I have 3 nodes down because of this error.
Yes, My local DNS works perfectly.
Actually, I think this is a router problem, not a storj problem. I was away and suddenly I couldn’t connect to the router’s wireguard and the nodes went down. I’ve done everything I can to the router, I’m out of ideas. I managed to get zerotier working in the router because nothing goes thru the firewall. I’m leaving on vacation for 2 weeks. Will the nodes survive 3 weeks without contacting the satellites? Also, what exactly triggers this error? I could ping the satellites if I knew the addresses. Is it a ping that the satellites perform on my public IP? Because ICMP is flowing thru the router . What exactly means this error?
Satellite cannot reach your node.
Disconnect your phone from Wifi and then go http://<your-node-DDNS-or-external-ip-that-you-tell-satellites-to-call-your-node-at>:28967
. You shall see
{
"Statuses": null,
"Help": "To access Storagenode services, please use DRPC protocol!",
"AllHealthy": true
}
If you don’t – your node is not accessible from outside. Check firewall, IP, DNAT, your wireguard stuff, etc, etc.
Obviously not accessible from outside.
Been checking everything the past 2 days. Re-Installed the router (mikrotik) firmware with netinstall, tried several versions, etc.
Regarding the wireguard, on my macbook I replace the peer endpoint public address with the LAN address of my router and the wireguard works just fine (when my macbook is connected to the LAN).
can think of 3 reasons:
1 power was down, nodes do not automatic reboot
2 you got put behind cgnat by your provider
3 port forwarding no longer configured (router firmware fault?)
4 ip behind the router changed somehow router or pc?
- Power was never down. It’s a Synology NAS. It would show up in the logs. Besides I have UPS…
- CGNAT means the ISP would assign me a private address, right? I have a public address.
- I’d say port forwarding is no longer working. That is the problem. It is very much configured. Neither filter firewall rules are letting traffic reach the router from outside (except ICMP).
- No IP’s were changed. They are static. I connect to them all in the LAN with recorded bookmarks. My network is as healthy as ever. It’s just that the router is not accepting traffic from the WAN.
Did you disable Synology firewall, and more importantly, their anti DDoS protection?
Both disabled. But notice that the router is not accepting any connections from the WAN. It’s beyond storj.
perhaps this one could be a root cause
Nope. I installed zerotier after because it’s the only way to keep me connected while I’m away from home. Connections from outside are initiated from the router inside. That works!
Anyway, it shouldn’t be a problem for the router to accept incoming connections.
Then you need to fix a port forwarding. Is wireguard server disabled?
See also
and you would also add the second rule like this but for udp.
I meant zerotier working in the router shouldn’t be a problem for the router to accept incoming connections.
Right now, it’s not accepting incoming connections. But I’ve had this router for years with storj running. The rules for storj are programmed in the router. I already deleted it and rewrote it again. I did a netinstall of the firmware. I downgraded versions (though the last one was working until 2023-08-09 11:10 when it all went apeshit). I’m discussing the issue with mikrotik. I have another router to replace this one, but I won’t be home until the end of the month. Will my nodes survive?
PS- wireguard is enabled, but the router is not accepting connections. That’s why I installed zerotier.
In June I went offline for 16 days, the node survived
I’ll be extending that to at least 20 days…
The probability to be disqualified is very high - after 30 days offline it will be disqualified.
Does your WAN IPv4 on the router matches the public IPv4?
Since you are not there, you may execute this command from the device in your home LAN:
dig @resolver4.opendns.com myip.opendns.com +short
No, the router gets a private address from the ISP router (configured as DMZ).
The command shows my public address and I find it strange that the ISP changed my IP since yesterday. Actually, my public IP also changed when the router stopped accepting WAN connections. I find it strange because the ISP didn’t change my IP address for years, even when I was doing maintenance and disconnected the ISP router for periods.
Could it be the ISP doing some shit and not allowing incoming connections? But why? What for?
What would be the fastest simplest way to check if it is the ISP router or my router not allowing connections?
Seems you already checked, if the WAN IP (from the ISP’s router) matches the public IP and your port forward rules are correctly configured.
But I’m almost sure that your WAN IP from the ISP’s router doesn’t match your public IP anymore, because the ISP placed you behind their NAT (CGNAT).
From the described configuration I would assume that you wouldn’t be able to login to the ISP’s router because of different networks, especially remotely. So if your ISP’s dashboard on their site doesn’t allow you to see the assigned IP to the ISP’s router at your home, I think you can check that only when you would be able physically connect some device directly to the ISP’s router instead of your router and login there.
I would suggest to switch the ISP’s router to a bridge mode when you return to simplify your setup and do not use a double NAT like now.
The ISP router doesn’t expose its webpage on the WAN port. But once I’m connected to a vpn in my home I can visit the ISP router’s webpage. No problem. Except today. My ISP router LAN is 192.168.1.0 and the router I’m connected to while on vacation is also 192.168.1.0. Zerotier doesn’t route all traffic, so, when I tried to check my ISP router WAN IP I got the webpage of the router I’m connected to…
My ISP router has no bridge mode. DMZ is the best I can do with it.
I see. Perhaps you may add additional routes to the zerotier config to allow you to access an ISP’s router via VPN.
Oh my…
You were absolutely right. I was on the phone with my ISP, asked about the cgnat and they told me they “added” the “cgnat service” to my router but that it wouldn’t cost me anything more
I told them I would change ISP if they didn’t “remove the service” and they said they would do it today. Now I have to talk the mikrotik guys and say sorry…
BTW, what is storj plan to deal with this problem? Does the network work in ipv6?
Our software supports IPv6, but your node should be dual stack, see
and all Search results for 'ipv6 only order:latest_topic' - Storj Community Forum (official)