Auto-detect and enable IPv6 // Re: Please enable IPv6 on your relay!
Hello,
We still have a depressingly low number of relays that support IPv6 (currently only ~120 of ~1900 relays). If your host supports IPv6, please enable it, especially if you run an exit! This has to be done explicitly.
If you (supposedly) care so much, then can you please make it automatic? There is no need to explicitly put the ____IPv4____ address into the torrc. And there is no need to explicitly put the IPv6 address into the config file of virtually any other IPv4+IPv6 supporting software I can think of: web, mail, NTP, XMPP servers, those are all capable of automatically figuring out which IPs the host has. Can't think of any reason of why this has to be otherwise in Tor, aside from perhaps a certain lack of understanding of best IPv6 implementation practices from the Tor developers side and/or nobody simply giving much thought to this yet. I currently run 15 Tor relays, 14 of those IIRC are IPv6 capable. But since you did not bother to make enabling IPv6 in Tor anywhere near user-friendly [1], I am simply not going to bother pecking the IPs into each torrc individually. [ One of the practical reasons being that I sometimes need to migrate the Tor 'identity' (torrc + /var/lib/tor/*) between machines and providers with v4/v6 addresses obviously changing. ] Aside from migrations between providers, the requirement to specify the IP is also impractical in many other situations, e.g. my ISP at home provides only a __dynamic__ IPv6 subnet which changes to a different one with each new PPPoE session. [1] Ideally there should be no 'enabling' at all!!! IPv6 should be active by default, IF the relay has determined it is able to make a successful IPv6 connection with a dir-authority -- oh and also that's how you can discover the actual working IPv6 address to use; or at least with a simple "IPv6Relay 1, but certainly with no requirement of specifying the IP address in the config file. -- With respect, Roman
Roman, First, I would like to apologize for the language below. It's not the nicest way for me to communicate, but I wrote it all down and don't want to have to re-write it to soften the content. An apologetic disclaimer is what you get instead. :) I'm sorry for the vulgarity. -------------------------------------------------------------- Uhh, I would like to point out that it would be exceptionally stupid to have Tor autoconfigure IP addresses, regardless of whether it's IPv4 or IPv6. Unless of course you have some automagical way of Tor determining which IP address you want to use. I'm sure fairy dust can be used to determine which IP address you want to use, but I can't think of a single method for any application to correctly guess which IP address you want to use that doesn't include Tinker Bell and her tiny friends. The examples you provided are for servers with 1 single IP address, a relatively trivial system. In that case, it's easy to guess which IP to use. So yes, Tor can *guess* which IPv4 to use, but it's a fecking guess! STUPID! What if I want to run a webserver on one IP address, and Tor on another? What if I decide to also run a mail server on a third IP address? What if I want to run an Onion Service? What if I have a beefy system with quad 100mbit connections and want to run 4 Tor relays on the same system? What about a complicated network setup that uses VMs and requires punching through NAT and port forwarding through two firewalls to the outside world? Does Apache correctly guess which IP you want to use, when there are multiple choices? Does your favourite mail server *know* which IP address to use? NO! So why should Tor be made of fairy dust? A certain lack of understanding of best practices seems to be your problem, not Tor's. This is a security *FEATURE*. The consequences of magic can be catastrophic, and you should be able to understand the very real and serious implications. We're all running relays for what is arguably the very best anonymity software available, not minecraft servers. You need to take security seriously. Write a script if it's such a problem! Learn to love sed. This is a non-problem. This is trivial. You're running 15 relays - which is awesome, so you're not retarded - you can do this. But seriously, you need to think about what you just said, and why it's such a terrible idea. Accusing the developers of a lack of understanding is wholly unwarranted. You should apologize. Regards, Matt Speak Freely
On Fri, 22 May 2015 13:31:02 +0000 Speak Freely <when2plus2is5@riseup.net> wrote:
Uhh, I would like to point out that it would be exceptionally stupid to have Tor autoconfigure IP addresses, regardless of whether it's IPv4 or IPv6.
On IPv4 it currently does. There is zero rationale as to why IPv6 must be different from IPv4 in this aspect.
What if I want to run a webserver on one IP address, and Tor on another? What if I decide to also run a mail server on a third IP address? What if I want to run an Onion Service? What if I have a beefy system with quad 100mbit connections and want to run 4 Tor relays on the same system? What about a complicated network setup that uses VMs and requires punching through NAT and port forwarding through two firewalls to the outside world? Does Apache correctly guess which IP you want to use, when there are multiple choices? Does your favourite mail server *know* which IP address to use? NO! So why should Tor be made of fairy dust?
An option to explicitly specify the bind IP is already there for IPv4. Nobody is against having an option to specify the IP in IPv6 too, if you need that.
Write a script if it's such a problem! Learn to love sed. This is a non-problem. This is trivial. You're running 15 relays
I also run an IPv6 advocacy website [1], so I have somewhat of a vested interest in seeing IPv6 deployed in a solid fashion, i.e. transparently for the end-users, not bringing in a requirement of more silly manual busywork with config files, or coding up elaborate scaffolding for it themselves. Sure I could write a shell script (hey I have one to auto-update TorFamily!), but in this case it just feels terrible, having to use a dirty workaround for a glaring and unexplainable (to me) deficiency, something that should and easily could have been implemented right in the first place. (Before you ask, sorry I am not really a C coder so can't send in a patch). [1] https://version6.ru/en/ipv6-for-freedom -- With respect, Roman
participants (2)
-
Roman Mamedov -
Speak Freely