another unusual connection

Kyle Williams kyle.kwilliams at gmail.com
Sun Feb 10 23:16:01 UTC 2008 

john smith wrote:
> Yet another reoccurrence, yesterday, of the same sequence of events &
> once again with the same IP address. My server had been running for
> just under five days since the last time this happened.
> 
> Feb 07 10:56:59.108 [Notice] Our IP Address has changed from
> 87.194.38.72 to 212.112.242.159; rebuilding descriptor.
> 
> Feb 07 10:57:11.780 [Notice] Self-testing indicates your ORPort is
> reachable from the outside. Excellent. Publishing server descriptor.
> 
> Feb 07 11:09:51.530 [Notice] Our IP Address has changed from
> 212.112.242.159 to 87.194.38.72; rebuilding descriptor.
> 
> Feb 07 11:09:55.905 [Notice] Self-testing indicates your ORPort is
> reachable from the outside. Excellent. Publishing server descriptor.
> 
> Feb 07 11:10:03.139 [Notice] Performing bandwidth self-test...done.
> 

I do have a question for "John Smith"; are you using a VPN from your 
home to your server or from your server to somewhere else?

In the past I've seen this happen with my exit node when I would VPN 
into my server or a clients server. The VPN connection would set the 
default gateway and all my traffic would exit the other end of the VPN. 
  So when Tor would do it's IP check and reachability test, it went bad.
Also, it wasn't obvious right away when this would happen.  Sometimes it 
would take up to an hour after I had connected the VPN before Tor would 
freak out.

Since I've seen error messages like yours when I had that problem, I 
thought I might offer a couple of pointers.

You may want to use the following two options in your torrc config.

Address - This should be the IP of your server which is reachable from 
the internet.
OutboundBindAddress - If your Tor server is behind a NATd router, then 
set this to the internal (192.168.x.x or whatever) address of your 
machine.  This should prevent traffic from leaving a 10.x.x.x address if 
your real internal address is a 192.168.x.x.
[OPTIONAL THIRD OPTION] AssumeReachable 1 - Prevents your server from 
doing reachability test.  It will just upload your descriptor to the DAs.

By using the OutboundBindAddress, I was able to have my Tor server 
listen on my regular local address (192.168.X.X) and not think it was on 
a the VPN local address (10.x.x.x).  Also, double check to make sure 
your VPN connection is *not* setting itself as the default gateway 
(Windows) or pushing the default route (Linux).

(It should be obvious, but just in case it's not, the 192.168.x.x and 
10.x.x.x addresses are just examples.  Your setting may be different so 
adjust your settings accordingly).

More information about the tor-talk mailing list