[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Failed upgrade



Hello,

You have some wrong torrc options.

They used to work because we didn't had a clear logic, there has been a lot of improvements made since IPv6 Address auto discovery was implemented.

Please see my corrections in line as well as explanations. Hope they make sense.

r1610091651 wrote:
Hi

FYI

So I've upgraded tor package from 0.4.4.6 to 0.4.5.7-1~xenial+1. No other changes.
Yet on startup tor is complaining about mis-configuration:

Mar 23 20:55:02.928 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Mar 23 20:55:02.929 [notice] Read configuration file "/etc/tor/torrc".
Mar 23 20:55:02.932 [warn] Configuration port ORPort 9443 superseded by ORPort <local-ip>:9443 Mar 23 20:55:02.932 [warn] We are listening on an ORPort, but not advertising any ORPorts. This will keep us from building a router descriptor, and make us impossible to use. Mar 23 20:55:02.932 [warn] Failed to parse/validate config: Misconfigured server ports
Mar 23 20:55:02.932 [err] Reading config failed--see warnings above.

config:
ORPort <local-ip>:9443 NoAdvertise

This is ok, you configured and explicit IP address.

ORPort 9443 NoListen IPv4Only

This is not ok, the NoAdvertise ORPort is explicit <local-ip> but this is wildcard to all interfaces.

IPv4Only either you use it for both NoListen and NoAdvertise ORPort either you don't use it at all since you use AddressDisableIPv6.

This line should be:
ORPort <public-ip>:9443 NoListen

AddressDisableIPv6 1

This is OK. Or you can use IPv4Only for both ORPort entries and it will have the same effect.

OutboundBindAddress <local-ip>

This is also OK.


This config is according to spec and worked with 4.4.6.

Seems to be related to thes issues, except for me it's blocking: tor fails to start. https://gitlab.torproject.org/tpo/core/tor/-/issues/40300 <https://gitlab.torproject.org/tpo/core/tor/-/issues/40300> https://gitlab.torproject.org/tpo/core/tor/-/issues/40302 <https://gitlab.torproject.org/tpo/core/tor/-/issues/40302>

I had to add 0.0.0.0 as ip to make tor start, although that's not documented...
ORPort <local-ip>:9443 NoAdvertise
ORPort 0.0.0.0:9443 <http://0.0.0.0:9443> NoListen IPv4Only


Please try with my example and remove 0.0.0.0 as it's not our scope, we are trying to configure explicit binding IP addresses. Let me know if this works for you -- it should be a correct configuration.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays