Opened 2 weeks ago

Last modified 11 days ago

#31083 new defect

kvm5 uses unexpected IP address

Reported by: weasel Owned by: tpa
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

kvm5 uses an unexpected IPv6 address for outgoing traffic (among others, to db.tpo), at least on the ipsec tunnel to other tor hosts (note: routing table 220).

It uses the one on the brpub bridge to KVM guests instead of the one assigned to its public interface.

Maybe this is because brpub gets brought up before eth0?

Child Tickets

Change History (4)

comment:1 Changed 12 days ago by anarcat

what's the actual impact of this and why does it matter?

comment:2 Changed 12 days ago by weasel

at least ud-replicate breaks, because ACLs and fw rules and what not assume that kvm5 comes from its published address

comment:3 Changed 12 days ago by anarcat

reading up on https://help.torproject.org/tsa/howto/upgrades/buster, it looks like this was triggered by the upgrade as well, right?

comment:4 Changed 11 days ago by weasel

yes, almost certainly

Note: See TracTickets for help on using tickets.