Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Tor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 330
    • Issues 330
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 31
    • Merge requests 31
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • TorTor
  • Issues
  • #40208
Closed
Open
Issue created Nov 25, 2020 by s7r@s7r🏁

New address disovery (IPv4 and IPv6) make it impossible to run a local lan or localhost bridge or relay

There are use cases where one wants to run a bridge or relay on their lan or localhost. This was possible until we changed address autodiscovery behavior using AssumeReachable 1 and PublishServerDescriptor 0 torrc options.

Now with the latest alpha this is impossible.

  • Scenario 1: Set Address 127.0.0.1 and ORPort 127.0.0.1:9001 in torrc: Bridge / relay will start, work for some time, but complain every 60 seconds in the log file:

Nov 23 17:04:35.000 [warn] Don't know my address while generating descriptor

Nov 23 17:05:35.000 [warn] Don't know my address while generating descriptor

After 24-48 hours it eventually stop building descriptors and become unusuable. Apparently this config Address 127.0.0.1 doesn't trigger #40205 (closed) but I don't see why. At debug level I only see:

[info] address_can_be_used(): Address '127.0.0.1' is a private IP address. Tor relays that use the default DirAuthorities must have public IP addresses.

  • Scenario 2: Don't set Address and only set ORPort 127.0.0.1:9001 in torrc: Bridge / relay will start, but detect the public IP address and warn:

[warn] The IPv4 ORPort address 127.0.0.1 does not match the descriptor address <public_IPv4_addr>. If you have a static public IPv4 address, use 'Address ' and 'OutboundBindAddress '. If you are behind a NAT, use two ORPort lines: 'ORPort NoListen' and 'ORPort NoAdvertise'.

If you have a public IPv6 address, it will also trigger #40205 (closed) that tries self reachability ignoring AssumeReachable 1 which will make it stop working (stop building descriptors at all) after some time.

  • Scenario 3: Set Address <public_IPv4_addr> , ORPort 127.0.0.1:9001 NoAdvertise and ORPort <public_IPv4_addr> NoAdvertise in torrc: Bridge / relay will start, but after some time stop building descriptors entirely. It also triggers #40205 (closed) and I can't confirm or infirm if the later one makes it stop building descriptors after some time because I couldn't remove IPv6 from this box without breaking something. Depending on future testing when we fix this, I'll deploy separate vms.

Besides fixing #40205 (closed) which is the major bug here, we should allow:

  • a way to disable IPv4 autodiscovery, IPv6 autodiscovery or both
  • a way to run on private nets or local IP addresses v4 and link local or internal use v6 addresses maybe by setting an option like LocalServer that tells Tor it's OK to have localhost / lan IP on ORPort / Address and maybe automatically turn on PublishServerDescriptor 0 and AssumeReachable 1 if this is set.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking