Howdy,
I have setup a Tor exit node and IPv4 appears to work (will get a real test in the next 48 hours). I would like to confirm my IPv6 setup as I have found the documentation on this subject lacking (or my googling skills suffering!)
Added the following to my torrc file:
ORPort 9001 ORPort [2606:2e00:0:19::4]:9050 # first line works with IPv4 while second line is supposed to be IPv6
IPv6Exit 1 ExitPolicy accept6 *:* # Allow all IPv6 Requests
I did not specify anything for DirPort as I believe this is not working under IPv6? Is this correct?
For reference my fingerprint is 6269EC22B7970ACDE4AF09F6ADE67CEB0C7F7964
On Wed, 21 May 2014 22:51:49 -0700 Adam Brenner adam@aeb.io wrote:
I have setup a Tor exit node and IPv4 appears to work (will get a real test in the next 48 hours). I would like to confirm my IPv6 setup as I have found the documentation on this subject lacking (or my googling skills suffering!)
I googled "Tor IPv6" and the first hit is:
https://people.torproject.org/~linus/ipv6-relay-howto.html
what exactly do you find "lacking" in that document? To me it seems to do an excellent job in explaining everything one needs to know in a concise and clear manner.
On Thu, May 22, 2014 at 01:17:17PM +0600, Roman Mamedov wrote:
On Wed, 21 May 2014 22:51:49 -0700 Adam Brenner adam@aeb.io wrote:
I have setup a Tor exit node and IPv4 appears to work (will get a real test in the next 48 hours). I would like to confirm my IPv6 setup as I have found the documentation on this subject lacking (or my googling skills suffering!)
I googled "Tor IPv6" and the first hit is:
https://people.torproject.org/~linus/ipv6-relay-howto.html
what exactly do you find "lacking" in that document? To me it seems to do an excellent job in explaining everything one needs to know in a concise and clear manner.
It looks like this document is a bit out of date, e.g. https://trac.torproject.org/projects/tor/ticket/6026 has been fixed for a while now.
If somebody here is looking for a good way to help out, perhaps you would like to move this document over to the Tor wiki, e.g. https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto and then help update it?
--Roger
After I added the correct line to my config I waited a bit and it did not show up in https://globe.torproject.org/#/relay/C0EDB08D7540D1DD3CA69809ED17D979F51B66E...
Then I remembered I needed to restart my firewall, waiting a bit, and then it did show up. So I think it's working, and that globe won't show it unless it does indeed work. Could be wrong though.
-tom
On 24 May 2014 23:13, Roger Dingledine arma@mit.edu wrote:
On Thu, May 22, 2014 at 01:17:17PM +0600, Roman Mamedov wrote:
On Wed, 21 May 2014 22:51:49 -0700 Adam Brenner adam@aeb.io wrote:
I have setup a Tor exit node and IPv4 appears to work (will get a real test in the next 48 hours). I would like to confirm my IPv6 setup as I have found the documentation on this subject lacking (or my googling skills suffering!)
I googled "Tor IPv6" and the first hit is:
https://people.torproject.org/~linus/ipv6-relay-howto.html
what exactly do you find "lacking" in that document? To me it seems to do an excellent job in explaining everything one needs to know in a concise and clear manner.
It looks like this document is a bit out of date, e.g. https://trac.torproject.org/projects/tor/ticket/6026 has been fixed for a while now.
If somebody here is looking for a good way to help out, perhaps you would like to move this document over to the Tor wiki, e.g. https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto and then help update it?
--Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Are you sure that you want allow port 25 on ipv4 and 6? Can't test it from here but it looks like you allow all ports on v4 and v6 Am 22.05.2014 09:11 schrieb "Adam Brenner" adam@aeb.io:
Howdy,
I have setup a Tor exit node and IPv4 appears to work (will get a real test in the next 48 hours). I would like to confirm my IPv6 setup as I have found the documentation on this subject lacking (or my googling skills suffering!)
Added the following to my torrc file:
ORPort 9001 ORPort [2606:2e00:0:19::4]:9050 # first line works with IPv4 while second line is supposed to be IPv6
IPv6Exit 1 ExitPolicy accept6 *:* # Allow all IPv6 Requests
I did not specify anything for DirPort as I believe this is not working under IPv6? Is this correct?
For reference my fingerprint is 6269EC22B7970ACDE4AF09F6ADE67CEB0C7F7964
-- Adam Brenner adam@aeb.io _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 05/22/2014 01:00 AM, tor@afo-tm.org wrote:
Are you sure that you want allow port 25 on ipv4 and 6? Can't test it from here but it looks like you allow all ports on v4 and v6
For IPv4 I am running a Reduced Exit Policy[1]. Those entries are in my torrc file, however, Atlas is showing none of those policies[2]!
I would like to blame Atlas for this, but I have a feeling this is something incorrect in my configuration. The necessary information is below.
Is my configuration correct? (Allow all IPv6 traffic, reduced exit on IPv4?)
IPv6Exit 1 ExitPolicy accept6 *:* # Allow all IPv6 Requests
ExitPolicy accept *:20-23 # FTP, SSH, telnet ExitPolicy accept *:43 # WHOIS ExitPolicy accept *:53 # DNS ExitPolicy accept *:79-81 # finger, HTTP ExitPolicy accept *:88 # kerberos ExitPolicy accept *:110 # POP3 ExitPolicy accept *:143 # IMAP ExitPolicy accept *:194 # IRC ExitPolicy accept *:220 # IMAP3 ExitPolicy accept *:389 # LDAP ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:464 # kpasswd ExitPolicy accept *:531 # IRC/AIM ExitPolicy accept *:543-544 # Kerberos ExitPolicy accept *:554 # RTSP ExitPolicy accept *:563 # NNTP over SSL ExitPolicy accept *:636 # LDAP over SSL ExitPolicy accept *:706 # SILC ExitPolicy accept *:749 # kerberos ExitPolicy accept *:873 # rsync ExitPolicy accept *:902-904 # VMware ExitPolicy accept *:981 # Remote HTTPS management for firewall ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration # System, telnets, IMAP over SSL, # ircs, POP3 over SSL ExitPolicy accept *:1194 # OpenVPN ExitPolicy accept *:1220 # QT Server Admin ExitPolicy accept *:1293 # PKT-KRB-IPSec ExitPolicy accept *:1500 # VLSI License Manager ExitPolicy accept *:1533 # Sametime ExitPolicy accept *:1677 # GroupWise ExitPolicy accept *:1723 # PPTP ExitPolicy accept *:1755 # RTSP ExitPolicy accept *:1863 # MSNP ExitPolicy accept *:2082 # Infowave Mobility Server ExitPolicy accept *:2083 # Secure Radius Service (radsec) ExitPolicy accept *:2086-2087 # GNUnet, ELI ExitPolicy accept *:2095-2096 # NBX ExitPolicy accept *:2102-2104 # Zephyr ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:3389 # MS WBT ExitPolicy accept *:3690 # SVN ExitPolicy accept *:4321 # RWHOIS ExitPolicy accept *:4643 # Virtuozzo ExitPolicy accept *:5050 # MMCC ExitPolicy accept *:5190 # ICQ ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL ExitPolicy accept *:5228 # Android Market ExitPolicy accept *:5900 # VNC ExitPolicy accept *:6660-6669 # IRC ExitPolicy accept *:6679 # IRC SSL ExitPolicy accept *:6697 # IRC SSL ExitPolicy accept *:8000 # iRDMI ExitPolicy accept *:8008 # HTTP alternate ExitPolicy accept *:8074 # Gadu-Gadu ExitPolicy accept *:8080 # HTTP Proxies ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan # HTTP ExitPolicy accept *:8332-8333 # BitCoin ExitPolicy accept *:8443 # PCsync HTTPS ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE ExitPolicy accept *:9418 # git ExitPolicy accept *:9999 # distinct ExitPolicy accept *:10000 # Network Data Management Protocol ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver # protocol) ExitPolicy accept *:12350 # Skype ExitPolicy accept *:19294 # Google Voice TCP ExitPolicy accept *:19638 # Ensim control panel ExitPolicy accept *:23456 # Skype ExitPolicy accept *:33033 # Skype ExitPolicy accept *:64738 # Mumble ExitPolicy reject *:*
[1]: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy [2]: https://atlas.torproject.org/#details/6269EC22B7970ACDE4AF09F6ADE67CEB0C7F79...
On 05/22/2014 10:01 AM, Adam Brenner wrote:
On 05/22/2014 01:00 AM, tor@afo-tm.org wrote:
Are you sure that you want allow port 25 on ipv4 and 6? Can't test it from here but it looks like you allow all ports on v4 and v6
For IPv4 I am running a Reduced Exit Policy[1]. Those entries are in my torrc file, however, Atlas is showing none of those policies[2]!
I would like to blame Atlas for this, but I have a feeling this is something incorrect in my configuration. The necessary information is below.
Is my configuration correct? (Allow all IPv6 traffic, reduced exit on IPv4?)
IPv6Exit 1 ExitPolicy accept6 *:* # Allow all IPv6 Requests ExitPolicy accept *:20-23 # FTP, SSH, telnet ExitPolicy accept *:43 # WHOIS ExitPolicy accept *:53 # DNS ExitPolicy accept *:79-81 # finger, HTTP ExitPolicy accept *:88 # kerberos ExitPolicy accept *:110 # POP3 ExitPolicy accept *:143 # IMAP ExitPolicy accept *:194 # IRC ExitPolicy accept *:220 # IMAP3 ExitPolicy accept *:389 # LDAP ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:464 # kpasswd ExitPolicy accept *:531 # IRC/AIM ExitPolicy accept *:543-544 # Kerberos ExitPolicy accept *:554 # RTSP ExitPolicy accept *:563 # NNTP over SSL ExitPolicy accept *:636 # LDAP over SSL ExitPolicy accept *:706 # SILC ExitPolicy accept *:749 # kerberos ExitPolicy accept *:873 # rsync ExitPolicy accept *:902-904 # VMware ExitPolicy accept *:981 # Remote HTTPS management for firewall ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration # System, telnets, IMAP over SSL, # ircs, POP3 over SSL ExitPolicy accept *:1194 # OpenVPN ExitPolicy accept *:1220 # QT Server Admin ExitPolicy accept *:1293 # PKT-KRB-IPSec ExitPolicy accept *:1500 # VLSI License Manager ExitPolicy accept *:1533 # Sametime ExitPolicy accept *:1677 # GroupWise ExitPolicy accept *:1723 # PPTP ExitPolicy accept *:1755 # RTSP ExitPolicy accept *:1863 # MSNP ExitPolicy accept *:2082 # Infowave Mobility Server ExitPolicy accept *:2083 # Secure Radius Service (radsec) ExitPolicy accept *:2086-2087 # GNUnet, ELI ExitPolicy accept *:2095-2096 # NBX ExitPolicy accept *:2102-2104 # Zephyr ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:3389 # MS WBT ExitPolicy accept *:3690 # SVN ExitPolicy accept *:4321 # RWHOIS ExitPolicy accept *:4643 # Virtuozzo ExitPolicy accept *:5050 # MMCC ExitPolicy accept *:5190 # ICQ ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL ExitPolicy accept *:5228 # Android Market ExitPolicy accept *:5900 # VNC ExitPolicy accept *:6660-6669 # IRC ExitPolicy accept *:6679 # IRC SSL ExitPolicy accept *:6697 # IRC SSL ExitPolicy accept *:8000 # iRDMI ExitPolicy accept *:8008 # HTTP alternate ExitPolicy accept *:8074 # Gadu-Gadu ExitPolicy accept *:8080 # HTTP Proxies ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan # HTTP ExitPolicy accept *:8332-8333 # BitCoin ExitPolicy accept *:8443 # PCsync HTTPS ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE ExitPolicy accept *:9418 # git ExitPolicy accept *:9999 # distinct ExitPolicy accept *:10000 # Network Data Management Protocol ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver # protocol) ExitPolicy accept *:12350 # Skype ExitPolicy accept *:19294 # Google Voice TCP ExitPolicy accept *:19638 # Ensim control panel ExitPolicy accept *:23456 # Skype ExitPolicy accept *:33033 # Skype ExitPolicy accept *:64738 # Mumble ExitPolicy reject *:*
Any one have an idea why this is? Still have not heard back.
Thanks, -Adam
On Thu, May 22, 2014 at 10:01:19AM -0700, Adam Brenner wrote:
For IPv4 I am running a Reduced Exit Policy[1]. Those entries are in my torrc file, however, Atlas is showing none of those policies[2]!
Really?
https://atlas.torproject.org/#details/6269EC22B7970ACDE4AF09F6ADE67CEB0C7F79... looks like it's showing all your (v4) exit policy lines.
Globe: https://globe.torproject.org/#/relay/6269EC22B7970ACDE4AF09F6ADE67CEB0C7F796... shows them too (for maintainability reasons we are alas phasing out atlas, even though imo Atlas's layout looks nicer).
I agree that it looks like globe and atlas don't show your accept6 line. I've opened this ticket for this issue: https://trac.torproject.org/projects/tor/ticket/12124
Thanks, --Roger
On Sat, May 24, 2014 at 10:05:21PM -0400, Roger Dingledine wrote:
I agree that it looks like globe and atlas don't show your accept6 line. I've opened this ticket for this issue: https://trac.torproject.org/projects/tor/ticket/12124
Atlas was just patched and should now be able to show the IPv6 exit policy: https://atlas.torproject.org/#details/6269EC22B7970ACDE4AF09F6ADE67CEB0C7F7964
Cheers, Philipp
Adam Brenner adam@aeb.io wrote Wed, 21 May 2014 22:51:49 -0700:
| ORPort 9001 | ORPort [2606:2e00:0:19::4]:9050 | # first line works with IPv4 while second line is supposed to be IPv6 | | IPv6Exit 1 | ExitPolicy accept6 *:* # Allow all IPv6 Requests
Very permissive. Thanks!
Be aware of an unfortunate effect of how directory authorities vote for relay with an IPv6 ORPort -- if you lose IPv6 connectivity (i.e. a majority of the directory authorities supporting IPv6 can't reach you over IPv6), your relay will be missing from the consensus regardless of your IPv4 status.
| I did not specify anything for DirPort as I believe this is not | working under IPv6? Is this correct?
That's correct.
Thanks for running an IPv6 relay!
tor-relays@lists.torproject.org
-
Adam Brenner -
Linus Nordberg -
Philipp Winter -
Roger Dingledine -
Roman Mamedov -
Tom Ritter -
tor@afo-tm.org