On Sun, Aug 15, 2021 at 04:22:53PM +0200, Fran wrote: > I run some onion v3 services, some are also available in the "clear net", some > only as onion services. I monitor[1] reachability of the onion services which > results > in quite some false positives, although I configured alertmanager to alert > after > 1 hour (!) > of failed connection attempts. I'd like to reduce these false positives and > thought > of using "UseEntryGuards: 0" to have circuits been rebuild more often. > I'd only do this for the onion services which are also reachable in the > non-tor internet > and therefore their IP adresses are known anyway.
First question: what do you mean by false positives? That is, is the monitor script telling you that it's down but actually every time you try manually it works? If that's what's happening, it sounds like there's a bug or mis-design in the monitoring approach, and that's worth tracking down. Whereas if the problem is that actually the onion service is unreliable and not always reachable, then it sounds like a *true* positive from the monitor. If they are true positives, I think it sounds like a great idea to do an experiment where you switch to UseEntryGuards 0 for the services where you don't mind having their location known. Let us know if it improves things. :) We also spoke in the past of having an 'onion service health monitor', which would help to pinpoint *which phase* of the connection is failing, and I continue to think that would be really valuable but we never quite got there. See e.g. https://gitlab.torproject.org/tpo/network-health/metrics/analysis/-/issues/13209 https://gitlab.torproject.org/tpo/core/tor/-/issues/28841 --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
