Hi!
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly.
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
In short, you add:
ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:*
(or a more open exit policy respectively)
Thanks!
If atlas shows an IPv6 ORPort, that means it's working correctly, right?
-tom
On 12 May 2015 at 17:09, Moritz Bartl moritz@torservers.net wrote:
Hi!
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly.
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
In short, you add:
ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:*
(or a more open exit policy respectively)
Thanks!
Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, 13 May 2015, Moritz Bartl wrote:
In short, you add:
ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:*
(or a more open exit policy respectively)
I tried configuring this a while ago, but got confused by what appeared to be conflicting documentation for IPv6 exit policies. Is the ExitPolicy for IPv6 completely separate (only using accept6/reject6 lines) or does it also make use of lines like "ExitPolicy accept *:80" which mention a port but not an IPv4 IP?
-- Aaron
On 05/13/2015 12:53 AM, Aaron Hopkins wrote:
I tried configuring this a while ago, but got confused by what appeared to be conflicting documentation for IPv6 exit policies. Is the ExitPolicy for IPv6 completely separate (only using accept6/reject6 lines) or does it also make use of lines like "ExitPolicy accept *:80" which mention a port but not an IPv4 IP?
It is exclusively using accept6/reject6 lines.
On 05/13/2015 01:43 AM, Moritz Bartl wrote:
On 05/13/2015 12:53 AM, Aaron Hopkins wrote:
I tried configuring this a while ago, but got confused by what appeared to be conflicting documentation for IPv6 exit policies. Is the ExitPolicy for IPv6 completely separate (only using accept6/reject6 lines) or does it also make use of lines like "ExitPolicy accept *:80" which mention a port but not an IPv4 IP?
It is exclusively using accept6/reject6 lines.
Unfortunately onionooo (and therefore nearly every Tor status page) displays the ipv6 policy as ipv4 too instead the ipv6 and ipv4 policy separately.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Thanks for the reminder. Just enabled IPv6 on the 100mbps unmetered exit I started up yesterday and set appropriate reverse lookup AAAA records for tor exit node identification.
https://atlas.torproject.org/#details/85C34289F5F62DD1490EB6D0627F9CD9BE90F9...
Julian
On Wednesday 13 May 2015 00:09:45 Moritz Bartl wrote:
If your host supports IPv6, please enable it, especially if you run an exit! This has to be done
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 05/13/2015 01:43 AM, Moritz Bartl wrote:
It is exclusively using accept6/reject6 lines.
Sure - there are currently few trac entries opened for that.
I do currently assume, that the following 2 lines :
ExitPolicy accept *:443 ExitPolicy accept6 *:80
will open both ports at ipv4 as well as at ipv6 .
- -- Toralf pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E - -- "; the past is all dirty and cruel in the modern popular imagination, with the exception of the Romans, who are just cruel" Ian Mortimer, 2008, "The Time Traveller's Guide to Medieval England"
Hello everyone,
I know that most of you know to do this already, but remember to update your IPv6 firewall! :)
Matt Speak Freely
Aaron Hopkins:
I tried configuring this a while ago, but got confused by what appeared to be conflicting documentation for IPv6 exit policies. Is the ExitPolicy for IPv6 completely separate (only using accept6/reject6 lines) or does it also make use of lines like "ExitPolicy accept *:80" which mention a port but not an IPv4 IP?
Wildcard accept/reject policies seem to catch both IPv6 and v4 going from the comment (and code) in src/or/routerparse.c[1]:
/** Parse the addr policy in the string <b>s</b> and return it. If
- assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or
- ADDR_POLICY_REJECT) for items that specify no action.
- The addr_policy_t returned by this function can have its address set to
- AF_UNSPEC for '*'. Use policy_expand_unspec() to turn this into a pair
- of AF_INET and AF_INET6 items.
*/
[1] https://gitweb.torproject.org/tor.git/tree/src/or/routerparse.c?id=tor-0.2.7... (Opening that link may hang tbb for a bit)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 05/13/2015 02:41 AM, ncl@cock.li wrote:
Wildcard accept/reject policies seem to catch both IPv6 and v4 going from the comment (and code) in src/or/routerparse.c[1]:
When I (naivly) prepend just the following lines into torrc before the current (reduced exit policy) :
# exit for ipv6 # ORPort [2a01:4f8:190:514a::2]:443 IPv6Exit 1 ExitPolicy accept6 *:443 # HTTPS ExitPolicy accept6 *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL ExitPolicy accept6 *:6660-6669 # IRC ExitPolicy accept6 *:6679 # IRC SSL ExitPolicy accept6 *:6697 # IRC SSL ExitPolicy reject6 *:*
I run into https://trac.torproject.org/projects/tor/ticket/16069 . So it seems to me, that it is not currently possible to have separate exit4/exit6 policies, right ?
- -- Toralf pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E - -- "; the past is all dirty and cruel in the modern popular imagination, with the exception of the Romans, who are just cruel" Ian Mortimer, 2008, "The Time Traveller's Guide to Medieval England"
Hi all,
On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote:
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly.
Thanks for the nudge!
So I'm trying to do this and hit a few snags (noob alert!):
0. I'm using the ec2 config; I think this is quite old, as it has both an ORPort and an ORListenAddress line, and the man page says the latter is deprecated. Furthermore, adding another ORPort line makes it choke on reading it: May 12 23:04:48.219 [warn] ORListenAddress can't be used when there are multiple ORPort lines May 12 23:04:48.219 [warn] Failed to parse/validate config: Invalid ORPort/ORListenAddress configuration May 12 23:04:48.219 [err] Reading config failed--see warnings above.
Commenting out ORListenAddress seems to make it work - but I'm not quite sure why it was there. Should I be worried? I had ORPort 443 ORListenAddress 0.0.0.0:9001
1. IPv6 address: my first thought was to get this from the ipv6 address listed for eth0 in ifconfig. No such luck - it gives me a link-local address, and tor doesn't like that. May 12 23:07:35.311 [warn] Could not bind to fe80:<rest of address>:443: Invalid argument May 12 23:07:35.311 [warn] Failed to parse/validate config: Failed to bind one of the listener ports. May 12 23:07:35.311 [err] Reading config failed--see warnings above.
2. So I put in :: and it works - restarts OK and I can see tor listening on both ipv4 and ipv6 addresses in netstat. Is this bad, though? Listening on lo is obviously fine, and the only other possibility is eth0 which is what I want - but is this good practice?
I have some further questions about ports but I'll put those in a separate email.
Best wishes, allicoder
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote:
Come on guys, we only need 6 more IPv6 relays to help Moritz out of his depression ...
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays).
Thats 6.3% IPv6 adoption rate amongst Tor relays, while todays global overall IPv6 adoption rate is 6.6% according to https://www.google.com/intl/en/ipv6/statistics.html.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I just enabled four relays, who has the next two? ^_^
//Brian
Ana Lucia Cortez:
On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote:
Come on guys, we only need 6 more IPv6 relays to help Moritz out of his depression ...
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays).
Thats 6.3% IPv6 adoption rate amongst Tor relays, while todays global overall IPv6 adoption rate is 6.6% according to https://www.google.com/intl/en/ipv6/statistics.html.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I have enabled it at 1 VPS and 1 Root.
And I enabled it on 2 instances which are connected via broadbandconnections with dynamic addresses for IPv4 and IPv6. There I got that information after applying the configuration:
07:05:49 [WARN] Unable to use configured IPv6 address "[::1]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. 07:05:49 [NOTICE] Your Tor server's identity key fingerprint is 'xxx' 07:05:49 [NOTICE] Opening OR listener on [::1]:2342
I hope that will work as desired.
Marcel
Brian Kroll brian@fiberoverethernet.com hat am 13. Mai 2015 um 07:45 geschrieben:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I just enabled four relays, who has the next two? ^_^
//Brian
Ana Lucia Cortez:
On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote:
Come on guys, we only need 6 more IPv6 relays to help Moritz out of his depression ...
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays).
Thats 6.3% IPv6 adoption rate amongst Tor relays, while todays global overall IPv6 adoption rate is 6.6% according to https://www.google.com/intl/en/ipv6/statistics.html.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJVUuTrAAoJEFjBjkteF9VaeSUP/jvhXTqCxz67Re8T7Md/j3Mc GWoiEo4sgOXsa7lD4XrJNslkGf3niwLrNk/tXQf7Jl5xTlo2aO1F9927lyO690Nm Z2Qo4rZMJK/XQy7SAO+BFCQLUJwk2zUHuBcQ2b0icA+zM1/9T7L9x6aeVvlXwER/ xgmYDFrVgHPUdi0yHGnUhbSEeahc47z7pSdXNU8vA7Srsy+FsBuF+02MRC6dmTQp nZnDbJOEMUeE4VTX0X9ID0ERO+VyzHvj+NtYFB7h3HOn5Tx4OmcVuEBZXyerbyGo mm4Her59X21WcCLHSqj1dtvOitsXD2b3OzeQCa0ULDTFeSWZxYZ3QAYVgS61l60u P9nuKRk8e6Cwi0Wv9hBI3KwJGOt1AT+f79LrMX+k+5si9jB/fiPEr2BFdx8PC9rS N7w3HGKG4tuR0/iBgp01lVxdpJONqUZ5tueFUUIQcrsF/mClLoGvp8eezuub2c3L 5/h5CpopxUpJ4pQBwsuLHP9EW0mxH0INOqRJqoo/6tNSHDVBG/xvHvRXU6hDAEn2 a3GpXKDLF0Qd6+YkDbM7+jk47i9ViB0PmwFDNOHMYAqokp4AxMzFmwaoxOBnnnsa vMoqubOyWjUHxlyHmboRHywkV46XuDXB4dGPg9qy0cAs+jXgpgWTaAihBVnUCYqF 16laWRMOogy27AgbDuAd =flm3 -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Just added 3
-- Kind Regards, Martijn Beekhuis | ]V[ \ / _/_ .-'-. //o\ _/_ -- / \ -- | /o\ ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~`
On 13 May 2015, at 09:09, torserver@ittk.it wrote:
I have enabled it at 1 VPS and 1 Root.
And I enabled it on 2 instances which are connected via broadbandconnections with dynamic addresses for IPv4 and IPv6. There I got that information after applying the configuration:
07:05:49 [WARN] Unable to use configured IPv6 address "[::1]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. 07:05:49 [NOTICE] Your Tor server's identity key fingerprint is 'xxx' 07:05:49 [NOTICE] Opening OR listener on [::1]:2342
I hope that will work as desired.
Marcel
Brian Kroll brian@fiberoverethernet.com hat am 13. Mai 2015 um 07:45 geschrieben:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I just enabled four relays, who has the next two? ^_^
//Brian
Ana Lucia Cortez:
On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote:
Come on guys, we only need 6 more IPv6 relays to help Moritz out of his depression ...
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays).
Thats 6.3% IPv6 adoption rate amongst Tor relays, while todays global overall IPv6 adoption rate is 6.6% according to https://www.google.com/intl/en/ipv6/statistics.html.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJVUuTrAAoJEFjBjkteF9VaeSUP/jvhXTqCxz67Re8T7Md/j3Mc GWoiEo4sgOXsa7lD4XrJNslkGf3niwLrNk/tXQf7Jl5xTlo2aO1F9927lyO690Nm Z2Qo4rZMJK/XQy7SAO+BFCQLUJwk2zUHuBcQ2b0icA+zM1/9T7L9x6aeVvlXwER/ xgmYDFrVgHPUdi0yHGnUhbSEeahc47z7pSdXNU8vA7Srsy+FsBuF+02MRC6dmTQp nZnDbJOEMUeE4VTX0X9ID0ERO+VyzHvj+NtYFB7h3HOn5Tx4OmcVuEBZXyerbyGo mm4Her59X21WcCLHSqj1dtvOitsXD2b3OzeQCa0ULDTFeSWZxYZ3QAYVgS61l60u P9nuKRk8e6Cwi0Wv9hBI3KwJGOt1AT+f79LrMX+k+5si9jB/fiPEr2BFdx8PC9rS N7w3HGKG4tuR0/iBgp01lVxdpJONqUZ5tueFUUIQcrsF/mClLoGvp8eezuub2c3L 5/h5CpopxUpJ4pQBwsuLHP9EW0mxH0INOqRJqoo/6tNSHDVBG/xvHvRXU6hDAEn2 a3GpXKDLF0Qd6+YkDbM7+jk47i9ViB0PmwFDNOHMYAqokp4AxMzFmwaoxOBnnnsa vMoqubOyWjUHxlyHmboRHywkV46XuDXB4dGPg9qy0cAs+jXgpgWTaAihBVnUCYqF 16laWRMOogy27AgbDuAd =flm3 -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[::1] is the IPv6 loopback address - use [::] to listen on any address.
On 05/13/2015 03:09 AM, torserver@ittk.it wrote:
I have enabled it at 1 VPS and 1 Root.
And I enabled it on 2 instances which are connected via broadbandconnections with dynamic addresses for IPv4 and IPv6. There I got that information after applying the configuration:
07:05:49 [WARN] Unable to use configured IPv6 address "[::1]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. 07:05:49 [NOTICE] Your Tor server's identity key fingerprint is 'xxx' 07:05:49 [NOTICE] Opening OR listener on [::1]:2342
I hope that will work as desired.
Marcel
Brian Kroll brian@fiberoverethernet.com hat am 13. Mai 2015 um 07:45 geschrieben:
I just enabled four relays, who has the next two? ^_^
//Brian
Ana Lucia Cortez:
On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote:
Come on guys, we only need 6 more IPv6 relays to help Moritz out of his depression ...
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays).
Thats 6.3% IPv6 adoption rate amongst Tor relays, while todays global overall IPv6 adoption rate is 6.6% according to https://www.google.com/intl/en/ipv6/statistics.html.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi, I set IPv6 tor relay
*ORPort [::]:9050*
getting this error when restarting:
###
*sudo tor restartMay 13 16:01:53.021 [notice] Tor v0.2.5.12 (git-3731dd5c3071dcba) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1f and Zlib 1.2.8.May 13 16:01:53.021 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning https://www.torproject.org/download/download#warningMay 13 16:01:53.021 [warn] Command-line option 'restart' with no value. Failing.May 13 16:01:53.021 [err] Reading config failed--see warnings above.*
###
On Wed, May 13, 2015 at 3:27 PM, JovianMallard tor@sec.gd wrote:
[::1] is the IPv6 loopback address - use [::] to listen on any address.
On 05/13/2015 03:09 AM, torserver@ittk.it wrote:
I have enabled it at 1 VPS and 1 Root.
And I enabled it on 2 instances which are connected via broadbandconnections with dynamic addresses for IPv4 and IPv6. There I
got
that information after applying the configuration:
07:05:49 [WARN] Unable to use configured IPv6 address "[::1]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. 07:05:49 [NOTICE] Your Tor server's identity key fingerprint is 'xxx' 07:05:49 [NOTICE] Opening OR listener on [::1]:2342
I hope that will work as desired.
Marcel
Brian Kroll brian@fiberoverethernet.com hat am 13. Mai 2015 um 07:45 geschrieben:
I just enabled four relays, who has the next two? ^_^
//Brian
Ana Lucia Cortez:
On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote:
Come on guys, we only need 6 more IPv6 relays to help Moritz out of his depression ...
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays).
Thats 6.3% IPv6 adoption rate amongst Tor relays, while todays global overall IPv6 adoption rate is 6.6% according to https://www.google.com/intl/en/ipv6/statistics.html.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
thanks, now I got a similar information:
13:36:02 [WARN] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly.
what do you think?
Marcel
JovianMallard tor@sec.gd hat am 13. Mai 2015 um 15:27 geschrieben:
[::1] is the IPv6 loopback address - use [::] to listen on any address.
On 05/13/2015 03:09 AM, torserver@ittk.it wrote:
I have enabled it at 1 VPS and 1 Root.
And I enabled it on 2 instances which are connected via broadbandconnections with dynamic addresses for IPv4 and IPv6. There I got that information after applying the configuration:
07:05:49 [WARN] Unable to use configured IPv6 address "[::1]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. 07:05:49 [NOTICE] Your Tor server's identity key fingerprint is 'xxx' 07:05:49 [NOTICE] Opening OR listener on [::1]:2342
I hope that will work as desired.
Marcel
Brian Kroll brian@fiberoverethernet.com hat am 13. Mai 2015 um 07:45 geschrieben:
I just enabled four relays, who has the next two? ^_^
//Brian
Ana Lucia Cortez:
On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote:
Come on guys, we only need 6 more IPv6 relays to help Moritz out of his depression ...
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays).
Thats 6.3% IPv6 adoption rate amongst Tor relays, while todays global overall IPv6 adoption rate is 6.6% according to https://www.google.com/intl/en/ipv6/statistics.html.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Googling finds these: https://lists.torproject.org/pipermail/tor-commits/2012-May/042676.html https://trac.torproject.org/projects/tor/ticket/5146 https://trac.torproject.org/projects/tor/ticket/5940
Looks like tor hasn't been taught to turn [::] into a reachable global IP address yet (for reporting to the network - listening would work fine), so I think you'll need to use your actual global IPv6 address there.
On 05/13/2015 12:13 PM, torserver@ittk.it wrote:
thanks, now I got a similar information:
13:36:02 [WARN] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly.
what do you think?
Marcel
JovianMallard tor@sec.gd hat am 13. Mai 2015 um 15:27 geschrieben:
[::1] is the IPv6 loopback address - use [::] to listen on any address.
On 05/13/2015 03:09 AM, torserver@ittk.it wrote:
I have enabled it at 1 VPS and 1 Root.
And I enabled it on 2 instances which are connected via broadbandconnections with dynamic addresses for IPv4 and IPv6. There I got that information after applying the configuration:
07:05:49 [WARN] Unable to use configured IPv6 address "[::1]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. 07:05:49 [NOTICE] Your Tor server's identity key fingerprint is 'xxx' 07:05:49 [NOTICE] Opening OR listener on [::1]:2342
I hope that will work as desired.
Marcel
Brian Kroll brian@fiberoverethernet.com hat am 13. Mai 2015 um 07:45 geschrieben:
I just enabled four relays, who has the next two? ^_^
//Brian
Ana Lucia Cortez:
On Wed, May 13, 2015 at 12:09:45AM +0200, Moritz Bartl wrote:
Come on guys, we only need 6 more IPv6 relays to help Moritz out of his depression ...
> We still have a depressingly low number of relays that support > IPv6 (currently only ~120 of ~1900 relays).
Thats 6.3% IPv6 adoption rate amongst Tor relays, while todays global overall IPv6 adoption rate is 6.6% according to https://www.google.com/intl/en/ipv6/statistics.html.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
That will be a problem because that instances will get several IPv6-addresses during the day because of active privacy extensions and the router get a new /56 for IPv6 from the ISP every day. A manual change of the torrc is inefficient for me. Because of that I will deactivate IPv6-support at the affected instances until the discovery of a IPv6-address will be like for IPv4 :-( I am not a programmer but perhaps it will be solved like for dyndns-services.
Marcel
JovianMallard tor@sec.gd hat am 13. Mai 2015 um 18:24 geschrieben:
Googling finds these: https://lists.torproject.org/pipermail/tor-commits/2012-May/042676.html https://trac.torproject.org/projects/tor/ticket/5146 https://trac.torproject.org/projects/tor/ticket/5940
Looks like tor hasn't been taught to turn [::] into a reachable global IP address yet (for reporting to the network - listening would work fine), so I think you'll need to use your actual global IPv6 address there.
On 05/13/2015 12:13 PM, torserver@ittk.it wrote:
thanks, now I got a similar information:
13:36:02 [WARN] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly.
what do you think?
Marcel
On Tue, 12 May 2015 22:45:24 -0700, Brian Kroll brian@fiberoverethernet.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I just enabled four relays, who has the next two? ^_^
Sydney Australia's in the IPv6 house now, wut wut.
https://atlas.torproject.org/#details/E1E1059D8C41FC48B823C6F09348EA89C4D4C9...
Thanks for the reminder. Should've done this months ago.
On 13/05/15 00:09, Moritz Bartl wrote:
Hi!
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly.
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
In short, you add:
ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:*
(or a more open exit policy respectively)
Thanks!
On Tue, May 12, 2015 at 11:09 PM, Moritz Bartl moritz@torservers.net wrote:
especially if you run an exit!
1 exit, 2 bridges and 4 general relays are now explicitly IPv6 enabled
Once https://trac.torproject.org/projects/tor/ticket/5788 is done I'll be able to bring several more online
Done. Thx for the reminder :)
Unfortunately, I can't do this to the CMU Tor exit because the university network doesn't do IPv6 -- I asked, and and it's on the list, but there is an awful lot of old equipment which would have to be replaced first, things like better WiFi coverage are higher priority, and I can't say that I blame them. I've done it to my cloud non-exit node, though, and it seems to be pushing 50-100 bits/sec of IPv6 cells now. Yes, you read that right, bits.
zw
How did you measure IPv6 traffic specifically? Ive been running an IPv4+6 exit for a while now and would be interested to know how much of that is IPv6.
https://atlas.torproject.org/#details/D51EE9D0653AA0D62F4D76AC428DF20F537784... https://atlas.torproject.org/#details/D51EE9D0653AA0D62F4D76AC428DF20F5377846B
Ethan
On May 13, 2015, at 1:44 PM, Zack Weinberg zackw@cmu.edu wrote:
Unfortunately, I can't do this to the CMU Tor exit because the university network doesn't do IPv6 -- I asked, and and it's on the list, but there is an awful lot of old equipment which would have to be replaced first, things like better WiFi coverage are higher priority, and I can't say that I blame them. I've done it to my cloud non-exit node, though, and it seems to be pushing 50-100 bits/sec of IPv6 cells now. Yes, you read that right, bits.
zw _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Linode has a dashboard page for each of one's vservers that shows, among other things, graphs of its IPv4 and v6 network bandwidth.
I don't know any details of how this is done but the graphs look MRTG-ish to me.
On Wed, May 13, 2015 at 2:24 PM, Ethan Rose ethan@ethanrose.co.nz wrote:
How did you measure IPv6 traffic specifically? Ive been running an IPv4+6 exit for a while now and would be interested to know how much of that is IPv6.
https://atlas.torproject.org/#details/D51EE9D0653AA0D62F4D76AC428DF20F537784...
Ethan
On May 13, 2015, at 1:44 PM, Zack Weinberg zackw@cmu.edu wrote:
Unfortunately, I can't do this to the CMU Tor exit because the university network doesn't do IPv6 -- I asked, and and it's on the list, but there is an awful lot of old equipment which would have to be replaced first, things like better WiFi coverage are higher priority, and I can't say that I blame them. I've done it to my cloud non-exit node, though, and it seems to be pushing 50-100 bits/sec of IPv6 cells now. Yes, you read that right, bits.
zw _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Is there anything I should be concerned with w.r.t to activating IPv6 on a relay that has IPv6 connectivity only through a Hurricane Electric tunnel?
~ M.
On May 12, 2015, at 6:09 PM, Moritz Bartl moritz@torservers.net wrote:
Hi!
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly.
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
In short, you add:
ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:*
(or a more open exit policy respectively)
Thanks!
Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tunnelbroker's ToS don't seem to prohibit proxies/relays, so I don't see an issue here. Don't know how they'd react to exits, though.
On 13/05/2015 19:09, Michael Gorbach wrote:
Is there anything I should be concerned with w.r.t to activating IPv6 on a relay that has IPv6 connectivity only through a Hurricane Electric tunnel?
~ M.
On May 12, 2015, at 6:09 PM, Moritz Bartl moritz@torservers.net wrote:
Hi!
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly.
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
In short, you add:
ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:*
(or a more open exit policy respectively)
Thanks!
Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 05/12/2015 06:09 PM, Moritz Bartl wrote:
Hi!
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly.
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
In short, you add:
ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:*
(or a more open exit policy respectively)
Thanks!
According to atlas.torproject.org, my non-exit relay appears to be displaying/working on IPv6 for the "OR Addresses." Should it also be using IPv6 for the "Dir Address" too?
If so, what additional configuration would I have to add to make that happen?
Thank you.
Hi Michael,
From [0]:
There is currently no support for running a DIR port on IPv6. Leave any DirPort option as is.
HTH, Sharif
[0]: https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 05/14/2015 05:09 AM, Sharif Olorin wrote:
Hi Michael,
From [0]:
There is currently no support for running a DIR port on IPv6. Leave any DirPort option as is.
HTH, Sharif
Ah, I didn't catch that. Thank you for pointing that out.
On 05/13/2015 00:09, Moritz Bartl wrote:
Hi!
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly.
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
In short, you add:
ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:*
(or a more open exit policy respectively)
I already had it enabled it on my node (ymkeo - 4E8CE6F5651E7342C1E7E5ED031E82078134FB0D) but only enabled it on the router today. Atlas now confirms both IPv4 and IPv6 connectivity but I did loose the Stable (and HSDir) flag? I did not restart the Tor process itself.
Regards, René
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Moritz Bartl:
ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:*
Do non-exit relays require the last two lines as well?
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto :
In order to be able to exit to IPv6 addresses, exit relays must set IPv6Exit 1
The man page says:
IPv6Exit 0|1
If set, and we are an exit node, allow clients to use us for IPv6 traffic. (Default: 0)
So if 'IPv6Exit 1' is required for IPv6 non-exits, the man page should be more explicit about that?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Since clients are not able to bootstrap over IPv6 yet:
https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6 :
Directory authorities on IPv6
Clients and relays talk to directory authorities. The work with making directory authorities reachable over IPv6 has not been started.
This work will be tracked in #6027. [1]
Does that mean that IPv6 non-exits are not very useful yet?
[1] https://trac.torproject.org/projects/tor/ticket/6027
nusenu nusenu@openmailbox.org wrote Sat, 16 May 2015 08:26:19 +0000:
| Since clients are not able to bootstrap over IPv6 yet: | | https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6 : | > Directory authorities on IPv6 | > | > Clients and relays talk to directory authorities. The work with | > making directory authorities reachable over IPv6 has not been | > started. | > | > This work will be tracked in #6027. [1] | | | Does that mean that IPv6 non-exits are not very useful yet?
They're useful for clients configuring them as bridges (guards).
On 05/16/2015 09:57 AM, nusenu wrote:
Do non-exit relays require the last two lines as well? So if 'IPv6Exit 1' is required for IPv6 non-exits, the man page should be more explicit about that?
It is not required. "IPv6Exit 1" enables exiting, as written in the manpages and in the howto that I've linked to.
On 13/05/15 00:09, Moritz Bartl wrote:
Hi!
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly.
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
In short, you add:
ORPort [IPv6::address]:port IPv6Exit 1 ExitPolicy reject6 *:*
Hi there!.
I have added this to my configuration:
""" # Poder acceder a SOCKS5 a través del localhost IPv6 SocksListenAddress [::1]
# Poder controlar el proceso TOR a través de ambos localhosts ControlListenAddress 127.0.0.1:9051 ControlListenAddress [::1]:9051
# Declaramos que este nodo TOR es accesible a través de IPv6 ORPort [::]:PUERTO_TOR
# Es un nodo de tránsito, no de salida IPv6Exit 1 ExitPolicy reject6 *:* """
After 39 hours Atlas still doesn't show me as IPv6 accessible and I see ZERO IPv6 connections in or out.
https://atlas.torproject.org/#details/9A9FE7C84BD21590CA4A0FC99DAC803C1F72E55D
On Thu, 18 Jun 2015 20:40:44 +0200 Jesus Cea jcea@jcea.es wrote:
# Declaramos que este nodo TOR es accesible a través de IPv6 ORPort [::]:PUERTO_TOR
You thought it would be this simple. Nope, unlike every other IPv6-capable program on Earth, in Tor this syntax of "bind to all IPs" is not supported. They want you to specify the actual single IP manually, and then keep track if it changes and each time not forget to go to torrc to update it. https://lists.torproject.org/pipermail/tor-relays/2015-May/007063.html
# Es un nodo de tránsito, no de salida IPv6Exit 1 ExitPolicy reject6 *:* """
After 39 hours Atlas still doesn't show me as IPv6 accessible and I see ZERO IPv6 connections in or out.
https://atlas.torproject.org/#details/9A9FE7C84BD21590CA4A0FC99DAC803C1F72E55D
Hi,
is there a specific reason why most torservers.net exits do not allow exiting to IPv6 destinations - even if many have ORPorts on IPv6?
+------------+----------------+------------------------+ | first_seen | nickname | exit_policy_v6_summary | +------------+----------------+------------------------+ | 2014-02-13 | amazonas | {u'reject': [u'25']} | | 2014-02-13 | politkovskaja2 | NULL | | 2014-02-13 | politkovskaja | NULL | | 2014-05-01 | rehm | NULL | | 2016-09-02 | hessel0 | NULL | | 2016-09-02 | hessel2 | NULL | | 2016-09-02 | hessel1 | NULL | | 2016-11-15 | andregorz0 | NULL | | 2016-11-15 | edwardsnowden2 | NULL | | 2016-11-15 | edwardsnowden1 | NULL | | 2016-12-23 | russellteapot | NULL | | 2016-12-23 | dorrisdeebrown | NULL | | 2016-12-30 | criticalmass | NULL | | 2016-12-30 | zwiebelfreund | NULL | | 2017-01-09 | zwiebelfreund2 | NULL | | 2017-01-22 | zwiebelfreund3 | NULL | +------------+----------------+------------------------+
If you run an exit with IPv6 connectivity consider allowing IPv6 exiting as well, currently only ~12% of tor exit capacity allows also IPv6.
https://trac.torproject.org/projects/tor/ticket/21269#comment:3
On 25 Jan 2017, at 09:43, nusenu nusenu@openmailbox.org wrote:
If you run an exit with IPv6 connectivity consider allowing IPv6 exiting as well, currently only ~12% of tor exit capacity allows also IPv6.
https://trac.torproject.org/projects/tor/ticket/21269#comment:3
We found two tor bugs today that make it much harder for tor clients to discover that a hostname is IPv6-only (and therefore that they need to connect to an IPv6 Exit).
https://trac.torproject.org/projects/tor/ticket/21310 https://trac.torproject.org/projects/tor/ticket/21311
Hopefully, when exits upgrade to a tor version with these patches, clients will connect to one exit, be told the IPv6 address, and then connect to an exit that supports IPv6.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
is there a specific reason why most torservers.net exits do not allow exiting to IPv6 destinations - even if many have ORPorts on IPv6?
+------------+----------------+------------------------+ | first_seen | nickname | exit_policy_v6_summary | +------------+----------------+------------------------+ | 2014-02-13 | amazonas | {u'reject': [u'25']} | | 2014-02-13 | politkovskaja2 | NULL | | 2014-02-13 | politkovskaja | NULL | | 2014-05-01 | rehm | NULL | | 2016-09-02 | hessel0 | NULL | | 2016-09-02 | hessel2 | NULL | | 2016-09-02 | hessel1 | NULL | | 2016-11-15 | andregorz0 | NULL | | 2016-11-15 | edwardsnowden2 | NULL | | 2016-11-15 | edwardsnowden1 | NULL | | 2016-12-23 | russellteapot | NULL | | 2016-12-23 | dorrisdeebrown | NULL | | 2016-12-30 | criticalmass | NULL | | 2016-12-30 | zwiebelfreund | NULL | | 2017-01-09 | zwiebelfreund2 | NULL | | 2017-01-22 | zwiebelfreund3 | NULL | +------------+----------------+------------------------+
I might be misinterpreting onionoo's exit_policy_v6_summary field or we are looking at an onionoo bug, I asked Karsten about it: https://lists.torproject.org/pipermail/tor-dev/2017-January/011851.html
tor-relays@lists.torproject.org
-
Aaron Hopkins -
AJ NOURI -
Ana Lucia Cortez -
aredocilla@gmail.com -
Bandie Kojote -
Brian Kroll -
Ethan Rose -
Gareth Llewellyn -
Jesus Cea -
JovianMallard -
Julian Plamann -
Linus Nordberg -
Martijnb -
Michael Gorbach -
michael@yanovich.net -
Moritz Bartl -
ncl@cock.li -
Niklas Kielblock -
nusenu -
René Ladan -
Roman Mamedov -
Seth -
Sharif Olorin -
Speak Freely -
Sven Reissmann -
teor -
Tom Ritter -
Toralf Förster -
torserver@ittk.it -
Zack Weinberg