Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Onlynet=ipv4 disables Tor advertisements #25336

Open
kroese opened this issue Jun 11, 2022 · 5 comments
Open

Onlynet=ipv4 disables Tor advertisements #25336

kroese opened this issue Jun 11, 2022 · 5 comments
Labels
Bug

Comments

@kroese
Copy link

kroese commented Jun 11, 2022
edited

I want my node to accept inbound IPv4 and Tor connections, but not make any outbound Tor connections. So I set:

listen=1
server=1
onlynet=ipv4
onion=x.x.x.x:9050
externalip=x.x.x.x
externalip=xxx.onion

I expect that onlynet will limit the outgoing connections to IPv4 only, and onion combined with externalip allow for Tor incoming connections.

Actual behavior

Tor gets completely disabled:

    {
      "name": "onion",
      "limited": true,
      "reachable": false,
      "proxy": "x.x.x.x:9050"
    }

Limited is true and reachable is false. Also it does not advertise the onion address, just the IPv4:

  "localaddresses": [
    {
      "address": "x.x.x.x",
      "port": 8333,
      "score": 270
    }
    ]

As soon as I remove the onlynet flag, Tor starts working and the address gets advertised.

It seems this behaviour is conflicting with the documentation (which state that onlynet affects outbound only).

So is this a bug and if not, how can I reach my goal of limiting outbound to non-tor addresses?
@kroese kroese added the Bug label Jun 11, 2022
@kroese kroese changed the title Onlynet=ipv4 disables incoming Tor Onlynet=ipv4 disables Tor Jun 11, 2022
@fjahr
Copy link
Contributor

fjahr commented Jul 24, 2022

@kroese Have you checked that there are really no incoming connections from onion peers? I think this should be already working as you would like it to, but the RPC responses that you are seeing may be confusing. "reachable" false means only not reachable in the context of outbound, I think. And that the onion address is not in "localaddresses" seems to be the same issue noted in #25669.

@fjahr fjahr mentioned this issue Jul 24, 2022
Closed
@vasild vasild mentioned this issue Jul 28, 2022
Closed
@vasild
Copy link
Contributor

vasild commented Jul 28, 2022
edited

onion= is only used to specify the SOCKS5 proxy for making outgoing connections to the Tor network. Because you do not want that you do not need to specify this option.

Just -externalip should suffice to achieve your goal (or -externalip plus -torcontrol and -torpassword but I guess you already have those or the defaults work for you).

There are two ways to create a Tor service (for accepting incoming connections on the Tor network):

  1. Automatically using the Tor control API, I guess this is already happening in your case because you say "Tor starts working...". If bitcoind cannot find the Tor control, you would need to specify -torcontrol and -torpassword. See Automatically create a Bitcoin Core onion service in doc/tor.md.
  2. Manually, by configuring the Tor daemon, described in Manually create a Bitcoin Core onion service.

And finally - you have found a bug! It will hopefully be resolved by #24835. -onlynet is supposed to only affect outgoing connections, but subtly, it also affects -externalip in a way that addresses supplied to -externalip are ignored if -onlynet is given and does not list the network of those addresses.

@fjahr is right - the RPC output is confusing because reachable is only in the context of outbound. You should be able to get incoming Tor connections even now, but your Tor address is not advertised to the network, so nobody knows about it, which could be a reason why you do not see any incoming Tor connections.

@kroese kroese changed the title Onlynet=ipv4 disables Tor Onlynet=ipv4 disables Tor advertisements Jul 28, 2022
@kroese
Copy link
Author

kroese commented Jul 28, 2022
edited

@vasild Thanks for the confirmation. I described the issue not right, because I didn't mean to say that it disables the incoming Tor connections (which would be impossible, because the tor proxy is a seperate process), but just that onlynet disables the address advertisements for Tor, which was unexpected because onlynet should only affect outbound connections. Good to hear that this bug is on the list to be resolved.

For the other issue (limiting outbound to IPv4) I agree with you that it would make much more sense if I just leave out the onion= line. That would have made it unnecessary to use onlynet in the first place.

@fjahr That issue seems very similar. Only in my case Im setting onion= explicitly, and still have my externaladdress ignored. But it could be that because onlynet is set, the end-result is the same is not setting onion= at all. In that case my issue is a duplicate of #25669

@vasild
Copy link
Contributor

vasild commented Jul 28, 2022

if I just leave out the onion= line

If bitcoind manages to find the Tor control, it will ask it where is the SOCKS5 proxy and will enable outgoing connections to Tor peers via it. To prevent that you need to either set -onion=0 or -onlynet=...values.other.than.onion...

@kroese
Copy link
Author

kroese commented Jul 28, 2022
edited

If bitcoind manages to find the Tor control, it will ask it where is the SOCKS5 proxy and will enable outgoing connections to Tor peers via it. To prevent that you need to either set -onion=0 or -onlynet=...values.other.than.onion...

Thanks, but I was not using torcontrol= at all (but a manually configured service).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@vasild @fjahr @kroese and others