Your server has not managed to confirm reachability for its ORPort(s) at <redacted>:443 and [<redacted>]:443

nithin · August 15, 2024, 10:04am

I’m trying to setup a non-exit tor relay at home and but I am getting the message Your server has not managed to confirm reachability for its ORPort(s) at <redacted>:443 and [<redacted>]:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.

the complete notice log file is as below:

Aug 15 09:50:41.000 [notice] Tor 0.4.8.12 opening log file.
Aug 15 09:50:41.043 [notice] We compiled with OpenSSL 300000b0: OpenSSL 3.0.11 19 Sep 2023 and we are running with OpenSSL 300000d0: 3.0.13. These two versions should be binary compatible.
Aug 15 09:50:41.000 [warn] Your log may contain sensitive information - you're logging more than "notice". Don't log unless it serves an important reason. Overwrite the log afterwards.
Aug 15 09:50:41.000 [notice] Your Tor server's identity key fingerprint is '<redacted> <redacted>'
Aug 15 09:50:41.000 [notice] Your Tor server's identity key <redacted> fingerprint is '<redacted> <redacted>'
Aug 15 09:50:41.000 [notice] Configured hibernation. This interval begins at <redacted> and ends at <redacted>. We have no prior estimate for bandwidth, so we will start out awake and hibernate when we exhaust our quota.
Aug 15 09:50:41.000 [notice] Configured to measure directory request statistics, but no GeoIP database found. Please specify a GeoIP database using the GeoIPFile option.
Aug 15 09:50:41.000 [notice] Bootstrapped 0% (starting): Starting
Aug 15 09:50:42.000 [notice] Starting with guard context "default"
Aug 15 09:50:51.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Aug 15 09:50:51.000 [notice] Opening Control listener on /run/tor/control
Aug 15 09:50:51.000 [notice] Opened Control listener connection (ready) on /run/tor/control
Aug 15 09:50:51.000 [notice] Unable to find IPv4 address for ORPort 443. You might want to specify IPv6Only to it or set an explicit address or set Address.
Aug 15 09:50:51.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Aug 15 09:50:51.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Aug 15 09:50:52.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Aug 15 09:50:52.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Aug 15 09:50:52.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Aug 15 09:50:52.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Aug 15 09:50:52.000 [notice] External address seen and suggested by a directory authority: <redacted>
Aug 15 09:50:53.000 [notice] Bootstrapped 100% (done): Done
Aug 15 09:51:51.000 [notice] Not advertising Directory Service support (Reason: AccountingMax enabled)
Aug 15 09:51:51.000 [notice] Now checking whether IPv4 ORPort <redacted>:443 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Aug 15 09:51:51.000 [notice] Now checking whether IPv6 ORPort [<redacted>]:443 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Aug 15 10:05:55.000 [notice] Your network connection speed appears to have changed. Resetting timeout to 60000ms after 18 timeouts and 141 buildtimes.
Aug 15 10:10:51.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at <redacted>:443 and [<redacted>]:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Aug 15 10:30:51.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at <redacted>:443 and [<redacted>]:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.

my torrc config is as below:

Log notice file /var/log/tor/notices.log
Log debug file /var/log/tor/debug.log
Nickname <redacted>
RelayBandwidthRate 10 MB  
RelayBandwidthBurst 15 MB
AccountingMax 100 GB
AccountingStart month 15 15:00
ContactInfo <redacted> <redaccted email address>
ExitPolicy reject *:* # no exits allowed
ExitRelay   0
SocksPort   0

I’m using MX linux and below is the system info:

[CODE]System:
  Kernel: 6.4.0-1mx-ahs-amd64 [6.4.4-1~mx23+1] arch: x86_64 bits: 64 compiler: gcc v: 12.2.0
    parameters: BOOT_IMAGE=/boot/vmlinuz-6.4.0-1mx-ahs-amd64 root=UUID=<filter> ro quiet splash
  Desktop: Xfce v: 4.18.1 tk: Gtk v: 3.24.36 info: xfce4-panel wm: xfwm v: 4.18.0 vt: 7
    dm: LightDM v: 1.26.0 Distro: MX-23.3_ahs_x64 Libretto July 31  2023 base: Debian GNU/Linux 12
    (bookworm)

The default firewall enabled in MX linux is Gufw which has the below config in its default profile

[fwBasic]
status = enabled
incoming = deny
outgoing = allow
routed = disabled

Any help/direction/guidance on what is the mistake or what steps are needed would be of great help.

gus · August 15, 2024, 2:12pm

Aug 15 09:50:51.000 [notice] Unable to find IPv4 address for ORPort 443.

Please make sure to include your relay’s ORPort in your torrc:

ORPort 443 IPv4Only

Restart your Tor relay.

Test if your IP:ORPort is reachable from outside:

$ telnet your-ip orport

nithin · August 16, 2024, 8:40am

Thank you Gus for your suggestions. The issue still persists.

I have made ORPort 443 IPv4Only.

My torrc is as below:

Log notice file /var/log/tor/notices.log
Log debug file /var/log/tor/debug.log
ORPort 443 IPv4Only
RelayBandwidthRate 10 MB  
RelayBandwidthBurst 15 MB
ExitPolicy reject *:* # no exits allowed
ExitRelay   0
SocksPort   0

notice logs are as below:

Aug 16 11:16:11.000 [notice] Tor 0.4.8.12 opening log file.
Aug 16 11:16:11.776 [notice] We compiled with OpenSSL 300000b0: OpenSSL 3.0.11 19 Sep 2023 and we are running with OpenSSL 300000d0: 3.0.13. These two versions should be binary compatible.
Aug 16 11:16:11.000 [warn] Your log may contain sensitive information - you're logging more than "notice". Don't log unless it serves an important reason. Overwrite the log afterwards.
Aug 16 11:16:12.000 [notice] Configured to measure directory request statistics, but no GeoIP database found. Please specify a GeoIP database using the GeoIPFile option.
Aug 16 11:16:12.000 [notice] Your Tor server's identity key fingerprint is '<redacted> <redacted>'
Aug 16 11:16:12.000 [notice] Your Tor server's identity key <redacted> fingerprint is '<redacted> <redacted>'
Aug 16 11:16:12.000 [notice] Bootstrapped 0% (starting): Starting
Aug 16 11:16:13.000 [notice] Starting with guard context "default"
Aug 16 11:16:22.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Aug 16 11:16:22.000 [notice] Opening Control listener on /run/tor/control
Aug 16 11:16:22.000 [notice] Opened Control listener connection (ready) on /run/tor/control
Aug 16 11:16:22.000 [notice] Unable to find IPv4 address for ORPort 443. You might want to specify IPv6Only to it or set an explicit address or set Address.
Aug 16 11:16:22.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Aug 16 11:16:23.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Aug 16 11:16:23.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Aug 16 11:16:23.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Aug 16 11:16:23.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Aug 16 11:16:23.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Aug 16 11:16:24.000 [notice] Bootstrapped 100% (done): Done
Aug 16 11:37:23.000 [notice] External address seen and suggested by a directory authority: <redacted>
Aug 16 11:56:22.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at <redacted>:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.

For telnet <ip-address> <port> I am getting a timeout error

$ telnet <redacted> 443
Trying <redacted>...



telnet: Unable to connect to remote host: Connection timed out

Is there any way to further diagnosis? Happy to provide more information from my side.

RandoRelayOperator · August 19, 2024, 2:47pm

This 100% sounds like a port forwarding issue. You need to enable it in your router’s settings.
Wikihow: https://www.wikihow.com/Set-Up-Port-Forwarding-on-a-Router

Howtogeek: https://www.howtogeek.com/66214/how-to-forward-ports-on-your-router/

Torceror · August 20, 2024, 11:40am

Your firewall is blocking Tor with “incoming = deny”.

I have not used GUFW / UFW in a few years, but I documented the following for allowing Tor relay ingress:
sudo ufw allow in 443/tcp
sudo ufw disable && sudo ufw enable

You can toggle logging on/off using the appropriate command:
sudo ufw logging on
sudo ufw logging off