Opened 4 years ago

Closed 2 years ago

#20688 closed defect (duplicate)

OpenBSD missing from systems that 'work best' with relays

Reported by: mulander Owned by:
Priority: Medium Milestone: WebsiteV3
Component: Webpages/Website Version:
Severity: Normal Keywords: website-content
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The URL:

https://www.torproject.org/docs/tor-doc-relay.html.en#setup

states:

You can run a Tor relay on pretty much any operating system. Tor relays work best on current distributions of Linux, FreeBSD, NetBSD, and Windows Server.

OpenBSD is notably missing from the list even though it provides a way to run a tor relay. Is there a reason for this?

Child Tickets

Change History (13)

comment:1 Changed 4 years ago by arma

Component: - Select a componentUser Experience/Website
Owner: set to Sebastian

comment:2 Changed 4 years ago by Sebastian

Historically, Tor on OpenBSD was constrained heavily. I have no idea whether that is still the case. I would like to hear from an actual high-traffic OpenBSD relay operator before recommending it on the website.

comment:3 Changed 3 years ago by Sebastian

Owner: changed from Sebastian to cypherpunks
Status: newassigned

comment:4 Changed 3 years ago by hiro

Keywords: website-content added
Milestone: WebsiteV3

comment:5 Changed 2 years ago by cypherpunks

We should not recommend OpenBSD also because
OpenBSD does not provide any updates except you run -current which is not recommended either.
That is probably the reason why most OpenBSD relays run an outdated tor version.

Close as wontfix?

comment:6 Changed 2 years ago by gman999

We should not recommend OpenBSD also because

OpenBSD does not provide any updates except you run -current which is not recommended either.
That is probably the reason why most OpenBSD relays run an outdated tor version.

That's not accurate, if I'm reading your comment correctly, as someone who's run both OpenBSD -stable and -current nodes for a very long time.

  • For the stable version, OpenBSD updates the ports when there is a notable issue, but it does not generate updated packages. Therefore, one could run an updated Tor server on an OpenBSD -stable box as long as one uses the ports tree to maintain Tor.
  • Running -current as a Tor server is common also, as OpenBSD -current rarely has any issues.

comment:7 Changed 2 years ago by cypherpunks

I might be able to dig out some notes where -stable had no update for 14 days past the release (not speaking about packages) in the past.

Can you say anything about the performance issues that have been observed in the past?

comment:8 in reply to:  7 ; Changed 2 years ago by gman999

Replying to cypherpunks:

I might be able to dig out some notes where -stable had no update for 14 days past the release (not speaking about packages) in the past.

I'm unclear on your meaning here. What do you mean by "14 days past the release"? Do you mean the net/tor port wasn't updated after the version of Tor was deprecated?

Can you say anything about the performance issues that have been observed in the past?

That is another issue, but I think the statement "We should not recommend OpenBSD" is utterly wrong, whichever "cypherpunks" that was.

OpenBSD is justifiably stingy with its resources for the sake of security. It's likely the first OS to disable Intel hyper-threading.

The default number of open files on an OpenBSD system for the daemon class is 1024, which won't provide great performance for Tor as-is. We recommend bumping that number.

https://wiki.torbsd.org/doku.php?id=en:etc_login.conf_recommendations_for_openbsd

Based on the current hardware we have access to, while running only one instance of Tor, you can hit 10M/s without much effort.

The stats on places like https://torstatus.blutmagie.de/ show others moving more.

comment:9 in reply to:  8 Changed 2 years ago by teor

Replying to gman999:

Replying to cypherpunks:

I might be able to dig out some notes where -stable had no update for 14 days past the release (not speaking about packages) in the past.

I'm unclear on your meaning here. What do you mean by "14 days past the release"? Do you mean the net/tor port wasn't updated after the version of Tor was deprecated?

It's entirely reasonable that a port takes a few weeks or months to update to a new stable release series.

For security releases, it depends of the severity of the fix, and if the bug affects relays. But a week or two is a good turnaround, particularly for rarer platforms.

comment:10 Changed 2 years ago by teor

Also, if we're going to stop recommending distributions because they are outdated, we should be consistent, and start with Slackware Linux:
https://trac.torproject.org/projects/tor/wiki/doc/packages

comment:11 Changed 2 years ago by cypherpunks

Owner: cypherpunks deleted

comment:12 in reply to:  10 Changed 2 years ago by cypherpunks

Replying to teor:

Also, if we're going to stop recommending distributions because they are outdated, we should be consistent, and start with Slackware Linux:
https://trac.torproject.org/projects/tor/wiki/doc/packages

note that this table does not show tor versions shipped in the last stable version of the os/distribution (and is therefore somewhat misleading)

comment:13 Changed 2 years ago by cypherpunks

Resolution: duplicate
Status: assignedclosed

since the page referenced in the first post basically no longer exists, we can close this one and continue in #26619

Note: See TracTickets for help on using tickets.