umbrel icon indicating copy to clipboard operation
umbrel copied to clipboard

Published 20 hours ago verified publisher icon getumbrel

Why do I get incoming Onion connections?

Open kroese opened this issue 2 years ago • 2 comments

I have not enabled incoming connections for Bitcoin in the GUI. Looking at netinfo it shows nothing for local addresses, so my node is not advertizing its onion address to the network, like expected.

But still there about 16 incoming onion connections listed in netinfo. Is there an explanation for this?

kroese avatar Feb 27 '23 22:02 kroese

I can still easily reproduce this issue. The netinfo command displays:

Bitcoin Core client v24.0.1 - server 70016/Satoshi:24.0.1/

<->   type   net  mping   ping send recv  txn  blk  hb addrp addrl  age id address
 in        onion    544    693  117  117    *              .         20 71 10.21.22.10:33528
 in        onion    757    827    3    9    7             16         15 77 10.21.22.10:50590
 in        onion    919   1134    2    2                  15         15 76 10.21.22.10:50586

I have not enabled incoming connections, and not advertized my address anywhere.

Maybe these connections are not really coming from the outside, but from another app in Umbrel (like electrs, torq, etc). But in that case: why are they connecting through Tor on port 8334 and not directly via clearnet on port 8333?

kroese avatar Apr 24 '23 11:04 kroese

Okay, I debugged this problem a bit further. The results:

1.) The incoming connections are definitely not coming locally from other apps, their ping times vary too much for that.

2.) I found my onion address in https://github.com/emmanuelrosa/bitcoin-onion-nodes/blob/master/nodes.txt so my node must have advertized it in the past for a short while. Probably while I was testing something, my mistake.

Conclusion: The "Incoming Connections" toggle ONLY controls whether your address will be advertized. But it does not actually block any incoming connections to the Tor address, like I mistakenly expected it to do.

That means the toggle is almost useless: because when you ever did enable it for even the shortest period of time, disabling the toggle will not have any effect anymore.

Solution: Disable the tor hidden service when incoming connections is off. If this is not possible, because this same service address is also used for personal remote access, then generate an extra hidden service especially to be used for peer advertisements only.

Maybe @nmfretz or @nevets963 can take a look at this, because this flaw would be easy to fix.

kroese avatar Apr 24 '23 19:04 kroese