[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] IPv6 Issue with Relay





On Dec 21, 2017, at 3:01 AM, teor <teor2345@xxxxxxxxx> wrote:


On 21 Dec 2017, at 16:33, Conrad Rockenhaus <conrad@xxxxxxxxxxxxxx> wrote:

Hello,

One of the relays that I brought online yesterday, ConradsAWSExit (Hash 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 OR is unreachable.

The other relay is working just fine with IPv6.

I’ve confirmed that the following entries are in torrc:

ORPort 9001
ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001
IPv6Exit 1

Are these the only ORPort entries in your torrc?
Have you restarted or HUP'd the relay since you last edited the torrc?


Yes sir, I did. I see Atlas now shows that IPv6 is reachable, but the exit policy is rejecting everything. I have the reject policy in the torrc set to the defaults (I have all of the exit policies in torrc commented out).

Just to confirm, here’s the output from ifconfig, that is the IP:

inet6 2600:1f14:ede:d601:e107:1a4b:ba3:803  prefixlen 64  scopeid 0x0<global>

This is what Relay Search (Atlas) says:

Unreachable OR Addresses
[2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001

The last 8 bytes of the address your relay is advertising,
are not the same as the address on your machine.

Also, you have set IPv6Exit, but Relay Search says:

IPv6 Exit Policy Summary
reject
1-65535


Exactly. If I have torrc set to the defaults, what’s going on here?

Relay Search data is usually up to 2.5 hours behind, but it can lag more.

Please copy and paste the notice-level Tor logs that mention your ORPort,
DirPort, and Exit settings, so we can see what Tor is actually doing.

Dec 20 21:24:17.937 [warn] Tor is running as an exit relay with the default exit policy. If you did not want this behavior, please set the ExitRelay option to 0. If you do want to run an exit Relay, please set the ExitRelay option to 1 to disable this warning, and for forward compatibility.
Dec 20 21:24:17.937 [warn] In a future version of Tor, ExitRelay 0 may become the default when no ExitPolicy is given.
Dec 20 21:24:17.937 [notice] Opening OR listener on 0.0.0.0:9001
Dec 20 21:24:17.937 [notice] Opening OR listener on [2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001
Dec 20 21:24:17.938 [notice] Opening Directory listener on 0.0.0.0:9030


I have confirmed that all of the applicable Security Group rules are configured correctly:

Custom TCP Rule
TCP
9001
0.0.0.0/0
ORPort
Custom TCP Rule
TCP
9001
::/0
ORPort
Custom TCP Rule
TCP
9030
0.0.0.0/0
DIRPort
Custom TCP Rule
TCP
9030
::/0
DIRPort

By the way, there are no IPv6 DirPorts :-)

I know that now from reading the docs, I removed that rule :D


Plus, I have confirmed with a telnet -6 to port 9001 from both my house and my servers at OVH in Canada that I’m able to connect to port 9001 via the IPv6 address on this node.

What are the exact commands you used?

This shows that the relay is listening on whatever IPv6 address and port
you checked, but it doesn't show which IPv6 address the relay is
advertising.

I just checked if it was listening with a telnet -6 <ip> 9001, but this is a non-issue now since atlas shows it reachable.


So, my question is…what could I be missing here that is causing atlas to say that IPv6 is unreachable? I’ve been looking into this through the day and would like to kind of close it out, got a bunch of emails to catch up on hehe :D, so any input would be appreciated.

There are a few more detailed troubleshooting things we can try,
like checking consensus health and the exact content of your
relay's descriptor and the authorities' votes.

If the above steps don't help, I'm happy to go through them later,
when I'm using a more capable device.

My main issue now is trying to fix the issue with the default exit policy - the logs say I’m running the defaults, yet all IPv6 traffic is getting blocked. I’ve looked over the documentation and I’ve done what it says. What am I doing wrong?

Just for further troubleshooting, I attached this exit’s torrc file.

Thanks,

Rock

Attachment: torrc
Description: Binary data



T
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays