Hidden service created by --torcontrol does not accept connections (General SOCKS server failure) #25094
Description
I'm using the --torcontrol feature to automatically create a tor hidden service. From the logs, the control connection is established and authenticated, and the hidden service added, and correct onionv3 address assigned. However:
- There are no incoming P2P connections via Tor (they fail to connect, see below).
- If I try to connect manually, it fails (General SOCKS server failure)
Here is an excerpt of the failure on the tor side:
tor_1 | May 09 14:44:44.000 [debug] connection_exit_begin_conn(): Creating new exit connection.
tor_1 | May 09 14:44:44.000 [debug] circuit_get_by_circid_channel_impl(): circuit_get_by_circid_channel_impl() returning circuit 0x7f5274f0c200 for circ_id 3666618028, channel ID 5 (0x7f527505dda0)
tor_1 | May 09 14:44:44.000 [debug] handle_hs_exit_conn(): Connecting the hidden service rendezvous circuit to the service destination.
tor_1 | May 09 14:44:44.000 [debug] circuit_get_by_circid_channel_impl(): circuit_get_by_circid_channel_impl() returning circuit 0x7f5274f0c200 for circ_id 3666618028, channel ID 5 (0x7f527505dda0)
tor_1 | May 09 14:44:44.000 [debug] connection_exit_connect(): about to try connecting
tor_1 | May 09 14:44:44.000 [debug] connection_connect(): Connecting to "(rendezvous)":38334.
tor_1 | May 09 14:44:44.000 [debug] connection_connect_sockaddr(): Connection to socket in progress (sock 12).
tor_1 | May 09 14:44:44.000 [debug] connection_add_impl(): new conn type Exit, socket 12, address (rendezvous), n_conns 14.
tor_1 | May 09 14:44:44.000 [debug] connection_or_process_cells_from_inbuf(): 15: starting, inbuf_datalen 0 (0 pending in tls object).
tor_1 | May 09 14:44:44.000 [debug] conn_write_callback(): socket 12 wants to write.
tor_1 | May 09 14:44:44.000 [info] connection_handle_write_impl(): in-progress connect failed. Removing. (Connection refused)
tor_1 | May 09 14:44:44.000 [debug] connection_edge_end(): Sending end on conn (fd 12).
I specifically wonder why address "(rendezvous)", and why address 38334? Both are wrong.
I used nc -v -x 127.0.0.1:9050 sxvxellncmexkds7h3kjy62vl67xwvrccqiigrdybbc4jutjf6amtuad.onion 38333 to connect to the hidden service, which yields nc: connection failed, SOCKSv5 error: General SOCKS server failure.
@jonatack used bitcoin-cli addnode sxvxellncmexkds7h3kjy62vl67xwvrccqiigrdybbc4jutjf6amtuad.onion onetry on his bitcoin node to the same error message.
My bitcoind options are (env vars are resolved by docker-compose):
-signet=1
-disablewallet=1
-txindex=1
-blockfilterindex=basic
-peerbloomfilters=1
-peerblockfilters=1
-logtimestamps=0
-maxconnections=32
-listen=1
-discover=1
-dnsseed=0
-onlynet=i2p
-i2psam=i2pd:${I2PD_PORT}
-i2pacceptincoming=1
-onlynet=onion
-listenonion=1
-onion=tor:${TOR_SOCKS_PORT}
-torcontrol=tor:${TOR_CONTROL_PORT}
-torpassword=xxx
-rpcbind=0.0.0.0:${BITCOIND_RPC_PORT}
-rpcallowip=0.0.0.0/0
-rpcauth=xxx
-rpcthreads=2
-par=2
-debug=tor
My torrc is pretty default, but I'm using these command line options on top:
ControlPort 0.0.0.0:9051 HashedControlPassword xxx Log "debug stdout" SafeLogging 0
I'm attaching full logs of bitcoind and tor.
log-bitcoind.txt
log-tor.txt.gz
I would expect bitcoind to automatically configure the hidden service for me (as documented in tor.md) and listen for incoming tor connections. As a side note, I've migrated from the configuration variant that manages the hidden service within tor.
System information
- Bitcoin Core 23.0 within Docker version 20.10.12 under Ubuntu 22.04 LTS
- Tor 0.4.7.7 within Docker version 20.10.12 under Ubuntu 22.04 LTS
- All on an Intel Celeron home server.