[tor-relays] why my exit is not being used?

teor teor2345 at gmail.com
Mon Jan 30 04:12:46 UTC 2017 

> On 30 Jan 2017, at 14:35, gustavo panizzo (gfa) <gfa at zumbi.com.ar> wrote:
> 
> On Mon, Jan 30, 2017 at 12:03:40PM +1100, teor wrote:
> 
>> Hi,
>> 
>> Please send us your actual torrc:
> 
> that's my actual torrc, I've only edited HashedControlPassword

Then please reload your torrc so that your tor process is using it.

>> * your torrc has a DirPort, but your relay on atlas does not
>>  (this might be because you have a bandwidth limit set)
>> * your torrc says IPv6Exit, but your relay on atlas does not exit to
>>  IPv6
> 
> Port is open, tor is listening. no fw rules for IPv6

That's the ORPort, an entry port.

You say you have IPv6Exit and an ExitPolicy set in the torrc.

But your relay does not exit to IPv6, both atlas (IPv6 Exit Policy
Summary) and your relay's descriptor (ipv6-policy) show that it does not
allow any IPv6 ports:

https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE

(large file)
https://collector.torproject.org/recent/relay-descriptors/server-descriptors/2017-01-29-12-05-00-server-descriptors

Either that, or there is a bug in Tor relating to IPv6 Exit policies.
But I can't see anywhere in the code that makes the IPv6 exit policy
dependent on anything except ExitPolicy and IPv6Exit.

Are there any log entries relating to IPv6 or exit policies?

> ...
>> 
>> Since you have AccountingMax set, please send us any bandwidth-related
>> log entries.
> arm says i've used 106+107 GB
> 
> After increasing the loglevel to info and reloading I got this on the
> log
> 
> Heartbeat: Accounting enabled. Sent: 104.75 GB, Received: 104.44 GB, Used: 209.22 GB / 1024.00 GB, Rule: sum.
> The current accounting interval ends on 2017-02-01 00:00:00, in 2 days 2:30 hours.

OK, so the accounting limits are not the issue.

>> 
>> Any more warning or notice log entries would also help, particularly
>> those related to reachability.
> 
> Jan 21 03:29:33 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]: Now
> checking whether ORPort 128.199.76.145:443 and DirPort 128.199.76.145:80
> are reachable... (this may take up to 20 minutes -- look for log
> messages indicating success)
> 
> Jan 21 03:29:34 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]:
> Self-testing indicates your DirPort is reachable from the outside.
> Excellent.
> 
> Jan 21 03:29:37 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]:
> Self-testing indicates your ORPort is reachable from the outside.
> Excellent. Publishing server descriptor.

And the IPv4 entry address works.

...
> I don't check daily, but when I check, tor never has more than 300 open connections
...

Does your kernel, config, VPS, or provider place a limit on the number
of connections?

(Search the list archives for detailed troubleshooting steps for this.)

Your relay also does not seem capable of handling much tor traffic, so
tor clients are being told not to use it:

(large page)
https://consensus-health.torproject.org/consensus-health-2017-01-30-02-00.html#5E762A58B1F7FF92E791A1EA4F18695CAC6677CE

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170130/b6b16d1e/attachment.sig>

More information about the tor-relays mailing list