My web-bridges looks offline in the Relay Search
Hello! Today all my web tunnel relays become offline according to https://metrics.torproject.org/rs.html#search/BrookRameev (my web tunnel bridges have the 'W' suffix). But they are surely online (except BrookRameev7W, which is surely dead). I see traffic on them, I see no problems in logs, nothing changed in their configuration. I also checked them using tor browser. All of them "went down" at the same time: " 1 hour 17 minute and 48 seconds" from the current moment. The problem relates only to webtunnels, ordinal relays work normally. Good luck.
Hej, they are all green again on metrics ;) Your bridges showing offline from time to time is related to not exposing your ORPort (which is highly recommended). See these 2 tickets: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129 https://gitlab.torproject.org/tpo/web/community/-/issues/329 If you can use your bridge and its shown as “webtunnel: functional” when you check here: https://bridges.torproject.org/status?id=$YOURFINGERPRINT everything should be fine. Best regards, atari
On 7/1/25 05:38, atari … via tor-relays wrote:
Hej,
they are all green again on metrics ;)
Your bridges showing offline from time to time is related to not exposing your ORPort (which is highly recommended). See these 2 tickets:
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129 https://gitlab.torproject.org/tpo/web/community/-/issues/329
To be clear, it is strongly strongly recommended that WebTunnel bridges do not expose their ORPort. Doing so could make them vulnerable to enumeration through port scanning, which isn't ideal. Exposing it could allow malicious actors to set up middle relays that port scan clients connecting to them looking for the ORPort, making it easier to identify and compile a list of all the bridges. If AssumeReachable 1 is now sufficient for obfs4, then neither type of bridge should be exposing their ORPort. The non-Docker guides on torproject.org should be updated to reflect that.
If you can use your bridge and its shown as “webtunnel: functional” when you check here: https://bridges.torproject.org/status?id=$YOURFINGERPRINT everything should be fine.
Best regards, atari _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
Hello! On Tuesday, January 7th, 2025 at 11:38, atari … via tor-relays <tor-relays@lists.torproject.org> wrote:
is related to not exposing your ORPort (which is highly recommended). See these 2 tickets:
Can you please clarify what is recommended? To expose ORPort or not? At first from your quoted message I decided that it was mistake that I closed the port (by the way for closing the ORPort from outside and turning on IPv6 support I used the link https://forum.torproject.org/t/webtunnel-docker-unable-to-find-ipv6-address-... with your (?) advice, thank you for it). But after reading links from your message and thinking and little bit I got that it's good idea NOT to expose ORPort (even random one) to prevent blocking the relay by the goverment. Best regards.
Hej, like said before, its not recommended to expose the ORPort. The forum link (yes, it's me) only enables IPv6 for outgoing connections from the container and does not expose any ORPorts to the outside. 2001:db8:1::/64 is "IPv6 prefix for documentation purpose", so think of it like 192.168.0.0/16 which is not routed on the internet. Only exposed port is 127.0.0.1:15000:15000 and this is only exposed locally on the docker host to connect the web-server to it. (see https://docs.docker.com/get-started/docker-concepts/running-containers/publi... for example) Best regards, atari
On Mon, Jan 06, 2025 at 01:11:15PM +0000, Brook Rameev via tor-relays wrote:
Today all my web tunnel relays become offline according to https://metrics.torproject.org/rs.html#search/BrookRameev (my web tunnel bridges have the 'W' suffix). But they are surely online (except BrookRameev7W, which is surely dead). I see traffic on them, I see no problems in logs, nothing changed in their configuration. I also checked them using tor browser.
I've been having a similar issue with my obfs4 bridge since a few days I started it, more than a month ago. It never went offline, but it is often reported as offline. I also receive Tor Weather notifications about that. Then, in a few hours it is again reported as online, with no downtime.
All of them "went down" at the same time: " 1 hour 17 minute and 48 seconds" from the current moment. The problem relates only to webtunnels, ordinal relays work normally.
Unluckily at the moment I am not running any other relay, so I can't do any comparison. -- Eldalië
participants (4)
-
atari … -
Brook Rameev -
Eldalië -
tor-relays+tor-relays@queer.cat