[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] IPv6 auto-discovery vs. privacy extensions

To: Onior Operator <flev@xxxxxxxxxx>
Subject: Re: [tor-relays] IPv6 auto-discovery vs. privacy extensions
From: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date: Mon, 1 Mar 2021 10:23:29 -0500
Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 01 Mar 2021 10:24:02 -0500
In-reply-to: <1270281503.226382.1614291604888@kpc.webmail.kpnmail.nl>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <1927946061.157862.1614161296001@kpc.webmail.kpnmail.nl> <20210225131937.tuuxe7holqzczyql@raoul> <1270281503.226382.1614291604888@kpc.webmail.kpnmail.nl>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 25 Feb (23:20:04), Onior Operator wrote:
> 
> > Op 25/02/2021 14:19 schreef David Goulet <dgoulet@xxxxxxxxxxxxxx>:
> > 
> >  
> > On 24 Feb (11:08:15), Onion Operator wrote:
> > > Saluton,
> > > 
> > > My relay started to log this message since 0.4.5.5:
> > > 
> > > Auto-discovered IPv6 address [...]:443 has not been found reachable. However, IPv4 address is reachable. Publishing server descriptor without IPv6 address. [2 similar message(s) suppressed in last 2400 seconds]
> > > 
> > > I think it started with the introduction of IPv6 auto-discovery.
> > > 
> > > The problem, as I understand it, is that my relay has IPv6 privacy
> > > extensions enabled and therefore the IPv6 detection logic gets
> > > fooled. Indeed the IPv6 I see in the logs is one of the temporary
> > > addresses used as client towards other relays.
> > > 
> > > Relevant config is:
> > > 
> > > ORPort 443 IPv4Only
> > > ORPort [...]:443 IPv6Only
> > > 
> > > I added the IPv{4,6}Only options only in searching a solution to this
> > > problem, before 0.4.5.5 the IPv6 relay worked perfectly without.
> > > 
> > > In reading the documentation of AddressDisableIPv6 I got the
> > > impression that if (any?) ORPort is configured with IPv4Only the
> > > IPv6 auto-discovery gets disabled but evidence does not support my
> > > understanding. Is it a bug?
> > > 
> > > Any other way to disable IPv6 auto-discovery?
> > 
> > "AddressDisableIPv6 1" should do it.
> 
> Isn't this going to completely disable IPv6?

Correct.

> 
> > 
> > Also, "ORPort 443 IPv4Only" _only_ should also not make your tor auto-discover
> > IPv6 at all. If it does, we have a bug! Sending us debug logs (even in private
> > to my address) would be helpful in that case.
> 
> I suspect we are in this case.

Any logs you can send towards me would be grand. Thanks!

> 
> > 
> > The last option is to "pin" an IPv6 by using either "Address" or directly
> > in the ORPort with "ORPort IP:PORT".
> 
> The man page does not mention IPv6 in the description of "Address" and about
> pinning the IPv6 address in the ORPort, I think it's what I'm already doing
> (the [...] in the second ORPort above is indeed the IPv6 address) or not?

Indeed. I will update the manpage for "Address" to mention IPv6.

You can now use *two* Address statement, one for each IP type (v4 and v6) if
you want and tor will figure it out (correctly hopefully).

David

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] Active MetricsPort logs "Address already in use"
Next by Author: Re: [tor-relays] Thoughts and insight before bridge moving
Previous by thread: Re: [tor-relays] Bridge operator iat_mode setting
Next by thread: [tor-relays] difficulty installing
Index(es):
- Author
- Thread