How long to get peers over Tor? \ stacker news ~bitcoin

pull down to refresh

2955 sats \ 10 comments \ @elvismercury 31 Dec 2024 bitcoin

In advance of Jan 3, I've finally bit the bullet and begun the process of trying to understand aspects of btc infra in depth. One of the things I've done is to install and configure all the stuff on my node manually (vs using a packaged solution); and one of those things is to run the node exclusively over Tor. (Eventually I'd like to run it over VPN with normal networking, but I couldn't figure out how to get the port forwarding to work, so I left that for later.)

My question is: how long does it take to get to a decent peer count over Tor? When I started, I kept getting all kinds of error messages like this:

2024-12-31T15:56:31Z Socks5() connect to mhnicvypkxs3rlz7aen3zycww6yp675csdmxmjbsot7dhjtfxlpyhkad.onion:8333 failed: host unreachable

and spent literally days fucking around with Tor settings, bitcoin.conf settings, etc., and yet this constant flow of "host unreachable" errors.

After a while I decided I needed to step away and take a break, and I just left the node running, and after a couple of days I now have 23 peers, so apparently it is working? Just glacially slowly vs normal networking?

Is this just the expected state of affairs running a node over Tor? Or can something be done to accelerate peer discovery / connection?

view all related items

234 sats \ 1 reply \ @emmanuelrosa 1 Jan

Try seeding with this list: https://github.com/emmanuelrosa/bitcoin-onion-nodes

179 sats \ 0 replies \ @elvismercury OP 1 Jan

This was the super helpful, thank you! What I wound up doing:

get the list of Tor nodes in a text file
write a perl script to pick a random one every few seconds and attempt to connect it via bitcoin-cli
when I get to my desired number of connections, sleep for a minute

This has loaded me up w/ Tor peers, as many as I want, and to keep the connection level where I want it. A lot of those nodes described in that repo are dead, so there's a lot of chaff in there, but enough are still good to make bootstrapping possible. So mission accomplished on that front.

A weird result is that, when I stop the node nicely (w/ bitcoin-cli stop) and then restart it, the peers don't re-load! Not sure wtf is going on there, peers.dat is supposed to save these, I thought. But maybe not for Tor? Or maybe it's using some behind-the-scenes algorithm and only saves them when they've been around long enough, and my testing scenario doesn't trigger it. I could figure this out I'm sure, but don't care enough atm.

Whatever, at least I can solve the Tor problem. Thanks for this suggestion :) Now on to other (VPN) problems :/

227 sats \ 6 replies \ @ek 31 Dec 2024

Eventually I'd like to run it over VPN with normal networking, but I couldn't figure out how to get the port forwarding to work, so I left that for later.)

This is exactly what I did with my own Wireguard VPN for my btc node in the past. This guide might help you.

My question is: how long does it take to get to a decent peer count over Tor? When I started, I kept getting all kinds of error messages like this:

What is a "decent peer count" for you? And do you mean inbound or outbound connections? I used to accept incoming connections and track them. I believe I had on average 60 inbounds connections in total and I think most of them were IPv4. By default, outbound connections are limited to 8 iirc.

and yet this constant flow of "host unreachable" errors.

I think this is not a problem with your node.

0 sats \ 5 replies \ @elvismercury OP 31 Dec 2024

This is exactly what I did with my own Wireguard VPN for my btc node in the past. This guide might help you.

Thank you! I've been banging my head against Wireguard, so this is perfect. I'll check the guide out, that would be amazing if it could help.

What is a "decent peer count" for you?

I figured like 50 peers or so, both inbound/outbound? When I was running ipv4 I could get as many as I'd allow, thus the confusion.

119 sats \ 4 replies \ @ek 31 Dec 2024

Thank you! I've been banging my head against Wireguard, so this is perfect. I'll check the guide out, that would be amazing if it could help.

Depending on your experience with Wireguard and iptables, you might want to start from the first guide. It dives into the details of the networking involved because I struggled for a long time to fully understand how it works under the hood. This guide was essentially my attempt to explain it to myself once and for all, lol. It also includes pictures like this:

33 sats \ 3 replies \ @elvismercury OP 1 Jan

I've read through the guides you linked, and I think they will be very good for building a more sophisticated understanding of iptables and wireguard. I read through the port forwarding guide in particular to figure out if I could do what I want to do, and it's not obvious to me, so I'll just ask you and maybe you'll know.

I have a paid plan with Proton VPN, and their VPN does port forwarding with some natpmp jiggering. But how it works is that Proton will pick a port number and assign it to you. Great, you can forward that! Except bitcoin nodes want port 8333, so I need to get peer nodes to know about whatever port that Proton assigned to me, and have them use that to communicate with me.

Do you know if there's a way to do this? It's not logically impossible (e.g., connect to standard peers, discover lists of peers from them, reach out to candidates saying "hey dude I'm using port 45678" and Bob's your uncle) but I don't know how the peer discovery protocol actually works, so once again I can't tell if I'm screwing something up and that's why I can't get it to work, or if it's literally impossible and cannot be made to work with an arbitrary port number.

218 sats \ 2 replies \ @ek 1 Jan

but I don't know how the peer discovery protocol actually works

Afaik, peers are gossiped around using the addr message, see protocol documentation. This means they'll tell others nodes which nodes they are aware of.

Except bitcoin nodes want port 8333, so I need to get peer nodes to know about whatever port that Proton assigned to me, and have them use that to communicate with me.

I think you are looking for the config option -externalip=<ip>:<port>. It changes the advertised IP address and port. But it might be that nodes prefer connecting to port 8333, at least that I read about that a long time ago. Not sure if still the case.

So in theory, you should be able to set that to the IP address that you have when you're connected to the VPN and curl curl -4 ip.me and to the port Proton assigned to you.

If you use -externalip=<ip>:<port>, -listen=1 and your port forwarding works, you should get incoming connections at some point.

Btw, I created a post in the bitcointalk forum when I did what you're trying to do, maybe the config I posted there helps. But that I am using -discover=1 together with -externalip looks wrong to me now 🤔

edit: found the PR that changed the strong preference to connect to port 8333: https://github.com/bitcoin/bitcoin/pull/23542. so non-default ports should be okay now.

and here's a config generator that might be useful, too: https://jlopp.github.io/bitcoin-core-config-generator

218 sats \ 1 reply \ @ek 1 Jan

~~So in theory, you should be able to set that to the IP address that you have when you're connected to the VPN and curl curl -4 ip.me and to the port Proton assigned to you.~~

Edit timer ran out before I could fix this sentence. Sentence in proper English:

So in theory, you should be able to set that to the IP address that you have when you're connected to the VPN (you can use curl -4 ip.me for that) and to the port Proton assigned to you.

and here:

you should get incoming connections at some point.

I meant specifically inbound IPv4 connections since I assume that's all we're talking about. You have no problems with inbound connections on Tor, right?

I just found in jlopp's config generator under networking that there is -natpmp. I have no experience with NAT-PMP but sounds like it could be useful for your case.

So maybe a network configuration like this could work (replace IP address with the one from Proton)?

# [network]
# Accept incoming connections from peers.
listen=1
# Specify your own public IP address.
externalip=185.159.159.140
# Use NAT-PMP to map the listening port.
natpmp=1

33 sats \ 0 replies \ @elvismercury OP 1 Jan

These are so helpful, @ek, thank you! I'll let you know how it goes.

65 sats \ 0 replies \ @k00b 31 Dec 2024

@eltordev can you help?