Relay disconnect & offline on IP change
Greetings fellow relay operators! I'm currently running a tor relay on a dynamic IP Address connection, usually my ISP gives me a new address every day or so- Lately [for the past like week or so- /can't remember when it started happening/], I have to manually restart it when my WAN IP Address changes; to get the relay back online- (systemctl restart tor@default) Is there a way to not manually restart tor (besides running a cron script to do so) Below are my tor configuration: Tor 0.4.8.12 on Linux Debian GNU/Linux 12 (bookworm) /etc/tor/torrc Nickname hadleyJamison ContactInfo url:darrenofficial.com proof:dns-rsa ciissversion:2mailto:tor-relay-netops@darrenofficial.com ORPort 88 IPv4Only ExitRelay 0 SocksPort 0 ControlPort 9051 CookieAuthentication 1 RelayBandwidthRate 69 MBits RelayBandwidthBurst 69 MBits -darren
From my experience, it should come back online, but not instantly - you likely need to wait for the next descriptor to be uploaded (once every 6 hours usually).
All the best, George On Wednesday, September 25th, 2024 at 12:53 PM, Tor Relay Net Ops via tor-relays <tor-relays@lists.torproject.org> wrote:
Greetings fellow relay operators!
I'm currently running a tor relay on a dynamic IP Address connection, usually my ISP gives me a new address every day or so-
Lately [for the past like week or so- can't remember when it started happening], I have to manually restart it when my WAN IP Address changes; to get the relay back online- (systemctl restart tor@default)
Is there a way to not manually restart tor (besides running a cron script to do so)
Below are my tor configuration:
Tor 0.4.8.12 on Linux Debian GNU/Linux 12 (bookworm) /etc/tor/torrc Nickname hadleyJamison ContactInfo url:darrenofficial.com proof:dns-rsa ciissversion:2 mailto:tor-relay-netops@darrenofficial.com ORPort 88 IPv4Only ExitRelay 0 SocksPort 0
ControlPort 9051 CookieAuthentication 1
RelayBandwidthRate 69 MBits RelayBandwidthBurst 69 MBits
-darren
On Wed, Sep 25, 2024 at 05:53:35PM +0700, Tor Relay Net Ops via tor-relays wrote:
I'm currently running a tor relay on a dynamic IP Address connection, usually my ISP gives me a new address every day or so-
Lately [for the past like week or so- /can't remember when it started happening/], I have to manually restart it when my WAN IP Address changes; to get the relay back online- (systemctl restart tor@default)
Is there a way to not manually restart tor (besides running a cron script to do so)
Tor 0.4.8.12 on Linux
Hm! It should work. Four thoughts: (A) What do your logs say? It should be giving you lines like log_notice(LD_CONFIG, "External address seen and suggested by a " "directory authority: %s", fmt_addr(addr)); (A') Actually, what exactly is going wrong? You say you have to restart, but, is your relay recognizing a new IP address and publishing even though it isn't reachable at that address yet, e.g. because of firewall rules? Or is it not even recognizing that the address has changed? Does it recover if you wait a while? (B) We had some relay address detection bugs that got introduced in Tor 0.4.5 and never got resolved. So detection is definitely more fragile than it was in the 0.4.4 days. I think it mainly affects people running their relays inside containers or other weird situations. But also, maybe people just quietly stopped trying and left, who knows. The starting point for investigating those is https://gitlab.torproject.org/tpo/core/tor/-/issues/40424 (C) The old-school way of handling this was to get a dyndns account and then set your torrc Address to point to your dyndns hostname. That is, you run a periodic tool that reaches out to the service and it makes sure to update the hostname it gives you to match your current address. Apparently dyndns has turned from the great free service that it used to be into a mess of for-profit scamminess. But the nice people on irc point me to https://freedns.afraid.org/ as one option that's also been around forever and doesn't seem like it's gone scammy yet. (D) If you investigate it more and you realize you have found a specific bug ("it should do this but it does that instead"), please do open a gitlab ticket, to help the next person: https://gitlab.torproject.org/tpo/core/tor/-/issues/ Thanks! --Roger
On Wednesday, 25 September 2024 22:53 Roger Dingledine wrote:
(C) The old-school way of handling this was to get a dyndns account and then set your torrc Address to point to your dyndns hostname. That is, you run a periodic tool that reaches out to the service and it makes sure to update the hostname it gives you to match your current address.
Apparently dyndns has turned from the great free service that it used to be into a mess of for-profit scamminess. But the nice people on irc point me to https://freedns.afraid.org/ as one option that's also been around forever and doesn't seem like it's gone scammy yet.
afraid.org is a good choice. Alternative: https://dns.he.net/ I use it as a secondary (slave) DNS zone for my domain. If you need help with DynDNS on your router, ask here and specify your router model. I have scripts for Mikrotik. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
(A') Actually, what exactly is going wrong? You say you have to restart, but, is your relay recognizing a new IP address and publishing even though it isn't reachable at that address yet, e.g. because of firewall rules? Or is it not even recognizing that the address has changed? Does it recover if you wait a while?
I think it might have not recognized the address has changed, because it doesn't recover after a while (I waited around 3~ days) There are no firewall rules that would intervene with this process, on the MikroTik side it's just an DST-NAT rule to my tor ORPort. Detected possible compression bomb with input size = 18860 and output size = 547719 Possible compression bomb; abandoning stream. Unable to decompress HTTP body (tried Zstandard compressed, on Directory connection (client reading) with 199.58.81.140:80). [1 similar message(s) suppressed in last 216120 secon> Detected possible compression bomb with input size = 18860 and output size = 547719 Possible compression bomb; abandoning stream. Heartbeat: It seems like we are not in the cached consensus. ^ After the above log warning, it just does not reconnect to the tor network; until a manual restart is called.
(B) We had some relay address detection bugs that got introduced in Tor 0.4.5 and never got resolved. So detection is definitely more fragile than it was in the 0.4.4 days. I think it mainly affects people running their relays inside containers or other weird situations. But also, maybe people just quietly stopped trying and left, who knows.
I run my tor relay inside a Debian KVM on a ProxMox (2C, 8G ram); Ryzen 5 5500 CPU. No weird setups here.
(C) The old-school way of handling this was to get a dyndns account and then set your torrc Address to point to your dyndns hostname. That is, you run a periodic tool that reaches out to the service and it makes sure to update the hostname it gives you to match your current address.
I do have a dyndns address that updates an A record on my Cloudflare account every 60 seconds, now... where do I put the dyndns address inside the torrc file? https://github.com/timothymiller/cloudflare-ddns I'll give the dyndns method a shot for now and see if it improves the reliability. If it doesn't, I'll investigate it further and see if it's actually a bug with tor and not my network :) Thank you Roger, George & Marco! -darren On 9/26/24 3:53 AM, Roger Dingledine wrote:
On Wed, Sep 25, 2024 at 05:53:35PM +0700, Tor Relay Net Ops via tor-relays wrote:
I'm currently running a tor relay on a dynamic IP Address connection, usually my ISP gives me a new address every day or so-
Lately [for the past like week or so- /can't remember when it started happening/], I have to manually restart it when my WAN IP Address changes; to get the relay back online- (systemctl restart tor@default)
Is there a way to not manually restart tor (besides running a cron script to do so)
Tor 0.4.8.12 on Linux Hm! It should work. Four thoughts:
(A) What do your logs say? It should be giving you lines like
log_notice(LD_CONFIG, "External address seen and suggested by a " "directory authority: %s", fmt_addr(addr));
(A') Actually, what exactly is going wrong? You say you have to restart, but, is your relay recognizing a new IP address and publishing even though it isn't reachable at that address yet, e.g. because of firewall rules? Or is it not even recognizing that the address has changed? Does it recover if you wait a while?
(B) We had some relay address detection bugs that got introduced in Tor 0.4.5 and never got resolved. So detection is definitely more fragile than it was in the 0.4.4 days. I think it mainly affects people running their relays inside containers or other weird situations. But also, maybe people just quietly stopped trying and left, who knows.
The starting point for investigating those is https://gitlab.torproject.org/tpo/core/tor/-/issues/40424
(C) The old-school way of handling this was to get a dyndns account and then set your torrc Address to point to your dyndns hostname. That is, you run a periodic tool that reaches out to the service and it makes sure to update the hostname it gives you to match your current address.
Apparently dyndns has turned from the great free service that it used to be into a mess of for-profit scamminess. But the nice people on irc point me tohttps://freedns.afraid.org/ as one option that's also been around forever and doesn't seem like it's gone scammy yet.
(D) If you investigate it more and you realize you have found a specific bug ("it should do this but it does that instead"), please do open a gitlab ticket, to help the next person: https://gitlab.torproject.org/tpo/core/tor/-/issues/
Thanks! --Roger
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thursday, 26 September 2024 08:01 Tor Relay Net Ops via tor-relays wrote:
I think it might have not recognized the address has changed, because it doesn't recover after a while (I waited around 3~ days) There are no firewall rules that would intervene with this process, on the MikroTik side it's just an DST-NAT rule to my tor ORPort.
In case you need it at some point. Should be easy to adapt for other providers. https://forum.mikrotik.com/viewtopic.php?t=122564
(C) The old-school way of handling this was to get a dyndns account and then set your torrc Address to point to your dyndns hostname. That is, you run a periodic tool that reaches out to the service and it makes sure to update the hostname it gives you to match your current address.
I do have a dyndns address that updates an A record on my Cloudflare account every 60 seconds, now... where do I put the dyndns address inside the torrc file?
With working A and AAAA records. # The hostname for incoming connections e.g.: Address dynhost.cloudflare.net -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
Tor Relay Net Ops via tor-relays wrote on 9/25/24 12:53:
Greetings fellow relay operators!
I'm currently running a tor relay on a dynamic IP Address connection, usually my ISP gives me a new address every day or so-
Hi, once upon a time Tor used to take care of this by itself, updating the descriptor, but at some version it stopped doing so. At least my Tor did stop. Or maybe it does it again, but I haven't checked... :-) I've solved with a script that connects to some url that gives back my public IP*, and if it's changed calls /etc/rc.d/rc.tor restart My two cents, Marco * https://secure.informaction.com/ipecho/ https://checkip.amazonaws.com/ ...plenty more... -- https://nusenu.github.io/OrNetStats/w/relay/A4E74410D83705EEFF24BC265DE2B2FF...
participants (6)
-
boldsuck -
George Hartley -
lists@for-privacy.net
-
Marco Predicatori -
Roger Dingledine -
Tor Relay Net Ops