[tor-relays] IPv6 to IPv4 tor exit relays would fix many daily tor-problems

Mirimir mirimir at riseup.net
Sat Jul 1 08:00:37 UTC 2017


On 06/30/2017 01:43 PM, teor wrote:
> 
>> On 30 Jun 2017, at 19:26, Mirimir <mirimir at riseup.net> wrote:
>>
>> On 06/29/2017 08:41 PM, teor wrote:
>>>
>>>> On 30 Jun 2017, at 16:55, Scott Bennett <bennett at sdf.org> wrote:
>>
>> <SNIP>
>>
>>>>    Also, is there a problem with having IPv6-only exit service where a
>>>> relay is accessable via IPv4 for clients and other relays?
>>>
>>> Most tor clients send a DNS name, and flags that say whether they
>>> allow IPv4 and IPv6, and which one they prefer. They rely on the Exit
>>> to resolve the IP address and connect to the site.
>>>
>>> On the current network, an IPv6-only Exit won't get the Exit flag, and
>>> therefore won't get much client traffic.
>>
>> OK, so exits need both IPv4 and IPv6.
> 
> Or just IPv4 works fine, too.

:)

>>> And it probably shouldn't, until almost all internet sites are on IPv6.
>>> Otherwise clients will ask it to connect to IPv4-only sites, and it
>>> will fail them.
>>
>> This confuses me a little. From another subthread:
>>
>> On 06/29/2017 02:02 PM, teor wrote:
>>
>> <SNIP>
>>
>>> Many Exit operators already enable IPv6Exit.
>>> Most Tor clients automatically Exit through IPv6 when it is available.
>>> (It is the default in recent versions of Tor.)
>>
>> What happens for Tor clients without local IPv6 stacks, when they use a
>> dual-stack exit to hit a dual-stack site? An IPv4 connection, right?
> 
> The Tor protocol is cells over circuits.
> 
> Those circuits are built over SSL connections, which use whatever
> IP versions are available to the client, relays, and remote site /
> onion service. Each connection's IP version can be different across
> the circuit.
> 
> For client to entry, this is mostly IPv4.
> For relays, this is always IPv4.
> For exit to internet site, this is IPv6 if available, and IPv4
> otherwise.

So a client with only IPv4 stack, using a dual-stack exit, can hit
IPv6-only Internet sites. Right? That's very cool! Because then, Tor not
only offers privacy and anonymity advantages, but also allows users
without IPv6 connectivity to reach IPv6-only Internet sites. That will
be increasingly important as IPv6-only sites become common.

> For service entry to onion service, this is mostly IPv4.

So IPv6-only machines can host onion services, as long as they use a
dual-stack guard. Also very cool.

>> If the client is on a dual-stack machine, it would default to IPv6,
>> right? So Tor circuits would be doing IPv6 over IPv4, yes?
> 
> No, there's no IP encapsulation inside Tor circuits, only cells.

Yes, of course. But Tor can be rather like an IPv4-IPv6 adapter.

> T
> 
> --
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
> ------------------------------------------------------------------------
> 
> 
> 
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 


More information about the tor-relays mailing list