On Mon, Jan 30, 2017 at 03:12:46PM +1100, teor wrote:
On 30 Jan 2017, at 14:35, gustavo panizzo (gfa) gfa@zumbi.com.ar wrote:
On Mon, Jan 30, 2017 at 12:03:40PM +1100, teor wrote:
Hi,
Please send us your actual torrc:
that's my actual torrc, I've only edited HashedControlPassword
Then please reload your torrc so that your tor process is using it.
What I meant to say is that I edited HashedControlPassword on the email
- your torrc has a DirPort, but your relay on atlas does not
(this might be because you have a bandwidth limit set)
- your torrc says IPv6Exit, but your relay on atlas does not exit to
IPv6
Port is open, tor is listening. no fw rules for IPv6
That's the ORPort, an entry port.
You are right, tor wasn't listening on the DirPort on IPv6. I've fixed that a few hours ago.
You say you have IPv6Exit and an ExitPolicy set in the torrc.
I have exit rules for both, same rules apply to both protocols. An tor knows it
Tor[22587]: tor_addr_parse_mask_ports(): '*:6881-6999' expands into rules which apply to all IPv4 and IPv6 addresses. (Use accept/reject *4:* for IPv4 or accept[6]/reject[6] *6:* for IPv6.)
Tor[22587]: tor_addr_parse_mask_ports(): '*:*' expands into rules which apply to all IPv4 and IPv6 addresses. (Use accept/reject *4:* for IPv4 or accept[6]/reject[6] *6:* for IPv6.)
But your relay does not exit to IPv6, both atlas (IPv6 Exit Policy Summary) and your relay's descriptor (ipv6-policy) show that it does not allow any IPv6 ports:
https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677...
(large file) https://collector.torproject.org/recent/relay-descriptors/server-descriptors...
Either that, or there is a bug in Tor relating to IPv6 Exit policies. But I can't see anywhere in the code that makes the IPv6 exit policy dependent on anything except ExitPolicy and IPv6Exit.
Are there any log entries relating to IPv6 or exit policies?
See above [...snip...]
Does your kernel, config, VPS, or provider place a limit on the number of connections?
Yes, when the relay was a non-exit relay it used to have more connections I'll play with sysctl to see if I can get the number to go up
(Search the list archives for detailed troubleshooting steps for this.)
Your relay also does not seem capable of handling much tor traffic, so tor clients are being told not to use it:
(large page) https://consensus-health.torproject.org/consensus-health-2017-01-30-02-00.ht...
I will read it and try to make sense out of it, I'm a sysadmin but I only have a few months of running tor experience.
thanks for your responses, I'll check the links you provided now that IPv6 DirPort is working, although it shouldn't make much difference as most of the world is still using IPv4