Strange proxy issue - connected via same IP as node? #12641

issue Willtech openend this issue on March 8, 2018
  1. Willtech commented at 0:19 am on March 8, 2018: contributor

    v0.16.0 on Fedora 27

    I have configured to use Tor as a proxy but occasionally find nodes that seem to be directly connected. In my bitcoin.conf I have the following:

    proxy=127.0.0.1:9050
    listen=1
    bind=127.0.0.1
    bind=192.168.124.1 {for internal connection from gnome-boxes nodes - public IP is not on this interface}
    

    But, as is shown in the screenshot for node 229 this does not seem to be the case.

    node 229

  2. Willtech commented at 0:25 am on March 8, 2018: contributor
    Could Bitcoin Core be not using the proxy configuration for connection to this node? Could it just be that the exit node is also a bitcoin node? Is Tor smart enough to route directly to the node for a non-onion connection, seems pretty unlikely by chance if that is it?
  3. Willtech commented at 2:25 pm on March 11, 2018: contributor

    And another one:

    node 11

  4. fanquake added the label P2P on Mar 11, 2018
  5. Willtech commented at 8:28 pm on March 22, 2018: contributor

    Here is the getpeerinfo for another one:

    {
        "id": 311,
        "addr": "107.167.177.83:8333",
        "addrlocal": "107.167.177.83:8333",
        "addrbind": "127.0.0.1:34280",
        "services": "000000000000040d",
        "relaytxes": true,
        "lastsend": 1521750282,
        "lastrecv": 1521750285,
        "bytessent": 43112,
        "bytesrecv": 4892225,
        "conntime": 1521724534,
        "timeoffset": -1,
        "pingtime": 1.426842,
        "minping": 0.838064,
        "version": 70015,
        "subver": "/Satoshi:0.16.0/",
        "inbound": false,
        "addnode": false,
        "startingheight": 514672,
        "banscore": 0,
        "synced_headers": 514718,
        "synced_blocks": 514718,
        "inflight": [
        ],
        "whitelisted": false,
        "bytessent_per_msg": {
          "addr": 22060,
          "feefilter": 32,
          "getaddr": 24,
          "getblocktxn": 5730,
          "getdata": 122,
          "getheaders": 1021,
          "headers": 106,
          "ping": 6784,
          "pong": 6880,
          "sendcmpct": 165,
          "sendheaders": 24,
          "verack": 24,
          "version": 140
        },
        "bytesrecv_per_msg": {
          "addr": 37502,
          "blocktxn": 2329675,
          "cmpctblock": 55387,
          "feefilter": 32,
          "headers": 4770,
          "inv": 2450955,
          "ping": 6880,
          "pong": 6784,
          "sendcmpct": 66,
          "sendheaders": 24,
          "verack": 24,
          "version": 126
        }
  6. Willtech commented at 12:22 pm on April 20, 2018: contributor
    @fanquake is there a tag for privacy?
  7. fanquake added the label Privacy on Apr 20, 2018
  8. maflcko commented at 5:30 pm on May 18, 2018: member

    listen=1

    My understanding is that by setting listen, you accept (direct) connections from outside.

  9. Willtech commented at 10:13 am on June 4, 2018: contributor
    @MarcoFalke It only does onion listening on my setup - ports are not forwarded. I think you can see that line: "inbound": false, plus public IP is not available on the bound interfaces.
  10. Willtech commented at 11:09 am on October 9, 2018: contributor

    The issue is still present v0.17.0rc4

     0    "id": 20,
     1    "addr": "35.185.143.8:8333",
     2    "addrlocal": "35.185.143.8:8333",
     3    "addrbind": "127.0.0.1:51578",
     4    "services": "000000000000040d",
     5    "relaytxes": true,
     6    "lastsend": 1539082905,
     7    "lastrecv": 1539082905,
     8    "bytessent": 734070,
     9    "bytesrecv": 1369869,
    10    "conntime": 1539073018,
    11    "timeoffset": 0,
    12    "pingtime": 1.978006,
    13    "minping": 0.866065,
    14    "version": 70015,
    15    "subver": "/Satoshi:0.16.3/",
    16    "inbound": false,
    17    "addnode": false,
    18    "startingheight": 544992,
    19    "banscore": 0,
    20    "synced_headers": 545002,
    21    "synced_blocks": 545002,
    22    "inflight": [
    23    ],
    24    "whitelisted": false,
    25    "bytessent_per_msg": {
    26      "addr": 12360,
    27      "feefilter": 32,
    28      "getaddr": 24,
    29      "getdata": 82494,
    30      "getheaders": 1053,
    31      "inv": 631680,
    32      "ping": 2656,
    33      "pong": 2656,
    34      "reject": 861,
    35      "sendcmpct": 66,
    36      "sendheaders": 24,
    37      "verack": 24,
    38      "version": 140
    39    },
    40    "bytesrecv_per_msg": {
    41      "addr": 33447,
    42      "feefilter": 32,
    43      "headers": 1166,
    44      "inv": 639439,
    45      "notfound": 14254,
    46      "ping": 2656,
    47      "pong": 2656,
    48      "sendcmpct": 66,
    49      "sendheaders": 24,
    50      "tx": 675979,
    51      "verack": 24,
    52      "version": 126
    53    }
    54  },
    

    bitcoin.conf.zip

  11. Jagkree commented at 8:41 am on November 30, 2018: none
    Thank you ผมอยากให้มี 3-4 คน เป็นผู้เข้าร่วมหลักด้วยกัน โดยเฉพาะ คนที่ผมมาฝากprojectนี้คนแรกแล้วก้คนอื่นๆที่ถือร่วมกัน และจะได้มีความปลอดภัยเพิ่มขึ้นด้วย ในกรณีโดนแฮ้กจะได้ช่วยกันได้ทัน ผมจะให้สิทธิ์ ก่อสร้างก่อตั้งร่วมกัน
  12. Willtech commented at 10:44 pm on November 30, 2018: contributor
    Any reply? Will the issue be ever investigated? @TheBlueMatt
  13. Willtech commented at 2:16 pm on April 23, 2019: contributor
    Still an issue in v0.18.0rc4
    I have the following in /etc/tor/torrc EnforceDistinctSubnets 1 and default is 1 anyway. Could it be the tor exit node is the bitcoin node? If it is and can be demonstrated then no issue and this can be closed. Screenshot from 2019-04-24 00-12-18
  14. Willtech commented at 3:27 am on May 9, 2020: contributor
    Still an issue with v18.1 Screenshot from 2020-05-09 13-23-53
  15. sipa commented at 4:17 pm on October 17, 2020: member
    Can you restate the full configuration you’re using including command line options? Any onlynet settings in particular?
  16. Saibato commented at 9:45 pm on October 17, 2020: contributor

    @Willtech @sipa AFAICS since -proxy set all types of addresses even ipv4.6 to route over Tor, what will look like normal ipv4/6 outbound connection in the listview there is nothing special if Tor socks5 outbound is used since we connect directly over the sock5 proxy to the other nodes and the Tor socks proxy has this smart feature to even connect to the seeders names. if u add -onion not much changes since with proxy all is set to route incl onion over Tor even the DNS requests as plain socks5 name resolving at the Tor exit and then node connects to the other node like it was direct over tcp/ip. you wont see a difference.

    So #19358 fixes some proxy setting issues, but i also can not see anything special here. other would be if u set -onlynet=onion and see that,

    Or in case u had also entrys like -seednode=x.x.x.x then u correct to wonder why the nodes does ipv4 if we had set -onlynet=onion that could be and is strange and ugly and could be seen as bug/ But is an other issue not yet fixed and disclosed regarding seeding in general And sure its a mess since that could dox the onions… Maybe i add a fix even for that to the PR so thx fro report/ But please add your full configuration so we could check if that was the reason.

    btw: the main motivation for #19358 was that -torcontrol is overruled by the default proxy and if u set onlynet=ipv4 you could see also Tor onions connected outbound.

  17. Willtech commented at 10:32 pm on October 17, 2020: contributor

    Normal:
    Screenshot from 2020-10-18 09-31-02

    Not normal:
    Screenshot from 2020-10-18 09-31-09

  18. Saibato commented at 10:36 pm on October 17, 2020: contributor
    thx, ah i see, hmm… have to check, whats the reason. btw; this phenomena is also without any use of Tor, so its unrelated to -proxy settings. I check now what conditions must be met to fill the strings with what info and if that;s always the real nodes info or a good fitting guess.
  19. Willtech commented at 10:37 pm on October 17, 2020: contributor
      0# Generated by https://jlopp.github.io/bitcoin-core-config-generator/
      1
      2# This config should be placed in following path:
      3# ~/.bitcoin/bitcoin.conf
      4
      5# [core]
      6# Only download and relay blocks - ignore unconfirmed transaction
      7blocksonly=0
      8
      9# Specify a non-default location to store blockchain and other data.
     10#datadir=
     11
     12# Set database cache size in megabytes; machines sync faster with a larger cache. Recommend setting as high as possible based upon machine's available RAM.
     13dbcache=2048
     14
     15# Keep the transaction memory pool below <n> megabytes.
     16maxmempool=900
     17
     18# Do not keep transactions in the mempool longer than <n> hours.
     19mempoolexpiry=2160
     20
     21# Reduce storage requirements by only storing most recent N MiB of block. This mode is incompatible with -txindex and -rescan. WARNING: Reverting this setting requires re-downloading the entire blockchain. (default: 
     220 = disable pruning blocks, 1 = allow manual pruning via RPC, greater than 550 = automatically prune blocks to stay under target size in MiB).
     23prune=8192
     24
     25# Maintain a full transaction index, used by the getrawtransaction rpc call.
     26#txindex=1
     27
     28
     29# [network]
     30# Add a node IP address to connect to and attempt to keep the connection open. This option can be set multiple times.
     31#addnode=10.0.0.3
     32#seednode=wxvp2d4rspn7tqyu.onion
     33#seednode=bk5ejfe56xakvtkk.onion
     34#seednode=bpdlwholl7rnkrkw.onion
     35#seednode=hhiv5pnxenvbf4am.onion
     36#seednode=4iuf2zac6aq3ndrb.onion
     37#seednode=nkf5e6b7pl4jfd4a.onion
     38#seednode=xqzfakpeuvrobvpj.onion
     39#seednode=tsyvzsqwa2kkf6b2.onion
     40#addnode=seed.bitcoin.sipa.be
     41#addnode=dnsseed.bluematt.me
     42#addnode=dnsseed.bitcoin.dashjr.org
     43#addnode=seed.bitcoinstats.com
     44#addnode=seed.bitcoin.jonasschnelli.ch
     45#addnode=seed.btc.petertodd.org
     46#addnode=bitcoin.everynothing.net
     47#addnode=gyn2vguc35viks2b.onion
     48#addnode=kvd44sw7skb5folw.onion
     49#addnode=nkf5e6b7pl4jfd4a.onion
     50#addnode=yu7sezmixhmyljn4.onion
     51#addnode=3ffk7iumtx3cegbi.onion
     52#addnode=3nmbbakinewlgdln.onion
     53#addnode=4j77gihpokxu2kj4.onion
     54#addnode=546esc6botbjfbxb.onion
     55#addnode=5at7sq5nm76xijkd.onion
     56#addnode=77mx2jsxaoyesz2p.onion
     57#addnode=7g7j54btiaxhtsiy.onion
     58#addnode=a6obdgzn67l7exu3.onion
     59#addnode=ab64h7olpl7qpxci.onion
     60#addnode=am2a4rahltfuxz6l.onion
     61#addnode=azuxls4ihrr2mep7.onion
     62#addnode=bitcoin7bi4op7wb.onion
     63#addnode=bitcoinostk4e4re.onion
     64#addnode=bk7yp6epnmcllq72.onion
     65#addnode=bmutjfrj5btseddb.onion
     66#addnode=ceeji4qpfs3ms3zc.onion
     67#addnode=clexmzqio7yhdao4.onion
     68#addnode=gb5ypqt63du3wfhn.onion
     69#addnode=h2vlpudzphzqxutd.onion
     70#addnode=n42h7r6oumcfsbrs.onion:4176
     71#addnode=ncwk3lutemffcpc4.onion
     72#addnode=okdzjarwekbshnof.onion
     73#addnode=pjghcivzkoersesd.onion
     74#addnode=rw7ocjltix26mefn.onion
     75#addnode=uws7itep7o3yinxo.onion
     76#addnode=vk3qjdehyy4dwcxw.onion
     77#addnode=vqpye2k5rcqvj5mq.onion
     78#addnode=wpi7rpvhnndl52ee.onion
     79
     80# Threshold for disconnecting misbehaving peers.
     81banscore=10
     82
     83# Number of seconds to keep misbehaving peers from reconnecting.
     84bantime=31535968
     85
     86# Bind to given address and always listen on it. Use [host]:port notation for IPv6.
     87bind=127.0.0.1
     88#bind=192.168.1.100
     89
     90# Maintain at most N connections to peers.
     91maxconnections=20
     92# Connect through <ip:port> SOCKS5 proxy.
     93proxy=127.0.0.1:9050
     94# Use separate SOCKS5 proxy <ip:port> to reach peers via Tor hidden services.
     95onion=127.0.0.1:9050
     96# Use only Onion
     97# onlynet=onion
     98
     99# Bind to given address and whitelist peers connecting to it. Use [host]:port notation for IPv6.
    100#whitebind=192.168.124.1:8333
    101
    102# Tries to keep outbound traffic under the given target (in MiB per 24h), 0 = no limit.
    103maxuploadtarget=500
    104
    105# [debug]
    106
    107# Log IP Addresses in debug output.
    108logips=1
    109
    110# [wallet]
    111# Do not load the wallet and disable wallet RPC calls.
    112#disablewallet=1
    113#addresstype=legacy
    114# Bech32
    115changetype=bech32
    
  20. Willtech commented at 10:54 pm on November 25, 2021: contributor
    This is still an issue in v0.21.2 image This is with socks proxy configured.
  21. geovex commented at 9:12 pm on November 20, 2022: none

    For those, who still interested. I had these: image But monitoring my connections with ss shows only tor-proxy connections.

    However be aware that addnode or connect can bypass proxy.

  22. Willtech commented at 2:58 pm on December 11, 2022: contributor
    Woluld it be too much to consider if the application does this by design to attempt not to be trapped in a netsplit? I would find it an acceptable answer just bad for privacy.
  23. Willtech closed this on Dec 11, 2022

  24. Willtech commented at 2:58 pm on December 11, 2022: contributor
    I don’t know why it closed…?
  25. bitcoin locked this on Dec 11, 2023

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-21 15:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me