[tor-dev] Please consider allowing /48 for VirtualAddrNetworkIPv6
teor
teor2345 at gmail.com
Fri Sep 16 21:46:05 UTC 2016
> On 17 Sep 2016, at 05:20, grarpamp <grarpamp at gmail.com> wrote:
>
> On Fri, Sep 16, 2016 at 5:13 AM, Alex Elsayed <eternaleye at gmail.com> wrote:
>> Hi, I'm using Tor in transparent mode, and I'm running into a rather
>> inconvenient behavior.
>>
>> VirtualAddrNetworkIPv6 refuses to parse unless the network address given
>> is a /40 or broader. However, IPv6 ULA, which makes it very easy to give
>> Tor its own subnet no-strings-attached, strictly grants a /48 prefix.
>>
>> As a result, I am faced with a choice between deeply suboptimal options:
>>
>> 1.) Use VirtualAddrNetworkIPv4, as I've done in the past. This results in
>> _fewer_ addresses being available to Tor than an IPv6 /48, which I feel
>> illustrates the issues with requiring a /40 quite clearly.
>>
>> 2.) Squat on some portion of the IPv6 address space I don't actually own.
>> This is entirely unpalatable
>
> This impacts with onioncat as well.
> I'm curious as to any /40 rationale, though I suspect a historical
> brainfart typo.
In fact, a min/max typo, which contributed to the IPv6 /40 mistake:
https://trac.torproject.org/projects/tor/ticket/20151
(Feel free to log tickets at https://trac.torproject.org/projects/tor when these sorts of issues come up.)
In the interim, Alex, have you tried using [FC00::]/7 ?
From the tor manual entry on VirtualAddrNetworkIPv6:
When providing proxy server service to a network of computers using
a tool like dns-proxy-tor, change the IPv4 network to
"10.192.0.0/10" or "172.16.0.0/12" and change the IPv6 network to
"[FC00]/7".
(Yes, there is a typo in the last IPv6 address as well.
https://trac.torproject.org/projects/tor/ticket/20153
)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160917/60cc3390/attachment.sig>
More information about the tor-dev
mailing list