Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Created by Trac@tracbot

ORPort self-testing fails behind tcp proxy when using version 0.2.4.22

I was using 0.2.3.25 behind a tcp proxy (haproxy) with the following config and it correctly passed ORPort reachability test. But after upgrading to 0.2.4.22 the same config fails to pass ORPort reachability test.

ORPort 443 NoListen                                                                                   
ORPort 127.0.0.1:444 NoAdvertise

Tor 0.2.3.25

May 29 21:05:22.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
May 29 21:05:22.000 [info] mark_my_descriptor_dirty(): Decided to publish new relay descriptor: ORPort found reachable

Tor 0.2.4.22

May 29 20:56:42.000 [notice] Now checking whether ORPort 1.2.3.4:443 and DirPort 1.2.3.4:995 are reachable... (this may take up to 20 minutes -- look for log messages indicating success)
May 29 20:56:42.000 [info] consider_testing_reachability(): Testing reachability of my ORPort: 1.2.3.4:443.
May 29 20:57:41.000 [info] consider_testing_reachability(): Testing reachability of my ORPort: 1.2.3.4:443.
May 29 20:57:42.000 [info] circuit_testing_failed(): Our testing circuit (to see if your ORPort is reachable) has failed. I'll try again later.
May 29 20:58:42.000 [info] consider_testing_reachability(): Testing reachability of my ORPort: 1.2.3.4:443.
May 29 20:59:43.000 [info] consider_testing_reachability(): Testing reachability of my ORPort: 1.2.3.4:443.
May 29 21:00:44.000 [info] consider_testing_reachability(): Testing reachability of my ORPort: 1.2.3.4:443.
May 29 21:01:45.000 [info] consider_testing_reachability(): Testing reachability of my ORPort: 1.2.3.4:443.
May 29 21:01:46.000 [info] circuit_testing_failed(): Our testing circuit (to see if your ORPort is reachable) has failed. I'll try again later.

If I shut down haproxy and change 0.2.4.22 config to:

ORPort 443

it passes ORPort reachability testing.

May 29 21:17:31.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
May 29 21:17:31.000 [info] mark_my_descriptor_dirty(): Decided to publish new relay descriptor: ORPort found reachable

I have logs of level info in all 3 of the above test situations if you need them, but reproducing the situation should be quite easy.

BTW, there was no other backend set for haproxy, it just passes connections from PUBLIC_IP:443 to a single backend (Tor) at 127.0.0.1:444

Trac:
Username: kargig

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information