(A') Actually, what exactly is going wrong? You say you have to restart,
but, is your relay recognizing a new IP address and publishing even though it isn't reachable at that address yet, e.g. because of firewall rules? Or is it not even recognizing that the address has changed? Does it recover if you wait a while?
I think it might have not recognized the address has changed, because it doesn't recover after a while (I waited around 3~ days) There are no firewall rules that would intervene with this process, on the MikroTik side it's just an DST-NAT rule to my tor ORPort.
Detected possible compression bomb with input size = 18860 and output size = 547719 Possible compression bomb; abandoning stream. Unable to decompress HTTP body (tried Zstandard compressed, on Directory connection (client reading) with 199.58.81.140:80). [1 similar message(s) suppressed in last 216120 secon> Detected possible compression bomb with input size = 18860 and output size = 547719 Possible compression bomb; abandoning stream. Heartbeat: It seems like we are not in the cached consensus.
^ After the above log warning, it just does not reconnect to the tor network; until a manual restart is called.
(B) We had some relay address detection bugs that got introduced in Tor
0.4.5 and never got resolved. So detection is definitely more fragile than it was in the 0.4.4 days. I think it mainly affects people running their relays inside containers or other weird situations. But also, maybe people just quietly stopped trying and left, who knows.
I run my tor relay inside a Debian KVM on a ProxMox (2C, 8G ram); Ryzen 5 5500 CPU. No weird setups here.
(C) The old-school way of handling this was to get a dyndns account and
then set your torrc Address to point to your dyndns hostname. That is, you run a periodic tool that reaches out to the service and it makes sure to update the hostname it gives you to match your current address.
I do have a dyndns address that updates an A record on my Cloudflare account every 60 seconds, now... where do I put the dyndns address inside the torrc file?
https://github.com/timothymiller/cloudflare-ddns
I'll give the dyndns method a shot for now and see if it improves the reliability. If it doesn't, I'll investigate it further and see if it's actually a bug with tor and not my network :)
Thank you Roger, George & Marco!
-darren
On 9/26/24 3:53 AM, Roger Dingledine wrote:
On Wed, Sep 25, 2024 at 05:53:35PM +0700, Tor Relay Net Ops via tor-relays wrote:
I'm currently running a tor relay on a dynamic IP Address connection, usually my ISP gives me a new address every day or so-
Lately [for the past like week or so- /can't remember when it started happening/], I have to manually restart it when my WAN IP Address changes; to get the relay back online- (systemctl restart tor@default)
Is there a way to not manually restart tor (besides running a cron script to do so)
Tor 0.4.8.12 on Linux
Hm! It should work. Four thoughts:
(A) What do your logs say? It should be giving you lines like
log_notice(LD_CONFIG, "External address seen and suggested by a " "directory authority: %s", fmt_addr(addr));(A') Actually, what exactly is going wrong? You say you have to restart, but, is your relay recognizing a new IP address and publishing even though it isn't reachable at that address yet, e.g. because of firewall rules? Or is it not even recognizing that the address has changed? Does it recover if you wait a while?
(B) We had some relay address detection bugs that got introduced in Tor 0.4.5 and never got resolved. So detection is definitely more fragile than it was in the 0.4.4 days. I think it mainly affects people running their relays inside containers or other weird situations. But also, maybe people just quietly stopped trying and left, who knows.
The starting point for investigating those is https://gitlab.torproject.org/tpo/core/tor/-/issues/40424
(C) The old-school way of handling this was to get a dyndns account and then set your torrc Address to point to your dyndns hostname. That is, you run a periodic tool that reaches out to the service and it makes sure to update the hostname it gives you to match your current address.
Apparently dyndns has turned from the great free service that it used to be into a mess of for-profit scamminess. But the nice people on irc point me tohttps://freedns.afraid.org/ as one option that's also been around forever and doesn't seem like it's gone scammy yet.
(D) If you investigate it more and you realize you have found a specific bug ("it should do this but it does that instead"), please do open a gitlab ticket, to help the next person: https://gitlab.torproject.org/tpo/core/tor/-/issues/
Thanks! --Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays