ipv6 ORPort + DIRPort too ?
Hey, I've set up a new relay, available with ipv4 and ipv6. And I'm not sure if I can serve DIRPort on the ipv6 too ? In the torrc file, I've config : ORPort 9001 ORPort [xxxx:xxxx:xxx:x:xxxx:xxxx:xxxx:xxx]:9001 DIRPort 9030 Is it allowed to add something like this, to advertise on ipv6 too ?? : DIRPort [xxxx:xxxx:xxx:x:xxxx:xxxx:xxxx:xxx]:9030 Thank you all !
Petrusko <petrusko@riseup.net> hat am 27.03.2021 11:05 geschrieben:
Is it allowed to add something like this, to advertise on ipv6 too ?? : DIRPort [xxxx:xxxx:xxx:x:xxxx:xxxx:xxxx:xxx]:9030
You can only advertise one DirPort, according to "man tor":
all but one DirPort must have the NoAdvertise flag set
Kind regards, Alexander
Thx all for your answers. I'm not sure, because I see Tor listening too on DIRPort I've set up, with a "netstat -lpn", so may be it's still used ;) Le 27/03/2021 à 18:26, Toralf Förster a écrit :
And I'm not sure if I can serve DIRPort on the ipv6 too ?
If I understood it correctly a DirPort are no longer needed for latest Tor software version. So you should be fine with opened IPv4|6 ORports only.
On 27.03.2021 11:05, Petrusko wrote:
I've set up a new relay, available with ipv4 and ipv6.
And I'm not sure if I can serve DIRPort on the ipv6 too ?
In the torrc file, I've config :
ORPort 9001 ^^^^^^^^^^^^^ ORPort [xxxx:xxxx:xxx:x:xxxx:xxxx:xxxx:xxx]:9001
Tor is dualstack now either: ORPort xxx.xxx.xxx.xxx:9001 ORPort [xxxx:xxxx:xxx:x:xxxx:xxxx:xxxx:xxx]:9001 or: ORPort 9001 -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
Ouch, this config looks like not so cool... I see on Metrics the ipv6 choosen by Tor process, is now on : "Unreachable OR Addresses" I'll write the other solution you given previously... with ORPort xxx.xxx.xxx.xxx:9001 ORPort [xxxx:xxxx:xxx:x:xxxx:xxxx:xxxx:xxx]:9001 30/03/2021 à 20:07, Petrusko :
Ok !
So this only line will serve on both ipv4 and ipv6 together, ok thx ! Cool
30/03/2021 à 15:51, lists@for-privacy.net :
ORPort 9001
On 30.03.2021 21:38, Petrusko wrote:
Ouch, this config looks like not so cool... I see on Metrics the ipv6 choosen by Tor process, is now on : "Unreachable OR Addresses"
From: https://www.mail-archive.com/tor-relays@lists.torproject.org/msg17760.html 8< In short, with this new feature, specifying an ORPort without an address will automatically bind tor to [::]:<port> and attempt to find the IPv6 address by looking at (in this order): 1. "Address" from torrc 2. "ORPort address:port" from torrc 3. Interface address. First public IPv6 is used. 4. Local hostname, DNS AAAA query.
8
I'll write the other solution you given previously... with ORPort xxx.xxx.xxx.xxx:9001 ORPort [xxxx:xxxx:xxx:x:xxxx:xxxx:xxxx:xxx]:9001
Yes, I always try to be as special as possible. Software voodoo can often give unexpected errors or security vulnerabilities. Especially when I have several IP's on one interface, I always write IP and IPv6 in Address, ORPort, OutboundBindAddress, ... And IPv6 always in brackets, even if you don't necessarily have to do that with some software.
30/03/2021 à 20:07, Petrusko :
Ok !
So this only line will serve on both ipv4 and ipv6 together, ok thx ! Cool
Yes, but then: Address xxx.xxx.xxx.xxx Address [xxxx:xxxx:xxx:x:xxxx:xxxx:xxxx:xxx] ORPort 9001 or Address host.domain.tld -> (DNS A & AAAA record must be set correctly) ORPort 9001 -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
participants (4)
-
Alexander Dietrich -
lists@for-privacy.net -
Petrusko -
Toralf Förster