* bug#54370: network problem or intentional blocking?
@ 2022-03-13 6:14 poiNt_3D
2022-03-13 9:05 ` bug#54370: Guix in Russia Evgeny Pisemsky
` (2 more replies)
0 siblings, 3 replies; 13+ messages in thread
From: poiNt_3D @ 2022-03-13 6:14 UTC (permalink / raw)
To: 54370
[-- Attachment #1: Type: text/plain, Size: 1377 bytes --]
Hello. I would like to request a clarification on the issue of
inaccessibility of guix.gnu org from the Russian Federation.
Is the blocking intentional or is there some kind of networking problem?
Here's my traceroute output:
> 6 ge-4-0-0-10g.m320-2-vlgd.nwtelecom.ru (212.48.195.41) 15.660 ms
> 13.065 ms 15.545 ms
> 7 109.172.24.67 (109.172.24.67) 32.341 ms 87.226.183.61 (87.226.183.61)
> 31.027 ms 28.507 ms
> 8 ae53.edge4.stockholm2.level3.net (213.249.107.129) 37.298 ms 29.497
> ms 35.571 ms
> 9 ae1.5.bar1.hamburg1.level3.net (4.69.142.209) 73.587 ms
> s-bb1-link.ip.twelve99.net (62.115.139.180) 27.296 ms
> ae1.5.bar1.hamburg1.level3.net (4.69.142.209) 74.064 ms
> 10 195.122.181.62 (195.122.181.62) 64.682 ms 66.071 ms 68.254 ms
> 11 ffm-b5-link.ip.twelve99.net (62.115.114.89) 51.213 ms
> cr-tub2-be13.x-win.dfn.de (188.1.144.58) 67.156 ms 61.032 ms
> 12 kr-mdcbln1.x-win.dfn.de (188.1.238.78) 65.546 ms
> dfn-ic357399-ffm-b5.ip.twelve99-cust.net (213.248.97.41) 50.044 ms
> 49.354 ms
> 13 cr-erl2-be8.x-win.dfn.de (188.1.144.221) 50.629 ms * *
> 14 cr-tub2-be10.x-win.dfn.de (188.1.146.210) 64.584 ms 56.154 ms *
> 15 kr-mdcbln1.x-win.dfn.de (188.1.238.78) 59.972 ms * 64.541 ms16 * *
> *
> 16 * * *
> 17 * * *
> 18 * * *
> 19 * * *
> 20 * * *
> 21 * * *
> 22 * * *
> 23 * * *
> 24 * * *
> 25 * * *
>
Thanks.
[-- Attachment #2: Type: text/html, Size: 2286 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: Guix in Russia 2022-03-13 6:14 bug#54370: network problem or intentional blocking? poiNt_3D @ 2022-03-13 9:05 ` Evgeny Pisemsky 2022-03-13 11:43 ` bug#54370: network problem or intentional blocking? Tobias Geerinckx-Rice via Bug reports for GNU Guix 2023-02-07 15:33 ` bug#54370: network problem or intentional blocking? Christopher Baines 2 siblings, 0 replies; 13+ messages in thread From: Evgeny Pisemsky @ 2022-03-13 9:05 UTC (permalink / raw) To: 54370 Hello! Check out this discussion: https://lists.gnu.org/archive/html/help-guix/2022-03/msg00004.html ^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: network problem or intentional blocking? 2022-03-13 6:14 bug#54370: network problem or intentional blocking? poiNt_3D 2022-03-13 9:05 ` bug#54370: Guix in Russia Evgeny Pisemsky @ 2022-03-13 11:43 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 2022-03-13 12:15 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix [not found] ` <3F8ECF7D-4C80-4D03-B7A1-60EBAD3EE206@tobias.gr> 2023-02-07 15:33 ` bug#54370: network problem or intentional blocking? Christopher Baines 2 siblings, 2 replies; 13+ messages in thread From: Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-03-13 11:43 UTC (permalink / raw) To: bug-guix, poiNt_3D, 54370, 54370-done Hi Point4d, Specifically, from the thread linked by Evgeny: "At the MDC level there’s an unrelated recent ban of some Russian IP ranges in place due to massively increased port scans and intrusion attempts since about one week. I hope you can use the Chinese mirror for the time being." That mirror is at https://mirrors.sjtug.sjtu.edu.cn/guix . Let us know if it works. Kind regards, T G-R Sent on the go. Excuse or enjoy my brevity. ^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: network problem or intentional blocking? 2022-03-13 11:43 ` bug#54370: network problem or intentional blocking? Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-03-13 12:15 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 2022-03-13 12:36 ` Christopher Baines [not found] ` <3F8ECF7D-4C80-4D03-B7A1-60EBAD3EE206@tobias.gr> 1 sibling, 1 reply; 13+ messages in thread From: Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-03-13 12:15 UTC (permalink / raw) To: 54370 Hm, I didn't address guix.gnu.org beyond ci.guix.gnu.org. Everyone: should we ask SJTUG to mirror the Web site as well? I'm generally weary of that. Kind regards, T G-R Sent on the go. Excuse or enjoy my brevity. Kind regards, T G-R Sent on the go. Excuse or enjoy my brevity. ^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: network problem or intentional blocking? 2022-03-13 12:15 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-03-13 12:36 ` Christopher Baines 2022-03-13 14:30 ` Ludovic Courtès 0 siblings, 1 reply; 13+ messages in thread From: Christopher Baines @ 2022-03-13 12:36 UTC (permalink / raw) To: Tobias Geerinckx-Rice; +Cc: 54370 [-- Attachment #1: Type: text/plain, Size: 458 bytes --] Tobias Geerinckx-Rice via Bug reports for GNU Guix <bug-guix@gnu.org> writes: > I didn't address guix.gnu.org beyond ci.guix.gnu.org. > > Everyone: should we ask SJTUG to mirror the Web site as well? > > I'm generally weary of that. I believe bayfront was being setup to serve the website (see [1]), but I'm not sure on how that's progressing. 1: https://git.savannah.gnu.org/cgit/guix/maintenance.git/commit/?id=8250a46b2fa178d1cdd37986028d5a07e3db65ed [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 987 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: network problem or intentional blocking? 2022-03-13 12:36 ` Christopher Baines @ 2022-03-13 14:30 ` Ludovic Courtès 2022-03-13 15:30 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 2022-03-13 20:03 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 0 siblings, 2 replies; 13+ messages in thread From: Ludovic Courtès @ 2022-03-13 14:30 UTC (permalink / raw) To: Christopher Baines; +Cc: 54370 Hi, Christopher Baines <mail@cbaines.net> skribis: > I believe bayfront was being setup to serve the website (see [1]), but > I'm not sure on how that's progressing. > > 1: https://git.savannah.gnu.org/cgit/guix/maintenance.git/commit/?id=8250a46b2fa178d1cdd37986028d5a07e3db65ed Indeed. The plan we discussed during the “sysadmin hackathon” a couple of months ago was to, for instance, have the DNS entry point to these two machines. The problem we keep stumbling upon and that I don’t know how yet how to solve is how to make it work for HTTPS: do we copy raw certificates to bayfront, or is there a way to have separate certificates? How about Let’s Encrypt challenges? These are the last issues to solve and I’d welcome expertise here. Any ideas? Everything else is addressed: the web site gets built on bayfront just like it is on berlin, static data such as videos and PDFs are automatically mirrored to bayfront. https://git.savannah.gnu.org/cgit/guix/maintenance.git/commit/?id=601691e7ea07c999d60993464b27d4cba2621f05 Thanks, Ludo’. ^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: network problem or intentional blocking? 2022-03-13 14:30 ` Ludovic Courtès @ 2022-03-13 15:30 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 2022-03-13 20:03 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 1 sibling, 0 replies; 13+ messages in thread From: Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-03-13 15:30 UTC (permalink / raw) To: Ludovic Courtès; +Cc: Christopher Baines, 54370 Hi! On 2022-03-13 15:30, Ludovic Courtès wrote: > The plan we discussed during the “sysadmin hackathon” a couple > of months ago was to, for instance, have the DNS entry point to these > two machines. Uhm, quick but: Apparently some browsers (OK, one, and we all know which one) embraces & extends the DNS in such a way that this provides the fall-back behaviour you seem to expect. But this is not standard and it won't fly with most software. I checked. It doesn't in Firefox/IceCat. Even if it does in current Chrom{e,ium}, it might just be an unreliable side-effect. Kind regards, T G-R Sent from a Web browser. Excuse or enjoy my brevity. ^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: network problem or intentional blocking? 2022-03-13 14:30 ` Ludovic Courtès 2022-03-13 15:30 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-03-13 20:03 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 1 sibling, 0 replies; 13+ messages in thread From: Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-03-13 20:03 UTC (permalink / raw) To: Ludovic Courtès; +Cc: Christopher Baines, 54370 Pending expertise, is it feasible to serve the copy as-is without trying to impersonate berlin? E.g. mirror.guix.gnu.org? Hm, maybe that's not worth the effort… I've asked around and short of pointing guix.gnu.org to bayfront — working around the issue & hoping that it will continue to be unaffected — or using a CDN that has points of presence in Russia — which can easily be taken down in a future wave of sanctions — the situation seems to be quite disappointing. For proper fail-over you (ironically) need one box sitting in front of the boxes you want to fail over to. Kind regards, T G-R Sent from a Web browser. Excuse or enjoy my brevity. ^ permalink raw reply [flat|nested] 13+ messages in thread
[parent not found: <3F8ECF7D-4C80-4D03-B7A1-60EBAD3EE206@tobias.gr>]
[parent not found: <CAOT6rO__s7aLsK_ZOE-RO49CyJ=VptAJBf79F=bE8pJ2XHcEOA@mail.gmail.com>]
* bug#54370: network problem or intentional blocking? [not found] ` <CAOT6rO__s7aLsK_ZOE-RO49CyJ=VptAJBf79F=bE8pJ2XHcEOA@mail.gmail.com> @ 2022-03-13 19:50 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 2022-03-13 20:36 ` Maxime Devos 0 siblings, 1 reply; 13+ messages in thread From: Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-03-13 19:50 UTC (permalink / raw) To: 54370 [Resending to the proper address, sorry; I'm mu4e-less and hence incompetent :-] Hi! On 2022-03-13 20:00, poiNt_3D wrote: > Is it possible to set the firewall to allow only public services to be > accessed from these IP ranges? I'm afraid we don't control the berlin firewall or have much sway in how it's managed, so there's little point in discussing such actions. > can be easily interpreted as a political decision With Russia waging war, it seems likely that these Russian ISPs tolerate abusive traffic for political reasons. There are probably political consequences for those who refuse. The Internet was and still is built on ISP accountability and gives targets few other tools to effectively defend themselves, short of blocking such IP ranges. I wish there were a better answer than 'use Tor' for those stuck in the cross-fire :-( Kind regards, T G-R Sent from a Web browser. Excuse or enjoy my brevity. ^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: network problem or intentional blocking? 2022-03-13 19:50 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-03-13 20:36 ` Maxime Devos 2022-03-15 7:57 ` Ludovic Courtès 0 siblings, 1 reply; 13+ messages in thread From: Maxime Devos @ 2022-03-13 20:36 UTC (permalink / raw) To: Tobias Geerinckx-Rice, 54370 [-- Attachment #1: Type: text/plain, Size: 615 bytes --] Tobias Geerinckx-Rice via Bug reports for GNU Guix schreef op zo 13-03- 2022 om 20:50 [+0100]: > I wish there were a better answer than 'use Tor' for those stuck in the > cross-fire :-( For the website, publishing the website not only over HTTP/S but also over IPFS might help? The website is static and Guix has an IPFS service, so it should be feasible I think. The browser extension (https://docs.ipfs.io/install/ipfs-companion/) would need to be packaged though, and a DNS link record (https://docs.ipfs.io/concepts/dnslink/#resolve-dnslink-name) would need to be set up. Greetings, Maxime. [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 260 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: network problem or intentional blocking? 2022-03-13 20:36 ` Maxime Devos @ 2022-03-15 7:57 ` Ludovic Courtès 2022-03-19 11:04 ` bug#54370: guix.gnu.org is inaccessible from Russia Ludovic Courtès 0 siblings, 1 reply; 13+ messages in thread From: Ludovic Courtès @ 2022-03-15 7:57 UTC (permalink / raw) To: Maxime Devos; +Cc: 54370 Hi Maxime, Maxime Devos <maximedevos@telenet.be> skribis: > For the website, publishing the website not only over HTTP/S but also > over IPFS might help? The website is static and Guix has an IPFS > service, so it should be feasible I think. The browser extension > (https://docs.ipfs.io/install/ipfs-companion/) would need to be > packaged though, and a DNS link record > (https://docs.ipfs.io/concepts/dnslink/#resolve-dnslink-name) would > need to be set up. That and/or publishing as an onion service would be great. Ludo’. ^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: guix.gnu.org is inaccessible from Russia 2022-03-15 7:57 ` Ludovic Courtès @ 2022-03-19 11:04 ` Ludovic Courtès 0 siblings, 0 replies; 13+ messages in thread From: Ludovic Courtès @ 2022-03-19 11:04 UTC (permalink / raw) To: Tobias Geerinckx-Rice, 54370, poiNt_3D, Evgeny Pisemsky, Maxime Devos Hi, I updated the onion address in the section of the cookbook that explains how to get substitutes from ci.guix over Tor: https://guix.gnu.org/cookbook/en/html_node/Getting-substitutes-from-Tor.html Copying the text inline below. Next step is to publish an Onion service for the web site. HTH, Ludo’. 3.8 Getting substitutes from Tor ================================ Guix daemon can use a HTTP proxy to get substitutes, here we are configuring it to get them via Tor. Warning: _Not all_ Guix daemon’s traffic will go through Tor! Only HTTP/HTTPS will get proxied; FTP, Git protocol, SSH, etc connections will still go through the clearnet. Again, this configuration isn’t foolproof some of your traffic won’t get routed by Tor at all. Use it at your own risk. Also note that the procedure described here applies only to package substitution. When you update your guix distribution with ‘guix pull’, you still need to use ‘torsocks’ if you want to route the connection to guix’s git repository servers through Tor. Guix’s substitute server is available as a Onion service, if you want to use it to get your substitutes through Tor configure your system as follow: (use-modules (gnu)) (use-service-module base networking) (operating-system … (services (cons (service tor-service-type (tor-configuration (config-file (plain-file "tor-config" "HTTPTunnelPort 127.0.0.1:9250")))) (modify-services %base-services (guix-service-type config => (guix-configuration (inherit config) ;; ci.guix.gnu.org's Onion service (substitute-urls "https://4zwzi66wwdaalbhgnix55ea3ab4pvvw66ll2ow53kjub6se4q2bclcyd.onion") (http-proxy "http://localhost:9250"))))))) This will keep a tor process running that provides a HTTP CONNECT tunnel which will be used by ‘guix-daemon’. The daemon can use other protocols than HTTP(S) to get remote resources, request using those protocols won’t go through Tor since we are only setting a HTTP tunnel here. Note that ‘substitutes-urls’ is using HTTPS and not HTTP or it won’t work, that’s a limitation of Tor’s tunnel; you may want to use ‘privoxy’ instead to avoid such limitations. If you don’t want to always get substitutes through Tor but using it just some of the times, then skip the ‘guix-configuration’. When you want to get a substitute from the Tor tunnel run: sudo herd set-http-proxy guix-daemon http://localhost:9250 guix build \ --substitute-urls=https://4zwzi66wwdaalbhgnix55ea3ab4pvvw66ll2ow53kjub6se4q2bclcyd.onion ... ^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#54370: network problem or intentional blocking? 2022-03-13 6:14 bug#54370: network problem or intentional blocking? poiNt_3D 2022-03-13 9:05 ` bug#54370: Guix in Russia Evgeny Pisemsky 2022-03-13 11:43 ` bug#54370: network problem or intentional blocking? Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2023-02-07 15:33 ` Christopher Baines 2 siblings, 0 replies; 13+ messages in thread From: Christopher Baines @ 2023-02-07 15:33 UTC (permalink / raw) To: poiNt_3D; +Cc: 54370-close, bug-guix [-- Attachment #1: Type: text/plain, Size: 518 bytes --] poiNt_3D <point4d@gmail.com> writes: > Hello. I would like to request a clarification on the issue of > inaccessibility of guix.gnu org from the Russian Federation. Is the > blocking intentional or is there some kind of networking problem? Now that the website is hosted on bayfront, which wasn't changed specifically to address this, but should do anyway, I'm going to close this issue. Things like ci.guix.gnu.org will still be inaccessible, so feel free to open issues about those if you wish. Thanks, Chris [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 987 bytes --] ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2023-02-07 15:35 UTC | newest] Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-03-13 6:14 bug#54370: network problem or intentional blocking? poiNt_3D 2022-03-13 9:05 ` bug#54370: Guix in Russia Evgeny Pisemsky 2022-03-13 11:43 ` bug#54370: network problem or intentional blocking? Tobias Geerinckx-Rice via Bug reports for GNU Guix 2022-03-13 12:15 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 2022-03-13 12:36 ` Christopher Baines 2022-03-13 14:30 ` Ludovic Courtès 2022-03-13 15:30 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 2022-03-13 20:03 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix [not found] ` <3F8ECF7D-4C80-4D03-B7A1-60EBAD3EE206@tobias.gr> [not found] ` <CAOT6rO__s7aLsK_ZOE-RO49CyJ=VptAJBf79F=bE8pJ2XHcEOA@mail.gmail.com> 2022-03-13 19:50 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix 2022-03-13 20:36 ` Maxime Devos 2022-03-15 7:57 ` Ludovic Courtès 2022-03-19 11:04 ` bug#54370: guix.gnu.org is inaccessible from Russia Ludovic Courtès 2023-02-07 15:33 ` bug#54370: network problem or intentional blocking? Christopher Baines
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/guix.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.