[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] log: ORPort/DirPort address does not match descriptor address

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] log: ORPort/DirPort address does not match descriptor address
From: teor <teor2345@xxxxxxxxx>
Date: Tue, 24 Jan 2017 15:20:27 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 23 Jan 2017 23:20:55 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=wDQXWCfYtjPLJReehIDEjVdGPWewBNMPhBBKhVc3hY8=; b=GhyjaYT+EMUXSpEGSu6mF/pPt1nfnAGOnzvuFnztWSyOPuJk6xMH7Y+x4+nmEdMI+n W5DXqi/6nltYHJTRsHGjxonjDcarCxUDFUYpVxTHIPFq5qy3jaBgZ+EEMPLwHha9CYtZ MTf02v6K0kJXJWrue348zJj7EaNX5swtjmDN2mBRmlcbDyhAk9Ha5cf8/4qjQbrKe3oQ fur7Ij734aOe6F+B94TUy96oVqS/DUDlt/zMeJBX5LmaTRPwMp+BLe8kDitx0EKmvf2W 7O2yBeAfqBJKsNTe98eeUvfgID9WOzkHhMi6kExAsNNcfekoUB3ASUNLuxV+CukY7Fj3 +zfw==
In-reply-to: <CAKFqNOB5GpKG5E5Xc3ofYk1HcZACo_f2DA_u9pERmmRb-eiASw@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <38a066ef-c167-5f81-aa58-28a934c8cfd7@openmailbox.org> <D5C2798F-9D45-42E9-8B1B-4E172DA6E0B3@gmail.com> <CAKFqNOBpZ1FvycKZh7j-TpuoBhrbwr1o9zCuQMr_+v-UBHQr=g@mail.gmail.com> <1509F50F-9FF4-4DF6-9122-43223E0096D1@gmail.com> <CAKFqNOB5GpKG5E5Xc3ofYk1HcZACo_f2DA_u9pERmmRb-eiASw@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

> On 24 Jan 2017, at 14:39, Kevin Beranek <kevin@xxxxxxxxxxxx> wrote:
> 
>> Is the Address option set on this relay?
> 
> Address is not set because it is generated from this template, which
> does not set Address:
> https://github.com/nusenu/ansible-relayor/blob/dev/templates/torrc.

To disable the warning, the template could:
* set Address, or
* use two ORPort lines: 'ORPort <PublicPort> NoListen' and
  'ORPort <InternalPort> NoAdvertise'.

But that requires knowing the external address.

>> Maybe we need to change this part of the warning:
>>> If you have a static public IPv4 address, use 'Address <IPv4>'
> 
> I'm not quite sure what you're proposing.  Are you suggesting dropping
> just the "and 'OutboundBindAddress <IPv4>'" or the rest of the
> message?

I think the message is fine, it covers the most common cases.

I don't think we can disable the message in your case, without hiding the
issue from operators who need to know about address mismatches.

>> If the address option isn't set, what does the relay identify as its
>> public IP address in the logs?
>> 
>> Look for log entries about testing ORPort or DirPort reachability, or
>> any log entries containing its public IP address.
> 
> It definitely identifies the correct public IP address as you can see
> from these logs:
> 
> Now checking whether ORPort 51.15.48.254:443 and DirPort
> 51.15.48.254:80 are reachable... (this may take up to 20 minutes --
> look for log messages indicating success)
> ...
> Self-testing indicates your DirPort is reachable from the outside. Excellent.
> Self-testing indicates your ORPort is reachable from the outside.
> Excellent. Publishing server descriptor.

Then it's ok to ignore the warning.

It was put there for relay operators whose relay chooses the wrong
public address, and they don't notice.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] log: ORPort/DirPort address does not match descriptor address
  - From: nusenu
- Re: [tor-dev] log: ORPort/DirPort address does not match descriptor address
  - From: teor
- Re: [tor-dev] log: ORPort/DirPort address does not match descriptor address
  - From: Kevin Beranek
- Re: [tor-dev] log: ORPort/DirPort address does not match descriptor address
  - From: teor
- Re: [tor-dev] log: ORPort/DirPort address does not match descriptor address
  - From: Kevin Beranek

Prev by Author: Re: [tor-dev] Proposal 274: A Name System API for Tor Onion Services
Next by Author: Re: [tor-dev] [RFC] Proposal for the encoding of prop224 onion addresses
Previous by thread: Re: [tor-dev] log: ORPort/DirPort address does not match descriptor address
Next by thread: [tor-dev] GAEuploader
Index(es):
- Author
- Thread