-
Notifications
You must be signed in to change notification settings - Fork 448
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trying to Dial Kubo Node with Web Transport #1951
Comments
Any updates on this? This is preventing a connection to our IPFS node that is supporting web transport and preventing us from implementing helia on browser side |
It looks like the certhash(es) are invalid? There was a bug around this in certain versions of Kubo - are you using the latest version? Otherwise, are you using the same certhashes as in April? They expire after a couple of weeks (limitation of the transport - see the certificates section of the spec) but the Kubo node should rotate them and report addresses with updated certhashes over time. |
ahh so that version of Kubo wasn't rotating them as expected? We are using 0.19 i think. Seems like using 0.21 should resolve this? |
Tediously the Kubo release notes don't say when the bug was fixed so I can't be certain but it's definitely worth updating. The certhashes should change over time though - if you're using the exact same versions as in April they will definitely have expired by now. |
@TheGreatAlgo : did upgrading resolve the issue? |
@BigLep Been a little swamped to try at the moment after upgrading. Hope to give it another look soon |
Transferring this issue from https://github.com/libp2p/js-libp2p-webtransport/issues/82 was requested by dClimate David on behalf of @TheGreatAlgo |
After upgrading the node we still are having issues with certificate unknown. I am running the latest Helia and Libp2p versions as of yesterday but I suspect this is a kubo thing. How can we ensure the certificates are being rotated? does this mean Also I tried https://github.com/libp2p/js-libp2p/tree/master/examples/libp2p-in-the-browser/webtransport/fetch-file-from-kubo to at least see if I could get the example working but connections were timing out with the example address. We are running https://github.com/ipfs/kubo/releases/tag/v0.21.0 on the backend and trying to connect to it |
This was discussed in today's js-libp2p maintainers call.
Right now the answer is sort of yes. If you've hardcoded the whole multiaddr into your application, then you'll have to pay attention and update manually since the addr will eventually be invalid. |
Maybe a more flexible answer then the one above is that browser webtransport doesn't want the certificate hashes to be fixed and yet you want fixed addresses so something's got to give. Some examples:
Yeah, but then just ask someone else to do it for you 😄. Sure, it'd be nice to do it yourself but for now I don't see why not. There's IPIP ipfs/specs#417 for adding peer routing to the /routing/v1 API that should be better supported going forward, but if you needed something sooner you should be able to use https://github.com/libp2p/js-libp2p-delegated-peer-routing which has been around for a while. To me this ^ seems like the easiest way to handle the certificate hash updates today. Although it comes with the caveat that you should make sure you've got a plan for swapping out even the peerIDs in the event say a private key is leaked. |
@TheGreatAlgo can you try on the latest version of js-libp2p libp2p-v0.46.5 and webtransport-v3.0.5? The reason I ask this is because there are fixes like reducing dial activity in browsers and a refactor WebTransport session closures that I'd like to see if it improves the following error you saw
#1969 helps with that (If you're trying to debug in the browser, and you leave it running for too long then you hit that 64 WebTransport session limit and no matter what you do, even if you got a new address youd' be like to dial, it still may not work because youv'e hit this other bug. So keeping the num of WebTransport sessions to minimum will make debugging this easier.) |
@p-shahi I tried upgrading to the latest but now I get this error. Seemingly finding the peer no longer works I may have gotten the error at one point with the session limit |
If it helps this is the complete config for that node though I don't expect this to make a difference as node connection was working prior to the js-libp2p upgrade (sidenote: we were in the middle of attempting to configure it to add publishing to IPNI after those tests, so it could be possible there is residual IPNI stuff in this config but this was only done after seeing the above issues)
|
Thanks for sharing the config @Faolain is there a reason why it doesn't contain the peer routing configuration?
@TheGreatAlgo what version of js-libp2p were you using prior to the upgrade to |
ofc! and hm, not sure what you mean by this? What should it be instead? (for reference I believe this is the default configuration and I just cross checked with a local kubo config and it seems to be the same). Btw is there an example node we can test connect to instead? Maybe it can make it easier to isolate the issue (in case somehow the node config was the problem?) |
It seems this is an issue related to our kubo rpc client, I've outlined more details in #1985 |
The issue has now been resolved @Faolain
// services: {
// // the identify service is used by the DHT and the circuit relay transport
// // to find peers that support the relevant protocols
// identify: identifyService(),
// // the DHT is used to find circuit relay servers we can reserve a slot on
// dht: kadDHT({
// clientMode: true,
// validators: {
// ipns: ipnsValidator,
// },
// selectors: {
// ipns: ipnsSelector,
// },
// }),
// },
peerRouters: [delegatedPeerRouting(client)],
}); After re-examining @TheGreatAlgo I notice that your |
will look at this soon, just trying to resolve some other issues that are popping up |
Oops, seems like we needed more information for this issue, please comment with more details or this issue will be closed in 7 days. |
haven't forgotten about this, sorry its taking so long to address |
Oops, seems like we needed more information for this issue, please comment with more details or this issue will be closed in 7 days. |
This issue was closed because it is missing author input. |
Recently upgraded a node to support web transport near end of april and I cannot dial via web transport. Was able to connect at first but seemingly unable to connect or only very limited successes at attempts now. Was attempting to dial
/ip4/45.55.32.80/udp/4001/quic-v1/webtransport/certhash/uEiAM_1-R7yfSAtnm9g_fzzcIccsT1RzKPfXPr5lKfqmVVQ/certhash/uEiAcLZS4mabYQl9V1K0QjWsToU21DtsWarGTjZQzecHFmg/p2p/12D3KooWG7itEPAHut3xsVo7CwyD8sKeQXKgQizotNhPsToCssXQ
and get this error
The text was updated successfully, but these errors were encountered: