Skip to content

webtunnel-from-source instructions close your ORPort without explaining that your bridge will seem down

On https://community.torproject.org/relay/setup/webtunnel/source/ we tell the bridge operator to set ORPort to 127.0.0.1 and set AssumeReachable. This is so their ORPort isn't reachable from the outside world. But at present it will result in two surprises for bridge operators:

  • They will get "The IPv4 ORPort address 127.0.0.1 does not match the descriptor address <redacted: IP of the relay server>" scary log messages, which make them think something is wrong with their configuration

  • In tor metrics, the bridge is shown in "Red" status being "down" since a couple of hours. That's because they don't have the Running flag from the bridge authority.

We should either (A) change the instructions to explain that we're having them do the experimental new closed-ORPort approach, and tell them what side effects to expect; or (B) change the instructions to have an open ORPort for now until we've finished tpo/core/tor#7349

Issue reported by a new webtunnel bridge operator on #tor-relays. Thanks!