[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Add CGNAT 100.64.0.0/10 to Default Exit Relay Reject Policy

To: theyarewatching via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-relays] Add CGNAT 100.64.0.0/10 to Default Exit Relay Reject Policy
From: admin--- via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Sun, 06 Jul 2025 19:13:36 +0000
Feedback-id: 92137617:user:proton
List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
Reply-to: admin@xxxxxxxxxxx

Hello,

I've noticed that the non-publicly routable CGNAT subnet of 100.64.0.0/10 is not in the default exit policy reject list like 192.168/16 and 10/8 are.
This range is not publicly routed, and should never need to be accessed from a Tor exit. 


Tailscale and other ISPs use this block. 

How many exit relays connected to a Tailscale network are unknowingly exposing all of their other Tailscale devices to the Tor network? 

ISPs may be less willing to allow exit relays if there are bots using Tor to toy with the ISPs 100.64/10 range.

Maybe there is something I am missing for it to not be included?

Thanks,
Likogan.Dev

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx

Next by Author: [tor-relays] Re: webtunnel bridges for the telegram distributor
Next by thread: [tor-relays] authority bandwidth measurements and latency
Index(es):
- Author
- Thread