Hello,
One of the relays that I brought online yesterday, ConradsAWSExit (Hash 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 OR is unreachable.
The other relay is working just fine with IPv6.
I’ve confirmed that the following entries are in torrc:
ORPort 9001 ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001 IPv6Exit 1
Just to confirm, here’s the output from ifconfig, that is the IP:
inet6 2600:1f14:ede:d601:e107:1a4b:ba3:803 prefixlen 64 scopeid 0x0<global>
I have confirmed that all of the applicable Security Group rules are configured correctly:
Custom TCP Rule TCP 9001 0.0.0.0/0 ORPort Custom TCP Rule TCP 9001 ::/0 ORPort Custom TCP Rule TCP 9030 0.0.0.0/0 DIRPort Custom TCP Rule TCP 9030 ::/0 DIRPort
Plus, I have confirmed with a telnet -6 to port 9001 from both my house and my servers at OVH in Canada that I’m able to connect to port 9001 via the IPv6 address on this node.
So, my question is…what could I be missing here that is causing atlas to say that IPv6 is unreachable? I’ve been looking into this through the day and would like to kind of close it out, got a bunch of emails to catch up on hehe :D, so any input would be appreciated.
Thanks,
Conrad
On 12/21/2017 06:33 AM, Conrad Rockenhaus wrote:
Hello,
One of the relays that I brought online yesterday, ConradsAWSExit (Hash 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 OR is unreachable.
Just a guess:
IPv6 needs ICMPv6, so you should have something in your iptables like: $IPT -A INPUT -p icmpv6 -j ACCEPT depending on your INPUT policy.
On 21 Dec 2017, at 16:33, Conrad Rockenhaus conrad@rockenhaus.com wrote:
Hello,
One of the relays that I brought online yesterday, ConradsAWSExit (Hash 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 OR is unreachable.
The other relay is working just fine with IPv6.
I’ve confirmed that the following entries are in torrc:
ORPort 9001 ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001 IPv6Exit 1
Are these the only ORPort entries in your torrc? Have you restarted or HUP'd the relay since you last edited the torrc?
Just to confirm, here’s the output from ifconfig, that is the IP:
inet6 2600:1f14:ede:d601:e107:1a4b:ba3:803 prefixlen 64 scopeid 0x0<global>
This is what Relay Search (Atlas) says:
Unreachable OR Addresses [2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001
The last 8 bytes of the address your relay is advertising, are not the same as the address on your machine.
Also, you have set IPv6Exit, but Relay Search says:
IPv6 Exit Policy Summary reject 1-65535
Relay Search data is usually up to 2.5 hours behind, but it can lag more.
Please copy and paste the notice-level Tor logs that mention your ORPort, DirPort, and Exit settings, so we can see what Tor is actually doing.
I have confirmed that all of the applicable Security Group rules are configured correctly:
Custom TCP Rule TCP 9001 0.0.0.0/0 ORPort Custom TCP Rule TCP 9001 ::/0 ORPort Custom TCP Rule TCP 9030 0.0.0.0/0 DIRPort Custom TCP Rule TCP 9030 ::/0 DIRPort
By the way, there are no IPv6 DirPorts :-)
Plus, I have confirmed with a telnet -6 to port 9001 from both my house and my servers at OVH in Canada that I’m able to connect to port 9001 via the IPv6 address on this node.
What are the exact commands you used?
This shows that the relay is listening on whatever IPv6 address and port you checked, but it doesn't show which IPv6 address the relay is advertising.
So, my question is…what could I be missing here that is causing atlas to say that IPv6 is unreachable? I’ve been looking into this through the day and would like to kind of close it out, got a bunch of emails to catch up on hehe :D, so any input would be appreciated.
There are a few more detailed troubleshooting things we can try, like checking consensus health and the exact content of your relay's descriptor and the authorities' votes.
If the above steps don't help, I'm happy to go through them later, when I'm using a more capable device.
T
On Dec 21, 2017, at 3:01 AM, teor teor2345@gmail.com wrote:
On 21 Dec 2017, at 16:33, Conrad Rockenhaus <conrad@rockenhaus.com mailto:conrad@rockenhaus.com> wrote:
Hello,
One of the relays that I brought online yesterday, ConradsAWSExit (Hash 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A) is showing up on Atlas that the IPv6 OR is unreachable.
The other relay is working just fine with IPv6.
I’ve confirmed that the following entries are in torrc:
ORPort 9001 ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001 IPv6Exit 1
Are these the only ORPort entries in your torrc? Have you restarted or HUP'd the relay since you last edited the torrc?
Yes sir, I did. I see Atlas now shows that IPv6 is reachable, but the exit policy is rejecting everything. I have the reject policy in the torrc set to the defaults (I have all of the exit policies in torrc commented out).
Just to confirm, here’s the output from ifconfig, that is the IP:
inet6 2600:1f14:ede:d601:e107:1a4b:ba3:803 prefixlen 64 scopeid 0x0<global>
This is what Relay Search (Atlas) says:
Unreachable OR Addresses [2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001
The last 8 bytes of the address your relay is advertising, are not the same as the address on your machine.
Also, you have set IPv6Exit, but Relay Search says:
IPv6 Exit Policy Summary reject 1-65535
Exactly. If I have torrc set to the defaults, what’s going on here?
Relay Search data is usually up to 2.5 hours behind, but it can lag more.
Please copy and paste the notice-level Tor logs that mention your ORPort, DirPort, and Exit settings, so we can see what Tor is actually doing.
Dec 20 21:24:17.937 [warn] Tor is running as an exit relay with the default exit policy. If you did not want this behavior, please set the ExitRelay option to 0. If you do want to run an exit Relay, please set the ExitRelay option to 1 to disable this warning, and for forward compatibility. Dec 20 21:24:17.937 [warn] In a future version of Tor, ExitRelay 0 may become the default when no ExitPolicy is given. Dec 20 21:24:17.937 [notice] Opening OR listener on 0.0.0.0:9001 Dec 20 21:24:17.937 [notice] Opening OR listener on [2600:1f14:ede:d601:72c2:a87d:960d:c334]:9001 Dec 20 21:24:17.938 [notice] Opening Directory listener on 0.0.0.0:9030
I have confirmed that all of the applicable Security Group rules are configured correctly:
Custom TCP Rule TCP 9001 0.0.0.0/0 ORPort Custom TCP Rule TCP 9001 ::/0 ORPort Custom TCP Rule TCP 9030 0.0.0.0/0 DIRPort Custom TCP Rule TCP 9030 ::/0 DIRPort
By the way, there are no IPv6 DirPorts :-)
I know that now from reading the docs, I removed that rule :D
Plus, I have confirmed with a telnet -6 to port 9001 from both my house and my servers at OVH in Canada that I’m able to connect to port 9001 via the IPv6 address on this node.
What are the exact commands you used?
This shows that the relay is listening on whatever IPv6 address and port you checked, but it doesn't show which IPv6 address the relay is advertising.
I just checked if it was listening with a telnet -6 <ip> 9001, but this is a non-issue now since atlas shows it reachable.
So, my question is…what could I be missing here that is causing atlas to say that IPv6 is unreachable? I’ve been looking into this through the day and would like to kind of close it out, got a bunch of emails to catch up on hehe :D, so any input would be appreciated.
There are a few more detailed troubleshooting things we can try, like checking consensus health and the exact content of your relay's descriptor and the authorities' votes.
If the above steps don't help, I'm happy to go through them later, when I'm using a more capable device.
My main issue now is trying to fix the issue with the default exit policy - the logs say I’m running the defaults, yet all IPv6 traffic is getting blocked. I’ve looked over the documentation and I’ve done what it says. What am I doing wrong?
Just for further troubleshooting, I attached this exit’s torrc file.
Thanks,
Rock
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 22 Dec 2017, at 09:13, Conrad Rockenhaus conrad@rockenhaus.com wrote:
I’ve confirmed that the following entries are in torrc:
ORPort 9001 ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001 IPv6Exit 1
... Also, you have set IPv6Exit, but Relay Search says:
IPv6 Exit Policy Summary reject 1-65535
Exactly. If I have torrc set to the defaults, what’s going on here?
You did not set "IPv6Exit 1" in the torrc you attached to your last email.
I opened this ticket so we include IPv6Exit in the torrc templates: https://trac.torproject.org/projects/tor/ticket/24703
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
Thank you. It’s always the small things, huh? :D
Conrad
On Dec 21, 2017, at 6:12 PM, teor teor2345@gmail.com wrote:
On 22 Dec 2017, at 09:13, Conrad Rockenhaus conrad@rockenhaus.com wrote:
I’ve confirmed that the following entries are in torrc:
ORPort 9001 ORPort [2600:1f14:ede:d601:e107:1a4b:ba3:803]:9001 IPv6Exit 1
... Also, you have set IPv6Exit, but Relay Search says:
IPv6 Exit Policy Summary reject 1-65535
Exactly. If I have torrc set to the defaults, what’s going on here?
You did not set "IPv6Exit 1" in the torrc you attached to your last email.
I opened this ticket so we include IPv6Exit in the torrc templates: https://trac.torproject.org/projects/tor/ticket/24703
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Conrad Rockenhaus -
teor -
Toralf Förster