-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bootstrap nodes seems blocked by GFW (China) #5993
Comments
GFW, is china government build great firewall, has a white list. Only a few IP on white list is allow access, otherwise NOT on white list, will be blocked. |
Last time I checked, GFW was blacklist based. The solution here is probably to try to remember nodes that are reachable between restarts so we can bootstrap off of them. In this case, those would be other nodes in China. |
Check here for how to by pass china's great firewall. https://github.com/breakwa11/gfw_whitelist https://github.com/pexcn-legacy/gfw-whitelist |
Nope, GFW is blacklist based. |
Gov's hackers have already add IPFS's default bootstrap nodes to blacklist. So without |
Duplicate |
Chinese government block chinese user connect to each other. How to work around it? |
Reopened because this issue is useful to track IPFS use in China. @hoogw within china? That is, you're having trouble connecting two nodes inside china to each other? |
So far, GFW could only block bootstrap nodes. |
When I run my daemon, I get a lot of China nodes, how do they even connect to me? |
Maybe they can't. Because GFW can detect IPFS traffic and block it. |
Any ways to encrypt or 'key' the traffic IPFS side so it isn't obvious for packet sniffers (or whatever they are using) anymore? I created a list of china nodes (At least the Webui told so) and compiled that into a list. Edit 2: |
We already do. Our current issues are:
Unfortunately, even if we fix all this, it's still pretty trivial to connect to a computer and check if it's an IPFS node. |
Why don't we just ask nicely, after we exchanged keys? |
That's effectively how the TLS security transport will work. However, the firewall will still be able to politely ask, discover all computers running IPFS, and block them. |
@LetItGlow |
Any progress ? |
No. Unfortunately, the best solution for the moment is to add an alternative bootstrapper by running something like (to use @izern's node): ipfs bootstrap add /ip4/39.106.19.168/tcp/4001/ipfs/QmX5KX7nA3PwhCgSswaxavGmNvGKP9un6rU5VzXP8Mduyy |
There is no peers connected before executing
ipfs swarm connect ...
The text was updated successfully, but these errors were encountered: