Hi,
I’m new here. I set up a small tor relay on my old server. The server runs on a private internet connection and is therefore behind a router. With this Internet connection, the public IPv4 is changed at regular or irregular intervals and a new IPv6 prefix is also distributed at the same time. The IPv4 connection is not a problem here, the new IP is recognized and the requests run over the new IP after the ISP disconnect.
However, the IPv6 connection works, if I restart my server or the tor service.
Self-testing indicates your ORPort [1111:::ffff]:9001 is reachable from the outside. Excellent. Publishing server descriptor.
But, the IPv6 connection only works with my relay until the prefix is changed. In the log I still see that tor recognizes the old IPv6 as and not the new one. This tests the connection to the open ports on the old IPv6 and of course there is nothing there. From then on I regularly get the message
Auto-discovered IPv6 address [1111:::ffff]:9001 has not been found reachable. However, IPv4 address is reachable. Publishing server descriptor without IPv6 address. [2 similar message(s) suppressed in last 2400 seconds])
Have I set something up wrong here or do I have to enter something special?
Except for this error, my Tor relay works very well on the old eco server and with a fiber optic connection, the little bit of extra traffic isn’t a big problem either.
Yes, of cause. If the IPv6 prefix is not changing, I get IPv6 connections and also some GB of traffic. It is also displayed on the relay search site as IPv6 reachable. But as soon as the IPv6 prefix changes, the tor service is looking at the wrong, old IPv6 address. And in the log file is another IPv6 address as if I check them by “ip a”
OK, but why is it working with IPv4 just fine and not with IPv6? For me it looks like the service has a query to check if the IPv4 has changed but this query is missing for IPv6. Can I enable it somewhere? Or is it possible to write the current IPv6 in this hidden directory there for service is reading from? I can check if the IPv6 has changed and then restart the relay, but I don’t like this solution, becaus the connections will be lost.
Yes, as I said, it works perfectly fine, until the prefix changes. The tor server is still testing the old IPv6 and does not uses the new IPv6.
As a example:
I start the service at 6:00AM then tor discovers a IPv6 (1234:1234:1234:1234:aaaa:aaaa:aaaa:aaaa) address and an open port, It tests the connection and I get an “excellent”. This is running fine, there are a lot of connections and at the log files is sometimes a row with “xxx connections over IPv6”
At 4:00AM the next day, my ISP gives me a new IPv4 and a new IPv6 prefix. Now the IPv6 of my server is (5678:5678:5678:5678:aaaa:aaaa:aaaa:aaaa) but tor service still writes “Auto-discovered IPv6 address 1234:1234:1234:1234:aaaa:aaaa:aaaa:aaaa:9001 has not been found reachable.”
And of course, this IPv6 address does not exists anymore.
If I now restart the tor service, it discovers the right IPv6 address(1234:1234:1234:1234:aaaa:aaaa:aaaa:aaaa)and everything is working fine.
Oct 25 21:32:24.000 [notice] External address seen and suggested by a directory authority: 123.123.123.123
Oct 25 21:32:31.000 [notice] Now checking whether IPv4 ORPort 123.123.123.123:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Oct 25 21:32:31.000 [notice] Now checking whether IPv6 ORPort [1234:1234:1234:0:abcd:abcd:abcd:abcd]:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Oct 25 21:32:32.000 [notice] Self-testing indicates your ORPort 123.123.123.123:9001 is reachable from the outside. Excellent.
Oct 25 21:32:33.000 [notice] Performing bandwidth self-test...done.
Oct 25 21:35:31.000 [notice] Now checking whether IPv4 DirPort 123.123.123.123:9005 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Oct 25 21:35:39.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
Oct 25 21:43:34.000 [notice] Self-testing indicates your ORPort [1234:1234:1234:0:abcd:abcd:abcd:abcd]:9001 is reachable from the outside. Excellent. Publishing server descriptor.
Oct 26 00:00:00.000 [notice] Tor 0.4.5.10 opening new log file.
Oct 26 03:28:31.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 6 circuits open. I've sent 166.51 MB and received 135.19 MB. I've received 19948 connections on IPv4 and 621 on IPv6. I've made 159 connections with IPv4 and 0 with IPv6.
Oct 26 03:28:31.000 [notice] While bootstrapping, fetched this many bytes: 2228832 (microdescriptor fetch)
Oct 26 03:28:31.000 [notice] While not bootstrapping, fetched this many bytes: 4907242 (server descriptor fetch); 540 (server descriptor upload); 460628 (consensus network-status fetch); 470500 (microdescriptor fetch)
Oct 26 03:28:31.000 [notice] Average packaged cell fullness: 95.576%. TLS write overhead: 22%
Oct 26 03:28:31.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 17206/17206 NTor.
Oct 26 03:28:31.000 [notice] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 3 v4 connections; initiated 69 and received 20259 v5 connections.
Oct 26 03:28:31.000 [notice] DoS mitigation since startup: 0 circuits killed with too many cells. 0 circuits rejected, 0 marked addresses. 0 connections closed. 0 single hop clients refused. 0 INTRODUCE2 rejected.
Oct 26 04:05:32.000 [notice] External address seen and suggested by a directory authority: 456.456.456.456
Oct 26 04:05:40.000 [notice] Our IP Address has changed from 123.123.123.123 to 456.456.456.456; rebuilding descriptor (source: METHOD=NONE).
Oct 26 04:25:40.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at 456.456.456.456:9001and[1234:1234:1234:0:abcd:abcd:abcd:abcd]:9001. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Oct 26 04:25:40.000 [warn] Your server (456.456.456.456:9005) has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Oct 26 04:27:32.000 [notice] Now checking whether IPv4 ORPort 456.456.456.456:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Oct 26 04:27:32.000 [notice] Now checking whether IPv6 ORPort [1234:1234:1234:0:abcd:abcd:abcd:abcd]:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Oct 26 04:27:32.000 [notice] Now checking whether IPv4 DirPort 456.456.456.456:9005 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Oct 26 04:27:34.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
Oct 26 05:05:40.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at 456.456.456.456:9001and[1234:1234:1234:0:abcd:abcd:abcd:abcd]:9001. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Oct 26 06:03:33.000 [notice] Self-testing indicates your ORPort 456.456.456.456:9001 is reachable from the outside. Excellent.
Oct 26 06:04:05.000 [notice] Performing bandwidth self-test...done.
Oct 26 06:05:40.000 [notice] Auto-discovered IPv6 address [1234:1234:1234:0:abcd:abcd:abcd:abcd]:9001 has not been found reachable. However, IPv4 address is reachable. Publishing server descriptor without IPv6 address.
Oct 26 07:05:40.000 [notice] Auto-discovered IPv6 address [1234:1234:1234:0:abcd:abcd:abcd:abcd]:9001 has not been found reachable. However, IPv4 address is reachable. Publishing server descriptor without IPv6 address. [2 similar message(s) suppressed in last 2400 seconds]
Oct 26 07:13:41.000 [notice] Your network connection speed appears to have changed. Resetting timeout to 60s after 18 timeouts and 1000 buildtimes.
Oct 26 08:05:40.000 [notice] Auto-discovered IPv6 address [1234:1234:1234:0:abcd:abcd:abcd:abcd]:9001 has not been found reachable. However, IPv4 address is reachable. Publishing server descriptor without IPv6 address. [2 similar message(s) suppressed in last 2400 seconds]
Oct 26 08:18:34.000 [notice] No circuits are opened. Relaxed timeout for circuit 275 (a Testing circuit 3-hop circuit in state doing handshakes with channel state open) to 60000ms. However, it appears the circuit has timed out anyway.
Oct 26 09:05:40.000 [notice] Auto-discovered IPv6 address [1234:1234:1234:0:abcd:abcd:abcd:abcd]:9001 has not been found reachable. However, IPv4 address is reachable. Publishing server descriptor without IPv6 address. [2 similar message(s) suppressed in last 2400 seconds]
Oct 26 09:28:31.000 [notice] Heartbeat: Tor's uptime is 5:22 hours, with 14 circuits open. I've sent 239.74 MB and received 197.27 MB. I've received 28200 connections on IPv4 and 640 on IPv6. I've made 347 connections with IPv4 and 2 with IPv6.
this is the log file after i restarted the service. at Oct 26 04:05:32 my IPv6 has also changed to [5678:5678:5678:0:abcd:abcd:abcd:abcd] but the tor service does not noticed that “our IPv6 Address has changed”
i don’t know, but maybe the update to 0.4.7.10 makes some problems… my relay was running for 26 days nonstop, but yesterday i got the error after the ISP 24h disconnect
Oct 29 13:31:04.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at ...:9001 and [:::]:9001.
Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Oct 29 13:39:04.000 [notice] No circuits are opened. Relaxed timeout for circuit 999 (a Testing circuit 3-hop circuit in state doing handshakes with channel state open) to
60000ms. However, it appears the circuit has timed out anyway. [6 similar message(s) suppressed in last 4260 seconds]
I don’t know the right settings. The tor service just don’t realize, that the IPv6 is changing. I thought I can use a dyndns service for my IPv6, but than I have to update my routers IPv4 too. The present solution is in my opinion not really good, because the connected people to my relay get disconnected. I have a ddclient installed and if the ddclient registered a IPv6 change, it starts a script, that restarts the tor service.
Thanks for this info. But there are only the general uses of IPv6 and all the features, that are discussed there are working with my setup, until the 24h disconnect of my ISP.
?