Thinking of IPv6:
How far has the team got in implementing IPv6 only OR port facility ?
Currently you can only run tor relay of any sort if there is open IPv4 OR port to the internet. This is getting a bit quaint.
I am sure I am not alone in having much wasted bandwidth that could be put to good Tor use but they are only accessible via IPv6, while they can exit of course IPv4 and IPv6
I realise that so far, despite IPv6 being open on my main exit for some years, there is still little IPv6 traffic, but that might suddenly change.
Gerry
From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of Onion Operator Sent: 24 February 2021 10:08 To: tor-relays@lists.torproject.org Subject: [tor-relays] IPv6 auto-discovery vs. privacy extensions
Saluton,
My relay started to log this message since 0.4.5.5:
Auto-discovered IPv6 address [...]:443 has not been found reachable. However, IPv4 address is reachable. Publishing server descriptor without IPv6 address. [2 similar message(s) suppressed in last 2400 seconds]
I think it started with the introduction of IPv6 auto-discovery.
The problem, as I understand it, is that my relay has IPv6 privacy extensions enabled and therefore the IPv6 detection logic gets fooled. Indeed the IPv6 I see in the logs is one of the temporary addresses used as client towards other relays.
Relevant config is:
ORPort 443 IPv4Only ORPort [...]:443 IPv6Only
I added the IPv{4,6}Only options only in searching a solution to this problem, before 0.4.5.5 the IPv6 relay worked perfectly without.
In reading the documentation of AddressDisableIPv6 I got the impression that if (any?) ORPort is configured with IPv4Only the IPv6 auto-discovery gets disabled but evidence does not support my understanding. Is it a bug?
Any other way to disable IPv6 auto-discovery?
-- flev
On 24 Feb (12:02:11), Dr Gerard Bulger wrote:
Thinking of IPv6:
How far has the team got in implementing IPv6 only OR port facility ?
As of tor 0.4.5.x release, IPv6 is fully supported for tor clients and relays.
Currently you can only run tor relay of any sort if there is open IPv4 OR port to the internet. This is getting a bit quaint.
That is one piece of it. We still require an IPv4 as in a relay can not run with *only* an IPv6 at the moment.
One of the property that the network should have (even though it is not always true) is that every relays should be able to talk to every other relays. And thus if we have IPv4 only relays that can not talk to IPv6 relays only, we partition the network and this is no good.
I am sure I am not alone in having much wasted bandwidth that could be put to good Tor use but they are only accessible via IPv6, while they can exit of course IPv4 and IPv6
I realise that so far, despite IPv6 being open on my main exit for some years, there is still little IPv6 traffic, but that might suddenly change.
As the network migrates to tor >= 0.4.5.x, inter relay communication will start to ramp up on IPv6.
Cheers! David
"One of the property that the network should have (even though it is not always true) is that every relays should be able to talk to every other relays. And thus if we have IPv4 only relays that cannot talk to IPv6 relays only, we partition the network and this is no good."
A very good point, but means we are stuck with IPv4 "both ways" forever. There are many situations now (CGNAT for example) where only way in to potential server is via an IPv6 address via pinhole on the router. A device with IPv6 only OR port input route can almost always connect outgoing to all IPv4 addresses. I was not thinking of entirely IPv6. Just being able to define the OR port as IPv6 when not having a viable IPv4 route in, IPv4 out is OK.
For other purposes I have SOCAT on my VPS running so IPv4 ran reach my IPv6 machines behind the Fibre internet company's shared IPv4 CGNAT "firewall"). I cannot have my personal VPS seen as a Tor node, so cannot do that.
Gerry
-----Original Message----- From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of David Goulet Sent: 25 February 2021 13:16 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] IPv6
On 24 Feb (12:02:11), Dr Gerard Bulger wrote:
Thinking of IPv6:
How far has the team got in implementing IPv6 only OR port facility ?
As of tor 0.4.5.x release, IPv6 is fully supported for tor clients and relays.
Currently you can only run tor relay of any sort if there is open IPv4 OR port to the internet. This is getting a bit quaint.
That is one piece of it. We still require an IPv4 as in a relay can not run with *only* an IPv6 at the moment.
One of the property that the network should have (even though it is not always true) is that every relays should be able to talk to every other relays. And thus if we have IPv4 only relays that can not talk to IPv6 relays only, we partition the network and this is no good.
I am sure I am not alone in having much wasted bandwidth that could be put to good Tor use but they are only accessible via IPv6, while they can exit of course IPv4 and IPv6
I realise that so far, despite IPv6 being open on my main exit for some years, there is still little IPv6 traffic, but that might suddenly
change.
As the network migrates to tor >= 0.4.5.x, inter relay communication will start to ramp up on IPv6.
Cheers! David
-- E7wflFgKE/E5SRn+WXE1QvJTtRMvCV3b2OGyVzMvXSY=
David Goulet a écrit :
On 24 Feb (12:02:11), Dr Gerard Bulger wrote:
I am sure I am not alone in having much wasted bandwidth that could be put to good Tor use but they are only accessible via IPv6, while they can exit of course IPv4 and IPv6
I found a "kind of solution" about that.
Behind my fibre optique, I took 26000-26999 tcp ports with the NAT for IPv4
so I have 1 relay using pop3/pop3s for IPv4/IPv6, and many "little" relays on the range 26000-26999 for IPv4/IPv6.
talking about port range, here is my question: is there a better range to use and to make tor traffic as discret as possible ?
Best regards, Casper
On Thu, 25 Feb 2021 16:54:50 +0100 Casper fantom@fedoraproject.org wrote:
I found a "kind of solution" about that.
Behind my fibre optique, I took 26000-26999 tcp ports with the NAT for IPv4
so I have 1 relay using pop3/pop3s for IPv4/IPv6, and many "little" relays on the range 26000-26999 for IPv4/IPv6.
The network will only accept 2 relays per each IPv4, so "many" relays on the same IPv4 but on different port will be unworkable, there can be just one more.
Roman Mamedov a écrit :
On Thu, 25 Feb 2021 16:54:50 +0100 Casper fantom@fedoraproject.org wrote:
I found a "kind of solution" about that.
Behind my fibre optique, I took 26000-26999 tcp ports with the NAT for IPv4
so I have 1 relay using pop3/pop3s for IPv4/IPv6, and many "little" relays on the range 26000-26999 for IPv4/IPv6.
The network will only accept 2 relays per each IPv4, so "many" relays on the same IPv4 but on different port will be unworkable, there can be just one more.
For now I have exactly 2 relays on 1 IPv4, but I planned to provide more.
Is there any workaround to bypass this limitation ?
tor-relays@lists.torproject.org
-
Casper -
David Goulet -
Dr Gerard Bulger -
Roman Mamedov