[tor-relays] IPv6 Issue with Relay

Conrad Rockenhaus conrad at rockenhaus.com
Thu Dec 21 22:13:09 UTC 2017 


> On Dec 21, 2017, at 3:01 AM, teor <teor2345 at gmail.com> wrote:
> 
> 
> On 21 Dec 2017, at 16:33, Conrad Rockenhaus <conrad at rockenhaus.com <mailto:conrad at rockenhaus.com>> wrote:
> 
>> Hello,
>> 
>> One of the relays that I brought online yesterday, ConradsAWSExit (Hash 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 OR is unreachable.
>> 
>> The other relay is working just fine with IPv6.
>> 
>> I’ve confirmed that the following entries are in torrc:
>> 
>> ORPort 9001
>> ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001
>> IPv6Exit 1
> 
> Are these the only ORPort entries in your torrc?
> Have you restarted or HUP'd the relay since you last edited the torrc?
> 

Yes sir, I did. I see Atlas now shows that IPv6 is reachable, but the exit policy is rejecting everything. I have the reject policy in the torrc set to the defaults (I have all of the exit policies in torrc commented out).

>> Just to confirm, here’s the output from ifconfig, that is the IP:
>> 
>> inet6 2600:1f14:ede:d601:e107:1a4b:ba3:803  prefixlen 64  scopeid 0x0<global>
> 
> This is what Relay Search (Atlas) says:
> 
> Unreachable OR Addresses
> [2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001
> 
> The last 8 bytes of the address your relay is advertising,
> are not the same as the address on your machine.
> 
> Also, you have set IPv6Exit, but Relay Search says:
> 
> IPv6 Exit Policy Summary
> reject
> 1-65535
> 

Exactly. If I have torrc set to the defaults, what’s going on here?

> Relay Search data is usually up to 2.5 hours behind, but it can lag more.
> 
> Please copy and paste the notice-level Tor logs that mention your ORPort,
> DirPort, and Exit settings, so we can see what Tor is actually doing.

Dec 20 21:24:17.937 [warn] Tor is running as an exit relay with the default exit policy. If you did not want this behavior, please set the ExitRelay option to 0. If you do want to run an exit Relay, please set the ExitRelay option to 1 to disable this warning, and for forward compatibility.
Dec 20 21:24:17.937 [warn] In a future version of Tor, ExitRelay 0 may become the default when no ExitPolicy is given.
Dec 20 21:24:17.937 [notice] Opening OR listener on 0.0.0.0:9001
Dec 20 21:24:17.937 [notice] Opening OR listener on [2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001
Dec 20 21:24:17.938 [notice] Opening Directory listener on 0.0.0.0:9030

> 
>> I have confirmed that all of the applicable Security Group rules are configured correctly:
>> 
>> Custom TCP Rule
>> TCP
>> 9001
>> 0.0.0.0/0
>> ORPort
>> Custom TCP Rule
>> TCP
>> 9001
>> ::/0
>> ORPort
>> Custom TCP Rule
>> TCP
>> 9030
>> 0.0.0.0/0
>> DIRPort
>> Custom TCP Rule
>> TCP
>> 9030
>> ::/0
>> DIRPort
> 
> By the way, there are no IPv6 DirPorts :-)

I know that now from reading the docs, I removed that rule :D

> 
>> Plus, I have confirmed with a telnet -6 to port 9001 from both my house and my servers at OVH in Canada that I’m able to connect to port 9001 via the IPv6 address on this node.
> 
> What are the exact commands you used?
> 
> This shows that the relay is listening on whatever IPv6 address and port
> you checked, but it doesn't show which IPv6 address the relay is
> advertising.

I just checked if it was listening with a telnet -6 <ip> 9001, but this is a non-issue now since atlas shows it reachable.

> 
>> So, my question is…what could I be missing here that is causing atlas to say that IPv6 is unreachable? I’ve been looking into this through the day and would like to kind of close it out, got a bunch of emails to catch up on hehe :D, so any input would be appreciated.
> 
> There are a few more detailed troubleshooting things we can try,
> like checking consensus health and the exact content of your
> relay's descriptor and the authorities' votes.
> 
> If the above steps don't help, I'm happy to go through them later,
> when I'm using a more capable device.

My main issue now is trying to fix the issue with the default exit policy - the logs say I’m running the defaults, yet all IPv6 traffic is getting blocked. I’ve looked over the documentation and I’ve done what it says. What am I doing wrong?

Just for further troubleshooting, I attached this exit’s torrc file.

Thanks,

Rock


> 
> T
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org>
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171221/0e9af7cd/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: torrc
Type: application/octet-stream
Size: 10986 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171221/0e9af7cd/attachment-0001.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171221/0e9af7cd/attachment-0003.html>

More information about the tor-relays mailing list