[tor-relays] Relay disconnect & offline on IP change

Tor Relay Net Ops tor-relay-netops at darrenofficial.com
Thu Sep 26 06:01:01 UTC 2024 

> (A') Actually, what exactly is going wrong? You say you have to restart,
but, is your relay recognizing a new IP address and publishing even though
it isn't reachable at that address yet, e.g. because of firewall rules? Or
is it not even recognizing that the address has changed? Does it recover
if you wait a while?

I think it might have not recognized the address has changed, because it 
doesn't recover after a while (I waited around 3~ days)
There are no firewall rules that would intervene with this process, on 
the MikroTik side it's just an DST-NAT rule to my tor ORPort.

Detected possible compression bomb with input size = 18860 and output size = 547719
Possible compression bomb; abandoning stream.
Unable to decompress HTTP body (tried Zstandard compressed, on Directory connection (client reading) with 199.58.81.140:80). [1 similar message(s) suppressed in last 216120 secon>
Detected possible compression bomb with input size = 18860 and output size = 547719
Possible compression bomb; abandoning stream.
Heartbeat: It seems like we are not in the cached consensus.

^ After the above log warning, it just does not reconnect to the tor 
network; until a manual restart is called.


> (B) We had some relay address detection bugs that got introduced in Tor
0.4.5 and never got resolved. So detection is definitely more fragile
than it was in the 0.4.4 days. I think it mainly affects people running
their relays inside containers or other weird situations. But also,
maybe people just quietly stopped trying and left, who knows.

I run my tor relay inside a Debian KVM on a ProxMox (2C, 8G ram); Ryzen 
5 5500 CPU. No weird setups here.


> (C) The old-school way of handling this was to get a dyndns account and
then set your torrc Address to point to your dyndns hostname. That is,
you run a periodic tool that reaches out to the service and it makes
sure to update the hostname it gives you to match your current address.

I do have a dyndns address that updates an A record on my Cloudflare 
account every 60 seconds, now... where do I put the dyndns address 
inside the torrc file?

https://github.com/timothymiller/cloudflare-ddns

I'll give the dyndns method a shot for now and see if it improves the 
reliability. If it doesn't, I'll investigate it further and see if it's 
actually a bug with tor and not my network :)

Thank you Roger, George & Marco!

-darren

On 9/26/24 3:53 AM, Roger Dingledine wrote:
> On Wed, Sep 25, 2024 at 05:53:35PM +0700, Tor Relay Net Ops via tor-relays wrote:
>> I'm currently running a tor relay on a dynamic IP Address connection,
>> usually my ISP gives me a new address every day or so-
>>
>> Lately [for the past like week or so- /can't remember when it started
>> happening/], I have to manually restart it when my WAN IP Address changes;
>> to get the relay back online- (systemctl restart tor at default)
>>
>> Is there a way to not manually restart tor (besides running a cron script to
>> do so)
>>
>> Tor 0.4.8.12 on Linux
> Hm! It should work. Four thoughts:
>
> (A) What do your logs say? It should be giving you lines like
>
>      log_notice(LD_CONFIG, "External address seen and suggested by a "
>                            "directory authority: %s", fmt_addr(addr));
>
> (A') Actually, what exactly is going wrong? You say you have to restart,
> but, is your relay recognizing a new IP address and publishing even though
> it isn't reachable at that address yet, e.g. because of firewall rules? Or
> is it not even recognizing that the address has changed? Does it recover
> if you wait a while?
>
> (B) We had some relay address detection bugs that got introduced in Tor
> 0.4.5 and never got resolved. So detection is definitely more fragile
> than it was in the 0.4.4 days. I think it mainly affects people running
> their relays inside containers or other weird situations. But also,
> maybe people just quietly stopped trying and left, who knows.
>
> The starting point for investigating those is
> https://gitlab.torproject.org/tpo/core/tor/-/issues/40424
>
> (C) The old-school way of handling this was to get a dyndns account and
> then set your torrc Address to point to your dyndns hostname. That is,
> you run a periodic tool that reaches out to the service and it makes
> sure to update the hostname it gives you to match your current address.
>
> Apparently dyndns has turned from the great free service that it used
> to be into a mess of for-profit scamminess. But the nice people on irc
> point me tohttps://freedns.afraid.org/ as one option that's also been
> around forever and doesn't seem like it's gone scammy yet.
>
> (D) If you investigate it more and you realize you have found a specific
> bug ("it should do this but it does that instead"), please do open a
> gitlab ticket, to help the next person:
> https://gitlab.torproject.org/tpo/core/tor/-/issues/
>
> Thanks!
> --Roger
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240926/d5372bb6/attachment.htm>

More information about the tor-relays mailing list