On 17 Sep 2016, at 05:20, grarpamp grarpamp@gmail.com wrote:
On Fri, Sep 16, 2016 at 5:13 AM, Alex Elsayed eternaleye@gmail.com wrote:
Hi, I'm using Tor in transparent mode, and I'm running into a rather inconvenient behavior.
VirtualAddrNetworkIPv6 refuses to parse unless the network address given is a /40 or broader. However, IPv6 ULA, which makes it very easy to give Tor its own subnet no-strings-attached, strictly grants a /48 prefix.
As a result, I am faced with a choice between deeply suboptimal options:
1.) Use VirtualAddrNetworkIPv4, as I've done in the past. This results in _fewer_ addresses being available to Tor than an IPv6 /48, which I feel illustrates the issues with requiring a /40 quite clearly.
2.) Squat on some portion of the IPv6 address space I don't actually own. This is entirely unpalatable
This impacts with onioncat as well. I'm curious as to any /40 rationale, though I suspect a historical brainfart typo.
In fact, a min/max typo, which contributed to the IPv6 /40 mistake: https://trac.torproject.org/projects/tor/ticket/20151 (Feel free to log tickets at https://trac.torproject.org/projects/tor when these sorts of issues come up.)
In the interim, Alex, have you tried using [FC00::]/7 ? From the tor manual entry on VirtualAddrNetworkIPv6:
When providing proxy server service to a network of computers using a tool like dns-proxy-tor, change the IPv4 network to "10.192.0.0/10" or "172.16.0.0/12" and change the IPv6 network to "[FC00]/7".
(Yes, there is a typo in the last IPv6 address as well. https://trac.torproject.org/projects/tor/ticket/20153 )
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org