[tor-relays] ipv6 behaviour consensus
charlyghislain at gmail.com
Thu Apr 18 22:08:42 UTC 2019
selfreplying as I hadn't read the whole ticket thread at the time of
writing (still haven't, tbh).
I think there are real reason to use natted traffic in this period of
transition toward ip6 and that must be supported.
My setup (ha proxy litening on both interfaces, tor relay listening on ip4
only) was used because tor is running in a containerized environment,
heavily relying on natted ipv4 networks to route the traffic to the correct
container, which might run on another host.
Corporates still use internal ip4 vpn/firewalls, with load balancers
accepting ip6 traffic.
For many other reasons, the ip/interface/port you are listening to might be
very different than the one you publicly advertise. Lets keep it that way.
On Fri, Apr 19, 2019 at 12:41 AM Charly Ghislain <charlyghislain at gmail.com>
> Hi list,
> Last reply from s7r on jake Visser' issue included a link to an open issue
> waiting for a consensus on a mailing list:
> Not sure if teor implied the dev mailing list or this one, but maybe
> gathering feedback from operators is a good idea.
> AFAIC, as avee stated on the ticket I don't find the current setup much
> confusing. The documentation on ipv6 setup was not as clear as one would
> expect, I came across what appeared to be outdated docs, and I think this
> is the area that could be improved to eases operator setup.
> I agree with Avee that any update on that matter should be backward
> compatible, allowing relays running behind custom natted networks to
> continue operating without any trouble.
> I feel there is an issue in case the operator advertises an unreachable
> ip6 address in the config. This seems like a configuration error that
> should be spotted by a self-reachability mechanism that is yet to come,
> like for ipv4. I can imagine however that directories could be able to flag
> the relay as reachable over ipv4 and not over ipv6, and that the relay
> would still be usable over ip4. I thought it was the case actually.
> Please provide your feedback. ip6 is around for so long, it is depressing
> to see how hard it is for so many software to provide a nice user
> experience with it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-relays