Goal: I want to use basics of ipfs. Node-A will upload a file and Node-B should able to download it.
I am using the latest version of IPFS (v0.7.0), and for a very long time I am always having trouble to make connection between nodes using ipfs swarm connect <ipfs_hash>. On the latest version there is new addresses as: /4001/quic and /4001/p2p not sure which one should I use to connect into.
On node-B: (the one trying to connect into node-A)
I have tried to make connection between two nodes on multiple different machines, but I keep having the failure: failed to dial. Is there any way to solve this ? When I cannot establish a connection , I cannot use ipfs to download files in between the different nodes.
I’m not sure what you mean by this. What addresses do you get when you run ipfs id on the node you’re trying to dial? Likely some of the addresses will be local ones not reachable over the public internet, but if you have things set up correct you will see some public ones as well. You might see both QUIC and TCP addresses being advertised (as well as IPv4 and IPv6) as go-ipfs by default will listen and be able to dial nodes across all of those options.
In general when I encounter a “failed to dial” my instinct is to check whether the node is in fact reachable without using any IPFS specific tooling at all. This has been mentioned in a number of the posts you’ve linked (e.g. using nc to dial the remote peer and looking for the multistream response). You can also leverage some online port checker tools such as https://portchecker.co/. I’m not endorsing any particular online port checker, most I’ve seen will not let you check all combinations of UDP/TCP and IPv4/IPv6 easily but with some Googling you can generally find any port checker you need. If you happen to find a website that does all the port checking things for you post back, I’d be interested in knowing about it .
Once you know whether your node is actually reachable over the public internet you can move on to the next diagnostic steps (is my machine behind a NAT or firewall, etc.).
Note: I don’t think you were asking specifically about this but note that if you do ipfs swarm connect /p2p/{TargetPeerID} then IPFS will search the DHT to find that peer’s addresses and dial them assuming it doesn’t know about the peer already.
I am trying to run IPFS on a google instance (which has a external ip) and alsa a VM that I am running on under macOS. But even I can ping into the google-instance I was not able to connect into it using ipfs swarm connect.
=> But I am not sure that should I open port 4001, and would it be safe?
@avatar-lavventura he says not to expose the API port because it is the port that allows your node to be controlled via the HTTP API, it is port 5001 in your above config which is the default setting.
However, the Swarm port(s) (4001 for TCP and UDP for IPv4 and IPv6 in your case and by default) is the libp2p node port and is the way that your node can be reached by other nodes in the network to fetch content, perform pubsub operations, etc. Exposing the Swarm port to the world is how people reach you, for example on my home network I can utilize UPnP or manual port forwarding to make my node dialable.
Should I open port 4001 since still its not seen by public domain, apply something as follows, it works but would it be safe?
------------
Applying the following configuration seems like solved the issue for Google Instance, but I am not sure how can I fix it for any VM that I am using.
default-allow-ssh
Ingress
Apply to all
IP ranges: 0.0.0.0/0
tcp:4001
Allow
65534
I can’t speak to the particulars of how to work with google cloud’s firewalls, but yes you should make sure that port 4001 (both TCP and UDP) are opened.