I'm getting my feet wet with IPv6 bridges, so far without success. I set up a test bridge (0.2.3.22-rc) on one network and plugged the address:port into Vidalia (TBB x86_64-2.2.39-1) on another.
The bridge config looks like this in part (local IPv4 address hidden):
Address aa.bb.cc.dd OutboundBindAddress aa.bb.cc.dd ORPort [2a00:1d70:ed15:37:235:53:64:0]:443
At run time the final Tor log entries are:
[notice] Tor has successfully opened a circuit. Looks like client functionality is working. [notice] Bootstrapped 100%: Done.
In Vidalia the message log entries are:
[Notice] Learned fingerprint 24432B99CA2533BC95ABF66C7AFE835F96DD2B2D for bridge 2a00:1d70:ed15:37:235:53:64:0:443 [Notice] no known bridge descriptors running yet; stalling
That last line is repeated periodically forever.
So I have enough connectivity to correctly determine the fingerprint, bit not enough to get bridge descriptors.
What am I doing wrong?
Thanks.
Steve Snyder swsnyder@snydernet.net wrote Sat, 15 Sep 2012 13:40:39 -0400:
| The bridge config looks like this in part (local IPv4 address hidden): | | Address aa.bb.cc.dd | OutboundBindAddress aa.bb.cc.dd | ORPort [2a00:1d70:ed15:37:235:53:64:0]:443
You need an IPv4 ORPort as well (this is bug #4847). If you don't want to advertise the IPv4 port, use the "NoAdvertise" flag.
Thanks for testing!
Hmmm... This revised config (added IPv4:80) doesn't seem to make any difference in behavior:
Address aa.bb.cc.dd OutboundBindAddress aa.bb.cc.dd ORPort [2a00:1d70:ed15:37:235:53:64:0]:443 OrPort [aa.bb.cc.dd]:80 NoAdvertise
Still no complaints seen in the bridge's log file, still seeing stalling in Vidalia's Message Log.
On 09/17/2012 06:53 AM, Linus Nordberg wrote:
Steve Snyder swsnyder@snydernet.net wrote Sat, 15 Sep 2012 13:40:39 -0400:
| The bridge config looks like this in part (local IPv4 address hidden): | | Address aa.bb.cc.dd | OutboundBindAddress aa.bb.cc.dd | ORPort [2a00:1d70:ed15:37:235:53:64:0]:443
You need an IPv4 ORPort as well (this is bug #4847). If you don't want to advertise the IPv4 port, use the "NoAdvertise" flag.
Thanks for testing! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Steve Snyder swsnyder@snydernet.net wrote Mon, 17 Sep 2012 07:25:30 -0400:
| Address aa.bb.cc.dd | OutboundBindAddress aa.bb.cc.dd | ORPort [2a00:1d70:ed15:37:235:53:64:0]:443 | OrPort [aa.bb.cc.dd]:80 NoAdvertise
That will probably be treated as an IPv6 address. Can you please remove the square brackets and try again?
No difference with the brackets removed from the IPv4 ORPort.
More generally, Tor v0.2.3.22 seems to have no problem with an IPv4 address in brackets. That is, having "ORPort [aa.bb.cc.dd]:443" as the only ORPort statement works with "[aa.bb.cc.dd]:443" used as the bridge address in Vidalia.
On 09/17/2012 11:00 AM, Linus Nordberg wrote:
Steve Snyder swsnyder@snydernet.net wrote Mon, 17 Sep 2012 07:25:30 -0400:
| Address aa.bb.cc.dd | OutboundBindAddress aa.bb.cc.dd | ORPort [2a00:1d70:ed15:37:235:53:64:0]:443 | OrPort [aa.bb.cc.dd]:80 NoAdvertise
That will probably be treated as an IPv6 address. Can you please remove the square brackets and try again? _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
You're right. Brackets are not significant.
The 'NoAdvertise' is the other piece of bad advice I've been giving. You will have to remove that flag and really run your bridge on the IPv4 address as well as the IPv6 for now. Or filter it off in a local firewall or something like that outside of Tor.
This seems to work. The view from Vidalia's Message Log:
[Notice] Learned fingerprint 24432B99CA2533BC95ABF66C7AFE835F96DD2B2D for bridge 2a00:1d70:ed15:37:235:53:64:0:443 [Notice] no known bridge descriptors running yet; stalling [Notice] Bridge 'Unnamed' has both an IPv4 and an IPv6 address. Will prefer using its IPv6 address (2a00:1d70:ed15:37:235:53:64:0:443). [Notice] new bridge descriptor 'Unnamed' (fresh): $24432B99CA2533BC95ABF66C7AFE835F96DD2B2D~Unnamed at aa.bb.cc.dd [Notice] We now have enough directory information to build circuits. [Notice] Tor has successfully opened a circuit. Looks like client functionality is working.
This is a snippet of my Tor config file:
Address [2a00:1d70:ed15:37:235:53:64:0] OutboundBindAddress aa.bb.cc.dd ORPort [2a00:1d70:ed15:37:235:53:64:0]:443 ORPort [aa.bb.cc.dd]:443
Note #1: I'm specifying the IPv4 address explicitly because my server has 2 network interfaces.
Note #2: I am using the IPv4 address for OutboundBindAddress because this config option seems not to understand IPv6 addresses.
Thanks for the advice.
On 09/18/2012 07:29 AM, Linus Nordberg wrote:
You're right. Brackets are not significant.
The 'NoAdvertise' is the other piece of bad advice I've been giving. You will have to remove that flag and really run your bridge on the IPv4 address as well as the IPv6 for now. Or filter it off in a local firewall or something like that outside of Tor.
I want to get an observation on the record: CentOS v6.3 is slow to fully init IPv6 networking.
If the IPv6 bridge is started at boot time it may or may not fail to initialize. No problem seen when starting IPv4 bridges at boot time, nor is any problem seen when starting a IPv6 bridge after the system has booted to a command line prompt.
Inserting a 5-second delay in the Tor script run at boot time "fixes" the problem, making boot-time start-up of the IPv6 bridge reliable.
FYI.
On 09/18/2012 08:18 AM, Steve Snyder wrote:
This seems to work. The view from Vidalia's Message Log:
[Notice] Learned fingerprint 24432B99CA2533BC95ABF66C7AFE835F96DD2B2D for bridge 2a00:1d70:ed15:37:235:53:64:0:443 [Notice] no known bridge descriptors running yet; stalling [Notice] Bridge 'Unnamed' has both an IPv4 and an IPv6 address. Will prefer using its IPv6 address (2a00:1d70:ed15:37:235:53:64:0:443). [Notice] new bridge descriptor 'Unnamed' (fresh): $24432B99CA2533BC95ABF66C7AFE835F96DD2B2D~Unnamed at aa.bb.cc.dd [Notice] We now have enough directory information to build circuits. [Notice] Tor has successfully opened a circuit. Looks like client functionality is working.
This is a snippet of my Tor config file:
Address [2a00:1d70:ed15:37:235:53:64:0] OutboundBindAddress aa.bb.cc.dd ORPort [2a00:1d70:ed15:37:235:53:64:0]:443 ORPort [aa.bb.cc.dd]:443
Note #1: I'm specifying the IPv4 address explicitly because my server has 2 network interfaces.
Note #2: I am using the IPv4 address for OutboundBindAddress because this config option seems not to understand IPv6 addresses.
Thanks for the advice.
On 09/18/2012 07:29 AM, Linus Nordberg wrote:
You're right. Brackets are not significant.
The 'NoAdvertise' is the other piece of bad advice I've been giving. You will have to remove that flag and really run your bridge on the IPv4 address as well as the IPv6 for now. Or filter it off in a local firewall or something like that outside of Tor.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Linus Nordberg -
Steve Snyder