[tor-dev] Why is my bridge not publishing statistics?

[David Fifield]

I searched for the Snowflake bridge in Atlas, and couldn't find it. Its
fingerprint is 2B280B23E1107BB62ABFC40DDCC8824814F80A72. Its torrc is
stock "Last updated 9 October 2013 for Tor 0.2.5.2-alpha" except for
these settings:
ContactInfo David Fifield 
SOCKSPort 0
ORPort 9001
BridgeRelay 1
ExtORPort auto
ServerTransportPlugin snowflake exec /usr/local/bin/snowflake-server 
--acme-hostnames snowflake.bamsoftware.com --acme-email d...@torproject.org 
--log /var/log/tor/snowflake-server.log
ServerTransportListenAddr snowflake 0.0.0.0:443

Its ORPort 9001 is blocked by the local firewall, because it is meant to
be only a Snowflake bridge, and not a vanilla bridge. (Most of the
default Tor Browser obfs4 bridges are configured the same way, with
their ORPort blocked.) There are these messages in the log (which I
exxpected):
[warn] Your server (37.218.242.151:9001) has not managed to confirm 
that its ORPort is reachable. Please check your firewalls, ports, address, 
/etc/hosts file, etc.

Why is the bridge not appearing in Atlas? I initially suspected
https://bugs.torproject.org/18050, whose changelog entry is:
- Check that both the ORPort and DirPort (if present) are reachable
  before publishing a relay descriptor. Otherwise, relays publish a
  descriptor with DirPort 0 when the DirPort reachability test takes
  longer than the ORPort reachability test.
  Closes bug #18050. Reported by "starlight", patch by "teor".
  Bugfix on 0.1.0.1-rc, commit a1f1fa6ab on 27 Feb 2005.
But if it's the case that an unreachable ORPort causes descriptors not
to be uploaded, then why do the default obfs4 bridges appear in Atlas?
For example:

https://atlas.torproject.org/#details/D9C805C955CB124D188C0D44F271E9BE57DE2109

https://atlas.torproject.org/#details/D3D4A456FCB5F301F092F6A49ED671B84B432FB8

https://atlas.torproject.org/#details/11A3982C417AF37230F576006405BE5338F41C09
Actually, now that I look at it, I notice some other default bridges are
not present in Atlas, for example the two from
https://bugs.torproject.org/21917, which went out in Tor Browser 6.5.2:
C8CBDB2464FC9804A69531437BCF2BE31FDD2EE4
0BAC39417268B96B9F514E7F63FA6FBA1A788955

What's going on and how can we fix it? You can find a list of default
bridge fingerprints here:
https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/Bundle-Data/PTConfigs/bridge_prefs.js
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] making sure I configure OutboundBindAddressExit correctly

[nusenu]

Hello teor,




teor:
> If you don't specify OutboundBindAddressOR [IPv6], any IPv6 connections
> a relay makes will go via the OS routing table, which may use the same
> address as OutboundBindAddressExit.

Thank you for this input, I added an OutboundBindAddress line (without
"OR") for IPv6 as well (IPv6 ORPort line is already in place).

https://github.com/nusenu/ansible-relayor/commit/d708e9c85963455de1975a0af4e30414f7118ec0


> Also, the documentation is unclear, and we need to fix it:
> https://trac.torproject.org/projects/tor/ticket/22145

That was me filing that ticket.


thanks,
nusenu


-- 
https://mastodon.social/@nusenu
https://twitter.com/nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev