Incoming connections over Tor

[defa1]

I want to accept incoming connections to my node while running everything over Tor to shield my IP. I'm running Core on a Pi, ufw is inactive and I have no open ports on my router (I read this is not necessary to accept incoming connections over Tor?). My node has been running and fully synced for days but still only has the standard 10 outgoing connections and 0 incoming

In the debug.log file I can find the following lines (xxxxxxxx being a v3 onion address):

tor: Got service ID xxxxxxxx, advertising service xxxxxxxx.onion:8333
AddLocal(xxxxxxxxx.onion:8333,4)

My bitcoin.conf file has the following lines:

disablewallet=1
proxy=127.0.0.1:9050
bind=127.0.0.1
listen=1

and my torrc has the following lines:

ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

Anybody have an idea?
Thanks

[1713951810]

1713951810

[1713951810]

1713951810

[1713951810]

1713951810

[NotATether]

ufw is inactive and I have no open ports on my router (I read this is not necessary to accept incoming connections over Tor?).

This is not correct. You cannot get any incoming peers if your peer gossiping port is blocked. You need to open port 8333 on your firewall and then you should get incoming peers.

[ranochigo]

This is not correct. You cannot get any incoming peers if your peer gossiping port is blocked. You need to open port 8333 on your firewall and then you should get incoming peers.

It's Tor. It doesn't have anything to do with your local firewall and portforwarding should not be needed, you're binding your listening service to Tor. It would be necessary for clearnet, which is not what OP is trying to achieve here.

OP, try manually setting up the service and see if it works: https://github.com/bitcoin/bitcoin/blob/master/doc/tor.md#3-manually-create-a-bitcoin-core-onion-service.

[NotATether]

This is not correct. You cannot get any incoming peers if your peer gossiping port is blocked. You need to open port 8333 on your firewall and then you should get incoming peers.

It's Tor. It doesn't have anything to do with your local firewall and portforwarding should not be needed, you're binding your listening service to Tor. It would be necessary for clearnet, which is not what OP is trying to achieve here.

But if all the ports are blocked in the firewall, won't this catch the port Tor is using too? Like 9050 (though I doubt that particular one because it's bound to localhost) or 9051 in OP's case.

[ranochigo]

But if all the ports are blocked in the firewall, won't this catch the port Tor is using too? Like 9050 (though I doubt that particular one because it's bound to localhost) or 9051 in OP's case.

It shouldn't. The port (9050) that Tor uses is a local port for Bitcoin Core to be binded to. It doesn't make sense to portforward it unless you're expecting any data to be transferred through the clearnet. Having both of those ports blocked should still be fine, that is actually my current configuration with none of those being portforwarded.

[defa1]

OP, try manually setting up the service and see if it works: https://github.com/bitcoin/bitcoin/blob/master/doc/tor.md#3-manually-create-a-bitcoin-core-onion-service.

I changed torrc and bitcoin.conf to the following with the externalip coming from /var/lib/tor/bitcoin-service/hostname

HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServicePort 8333 127.0.0.1:8334

disablewallet=1
proxy=127.0.0.1:9050
bind=127.0.0.1
listen=1
externalip=xxxxxxxxxxxx.onion

I had 0 connections, after reboot I'm back to having 10 outgoing. I checked the log and and I see several lines like this (with x.x.x.x being some IP):

Socks5() connect to x.x.x.x:8333 failed: connection refused
Socks5() connect to x.x.x.x:8333 failed: general failure

Not sure if it's relevant.

[defa1]

Have you tried running Bitcoin Core on another device (VirtualBox also works) and configure it only connect to your current full node? While it's unlikely, it's possible that all node chose another node rather than yours. You can do it by adding -connect=<ip> when you run Bitcoin Core through terminal.

I have Virtual Box installed but looks like some updates broke it, I need to sign 3 kernel modules before using VB and this is currently beyond my skill level (running Linux)

[defa1]

Have you tried running Bitcoin Core on another device (VirtualBox also works) and configure it only connect to your current full node? While it's unlikely, it's possible that all node chose another node rather than yours. You can do it by adding -connect=<ip> when you run Bitcoin Core through terminal.

I have Virtual Box installed but looks like some updates broke it, I need to sign 3 kernel modules before using VB and this is currently beyond my skill level (running Linux)

That's problematic, i don't have such skill either. By any chance, do you use rolling-release linux distro? It tends to broke some application.
Usually i would just install older version which running properly or use older kernel version.

No Ubuntu 20.04, but I upgraded the kernel to 5.8.0-50-generic. A few days ago I updated and got a message about configuring Secure Boot, had to choose a password that I had to enter after rebooting, etc...
I'll ask some people if they can help me with this.

[defa1]

Is there anyone else here that runs Bitcoin Core as a hidden service? I really would like to contribute to the network by allowing incoming connections over Tor.

[Rath_]

Is there anyone else here that runs Bitcoin Core as a hidden service? I really would like to contribute to the network by allowing incoming connections over Tor.

Bitcoin Core 0.21 introduced Torv3 addresses and made them default. BIP155 was needed so that other nodes could gossip Torv3 addresses across the network. Unfortunately, since it was introduced in the same release, old nodes won't propagate your address.

I have been experiencing the same problem since I have set up Tor on my node. A few days ago, I decided to manually connect to a bunch of nodes from this Reddit thread and I finally started getting incoming connections. Supposedly, I was not the only person to do that and my address propagated quickly across Torv3 compatible nodes. Use the following command to connect to some node.

bitcoin-cli addnode address onetry

You can replace "onetry" with "add" if you want to add those nodes to your local list. "onetry" worked fine for me. You can also connect to my node: 6gk54wewlpa54psxx2a2jprds7jkdjmwdjvy42qjaybcjbhjdvda66ad.onion

Fortunately, a lot of node operators might decide to update their nodes soon due to the taproot soft fork support which has been introduced in the recent 0.21.1 update.

[Birb]

Have you tried tails os?

[defa1]

Sorry for the late reply. I managed to fix it have incoming connections to my onion service now. Has been a while so I don't remember exactly what I did but it works now.

[Rath_]

Sorry for the late reply. I managed to fix it have incoming connections to my onion service now. Has been a while so I don't remember exactly what I did but it works now.

If you started getting those connections about 2 - 3 weeks ago then it's very likely due to node operators upgrading to the latest version of Bitcoin Core because of the taproot softfork. Since then, I have been getting more than 10+ incoming connections over Tor.

[defa1]

If you started getting those connections about 2 - 3 weeks ago then it's very likely due to node operators upgrading to the latest version of Bitcoin Core because of the taproot softfork. Since then, I have been getting more than 10+ incoming connections over Tor.

Thats ... exactly what happened.