Problem implementing IPv6 and NYX info
This year I've modified most of my exit relays to function as IPv6 in/out. The process was easy with the exception of two [0], [1]. I requested and received an IPv6 address, netmask and gateway from these ISPs. I then modified my /etc/network/interfaces file as follows leaving the IPv4 lines in tack: iface eth0 IPv6 static address 2a06:1700:0:1b:: netmask 64 gateway 2a06:1700:0:1b::1 ip addr shows the IPv6 address as global. I added a single line to torrc following the IPv4 line: ORPort 9001 ORPort [2a06:1700:0:1b::1]:9001 After a restart, both relays ramped up to a volume of connections where I was comfortable that the changes were good. Visiting them 12 hours later I find connections in the few hundred and no flags. About half of the connections were from non-Tor servers. The Tor daemon was running and had a PID. Logs showed the relay operational and nothing peculiar. Tor metrics shows the relay as down. I've commented out the IPv6 ORPort line to get both of these exits going again. The procedure I outlined has worked four other times for me. So what gives? Can anyone steer me toward the problem? And, finally, a quick question: Does NYX display incoming and outgoing IPv6 relay information? I assume ARM does not. Arisbe [0] [4061C553CA88021B8302F0814365070AAE617270] [1] [9B31F1F1C1554F9FFB3455911F82E818EF7C7883]
Hello, In /etc/network/interfaces you set your IP to
address 2a06:1700:0:1b::
which is equivalent of 2a06:1700:0:1b:0:0:0:0, or also 2a06:1700:0:1b::0. But then in torrc you use:
ORPort [2a06:1700:0:1b::1]:9001
From your configs, this is your upstream gateway IP, not IP of your actual machine. So this configuration is incorrect. Also generally it is adviced against using the all-zeroes IP (which you chose), it has some special properties and some software may not support it properly. Assuming the entire /64 is assigned to you by the host and the gateway is ..::1 in it, it's a fine idea to use ..::2, or just whatever IP other than the ..::0. Finally though, neither your gateway nor your machine at its present IP seem to be reachable from the Internet at the moment. Verify that IPv6 works properly with ping/trace/curl/wget before trying to use it with more complex apps such as Tor. -- With respect, Roman
Thank you Roman for quick reply. I had typo on ORPort address that but just in this email. My ISP at home and work does not pass Ipv6 so I am not able to ping/trace. I think I don't have the resources to work this problem to satisfactory conclusion so I'm still looking for suggestions. Your advice regarding working out the IPv6 problem before integrating Tor was wise. That is the direction I will take. On 7/1/2018 11:34 AM, Roman Mamedov wrote:
Hello,
In /etc/network/interfaces you set your IP to
address 2a06:1700:0:1b:: which is equivalent of 2a06:1700:0:1b:0:0:0:0, or also 2a06:1700:0:1b::0.
But then in torrc you use:
ORPort [2a06:1700:0:1b::1]:9001 From your configs, this is your upstream gateway IP, not IP of your actual machine. So this configuration is incorrect.
Also generally it is adviced against using the all-zeroes IP (which you chose), it has some special properties and some software may not support it properly.
Assuming the entire /64 is assigned to you by the host and the gateway is ..::1 in it, it's a fine idea to use ..::2, or just whatever IP other than the ..::0.
Finally though, neither your gateway nor your machine at its present IP seem to be reachable from the Internet at the moment. Verify that IPv6 works properly with ping/trace/curl/wget before trying to use it with more complex apps such as Tor.
On 07/01/2018 12:59 PM, arisbe wrote:
Thank you Roman for quick reply. I had typo on ORPort address that but just in this email. My ISP at home and work does not pass Ipv6 so I am not able to ping/trace. I think I don't have the resources to work this problem to satisfactory conclusion so I'm still looking for suggestions. Your advice regarding working out the IPv6 problem before integrating Tor was wise. That is the direction I will take.
You can do ping IPv6 using https://asm.ca.com/.
On 7/1/2018 11:34 AM, Roman Mamedov wrote:
Hello,
In /etc/network/interfaces you set your IP to
address 2a06:1700:0:1b:: which is equivalent of 2a06:1700:0:1b:0:0:0:0, or also 2a06:1700:0:1b::0.
But then in torrc you use:
ORPort [2a06:1700:0:1b::1]:9001 From your configs, this is your upstream gateway IP, not IP of your actual machine. So this configuration is incorrect.
Also generally it is adviced against using the all-zeroes IP (which you chose), it has some special properties and some software may not support it properly.
Assuming the entire /64 is assigned to you by the host and the gateway is ..::1 in it, it's a fine idea to use ..::2, or just whatever IP other than the ..::0.
Finally though, neither your gateway nor your machine at its present IP seem to be reachable from the Internet at the moment. Verify that IPv6 works properly with ping/trace/curl/wget before trying to use it with more complex apps such as Tor.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sun, Jul 01, 2018 at 11:24:44AM -0700, arisbe wrote:
After a restart, both relays ramped up to a volume of connections where I was comfortable that the changes were good.
That's probably because you were listed in the last consensus, which was already being used by a bunch of existing clients, so when the relay came back online those clients resumed trying to use it.
Visiting them 12 hours later I find connections in the few hundred and no flags.
That's typically because the directory authorities didn't find you reachable. You need to be reachable on all of your advertised addresses in order to get the Running flag in directory authority votes. In an ideal world the dir auths would end up creating a consensus naming the addresses that are reachable, and just leave out the unreachable ones, but we're not there yet. (And also maybe that actually isn't the ideal behavior, since it could result in many relay operators thinking they are using an address when they're not.)
And, finally, a quick question: Does NYX display incoming and outgoing IPv6 relay information? I assume ARM does not.
This I do not know. :) Thanks for running relays, --Roger
participants (5)
-
arisbe -
Damian Johnson -
Mirimir -
Roger Dingledine -
Roman Mamedov