[tor-relays] An Internet backbone blocklisted my Tor server!

Sun Aug 18 00:21:32 UTC 2024

TL;DR...
Write down your Tor server's GATEWAY IP address. if your server goes
offline, try tracerouting to your Tor server's gateway IP address as well
as your Tor server's IP address! You might be surprised by what you see!

And also install MTR... It is helpful!!
Here's the detailed explanation on how you can perform MTR command on your
computer and server
https://support.gcore.com/hc/en-us/articles/19864311353105-How-to-run-MTR-on-Windows-and-Linux

Okay, here is what happened...

Late last night I tried to log into my VPS where I am running my Tor bridge
server. I was unable to connect. It seemed like my server was offline so I
filed a ticket with my service provider which is GCore Labs (
https://hosting.gcorelabs.com/ ) (I've been running my Tor bridge on their
server for 4 years.)

However, I discovered that my server was not actually down. I was able to
login to my server using VNC in the control panel. I did some network
diagnostics to diagnose my network connectivity problem. Even though my
server was running, it was essentially offline. I could not ping or
traceroute from my server to 8.8.8.8 or 1.1.1.1. It looked like there was a
network outage. I used some looking glass servers to see what was going on
as well.

Here was what I discovered... From the Internet, I could ping and
traceroute my VPS server's gateway (which is one hop away from my server)
but if I tried to ping or traceroute using my server's actual IP address
then this is where it stopped working.

The culprit was Cogent Communications' routers! [AS174] As soon as packets
destined for my server's IP address reached Cogent's routers, they were
dropped!! However, packets destined for my server's gateway went through!

>From what I understand, my server's gateway is the physical machine running
my VPS. How can a packet reach my server's gateway, but not reach my
server? It's not like the packet was not making it from my gateway to my
server. The packets were being dropped at the edge of Cogent's network
[AS174]. I also ran a traceroute on Cogents own looking glass server (
https://cogentco.com/en/looking-glass ) and when I used my server's IP, it
showed nothing but when I used my gateway IP it worked! Tell me how that is
possible if Cogent was not blocking my server's IP address?

I sent Cogent an email asking why they were blocking my server's IP address
in their routers. By the time they got back to me, my server was back
online and was not being blocked. They sent me an email saying that packets
going to my server were routing through their network, which by that time
they were.

What is so interesting about my Tor server that a major network backbone
blocks my IP?

If you look at my Tor server's usage graphs, you can see where it is
periodically offline. Look at the 6 month graph for the average number of
connected clients and you will see places where it is not online.
https://metrics.torproject.org/rs.html#details/4A0B065DB3CF807C6910DFEF6D9CCCB95C59C585

I bet the reason that my server periodically goes offline is because it is
being blocked and not because it is actually offline!

Have you ever had this happen to your server?

Landon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240817/9b236052/attachment.htm>