ORPort reachability for private Tor network

Zach · October 6, 2023, 4:44am

Hello,

I am trying to build a private Tor network for testing purposes. I am running into an issue where I cannot construct circuits. I am wondering if this is due to my ORPort being unreachable due to using private IP addresses. This is the output I am getting on one of my relays:

Oct 05 16:31:18.218 [notice] Tor 0.4.7.13 opening new log file.
Oct 05 16:31:18.204 [notice] We compiled with OpenSSL 30000070: OpenSSL 3.0.7 1 Nov 2022 and we are running with OpenSSL 30000080: 3.0.8. These two versions should be binary compatible.
Oct 05 16:31:18.211 [notice] Tor 0.4.7.13 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.8, Zlib 1.2.13, Liblzma 5.4.1, Libzstd 1.5.4 and Glibc 2.37 as libc.
Oct 05 16:31:18.211 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Oct 05 16:31:18.211 [warn] Tor was compiled with zstd 1.5.2, but is running with zstd 1.5.4. For safety, we'll avoid using advanced zstd functionality.
Oct 05 16:31:18.211 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 05 16:31:18.211 [notice] Read configuration file "/etc/tor/torrc".
Oct 05 16:31:18.216 [warn] Empty bandwidth file
Oct 05 16:31:18.216 [notice] Based on detected system memory, MaxMemInQueues is set to 2843 MB. You can override this by setting MaxMemInQueues by hand.
Oct 05 16:31:18.216 [warn] You have used DirAuthority or AlternateDirAuthority to specify alternate directory authorities in your configuration. This is potentially dangerous: it can make you look different from all other Tor users, and hurt your anonymity. Even if you've specified the same authorities as Tor uses by default, the defaults could change in the future. Be sure you know what you're doing.
Oct 05 16:31:18.216 [warn] TestingTorNetwork is set. This will make your node almost unusable in the public Tor network, and is therefore only advised if you are building a testing Tor network!
Oct 05 16:31:18.217 [notice] Opening Socks listener on 127.0.0.1:9050
Oct 05 16:31:18.217 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9050
Oct 05 16:31:18.217 [notice] Opening Control listener on 127.0.0.1:9151
Oct 05 16:31:18.217 [notice] Opened Control listener connection (ready) on 127.0.0.1:9151
Oct 05 16:31:18.217 [notice] Opening OR listener on 0.0.0.0:443
Oct 05 16:31:18.217 [notice] Opened OR listener connection (ready) on 0.0.0.0:443
Oct 05 16:31:18.217 [notice] Opening OR listener on [::]:443
Oct 05 16:31:18.217 [notice] Opened OR listener connection (ready) on [::]:443
Oct 05 16:31:18.217 [notice] Opening Directory listener on 0.0.0.0:80
Oct 05 16:31:18.217 [notice] Opened Directory listener connection (ready) on 0.0.0.0:80
Oct 05 16:31:18.219 [warn] Your log may contain sensitive information - you disabled SafeLogging. Don't log unless it serves an important reason. Overwrite the log afterwards.
Oct 05 16:31:18.219 [notice] Not disabling debugger attaching for unprivileged users.
Oct 05 16:31:19.243 [notice] Your Tor server's identity key  fingerprint is 'relay1 6F92C3E3C2BAC359369628C3FA716BD9387C6C6C'
Oct 05 16:31:19.243 [notice] Your Tor server's identity key ed25519 fingerprint is 'relay1 VonA1Sg6WmJ8AiLwg3b+BJmsVOAQ0KjVoe93vssHu/U'
Oct 05 16:31:19.243 [warn] Cannot open fingerprint file '/var/lib/tor/approved-routers'. That's ok.
Oct 05 16:31:19.289 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Oct 05 16:31:19.493 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Oct 05 16:31:19.727 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Oct 05 16:31:19.728 [notice] Bootstrapped 0% (starting): Starting
Oct 05 16:31:20.269 [notice] Starting with guard context "default"
Oct 05 16:31:20.269 [warn] No available nodes when trying to choose node. Failing.
Oct 05 16:31:20.279 [warn] Could not read your DNS config from '/dev/null' - please investigate your DNS configuration. This is possibly a problem. Meanwhile, falling back to local DNS at 127.0.0.1.
Oct 05 16:31:20.279 [notice] Signaled readiness to systemd
Oct 05 16:31:21.280 [warn] No available nodes when trying to choose node. Failing.
Oct 05 16:31:21.280 [notice] Opening Control listener on /run/tor/control
Oct 05 16:31:21.281 [notice] Opened Control listener connection (ready) on /run/tor/control
Oct 05 16:31:21.318 [warn] No available nodes when trying to choose node. Failing.
Oct 05 16:31:22.288 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Oct 05 16:31:22.288 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Oct 05 16:31:22.288 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Oct 05 16:31:22.288 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Oct 05 16:31:22.364 [notice] Bootstrapped 100% (done): Done
Oct 05 16:31:22.364 [notice] Now checking whether IPv4 ORPort 10.0.0.114:443 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Oct 05 16:31:24.296 [warn] Could not find a node that matches the configured _HSLayer2Nodes set
Oct 05 16:31:24.296 [notice] Failed to find node for hop #2 of our path. Discarding this circuit.
Oct 05 16:31:24.296 [notice] Our circuit 0 (id: 5) died due to an invalid selected path, purpose Hidden service: Pre-built vanguard circuit. This may be a torrc configuration issue, or a bug.
Oct 05 16:31:25.297 [notice] Failed to find node for hop #2 of our path. Discarding this circuit.
Oct 05 16:31:26.303 [notice] Failed to find node for hop #2 of our path. Discarding this circuit.
Oct 05 16:31:27.305 [notice] Failed to find node for hop #2 of our path. Discarding this circuit.
Oct 05 16:31:28.312 [notice] Failed to find node for hop #2 of our path. Discarding this circuit.

I noticed that I am getting this warning on all relays:

Oct 05 20:51:24.322 [warn] Your server has not managed to confirm reachability for its ORPort(s) at 10.0.0.114:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.

How can I make my ORPort reachable if I am using private IP addresses in a Testing Tor network?

I have the TestingTorNetwork flag set to 1 in my torrc file, which should allow private IP addresses, so I am not sure why this isn’t working. Without my ORPort reachable, I don’t believe my relays can publish descriptors, which may be leading to the failure when constructing circuits.

If anyone has any advice on how to correct this, I would greatly appreciate it : D

Vort · October 6, 2023, 8:10am

I do not know exact answer to your question, but you may look at how Chutney works and search for differences between configurations.

NoOp21 · October 13, 2023, 1:55pm

Maybe AssumeReachable 1 is what you want?

This option is used when bootstrapping a new Tor network. If set to 1, don’t do self-reachability testing; just upload your server descriptor immediately. (Default: 0)

system · October 14, 2023, 8:11pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.