[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] IPv6 auto-discovery vs. privacy extensions



> Op 25/02/2021 14:19 schreef David Goulet <dgoulet@xxxxxxxxxxxxxx>:
> 
>  
> On 24 Feb (11:08:15), Onion Operator wrote:
> > Saluton,
> > 
> > My relay started to log this message since 0.4.5.5:
> > 
> > Auto-discovered IPv6 address [...]:443 has not been found reachable. However, IPv4 address is reachable. Publishing server descriptor without IPv6 address. [2 similar message(s) suppressed in last 2400 seconds]
> > 
> > I think it started with the introduction of IPv6 auto-discovery.
> > 
> > The problem, as I understand it, is that my relay has IPv6 privacy
> > extensions enabled and therefore the IPv6 detection logic gets
> > fooled. Indeed the IPv6 I see in the logs is one of the temporary
> > addresses used as client towards other relays.
> > 
> > Relevant config is:
> > 
> > ORPort 443 IPv4Only
> > ORPort [...]:443 IPv6Only
> > 
> > I added the IPv{4,6}Only options only in searching a solution to this
> > problem, before 0.4.5.5 the IPv6 relay worked perfectly without.
> > 
> > In reading the documentation of AddressDisableIPv6 I got the
> > impression that if (any?) ORPort is configured with IPv4Only the
> > IPv6 auto-discovery gets disabled but evidence does not support my
> > understanding. Is it a bug?
> > 
> > Any other way to disable IPv6 auto-discovery?
> 
> "AddressDisableIPv6 1" should do it.

Isn't this going to completely disable IPv6?

> 
> Also, "ORPort 443 IPv4Only" _only_ should also not make your tor auto-discover
> IPv6 at all. If it does, we have a bug! Sending us debug logs (even in private
> to my address) would be helpful in that case.

I suspect we are in this case.

> 
> The last option is to "pin" an IPv6 by using either "Address" or directly in
> the ORPort with "ORPort IP:PORT".

The man page does not mention IPv6 in the description of "Address" and about pinning the IPv6 address in the ORPort, I think it's what I'm already doing (the [...] in the second ORPort above is indeed the IPv6 address) or not?

/flev
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays