/16
It seems Tor will not start automatically after reboot, if these lines are in the config file.

To view connection information (eg. open circuits) from arm:
DisableDebuggerAttachment 0

To fix the exit node to a specific country:
ExitNodes de 


Software 

Not much software was required:
  • Debian 7 (Wheezy) was used as OS.
  • wicd-curses was used as a network manager for convenient configuration of the network interface
  • Tor was installed from the Debian repositories.
  • X was necessary for DPMS (energy management); alternatively vbetool is sufficient to turn the screen off.
  • OpenBox was used as a resource friendly window manager and for convenience
  • The hardware clock of the EeePC seems to be drifting considerably. Therefore it was necessary to install ntpd to keep system clock in sync.
  • some other optional tools (arm, htop, powertop, sensors, unattended-upgrades)
Statistics about the Tor node can be obtained through Atlas and arm. arm crashes after some time, if left running.

arm needs to be started as the user running tor eg.
$> sudo -u yourusername-tor arm
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)