On Thu, 22 Aug 2019 21:23:03 +1000 teor teor@riseup.net wrote:
Your relay's IPv6 address is not reachable from the directory authorities: https://metrics.torproject.org/rs.html#details/CE5ED345398CC02D573347C2F238F...
All 6 directory authorities on IPv6 can't reach your relay on IPv6: https://consensus-health.torproject.org/consensus-health-2019-08-22-10-00.ht...
To be more specific, from my tests the IP in question is reachable by ICMP, but it is "Connection refused" on port 443.
@Станислав, Maybe you didn't reload (or better yet, restart) Tor after commenting/uncommenting some of the IPv6-related lines in torrc? (Which looks kind of weird, and hints that perhaps you were experimenting with various changes)
----------------------------------- ## Required: what port to advertise for incoming Tor connections. #ORPort 9001 ## If you want to listen on a port other than the one advertised in ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as ## follows. You'll need to do ipchains or other port forwarding ## yourself to make this work. ORPort 443 #ORPort [2a03:e2c0:bc7::2]:443 #ORPort 127.0.0.1:9090 NoAdvertise
## The IP address or full DNS name for incoming connections to your ## relay. Leave commented out and Tor will guess. Address [2a03:e2c0:bc7::2]
## If you have multiple network interfaces, you can specify one for ## outgoing traffic to use. ## OutboundBindAddressExit will be used for all exit traffic, while ## OutboundBindAddressOR will be used for all OR and Dir connections ## (DNS connections ignore OutboundBindAddress). ## If you do not wish to differentiate, use OutboundBindAddress to ## specify the same address for both in a single line. #OutboundBindAddressExit 10.0.0.4 OutboundBindAddress [2a03:e2c0:bc7::2] ORPort [2a03:e2c0:bc7::2]:443 -----------------------------------
The "Address" and "OutboundBindAddress" IPv6 lines should not be necessary, only the ORPort one is required, i.e.
ORPort 443 ORPort [2a03:e2c0:bc7::2]:443
should be fine, all the rest can be deleted.
Also check firewall on the router and the machine itself, that IPv6 connections on port 443 are accepted from the outside.
Lastly, rather than using a tunnel, check if you get native IPv6 from your ISP, I think yours should provide it in some areas. However then you might get a dynamic prefix, which is a pain to use with Tor currently (speaking of v6-related Tor issues...)