Bug 0.4.5.5-rc ORPort relay (using both IPv4 & IPv6)
Hi,
I'm using Debian Buster to run my (non-exit) relay. I use 'deb https://deb.torproject.org/torproject.org buster main' repository in apt sources list.
After I upgraded to Tor 0.4.5.5-rc from 0.4.4.6, my configuration does not work anymore. My relay has (/etc/network/interfaces) public IPv6 address and private IPv4 address, because relay is behind NAT (there is no configuration errors in general firewall settings, and this setup has worked before).
After upgrade to 0.4.5.5-rc, Tor does not bind anymore to IPv4 address. Just to make sure again: there has not been problem whatsoever with my configuration, and after I downgraded back to 0.4.4.6, everything worked as before. I spotted that somebody else has some problems also with 0.4.5.5-rc https://www.reddit.com/r/TOR/comments/lgnt7g/orport_is_not_reachable_after_updating_tor_from/
I think that something has changed in a way 0.4.5.5-rc is handling configuration file (“torrc”).
Log from syslog:
Feb 10 20:53:39 Tor[1004]: Opening Socks listener on 127.0.0.1:9050
Feb 10 20:53:39 Tor[1004]: Opened Socks listener connection (ready) on 127.0.0.1:9050
Feb 10 20:53:39 Tor[1004]: Opening Control listener on 127.0.0.1:9051
Feb 10 20:53:39 Tor[1004]: Opened Control listener connection (ready) on 127.0.0.1:9051
Feb 10 20:53:39 Tor[1004]: Opening OR listener on [{my public working IPv6 address}]:443
Feb 10 20:53:39 Tor[1004]: Opened OR listener connection (ready) on [{my public working IPv6 address}]:443
Feb 10 20:53:39 Tor[1004]: Opening Directory listener on 0.0.0.0:80
Feb 10 20:53:39 Tor[1004]: Opened Directory listener connection (ready) on 0.0.0.0:80
Feb 10 20:53:39 Tor[1004]: Opening Directory listener on [{my public working IPv6 address}]:80
Feb 10 20:53:39 Tor[1004]: Opened Directory listener connection (ready) on [{my public working IPv6 address}]:80
Feb 10 20:54:34 Tor[1004]: Now checking whether IPv4 ORPort {my public working IPv4 address}:443 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Feb 10 20:54:34 Tor[1004]: Now checking whether IPv6 ORPort [{my public working IPv6 address}]:443 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Feb 10 20:54:34 Tor[1004]: Now checking whether IPv4 DirPort {my public working IPv4 address}:80 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Feb 10 20:54:34 Tor[1004]: Self-testing indicates your DirPort is reachable from the outside. Excellent.
Feb 10 20:54:52 Tor[1004]: Self-testing indicates your ORPort [{my public working IPv6 address}]:443 is reachable from the outside. Excellent.
Feb 10 21:14:32 Tor[1004]: Your server has not managed to confirm reachability for its ORPort(s) at {my public working IPv4 address}:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
“tor --verify-config command says: "[warn] Configured public relay to listen only on an IPv6 address. Tor needs to listen on an IPv4 address too. [warn] Failed to parse/validate config: Misconfigured server ports"
My /etc/tor/torrc file (also, there is Debian default shipped “tor-service-defaults-torrc” -file, which I have not edited and I think it does not have any relevance on this issue; I think that file just sets user permissions of tor daemon to behave in a Debian way):
ControlPort 9051
ControlSocket 0
CookieAuthentication 0
HashedControlPassword {my hashed password}
ORPort {my internal/local IPv4 address behind NAT}:443 NoAdvertise
ORPort {my public working IPv4 address}:443 NoListen
ORPort [{my public working IPv6 address}]:443
OutboundBindAddress {my internal/local IPv4 address behind NAT}
OutboundBindAddress [{my public working IPv6 address}]
DirPort {my public working IPv4 address}:80 NoListen
DirPort {my internal/local IPv4 address behind NAT}:80 NoAdvertise
DirPort [{my public working IPv6 address}]:80 NoAdvertise
DirPortFrontPage /etc/tor/tor-exit-notice.html
ExitPolicy reject *:*
ExitPolicy reject6 *:*
ExitRelay 0
BandwidthRate {private} MBits
BandwidthBurst {private} MBits
MaxAdvertisedBandwidth {private} MBits
RelayBandwidthRate {private} MBits
RelayBandwidthBurst {private} MBits
LogMessageDomains 0
BridgeRelay 0
ContactInfo {private}
IPv6Exit 0
Nickname {private}
EntryStatistics 1
DoSCircuitCreationEnabled auto
DoSConnectionEnabled auto
AuthoritativeDirectory 0
V3AuthoritativeDirectory 0
VersioningAuthoritativeDirectory 0
BridgeAuthoritativeDir 0
ConnDirectionStatistics 1
CellStatistics 1
HardwareAccel 1
MaxUnparseableDescSizeToLog 100 MB
RendPostPeriod 15 minutes
I posted my whole /etc/tor/torrc file. I know, that there maybe some unnecessary settings, but anyway, that configuration has worked prior 0.4.5.5-rc.
P.S. This Anon Ticket service is very good for one-time bug senders, like I am.