Hi tor geniuses,
Having some bandwidth to spare, and "some" IPv6 addresses but no IPv4. I decided to setup an IPv6 only relay, and for diversity on OpenBSD, but I'm having trouble getting online. Is there any feasible way to do this as IPv6 only relay?
[root@tornode2 tor]# grep -v -e ^$ -e ^# /etc/tor/torrc SOCKSPort 0 # Default: Bind to localhost:9050 for local connections. Log notice syslog RunAsDaemon 1 DataDirectory /var/tor ORPort 443 Address tornode2.sjc.nl OutboundBindAddress [2001:x:x::x] Nickname <<SNIP>> DirPort 80 DirPortFrontPage /etc/tor/tor-exit-notice.html MyFamily <<REMOVED>> User _tor ExitPolicy reject *:* # no exits allowed ExitPolicy reject6 *:* # no exits allowed AuthDirHasIPv6Connectivity 1 ClientUseIPv6 1 ClientPreferIPv6ORPort 1 ClientPreferIPv6DirPort 1
Thx, Stijn
Hi again,
Sorry, I really should have included this warning:
Dec 25 11:34:22 tornode2 Tor[86924]: Problem bootstrapping. Stuck at 80%: Connecting to the Tor network. (Can't assign requested address; MISC; count 490; recommendation warn; host <<Fingerprint>> at <Node IPv4>:<Port>)
This was after I jump started it with cached-* files from an other tor instance, otherwise it was stuck at 0%
Thx again
On 25 Dec 2017, at 11:07, Stijn Jonker wrote:
Hi tor geniuses,
Having some bandwidth to spare, and "some" IPv6 addresses but no IPv4. I decided to setup an IPv6 only relay, and for diversity on OpenBSD, but I'm having trouble getting online. Is there any feasible way to do this as IPv6 only relay?
[root@tornode2 tor]# grep -v -e ^$ -e ^# /etc/tor/torrc SOCKSPort 0 # Default: Bind to localhost:9050 for local connections. Log notice syslog RunAsDaemon 1 DataDirectory /var/tor ORPort 443 Address tornode2.sjc.nl OutboundBindAddress [2001:x:x::x] Nickname <<SNIP>> DirPort 80 DirPortFrontPage /etc/tor/tor-exit-notice.html MyFamily <<REMOVED>> User _tor ExitPolicy reject *:* # no exits allowed ExitPolicy reject6 *:* # no exits allowed AuthDirHasIPv6Connectivity 1 ClientUseIPv6 1 ClientPreferIPv6ORPort 1 ClientPreferIPv6DirPort 1
Thx, Stijn
Stijn Jonker:
Hi tor geniuses,
Having some bandwidth to spare, and "some" IPv6 addresses but no IPv4. I decided to setup an IPv6 only relay, and for diversity on OpenBSD, but I'm having trouble getting online. Is there any feasible way to do this as IPv6 only relay?
Hello Stijn Jonker,
unfortunately IPv6 only relays are not supported. All relays require an IPv4 address. In (a far) future IPv6 only relays might be feasible - once most of the relays have IPv6 and relay-to-relay IPv6 connections are implemented.
Just for completeness' sake:
Main IPv6 roadmap/feature matrix is at https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6Features
The particular ticket for IPv6-only relay support is at https://trac.torproject.org/projects/tor/ticket/5788
-- 4096R/A83CE748 Valters Jansons
On Mon, Dec 25, 2017, 12:52 nusenu nusenu-lists@riseup.net wrote:
Stijn Jonker:
Hi tor geniuses,
Having some bandwidth to spare, and "some" IPv6 addresses but no IPv4. I
decided
to setup an IPv6 only relay, and for diversity on OpenBSD, but I'm having trouble getting online. Is there any feasible way to do this as IPv6 only relay?
Hello Stijn Jonker,
unfortunately IPv6 only relays are not supported. All relays require an IPv4 address. In (a far) future IPv6 only relays might be feasible - once most of the relays have IPv6 and relay-to-relay IPv6 connections are implemented.
-- https://mastodon.social/@nusenu twitter: @nusenu_
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi Nusenu/Valters,
Thanks for the reply and links; what isn’t entirely clear is the following scenario. What if I provide IPv4 via NAT, and IPv6 for the relay, hiding the IPv4 address, possibly with the “NoAdvertise” on the IPv4 entries for those. Reading the trac page I’m not sure whether this would work, as there will be no IPv4 inbound possible, only IPv4 outbound and IPv6 in and outbound. Additionally would it benefit the tor service or is it then only “show”? Sorry but that’s not entirely clear from what I can find published (and googling away). Thx, Stijn
On Mon, Dec 25, 2017, at 12:04, Valter Jansons wrote:
Just for completeness' sake:
Main IPv6 roadmap/feature matrix is at https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6Features%... The particular ticket for IPv6-only relay support is at https://trac.torproject.org/projects/tor/ticket/5788%3E -- 4096R/A83CE748 Valters Jansons
On Mon, Dec 25, 2017, 12:52 nusenu nusenu-lists@riseup.net wrote:
Stijn Jonker:
Hi tor geniuses,
Having some bandwidth to spare, and "some" IPv6 addresses but no IPv4. I decided>> > to setup an IPv6 only relay, and for diversity on OpenBSD, but I'm having>> > trouble getting online. Is there any feasible way to do this as IPv6 only relay?
Hello Stijn Jonker,
unfortunately IPv6 only relays are not supported. All relays require an IPv4 address.>> In (a far) future IPv6 only relays might be feasible - once most of the relays>> have IPv6 and relay-to-relay IPv6 connections are implemented.
-- https://mastodon.social/@nusenu twitter: @nusenu_
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Stijn,
When you are starting up a relay, it will do self-tests on whether the ORPort you have specified is reachable from outside network and that is what you will have a bad time with. As IPv6 self-testing is not a thing yet (Ref: TracTicket#24403 https://trac.torproject.org/projects/tor/ticket/24403) and it will then be doing self-tests on the IPv4 address, which will fail as the relay will not be reachable on that. There's TracTicket#4565 https://trac.torproject.org/projects/tor/ticket/4565 about IPv6 relay-to-relay communications in general as well. All in all, some groundwork has been laid out for IPv6 in general but research and (a lot of) development is still to take place.
-- 4096R/A83CE748 Valters Jansons
On Mon, Dec 25, 2017 at 2:38 PM Stijn Jonker sjcjonker@sjc.nl wrote:
Hi Nusenu/Valters,
Thanks for the reply and links; what isn’t entirely clear is the following scenario. What if I provide IPv4 via NAT, and IPv6 for the relay, hiding the IPv4 address, possibly with the “NoAdvertise” on the IPv4 entries for those.
Reading the trac page I’m not sure whether this would work, as there will be no IPv4 inbound possible, only IPv4 outbound and IPv6 in and outbound.
Additionally would it benefit the tor service or is it then only “show”? Sorry but that’s not entirely clear from what I can find published (and googling away).
Thx, Stijn
On Mon, Dec 25, 2017, at 12:04, Valter Jansons wrote:
Just for completeness' sake:
Main IPv6 roadmap/feature matrix is at https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6Features
The particular ticket for IPv6-only relay support is at https://trac.torproject.org/projects/tor/ticket/5788
-- 4096R/A83CE748 Valters Jansons
On Mon, Dec 25, 2017, 12:52 nusenu nusenu-lists@riseup.net wrote:
Stijn Jonker:
Hi tor geniuses,
Having some bandwidth to spare, and "some" IPv6 addresses but no IPv4. I
decided
to setup an IPv6 only relay, and for diversity on OpenBSD, but I'm having trouble getting online. Is there any feasible way to do this as IPv6 only relay?
Hello Stijn Jonker,
unfortunately IPv6 only relays are not supported. All relays require an IPv4 address. In (a far) future IPv6 only relays might be feasible - once most of the relays have IPv6 and relay-to-relay IPv6 connections are implemented.
-- https://mastodon.social/@nusenu twitter: @nusenu_
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
*_______________________________________________* tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi Valter,
Indeed, forgot/missed the reachability check only does IPv4. To bad. Nevertheless let me see if I can still do some magic freeing up some IPv4 and see if I can bring it online nevertheless then. Stijn
On Mon, Dec 25, 2017, at 14:15, Valter Jansons wrote:
Stijn,
When you are starting up a relay, it will do self-tests on whether the ORPort you have specified is reachable from outside network and that is what you will have a bad time with. As IPv6 self-testing is not a thing yet (Ref: TracTicket#24403[1]) and it will then be doing self- tests on the IPv4 address, which will fail as the relay will not be reachable on that. There's TracTicket#4565[2] about IPv6 relay-to- relay communications in general as well. All in all, some groundwork has been laid out for IPv6 in general but research and (a lot of) development is still to take place.> -- 4096R/A83CE748 Valters Jansons
On Mon, Dec 25, 2017 at 2:38 PM Stijn Jonker sjcjonker@sjc.nl wrote:>> __
Hi Nusenu/Valters,
Thanks for the reply and links; what isn’t entirely clear is the following scenario. What if I provide IPv4 via NAT, and IPv6 for the relay, hiding the IPv4 address, possibly with the “NoAdvertise” on the IPv4 entries for those.>> Reading the trac page I’m not sure whether this would work, as there will be no IPv4 inbound possible, only IPv4 outbound and IPv6 in and outbound.>> Additionally would it benefit the tor service or is it then only “show”? Sorry but that’s not entirely clear from what I can find published (and googling away).>> Thx, Stijn
On Mon, Dec 25, 2017, at 12:04, Valter Jansons wrote:
Just for completeness' sake:
Main IPv6 roadmap/feature matrix is at https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6Features%... The particular ticket for IPv6-only relay support is at https://trac.torproject.org/projects/tor/ticket/5788%3E%3E%3E -- 4096R/A83CE748 Valters Jansons
On Mon, Dec 25, 2017, 12:52 nusenu nusenu-lists@riseup.net wrote:>>>>
Stijn Jonker:
Hi tor geniuses,
Having some bandwidth to spare, and "some" IPv6 addresses but no IPv4. I decided>>>> > to setup an IPv6 only relay, and for diversity on OpenBSD, but I'm having>>>> > trouble getting online. Is there any feasible way to do this as IPv6 only relay?
Hello Stijn Jonker,
unfortunately IPv6 only relays are not supported. All relays require an IPv4 address.>>>> In (a far) future IPv6 only relays might be feasible - once most of the relays>>>> have IPv6 and relay-to-relay IPv6 connections are implemented.
-- https://mastodon.social/@nusenu twitter: @nusenu_
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Links:
1. https://trac.torproject.org/projects/tor/ticket/24403 2. https://trac.torproject.org/projects/tor/ticket/4565
Hi,
On 26 Dec 2017, at 00:38, Stijn Jonker sjcjonker@sjc.nl wrote:
Hi Valter,
Indeed, forgot/missed the reachability check only does IPv4. To bad. Nevertheless let me see if I can still do some magic freeing up some IPv4 and see if I can bring it online nevertheless then.
Here's what you'll need to change about your torrc:
Add: ORPort [2001:x:x::x]:443
ORPort 443 Address tornode2.sjc.nl OutboundBindAddress [2001:x:x::x] Nickname <<SNIP>> DirPort 80 DirPortFrontPage /etc/tor/tor-exit-notice.html MyFamily <<REMOVED>> User _tor ExitPolicy reject *:* # no exits allowed ExitPolicy reject6 *:* # no exits allowed
These options are not for relays, remove them: AuthDirHasIPv6Connectivity 1 ClientUseIPv6 1 ClientPreferIPv6ORPort 1 ClientPreferIPv6DirPort 1
T
On 25 Dec 2017, at 23:37, Stijn Jonker sjcjonker@sjc.nl wrote:
Hi Nusenu/Valters,
Thanks for the reply and links; what isn’t entirely clear is the following scenario. What if I provide IPv4 via NAT, and IPv6 for the relay, hiding the IPv4 address, possibly with the “NoAdvertise” on the IPv4 entries for those.
Reading the trac page I’m not sure whether this would work, as there will be no IPv4 inbound possible, only IPv4 outbound and IPv6 in and outbound.
This doesn't work for relays because of reachability checks.
It should works for bridges, but we broke it a few releases ago by changing the descriptor checks, and never fixed it:
https://trac.torproject.org/projects/tor/ticket/4847
Additionally would it benefit the tor service or is it then only “show”? Sorry but that’s not entirely clear from what I can find published (and googling away).
It would be helpful to have a bridge with IPv6 inbound and IPv4 outbound. But no-one has got around to fixing it yet.
T
tor-relays@lists.torproject.org
-
nusenu -
Stijn Jonker -
teor -
Valter Jansons