On Dec 21, 2017, at 3:01 AM, teor teor2345@gmail.com wrote:
On 21 Dec 2017, at 16:33, Conrad Rockenhaus <conrad@rockenhaus.com mailto:conrad@rockenhaus.com> wrote:
Hello,
One of the relays that I brought online yesterday, ConradsAWSExit (Hash 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 OR is unreachable.
The other relay is working just fine with IPv6.
I’ve confirmed that the following entries are in torrc:
ORPort 9001 ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001 IPv6Exit 1
Are these the only ORPort entries in your torrc? Have you restarted or HUP'd the relay since you last edited the torrc?
Yes sir, I did. I see Atlas now shows that IPv6 is reachable, but the exit policy is rejecting everything. I have the reject policy in the torrc set to the defaults (I have all of the exit policies in torrc commented out).
Just to confirm, here’s the output from ifconfig, that is the IP:
inet6 2600:1f14:ede:d601:e107:1a4b:ba3:803 prefixlen 64 scopeid 0x0<global>
This is what Relay Search (Atlas) says:
Unreachable OR Addresses [2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001
The last 8 bytes of the address your relay is advertising, are not the same as the address on your machine.
Also, you have set IPv6Exit, but Relay Search says:
IPv6 Exit Policy Summary reject 1-65535
Exactly. If I have torrc set to the defaults, what’s going on here?
Relay Search data is usually up to 2.5 hours behind, but it can lag more.
Please copy and paste the notice-level Tor logs that mention your ORPort, DirPort, and Exit settings, so we can see what Tor is actually doing.
Dec 20 21:24:17.937 [warn] Tor is running as an exit relay with the default exit policy. If you did not want this behavior, please set the ExitRelay option to 0. If you do want to run an exit Relay, please set the ExitRelay option to 1 to disable this warning, and for forward compatibility. Dec 20 21:24:17.937 [warn] In a future version of Tor, ExitRelay 0 may become the default when no ExitPolicy is given. Dec 20 21:24:17.937 [notice] Opening OR listener on 0.0.0.0:9001 Dec 20 21:24:17.937 [notice] Opening OR listener on [2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001 Dec 20 21:24:17.938 [notice] Opening Directory listener on 0.0.0.0:9030
I have confirmed that all of the applicable Security Group rules are configured correctly:
Custom TCP Rule TCP 9001 0.0.0.0/0 ORPort Custom TCP Rule TCP 9001 ::/0 ORPort Custom TCP Rule TCP 9030 0.0.0.0/0 DIRPort Custom TCP Rule TCP 9030 ::/0 DIRPort
By the way, there are no IPv6 DirPorts :-)
I know that now from reading the docs, I removed that rule :D
Plus, I have confirmed with a telnet -6 to port 9001 from both my house and my servers at OVH in Canada that I’m able to connect to port 9001 via the IPv6 address on this node.
What are the exact commands you used?
This shows that the relay is listening on whatever IPv6 address and port you checked, but it doesn't show which IPv6 address the relay is advertising.
I just checked if it was listening with a telnet -6 <ip> 9001, but this is a non-issue now since atlas shows it reachable.
So, my question is…what could I be missing here that is causing atlas to say that IPv6 is unreachable? I’ve been looking into this through the day and would like to kind of close it out, got a bunch of emails to catch up on hehe :D, so any input would be appreciated.
There are a few more detailed troubleshooting things we can try, like checking consensus health and the exact content of your relay's descriptor and the authorities' votes.
If the above steps don't help, I'm happy to go through them later, when I'm using a more capable device.
My main issue now is trying to fix the issue with the default exit policy - the logs say I’m running the defaults, yet all IPv6 traffic is getting blocked. I’ve looked over the documentation and I’ve done what it says. What am I doing wrong?
Just for further troubleshooting, I attached this exit’s torrc file.
Thanks,
Rock
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays