[tor-bugs] #24798 [Core Tor/Tor]: Enforce ipv6 capable exit

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jan 6 13:27:05 UTC 2018 

#24798: Enforce ipv6 capable exit
------------------------------+------------------------------------
 Reporter:  Zakhar            |          Owner:  (none)
     Type:  enhancement       |         Status:  closed
 Priority:  Medium            |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor      |        Version:  Tor: 0.2.9.11
 Severity:  Normal            |     Resolution:  worksforme
 Keywords:  tor-client, ipv6  |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+------------------------------------

Comment (by Zakhar):

 Thanks for your response, I'll look into that. But from what I can guess
 that does not completely meets my needs... which I expressed incorrectly.

 My configuration already has:
 `ClientUseIPv6 1`

 I'll try adding:
 `PreferIPv6`
 but that will probably not do what I have in mind looking at the
 description in the man.

 '''Reworded Requirements:'''
 The setup is a "Tor router".
 This router is supposed to behave as a "transparent router", which means
 any computer connected to that router thinks it has an "internet
 connection" whereas instead all traffic goes through Tor.
 ''[ There is a limit to this "transparency": the client has no UDP beside
 DNS resolved through Tor ]''

 Since the router is supposed to behave like a "normal router" (think your
 ISP's router) a client connecting might want to:

  1. browse the internet connecting to a website that only has IPv4
 addresses
  2. connect to his home NAS through IPv6... given the ISP didn't give a
 fixed IPv4 (considering the shortage of that resource).
  3. browse/connect to a server that has both IPv4 and IPv6

 So:

  1. for this use case we DO need ipv4 since the web server we want does
 not have ipv6 (a lot of servers are still not reachable with ipv6)
  2. for this use case we DO need to have ipv6 since our home NAS has only
 that (our ISP didn't gave us fixed ipV4... and sure we could use
 workaround like DynDNS... but there might be other use cases that we can't
 workaroud)
  3. for this use case we have no requirement on whether the exit node uses
 ipv4 or ipv6 since the requirement is to connect to the server, not how it
 is done. I am not sure there is a "standard router rule" here. I know that
 my ISP (Free / France), which was amongst the pioneers of ivp6 is
 preferring ipv6 when a site has both, but for my use case having this
 preference is optional, although I understand PreferIPv6 would do that.


 So I will test your recommendations, but seeing the name, I am quite
 afraid :
 `NoIPv4Traffic`

 ... will break use case 1 (connecting to a site that has only ipv4).


 With the current existing parameters and your explanation, my impression
 is that you cannot be sure that an exit node having ipv6 will be selected,
 unless you forfeit ipv4, which is not what I want!


 So maybe a better summary would be:
 '''How to enforce the choice of an exit node have both ipv4 and ipv6?'''

 My initial question was assuming ALL exit nodes have ipv4 (which seemed
 obvious to me but might in reality not even be the case), so it might be
 more accurate to rephrase.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24798#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list