[tor-relays] tor relay ipv6

Roman Mamedov rm at romanrm.net
Thu Aug 22 11:49:49 UTC 2019


On Thu, 22 Aug 2019 21:23:03 +1000
teor <teor at riseup.net> wrote:

> Your relay's IPv6 address is not reachable from the directory authorities:
> https://metrics.torproject.org/rs.html#details/CE5ED345398CC02D573347C2F238F80B18E680EE
> 
> All 6 directory authorities on IPv6 can't reach your relay on IPv6:
> https://consensus-health.torproject.org/consensus-health-2019-08-22-10-00.html#CE5ED345398CC02D573347C2F238F80B18E680EE

To be more specific, from my tests the IP in question is reachable by ICMP,
but it is "Connection refused" on port 443.

@Станислав,
Maybe you didn't reload (or better yet, restart) Tor after
commenting/uncommenting some of the IPv6-related lines in torrc? (Which looks
kind of weird, and hints that perhaps you were experimenting with various changes)

-----------------------------------
## Required: what port to advertise for incoming Tor connections.
#ORPort 9001
## If you want to listen on a port other than the one advertised in
## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
## follows.  You'll need to do ipchains or other port forwarding
## yourself to make this work.
ORPort 443 
#ORPort [2a03:e2c0:bc7::2]:443
#ORPort 127.0.0.1:9090 NoAdvertise

## The IP address or full DNS name for incoming connections to your
## relay. Leave commented out and Tor will guess.
Address [2a03:e2c0:bc7::2]

## If you have multiple network interfaces, you can specify one for
## outgoing traffic to use.
## OutboundBindAddressExit will be used for all exit traffic, while
## OutboundBindAddressOR will be used for all OR and Dir connections
## (DNS connections ignore OutboundBindAddress).
## If you do not wish to differentiate, use OutboundBindAddress to
## specify the same address for both in a single line.
#OutboundBindAddressExit 10.0.0.4
OutboundBindAddress [2a03:e2c0:bc7::2]
ORPort [2a03:e2c0:bc7::2]:443
-----------------------------------

The "Address" and "OutboundBindAddress" IPv6 lines should not be necessary,
only the ORPort one is required, i.e. 

  ORPort 443 
  ORPort [2a03:e2c0:bc7::2]:443

should be fine, all the rest can be deleted.

Also check firewall on the router and the machine itself, that IPv6
connections on port 443 are accepted from the outside.

Lastly, rather than using a tunnel, check if you get native IPv6 from your
ISP, I think yours should provide it in some areas. However then you might get
a dynamic prefix, which is a pain to use with Tor currently (speaking of
v6-related Tor issues...)

-- 
With respect,
Roman


More information about the tor-relays mailing list