Add documentation for node providers

[RaspberryTech01]

Is your feature request related to a problem? Please describe. I have compiled the source code but unable to start the orchidd application, it is asking for an executor and I do not know what to put.

Describe the solution you'd like Documentation or some form of text to show what needs to be included to run and set prices

Describe alternatives you've considered

Additional context

ubuntu@test:~$ ./orchidd --executor
the required argument for option '--executor' is missing
ubuntu@test:~$

[saurik]

So, I appreciate the question, but I think what happened was something deeper here... I'm guessing you ran orchidd with no arguments, was told "must specify --executor unless --price is 0", added --executor (which is reasonable, as you might not want to try things with --price 0), was told "the required argument for option '--executor' is missing", and ended up here... but given what you wrote I'm guessing you didn't do orchidd --help at any point; now, the --help output for --executor sucks, but I feel like it would have led to a very different question. I agree that it is rather common for tools to, when you pass the arguments wrong, for them to guide you into --help somehow (as opposed to assuming you always try --help before running anything... which, FWIW, you absolutely should always at least try).

I'm going to 1) modify the "default" behavior of orchidd to be --help to stderr (the reason it wasn't already is because, a while back, you could run orchidd with no arguments at all and it would at least do something); 2) modify the help text on --executor (which is a newer argument that was added in a rush and honestly is a horrible way to configure this... its help text is actually somewhat wrong as that is the text for the prior --personal) to be more useful (what you need to pass to that is a hexadecimal "raw" private key of an account with a petty amount of ETH to pay for gas claiming OXT from users); and 3) add a bit to the beginning or end of that output somewhere to explain the minimal required set of arguments (which happen to be --executor and --openvpn... everything else should be "optional").

[RaspberryTech01]

Yes... I ran orchidd --help after asking the question and saw the output, decided not to say anything initially not to embarrass myself...

So what I need to do is ./orchidd --executor (my eth gas PK) --recipient (my OXT address) [--openvpn (openvpn config) or --wireguard (wg0.conf file)]

Does this look correct? Thanks

[hboisgibault]

@RaspberryTech01 can you detail which command to use to install and run ? It's not clear how to start a node. I also tried the docker image but with no luck.

[RaspberryTech01]

@RaspberryTech01 can you detail which command to use to install and run ? It's not clear how to start a node. I also tried the docker image but with no luck.

I wasn't able to start-up a node successfully. Evidently they are supposed to be releasing instructions soon but who knows.

[saurik]

@RaspberryTech01 I honestly don't understand in what way you are blocked... you already knew how to start the node; if all you do at that point is just type in some random numbers (as it isn't going to end up mattering anyway) or even just a bunch of 0's--like just put in "0000000000000000000000000000000000000000000000000000000000000000" as your private key and "0x0000000000000000000000000000000000000000" as the address--then orchidd will start.

Do you maybe have an error message or something new to report?

The only other thing I am coming up with here as a guess is "maybe you aren't running an Ethereum node on your machine", but there's an error message that gets printed if you aren't that I'd expect you to have run into (and a quick Google search for the port number or the method it is calling would probably make it obvious that it was for an Ethereum node, but I'll add to the same "improve error messages" todo list item here that I should do some kind of self-test on your Ethereum setup so that the error message can say something specific).

[saurik]

OK: I've finally finished and pushed 5e6612d3d1b54898f0a05ccd73b713b89792f85b, which I consider to fix this issue. I've changed the default price back to 0.00 and fixed that configuration to, as it used to, not instantiate any of the mechanisms for charging.

This lets the server get all the way through to figuring out its egress, which gives you an error I think is sufficient (and which I've instrumented with a mention of --help): "must provide an egress option (see --help)".

I've slightly simplified the --help output by removing the contract configuration (which no one should be configuring unless they are a developer, in which case you aren't using --help anyway) and adding hints.

In specific, I think the "exactly one" on "packet egress" will cause anyone who just read "must provide an egress option" to realize they need to pass one of those options, and --openvpn should at least be obvious.

This is "sufficient" for orchidd to run, and while it isn't at all configured it really doesn't matter as the behavior won't be noticeable different even if you configured it (I'm just assuming you have "reasons" to run it).

If you additionally try to use --price, the server tells you (as it did before, though it incorrectly did this even if --price was 0, despite the message) "must specify --executor unless --price is 0", and now "(see --help)".

I then fixed the documentation of --executor to read "raw (hex) private key of gas account", which I think should be sufficient for anyone who has one. I've also realized that --recipient is optional (as it defaults to --executor).

Finally, I simply removed --ethereum as though its default should be obvious to anyone who runs an Ethereum full node, I've decided that the VPN experts we usually work with do not actually run their own full nodes.

Instead, I require the user to provide a --chain for "1,ETH,*" with the error "must provide --chain 1,ETH,https://... (see --help)"; the example for that is still "like 1,ETH,https://cloudflare-eth.com/", which seems obvious.

[RaspberryTech01]

So I recompiled the code (after 4 hours) and tried running the orchidd node server with the --wireguard setting.

I get this error: "No such node (Peer.Endpoint)". Now knowing this error (because its a wireguard server) I was able to "fix" this issue by adding a [Peer] into my wg0.conf file and reconfiguring wireguard. Now the issue is, why am I required to stick an endpoint for my peer in wg0.conf? The node provider is connecting locally to wireguard, not some remote wireguard server?

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = gPYEf4KIPk3o3p+qUFF8m04OhYevwQgpgOcRucqy414=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = 1WX8yxgnIGRKoa/eu/ohVH5MbJs9H/F0yPRtsoy8f0s=
AllowedIPs = 10.0.0.2/32
**Endpoint = domain.com:51820**

[saurik]

The node provider is connecting locally to wireguard, not some remote wireguard server?

@RaspberryTech01 It wouldn't know that unless you specify it? It would work just as well to use a remote wireguard server... if nothing else, wouldn't you need to specify the port number of the Wireguard instance? (Like, I'm not sure how that field could generally be optional. FWIW, I did have to reimplement support for that file, as that isn't something provided by boringtun, so if you have some reason to believe that Endpoint is normally optional and has some crazy default, I'm happy to implement that if you describe the behavior. Note that I definitely don't use PostUp or PostDown.)

[RaspberryTech01]

It wouldn't know that unless you specify it? It would work just as well to use a remote wireguard server...

How do we run the orchidd script with a wireguard server on the same machine? I assumed you didn't need any peers or endpoints already placed in wireguard, rather you just need the [Interface] part.

Maybe I am just getting confused - this is how I would do it at least. If you could upload a sample wg0.conf working with orchidd that would be helpful, thanks.

[saurik]

@RaspberryTech01 When using --wireguard, orchidd is connecting to a server running Wireguard in order to egress its packets (which has an interesting benefit of allowing orchidd to not run as root on your machine). You should provide it the same configuration file you would provide to any Wireguard client. (I don't have a "sample" one really, as I'm using one I got directly--no changes--from Mullvad for my testing of this option rather than bothering to run my own Wireguard server locally.)

How do we run the orchidd script with a wireguard server on the same machine? I assumed you didn't need any peers or endpoints already placed in wireguard, rather you just need the [Interface] part.

If Wireguard is running on the same machine, you'd presumably have to set the Endpoint to 127.0.0.1:X, where X is the port on which you are running the Wireguard server peer (so in your Wireguard server's configuration, it would be the ListenPort).

(I'm sorry, but I'm not really in a position to provide much help with Wireguard or basic networking on multiple fronts; if this still doesn't make sense, I recommend getting a Wireguard client working first and then coming back later to try to add Orchid. If the Wireguard configuration file you give a Wireguard client--which I am pretty certain always must include Endpoint, as again: how else would it know at least the port number? there is no obvious default--doesn't work with Orchid, I'm happy to try to improve my Wireguard support.)

[RaspberryTech01]

running the Wireguard server peer (so in your Wireguard server's configuration, it would be the ListenPort).

Right so I understand now. Orchidd is for connecting as a peer to a wireguard server, not the actual wireguard server itself. That solves a further issue.

I am now getting a wireguard issue with requesting the dns server. I am running locally a DNScrypt instance which forwards all local DNS to cloudflare family (1.1.1.3)

https://pastebin.com/vEpErut9

Orchidd is for sure recognizing the wireguard server because server side:

ubuntu@eu2:~$ sudo wg
interface: wg0
  public key: REDACTED
  private key: (hidden)
  listening port: 51820

peer:REDACTED
  preshared key: (hidden)
  allowed ips: REDACTED

peer: REDACTED
  preshared key: (hidden)
  endpoint: REDACTED:54166
  allowed ips: REDACTED
  transfer: 592 B received, 3.25 KiB sent
ubuntu@eu2:~$