Hello,
On 9/19/2016 4:14 PM, René Mayrhofer wrote: [SNIP]
Problem: This worked nicely with Tor 0.2.5.12-1 on Debian Jessie. We upgraded about two weeks ago to 0.2.8.7-1 from the Tor apt repositories (mostly in response to https://blog.torproject.org/blog/tor-0287-released-important-fixes as a wakeup call that we were using old versions from Debian main). At first, it seemed to work well enough, but then the holidays came and we didn't actively watch it for the next week.... Now with 0.2.8.7-1, the traffic sent to our node started declining until it vanished completely. After a bit of debugging and rolling back to 0.2.5.12-1 (which is now active on our node as of a few hours ago, slowly approaching the 200MBit/s again), it seems that we discovered a regression concerning the handling of sockets. I can best summarize it with the relevant torrc config options and startup log lines from both versions:
root@tor2 ~ # grep 193.171.202 /etc/tor/torrc ORPort 193.171.202.146:9001 ORPort 193.171.202.146:443 OutboundBindAddress 193.171.202.150 DirPort 193.171.202.146:9030
Yes this is an issue for how we guess Address in some cases. It was initially reported here:
https://trac.torproject.org/projects/tor/ticket/13953
We made the first step towards fixing it (nice patch by teor) and now we log a warning when the address we listen on does not match the one in the descriptor, and the self test doesn't pass so descriptor is not published at all.
We will fix this entirely in this ticket: https://trac.torproject.org/projects/tor/ticket/19919
Where we will use the first explicit public IP address configured with ORPort that we listen on as being Address.
I wanted to create a separate ticket for doing the same with OutboundBindAddress (use the first explicit public IP address configured with ORPort that we listen on as being OutboundBindAdress) -- but I see in your setup this would not fix it anyway, so we will leave it aside for the moment. I think OutboundBindAddress overwrites Address for outgoing connections, so unless otherwise configured OutboundBindAddress == Address.
Thanks for running Austria's fastest exit -- this rocks!