[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Failed upgrade

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Failed upgrade
From: s7r <s7r@xxxxxxxxxx>
Date: Wed, 24 Mar 2021 09:41:01 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 24 Mar 2021 03:41:39 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1616571683; bh=7SYfSMIKd6iOK3Ldj/zs1018AYUwCAFMNBZf4uU80wg=; h=Reply-To:To:References:From:Subject:Date:In-Reply-To; b=Suq3k80M6tVQQbpYCjPdPvDfA6Y6BB8+NKEEanP4tTVgcTnVAsPqcIWat7sXKP2u4 bm3/yzkl4KF2jugb6N0ZXBcKDgPF9kiiYLBcvPOHUvMzQ+WQwwCTOZLxWK6jvoIyJN 9tejNuwKRJtkp6HPpC3HQVDuc1p4OfQ7IFs6tQPI=
In-reply-to: <CAD4+ng_dkWbmZGV04GY-0_nRtCWFHHmcj2ucYp8fL4p_BqEPfQ@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAD4+ng_dkWbmZGV04GY-0_nRtCWFHHmcj2ucYp8fL4p_BqEPfQ@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0

Hello,

You have some wrong torrc options.

They used to work because we didn't had a clear logic, there has been alot of improvements made since IPv6 Address auto discovery was implemented.

Please see my corrections in line as well as explanations. Hope theymake sense.


r1610091651 wrote:

Hi

FYI
So I've upgraded tor package from 0.4.4.6 to 0.4.5.7-1~xenial+1. Noother changes.
Yet on startup tor is complaining about mis-configuration:
Mar 23 20:55:02.928 [notice] Read configuration file"/usr/share/tor/tor-service-defaults-torrc".
Mar 23 20:55:02.929 [notice] Read configuration file "/etc/tor/torrc".
Mar 23 20:55:02.932 [warn] Configuration port ORPort 9443 superseded byORPort <local-ip>:9443Mar 23 20:55:02.932 [warn] We are listening on an ORPort, but notadvertising any ORPorts. This will keep us from building a routerdescriptor, and make us impossible to use.Mar 23 20:55:02.932 [warn] Failed to parse/validate config:Misconfigured server ports
Mar 23 20:55:02.932 [err] Reading config failed--see warnings above.

config:
ORPort <local-ip>:9443 NoAdvertise


This is ok, you configured and explicit IP address.

ORPort 9443 NoListen IPv4Only

This is not ok, the NoAdvertise ORPort is explicit <local-ip> but thisis wildcard to all interfaces.

IPv4Only either you use it for both NoListen and NoAdvertise ORPorteither you don't use it at all since you use AddressDisableIPv6.


This line should be:
ORPort <public-ip>:9443 NoListen

AddressDisableIPv6 1

This is OK. Or you can use IPv4Only for both ORPort entries and it willhave the same effect.

OutboundBindAddress <local-ip>


This is also OK.

This config is according to spec and worked with 4.4.6.
Seems to be related to thes issues, except for me it's blocking: torfails to start.https://gitlab.torproject.org/tpo/core/tor/-/issues/40300<https://gitlab.torproject.org/tpo/core/tor/-/issues/40300>https://gitlab.torproject.org/tpo/core/tor/-/issues/40302<https://gitlab.torproject.org/tpo/core/tor/-/issues/40302>
I had to add 0.0.0.0 as ip to make tor start, although that's notdocumented...
ORPort <local-ip>:9443 NoAdvertise
ORPort 0.0.0.0:9443 <http://0.0.0.0:9443> NoListen IPv4Only

Please try with my example and remove 0.0.0.0 as it's not our scope, weare trying to configure explicit binding IP addresses. Let me know ifthis works for you -- it should be a correct configuration.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Failed upgrade
  - From: r1610091651

Prev by Author: Re: [tor-relays] Tor project helping to attempt to cancel Richard Stallman
Next by Author: Re: [tor-relays] Tor 0.4.5.6 and missing IPv6
Previous by thread: [tor-relays] Failed upgrade
Next by thread: [tor-relays] Tor project helping to attempt to cancel Richard Stallman
Index(es):
- Author
- Thread