[tor-relays] Standalone snowflake proxy re-testing as restricted

Hey there,

I have been running a standalone snowflake proxy for quite some time now. First in a docker container, but now in its own linux container to have more control over it myself. This has worked out great so far with an ephemeral-ports-range of 200 ports. Those are forwarded to the linux container in my router.

Since a few days, I noticed a big drop in connections per hour. I restarted the proxy and it tested as restricted even though all ports are properly forwarded and I see the UDP packets reaching the machine via tcpdump. After several restarts, I finally got it to confirm unrestricted but 6 hours later (default re-test period?), its restricted again.

Just to rule out the obvious, is it only me having this problem? I'm building from source and git log says:

commit f940d7d6efe423c4d7a901a33d34bb51086b4a41
chore(deps): update module github.com/pion/ice/v4 to v4.0.3

I wonder if this is a problem of my local setup or a bug snowflake itself. Any ideas?

Best regards,
0x5fcfbd30

ยทยทยท

Date: Tue Nov 26 16:19:49 2024 +0000
_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org

We've had several reports about the NAT check being inconsistent since we upgraded and re-installed the Snowflake broker[0], it seems it's not just you having this problem. I've opened an issue to look into it[1]. Thanks for reaching out about this.

[0] Upgrade snowflake broker machine from Debian 10 (#40349) ยท Issues ยท The Tor Project / Anti-censorship / Pluggable Transports / Snowflake ยท GitLab
[1] Investigate reported inconsistencies with probetest since upgrade (#40419) ยท Issues ยท The Tor Project / Anti-censorship / Pluggable Transports / Snowflake ยท GitLab

ยทยทยท

On 2024-11-29 08:56, 0x5fcfbd30--- via tor-relays wrote:

Hey there,

I have been running a standalone snowflake proxy for quite some time now. First in a docker container, but now in its own linux container to have more control over it myself. This has worked out great so far with an ephemeral-ports-range of 200 ports. Those are forwarded to the linux container in my router.

Since a few days, I noticed a big drop in connections per hour. I restarted the proxy and it tested as restricted even though all ports are properly forwarded and I see the UDP packets reaching the machine via tcpdump. After several restarts, I finally got it to confirm unrestricted but 6 hours later (default re-test period?), its restricted again.

Just to rule out the obvious, is it only me having this problem? I'm building from source and git log says:

commit f940d7d6efe423c4d7a901a33d34bb51086b4a41
Date: Tue Nov 26 16:19:49 2024 +0000
chore(deps): update module github.com/pion/ice/v4 to v4.0.3

I wonder if this is a problem of my local setup or a bug snowflake itself. Any ideas?

Best regards,
0x5fcfbd30
_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org

_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org

1 Like

Cecylia Bocovich wrote:

We've had several reports about the NAT check being inconsistent since
we upgraded and re-installed the Snowflake broker[0], it seems it's not
just you having this problem. I've opened an issue to look into it[1].

Thanks for the confirmation. Meanwhile, I was getting verbose logging while doing several restarts. Most of them ended up in a timeout waiting for the probe test to open a data channel:

2024/11/29 19:29:48 Waiting for a test WebRTC connection with NAT check probe server to establish...
2024/11/29 19:29:48 NAT check: WebRTC: OnConnectionStateChange: connecting
2024/11/29 19:29:49 NAT check: WebRTC: OnConnectionStateChange: connected
2024/11/29 19:29:49 WebRTC: DataChannel.OnClose
2024/11/29 19:29:49 NAT check: WebRTC: OnConnectionStateChange: closed

while a successful attempt logs like that:
2024/11/29 19:16:38 Waiting for a test WebRTC connection with NAT check probe server to establish...
2024/11/29 19:16:38 NAT check: WebRTC: OnConnectionStateChange: connecting
2024/11/29 19:16:39 NAT check: WebRTC: OnConnectionStateChange: connected
*2024/11/29 19:16:39 WebRTC: DataChannel.OnOpen*
2024/11/29 19:16:39 Test WebRTC connection with NAT check probe server established! This means our NAT is unrestricted!
2024/11/29 19:16:39 NAT Type measurement: unknown -> unrestricted
2024/11/29 19:16:39 WebRTC: DataChannel.OnClose
2024/11/29 19:16:39 NAT type: unrestricted
2024/11/29 19:16:39 NAT check: WebRTC: OnConnectionStateChange: closed

To me this looks like webRTC connection is successful, however, DataChannel never reaches the OnOpen but straight the OnClose signal. Looking through the proxy code, I have no idea, why that could happen, but I'm by no means an expert in WebRTC.
Anyway, I hope it helps to diagnose the problem further. Meanwhile, I disabled rechecking and simply try until I get lucky during the NAT testing.

ยทยทยท

_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org

1 Like