hi.in relay stopped working ipv6.address is correct all pings, including tor to the servers, but relay does not work.before that it worked perfectly 2 months.
Hi,
On 21 Aug 2019, at 23:38, armik900@gmail.com wrote:
hi.in relay stopped working ipv6.address is correct all pings, including tor to the servers, but relay does not work.before that it worked perfectly 2 months.
Please tell us your relay's fingerprint.
Please copy and paste the notice-level logs that tor creates on startup, from launch to the end of the ORPort and DirPort reachability checks.
Please copy and paste your torrc, particularly the Address, ORPort, DirPort, and OutboundBindAddress options.
If we need your machines network config, we'll let you know.
It can be hard to set up IPv6 for a relay, we're working on a grant to make it easier.
T
It can be hard to set up IPv6 for a relay, we're working on a grant to make it easier.
It could be helpful to do a request/survey to relay operators to find out their experiences. That is those who have ipv6 configured what was the process and if there were any problems in the process. For those who haven't yet configured ipv6 what is the barriers preventing them from using ipv6.
For me it was a problem at the ISPs end then it wasn't clear how to get network config to use ipv6. I got the shits with it in the end and just used iface eth0 inet6 dhcp. It works... LOL
Paul
Hi Paul,
On 22 Aug 2019, at 14:26, Paul Templeton paul@coffswifi.net wrote:
It can be hard to set up IPv6 for a relay, we're working on a grant to make it easier.
It could be helpful to do a request/survey to relay operators to find out their experiences. That is those who have ipv6 configured what was the process and if there were any problems in the process. For those who haven't yet configured ipv6 what is the barriers preventing them from using ipv6.
Yes, I'd love to know what problems relay operators have with setting up IPv6. I have some idea from helping people out, but hard data is more useful.
We tried to add a survey/advocacy component to the grant, but there wasn't enough time in the grant budget.
Would you like to run a survey or start a mailing list thread?
For me it was a problem at the ISPs end then it wasn't clear how to get network config to use ipv6. I got the shits with it in the end and just used iface eth0 inet6 dhcp. It works... LOL
Yeah it took me a while to learn how to set up IPv6 on Linux. Most VPS providers don't do it automatically.
T
Here's all the info you need to setup IPv6 in Debian:
root@ateam:~# ifconfig eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 50.238.252.6 netmask 255.255.255.252 broadcast 50.238.252.7 inet6 2001:559:800c:1900::5a02 prefixlen 126 scopeid 0x0<global>
root@ateam:/etc/network# pwd /etc/network root@ateam:/etc/network# cat interfaces iface eno1 inet6 static address 2001:559:800c:1900::5a02 netmask 126 gateway 2001:559:800c:1900::5a01 dns-nameserver 2620:0:ccc::2 2620:0:ccd::2
Matt Westfall President & CIO ECAN Solutions, Inc. Everything Computers and Networks 804.592.1672
------ Original Message ------ From: "teor" teor@riseup.net To: tor-relays@lists.torproject.org Sent: 8/22/2019 6:08:14 AM Subject: Re: [tor-relays] tor relay ipv6
Hi Paul,
On 22 Aug 2019, at 14:26, Paul Templeton paul@coffswifi.net wrote:
It can be hard to set up IPv6 for a relay, we're working on a grant to make it easier.
It could be helpful to do a request/survey to relay operators to find out their experiences. That is those who have ipv6 configured what was the process and if there were any problems in the process. For those who haven't yet configured ipv6 what is the barriers preventing them from using ipv6.
Yes, I'd love to know what problems relay operators have with setting up IPv6. I have some idea from helping people out, but hard data is more useful.
We tried to add a survey/advocacy component to the grant, but there wasn't enough time in the grant budget.
Would you like to run a survey or start a mailing list thread?
For me it was a problem at the ISPs end then it wasn't clear how to get network config to use ipv6. I got the shits with it in the end and just used iface eth0 inet6 dhcp. It works... LOL
Yeah it took me a while to learn how to set up IPv6 on Linux. Most VPS providers don't do it automatically.
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
IPv6 at the OS Side is not difficult whatsoever.
My node is running IPv6, I have 2Gbps Comcast Fiber.
It's literally no different than configuring IPv4 other than its hexidecimal and a lot more digits :-D
Matt Westfall President & CIO ECAN Solutions, Inc. Everything Computers and Networks 804.592.1672
------ Original Message ------ From: "Paul Templeton" paul@coffswifi.net To: tor-relays@lists.torproject.org Sent: 8/22/2019 12:26:09 AM Subject: Re: [tor-relays] tor relay ipv6
It can be hard to set up IPv6 for a relay, we're working on a grant to make it easier.
It could be helpful to do a request/survey to relay operators to find out their experiences. That is those who have ipv6 configured what was the process and if there were any problems in the process. For those who haven't yet configured ipv6 what is the barriers preventing them from using ipv6.
For me it was a problem at the ISPs end then it wasn't clear how to get network config to use ipv6. I got the shits with it in the end and just used iface eth0 inet6 dhcp. It works... LOL
Paul _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
22.08.2019, 06:57, "teor" teor@riseup.net:
Hi,
On 21 Aug 2019, at 23:38, armik900@gmail.com wrote:
hi.in relay stopped working ipv6.address is correct all pings, including tor to the servers, but relay does not work.before that it worked perfectly 2 months.
Please tell us your relay's fingerprint.
Please copy and paste the notice-level logs that tor creates on startup, from launch to the end of the ORPort and DirPort reachability checks.
Please copy and paste your torrc, particularly the Address, ORPort, DirPort, and OutboundBindAddress options.
If we need your machines network config, we'll let you know.
It can be hard to set up IPv6 for a relay, we're working on a grant to make it easier.
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
CE5ED345398CC02D573347C2F238F80B18E680EE.
Hi,
On 22 Aug 2019, at 20:00, Станислав armik900@gmail.com wrote:
22.08.2019, 06:57, "teor" teor@riseup.net:
On 21 Aug 2019, at 23:38, armik900@gmail.com wrote:
hi.in relay stopped working ipv6.address is correct all pings, including tor to the servers, but relay does not work.before that it worked perfectly 2 months.
Please tell us your relay's fingerprint.
CE5ED345398CC02D573347C2F238F80B18E680EE.
Your relay's IPv6 address is not reachable from the directory authorities: https://metrics.torproject.org/rs.html#details/CE5ED345398CC02D573347C2F238F...
All 6 directory authorities on IPv6 can't reach your relay on IPv6: https://consensus-health.torproject.org/consensus-health-2019-08-22-10-00.ht...
But your relay is still reachable over IPv4 from the 3 directory authorities that don't have IPv6.
Please copy and paste the notice-level logs that tor creates on startup, from launch to the end of the ORPort and DirPort reachability checks.
And your relay is reachable over IPv6 on its ORPort and DirPort from at least one relay in the tor network.
It looks like your torrc matches your local network config.
Please copy and paste your torrc, particularly the Address, ORPort, DirPort, and OutboundBindAddress options.
Your torrc looks correct.
It can be hard to set up IPv6 for a relay, we're working on a grant to make it easier.
Tor doesn't do IPv6 reachability checks yet, that's part of the grant.
The only issue I can see is that all 6 directory authorities on IPv6 can't reach your relay on IPv6.
Has your provider stopped routing your IPv6 address to your relay? Does your provider censor Tor over IPv6?
It looks like the problem is somewhere between your relay machine and the IPv6 internet.
T
On Thu, 22 Aug 2019 21:23:03 +1000 teor teor@riseup.net wrote:
Your relay's IPv6 address is not reachable from the directory authorities: https://metrics.torproject.org/rs.html#details/CE5ED345398CC02D573347C2F238F...
All 6 directory authorities on IPv6 can't reach your relay on IPv6: https://consensus-health.torproject.org/consensus-health-2019-08-22-10-00.ht...
To be more specific, from my tests the IP in question is reachable by ICMP, but it is "Connection refused" on port 443.
@Станислав, Maybe you didn't reload (or better yet, restart) Tor after commenting/uncommenting some of the IPv6-related lines in torrc? (Which looks kind of weird, and hints that perhaps you were experimenting with various changes)
----------------------------------- ## Required: what port to advertise for incoming Tor connections. #ORPort 9001 ## If you want to listen on a port other than the one advertised in ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as ## follows. You'll need to do ipchains or other port forwarding ## yourself to make this work. ORPort 443 #ORPort [2a03:e2c0:bc7::2]:443 #ORPort 127.0.0.1:9090 NoAdvertise
## The IP address or full DNS name for incoming connections to your ## relay. Leave commented out and Tor will guess. Address [2a03:e2c0:bc7::2]
## If you have multiple network interfaces, you can specify one for ## outgoing traffic to use. ## OutboundBindAddressExit will be used for all exit traffic, while ## OutboundBindAddressOR will be used for all OR and Dir connections ## (DNS connections ignore OutboundBindAddress). ## If you do not wish to differentiate, use OutboundBindAddress to ## specify the same address for both in a single line. #OutboundBindAddressExit 10.0.0.4 OutboundBindAddress [2a03:e2c0:bc7::2] ORPort [2a03:e2c0:bc7::2]:443 -----------------------------------
The "Address" and "OutboundBindAddress" IPv6 lines should not be necessary, only the ORPort one is required, i.e.
ORPort 443 ORPort [2a03:e2c0:bc7::2]:443
should be fine, all the rest can be deleted.
Also check firewall on the router and the machine itself, that IPv6 connections on port 443 are accepted from the outside.
Lastly, rather than using a tunnel, check if you get native IPv6 from your ISP, I think yours should provide it in some areas. However then you might get a dynamic prefix, which is a pain to use with Tor currently (speaking of v6-related Tor issues...)
I can traceroute to your ipv6 address:
traceroute to 2a03:e2c0:bc7::2 (2a03:e2c0:bc7::2), 30 hops max, 80 byte packets 1 2001:559:800c:1900::5a01 (2001:559:800c:1900::5a01) 0.356 ms 0.345 ms 0.449 ms 2 2001:558:180:1c::1 (2001:558:180:1c::1) 0.317 ms 0.435 ms 0.429 ms 3 2001:558:180:36::1 (2001:558:180:36::1) 7.756 ms 7.763 ms 7.864 ms 4 be-21508-cr02.ashburn.va.ibone.comcast.net (2001:558:0:f6cd::1) 10.873 ms * * 5 * * * 6 * * * 7 * * * 8 lo-0-v6.ear4.frankfurt1.level3.net (2001:1900:2::3:12b) 96.479 ms 96.505 ms 96.654 ms 9 2001:1900:5:2:2::5be2 (2001:1900:5:2:2::5be2) 108.774 ms 108.757 ms 108.757 ms 10 rt.mr.msk.ru.retn.net (2a02:2d8::57f5:e005) 141.933 ms 142.148 ms 141.996 ms 11 gw-mediaserviceplus.retn.net (2a02:2d8:0:82a:232a::1) 136.907 ms 136.871 ms 136.670 ms 12 2a04:5200::5555 (2a04:5200::5555) 142.424 ms 141.550 ms 141.963 ms 13 2a03:e2c0:bc7::2 (2a03:e2c0:bc7::2) 140.933 ms 141.737 ms 141.245 ms
So perhaps your ISP is wonking with tor traffic as suggested.
Thanks,
Matt Westfall President & CIO ECAN Solutions, Inc. Everything Computers and Networks 804.592.1672
------ Original Message ------ From: "teor" teor@riseup.net To: tor-relays@lists.torproject.org Sent: 8/22/2019 7:23:03 AM Subject: Re: [tor-relays] tor relay ipv6
Hi,
On 22 Aug 2019, at 20:00, Станислав armik900@gmail.com wrote:
22.08.2019, 06:57, "teor" teor@riseup.net:
On 21 Aug 2019, at 23:38, armik900@gmail.com wrote:
hi.in relay stopped working ipv6.address is correct all pings, including tor to the servers, but relay does not work.before that it worked perfectly 2 months.
Please tell us your relay's fingerprint.
CE5ED345398CC02D573347C2F238F80B18E680EE.
Your relay's IPv6 address is not reachable from the directory authorities: https://metrics.torproject.org/rs.html#details/CE5ED345398CC02D573347C2F238F...
All 6 directory authorities on IPv6 can't reach your relay on IPv6: https://consensus-health.torproject.org/consensus-health-2019-08-22-10-00.ht...
But your relay is still reachable over IPv4 from the 3 directory authorities that don't have IPv6.
Please copy and paste the notice-level logs that tor creates on startup, from launch to the end of the ORPort and DirPort reachability checks.
And your relay is reachable over IPv6 on its ORPort and DirPort from at least one relay in the tor network.
It looks like your torrc matches your local network config.
Please copy and paste your torrc, particularly the Address, ORPort, DirPort, and OutboundBindAddress options.
Your torrc looks correct.
It can be hard to set up IPv6 for a relay, we're working on a grant to make it easier.
Tor doesn't do IPv6 reachability checks yet, that's part of the grant.
The only issue I can see is that all 6 directory authorities on IPv6 can't reach your relay on IPv6.
Has your provider stopped routing your IPv6 address to your relay? Does your provider censor Tor over IPv6?
It looks like the problem is somewhere between your relay machine and the IPv6 internet.
T
On Thu, 22 Aug 2019 13:07:21 +0000 "Matt Westfall" mwestfall@ecansol.com wrote:
So perhaps your ISP is wonking with tor traffic as suggested.
We happened to meet in a Telegram group chat and after some more discussion the cause turned out to be firewall rules on the relay machine itself.
22.08.2019, 18:46, "Roman Mamedov" rm@romanrm.net:
On Thu, 22 Aug 2019 13:07:21 +0000 "Matt Westfall" mwestfall@ecansol.com wrote:
So perhaps your ISP is wonking with tor traffic as suggested.
We happened to meet in a Telegram group chat and after some more discussion the cause turned out to be firewall rules on the relay machine itself.
-- With respect, Roman _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
thank you all for your help.problem resolved. С уважением, Станислав
That's why I personally just disable all firewalls and just configure acls in vulnerable services themselves.
Don't let mysql listen on anything but local host, server secured lol.
tor-relays@lists.torproject.org
-
armik900@gmail.com -
Matt Westfall -
Paul Templeton -
Roman Mamedov -
teor -
Станислав