[tor-bugs] #12160 [Tor]: ORPort self-testing fails behind tcp proxy when using version 0.2.4.22
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 29 21:30:47 UTC 2014
#12160: ORPort self-testing fails behind tcp proxy when using version 0.2.4.22
--------------------+-------------------------------
Reporter: kargig | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version: Tor: 0.2.4.22
Keywords: | Actual Points:
Parent ID: | Points:
--------------------+-------------------------------
I was using 0.2.3.25 behind a tcp proxy (haproxy) with the following
config and it correctly passed ORPort reachability test. But after
upgrading to 0.2.4.22 the same config fails to pass ORPort reachability
test.
{{{
ORPort 443 NoListen
ORPort 127.0.0.1:444 NoAdvertise
}}}
Tor 0.2.3.25
{{{
May 29 21:05:22.000 [notice] Self-testing indicates your ORPort is
reachable from the outside. Excellent. Publishing server descriptor.
May 29 21:05:22.000 [info] mark_my_descriptor_dirty(): Decided to publish
new relay descriptor: ORPort found reachable
}}}
Tor 0.2.4.22
{{{
May 29 20:56:42.000 [notice] Now checking whether ORPort 1.2.3.4:443 and
DirPort 1.2.3.4:995 are reachable... (this may take up to 20 minutes --
look for log messages indicating success)
May 29 20:56:42.000 [info] consider_testing_reachability(): Testing
reachability of my ORPort: 1.2.3.4:443.
May 29 20:57:41.000 [info] consider_testing_reachability(): Testing
reachability of my ORPort: 1.2.3.4:443.
May 29 20:57:42.000 [info] circuit_testing_failed(): Our testing circuit
(to see if your ORPort is reachable) has failed. I'll try again later.
May 29 20:58:42.000 [info] consider_testing_reachability(): Testing
reachability of my ORPort: 1.2.3.4:443.
May 29 20:59:43.000 [info] consider_testing_reachability(): Testing
reachability of my ORPort: 1.2.3.4:443.
May 29 21:00:44.000 [info] consider_testing_reachability(): Testing
reachability of my ORPort: 1.2.3.4:443.
May 29 21:01:45.000 [info] consider_testing_reachability(): Testing
reachability of my ORPort: 1.2.3.4:443.
May 29 21:01:46.000 [info] circuit_testing_failed(): Our testing circuit
(to see if your ORPort is reachable) has failed. I'll try again later.
}}}
If I shut down haproxy and change 0.2.4.22 config to:
{{{
ORPort 443
}}}
it passes ORPort reachability testing.
{{{
May 29 21:17:31.000 [notice] Self-testing indicates your ORPort is
reachable from the outside. Excellent. Publishing server descriptor.
May 29 21:17:31.000 [info] mark_my_descriptor_dirty(): Decided to publish
new relay descriptor: ORPort found reachable
}}}
I have logs of level info in all 3 of the above test situations if you
need them, but reproducing the situation should be quite easy.
BTW, there was no other backend set for haproxy, it just passes
connections from PUBLIC_IP:443 to a single backend (Tor) at 127.0.0.1:444
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12160>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list