[tor-dev] Please consider allowing /48 for VirtualAddrNetworkIPv6
teor2345 at gmail.com
Fri Sep 16 21:46:05 UTC 2016
> On 17 Sep 2016, at 05:20, grarpamp <grarpamp at gmail.com> wrote:
> On Fri, Sep 16, 2016 at 5:13 AM, Alex Elsayed <eternaleye at gmail.com> wrote:
>> Hi, I'm using Tor in transparent mode, and I'm running into a rather
>> inconvenient behavior.
>> VirtualAddrNetworkIPv6 refuses to parse unless the network address given
>> is a /40 or broader. However, IPv6 ULA, which makes it very easy to give
>> Tor its own subnet no-strings-attached, strictly grants a /48 prefix.
>> As a result, I am faced with a choice between deeply suboptimal options:
>> 1.) Use VirtualAddrNetworkIPv4, as I've done in the past. This results in
>> _fewer_ addresses being available to Tor than an IPv6 /48, which I feel
>> illustrates the issues with requiring a /40 quite clearly.
>> 2.) Squat on some portion of the IPv6 address space I don't actually own.
>> This is entirely unpalatable
> This impacts with onioncat as well.
> I'm curious as to any /40 rationale, though I suspect a historical
> brainfart typo.
In fact, a min/max typo, which contributed to the IPv6 /40 mistake:
(Feel free to log tickets at https://trac.torproject.org/projects/tor when these sorts of issues come up.)
In the interim, Alex, have you tried using [FC00::]/7 ?
From the tor manual entry on VirtualAddrNetworkIPv6:
When providing proxy server service to a network of computers using
a tool like dns-proxy-tor, change the IPv4 network to
"10.192.0.0/10" or "172.16.0.0/12" and change the IPv6 network to
(Yes, there is a typo in the last IPv6 address as well.
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
xmpp: teor at torproject dot org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the tor-dev