[tor-dev] Tor Relay wont connect to private IP address

teor teor at riseup.net
Wed Apr 29 04:57:29 UTC 2020 

Hi Eli,

> On 29 Apr 2020, at 07:40, Eli Vakrat <eli at vakrat.com> wrote:
> 
> So thanks to teor's insightful response yesterday I decided to try to run a second tor relay (my middle node) on my private network.
> 
> Unfortunately, I can't do it with Chutney because my python client is running on a windows machine. But I do have 3 machines at my disposal:
> 
> 1. A windows machine (the python client)
> 2. A mac (the guard node)
> 3. Another mac (the middle node)

Can you run chutney on one of your macs?
You don't need a separate machine for each Tor relay.

If you want to reach your chutney tors from another machine on your local network, you'll need to set this environmental variable:
CHUTNEY_LISTEN_ADDRESS=(IPv4 of your Mac)

See:
https://github.com/torproject/chutney/blob/master/README#L65

> When my guard node tries to connect to my middle node after receiving from the client a RELAY_EXTEND cell, the guard node logs the following error:
> 
> Apr 28 17:00:31.000 [info] circuit_extend: Client asked me to extend to a private address
> 
> So regarding this, I have two questions:
> 
> 1. Is there a way for me to change something in my torrc file to override this error and allow my relay to extend to private IP addresses?
> 
> My torrc is currently configured as such (Notice I put some place holders for the drectories and for the ip address tha aren't actually whats written there):
> ContactInfo email at example.com
> ControlPort 9051
> DataDirectory </path/to/data/dir>
> ExitPolicy reject *:*
> ExitRelay 0
> GeoIPFile </path/to/geo/ip/file>
> GeoIPv6File </path/to/geo/ipv6/file>
> Log notice file <path/to/log/dirs/>/notice.log
> Log debug file <path/to/log/dirs/>/debug.log
> Log warn file <path/to/log/dirs/>/warn.log
> Nickname vtoria
> ORPort 443 NoAdvertise
> ORPort Relay.Public.IP.Example:443 NoListen 
> SafeLogging 0
> ExtendAllowPrivateAddresses 1

That's odd. ExtendAllowPrivateAddresses is set to 1, which is what you want.

Are you sure your relay is using this torrc?
Check the path of the torrc in the logs.
Try restarting the relay.

> 2. Would there maybe be a better way to run this private tor network (without chutney)?

There are two alternatives:
1. Chutney does a lot of the work for you, so I'd recommend using it, if you can.
2. You can also set up relays on private IP addresses, and set "PublishServerDescriptor 0", so they don't publish their descriptors to the Tor directory authorities.

If you're not publishing descriptors, you can have as many relays as you like on the same IP address.

T

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20200429/7e734aac/attachment.html>

More information about the tor-dev mailing list