Re: [tor-relays] IPv6 auto-discovery vs. privacy extensions
On 25 Feb (23:20:04), Onior Operator wrote:
>
> > Op 25/02/2021 14:19 schreef David Goulet :
> >
> >
> > On 24 Feb (11:08:15), Onion Operator wrote:
> > > Saluton,
> > >
> > > My relay started to log this message since 0.4.5.5:
> > >
> > > Auto-discovered IPv6 address [...]:443 has not been found reachable.
> > > However, IPv4 address is reachable. Publishing server descriptor without
> > > IPv6 address. [2 similar message(s) suppressed in last 2400 seconds]
> > >
> > > I think it started with the introduction of IPv6 auto-discovery.
> > >
> > > The problem, as I understand it, is that my relay has IPv6 privacy
> > > extensions enabled and therefore the IPv6 detection logic gets
> > > fooled. Indeed the IPv6 I see in the logs is one of the temporary
> > > addresses used as client towards other relays.
> > >
> > > Relevant config is:
> > >
> > > ORPort 443 IPv4Only
> > > ORPort [...]:443 IPv6Only
> > >
> > > I added the IPv{4,6}Only options only in searching a solution to this
> > > problem, before 0.4.5.5 the IPv6 relay worked perfectly without.
> > >
> > > In reading the documentation of AddressDisableIPv6 I got the
> > > impression that if (any?) ORPort is configured with IPv4Only the
> > > IPv6 auto-discovery gets disabled but evidence does not support my
> > > understanding. Is it a bug?
> > >
> > > Any other way to disable IPv6 auto-discovery?
> >
> > "AddressDisableIPv6 1" should do it.
>
> Isn't this going to completely disable IPv6?
Correct.
>
> >
> > Also, "ORPort 443 IPv4Only" _only_ should also not make your tor
> > auto-discover
> > IPv6 at all. If it does, we have a bug! Sending us debug logs (even in
> > private
> > to my address) would be helpful in that case.
>
> I suspect we are in this case.
Any logs you can send towards me would be grand. Thanks!
>
> >
> > The last option is to "pin" an IPv6 by using either "Address" or directly
> > in the ORPort with "ORPort IP:PORT".
>
> The man page does not mention IPv6 in the description of "Address" and about
> pinning the IPv6 address in the ORPort, I think it's what I'm already doing
> (the [...] in the second ORPort above is indeed the IPv6 address) or not?
Indeed. I will update the manpage for "Address" to mention IPv6.
You can now use *two* Address statement, one for each IP type (v4 and v6) if
you want and tor will figure it out (correctly hopefully).
David
signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6 auto-discovery vs. privacy extensions
> Op 25/02/2021 14:19 schreef David Goulet :
>
>
> On 24 Feb (11:08:15), Onion Operator wrote:
> > Saluton,
> >
> > My relay started to log this message since 0.4.5.5:
> >
> > Auto-discovered IPv6 address [...]:443 has not been found reachable.
> > However, IPv4 address is reachable. Publishing server descriptor without
> > IPv6 address. [2 similar message(s) suppressed in last 2400 seconds]
> >
> > I think it started with the introduction of IPv6 auto-discovery.
> >
> > The problem, as I understand it, is that my relay has IPv6 privacy
> > extensions enabled and therefore the IPv6 detection logic gets
> > fooled. Indeed the IPv6 I see in the logs is one of the temporary
> > addresses used as client towards other relays.
> >
> > Relevant config is:
> >
> > ORPort 443 IPv4Only
> > ORPort [...]:443 IPv6Only
> >
> > I added the IPv{4,6}Only options only in searching a solution to this
> > problem, before 0.4.5.5 the IPv6 relay worked perfectly without.
> >
> > In reading the documentation of AddressDisableIPv6 I got the
> > impression that if (any?) ORPort is configured with IPv4Only the
> > IPv6 auto-discovery gets disabled but evidence does not support my
> > understanding. Is it a bug?
> >
> > Any other way to disable IPv6 auto-discovery?
>
> "AddressDisableIPv6 1" should do it.
Isn't this going to completely disable IPv6?
>
> Also, "ORPort 443 IPv4Only" _only_ should also not make your tor auto-discover
> IPv6 at all. If it does, we have a bug! Sending us debug logs (even in private
> to my address) would be helpful in that case.
I suspect we are in this case.
>
> The last option is to "pin" an IPv6 by using either "Address" or directly in
> the ORPort with "ORPort IP:PORT".
The man page does not mention IPv6 in the description of "Address" and about
pinning the IPv6 address in the ORPort, I think it's what I'm already doing
(the [...] in the second ORPort above is indeed the IPv6 address) or not?
/flev
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6 auto-discovery vs. privacy extensions
On 24 Feb (11:08:15), Onion Operator wrote:
> Saluton,
>
> My relay started to log this message since 0.4.5.5:
>
> Auto-discovered IPv6 address [...]:443 has not been found reachable. However,
> IPv4 address is reachable. Publishing server descriptor without IPv6 address.
> [2 similar message(s) suppressed in last 2400 seconds]
>
> I think it started with the introduction of IPv6 auto-discovery.
>
> The problem, as I understand it, is that my relay has IPv6 privacy
> extensions enabled and therefore the IPv6 detection logic gets
> fooled. Indeed the IPv6 I see in the logs is one of the temporary
> addresses used as client towards other relays.
>
> Relevant config is:
>
> ORPort 443 IPv4Only
> ORPort [...]:443 IPv6Only
>
> I added the IPv{4,6}Only options only in searching a solution to this
> problem, before 0.4.5.5 the IPv6 relay worked perfectly without.
>
> In reading the documentation of AddressDisableIPv6 I got the
> impression that if (any?) ORPort is configured with IPv4Only the
> IPv6 auto-discovery gets disabled but evidence does not support my
> understanding. Is it a bug?
>
> Any other way to disable IPv6 auto-discovery?
"AddressDisableIPv6 1" should do it.
Also, "ORPort 443 IPv4Only" _only_ should also not make your tor auto-discover
IPv6 at all. If it does, we have a bug! Sending us debug logs (even in private
to my address) would be helpful in that case.
The last option is to "pin" an IPv6 by using either "Address" or directly in
the ORPort with "ORPort IP:PORT".
Thanks!
David
--
E7wflFgKE/E5SRn+WXE1QvJTtRMvCV3b2OGyVzMvXSY=
signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6 auto-discovery vs. privacy extensions
Onion Operator a écrit :
>Saluton,
>My relay started to log this message since 0.4.5.5:
>Auto-discovered IPv6 address [...]:443 has not been found reachable.
>However, IPv4 address is reachable. Publishing server descriptor without
>IPv6 address. [2 similar message(s) suppressed in last 2400 seconds]
>I think it started with the introduction of IPv6 auto-discovery.
>The problem, as I understand it, is that my relay has IPv6 privacy
>extensions enabled and therefore the IPv6 detection logic gets
>fooled. Indeed the IPv6 I see in the logs is one of the temporary
>addresses used as client towards other relays.
>Relevant config is:
>ORPort 443 IPv4Only
>ORPort [...]:443 IPv6Only
>I added the IPv{4,6}Only options only in searching a solution to this
>problem, before 0.4.5.5 the IPv6 relay worked perfectly without.
>In reading the documentation of AddressDisableIPv6 I got the
>impression that if (any?) ORPort is configured with IPv4Only the
>IPv6 auto-discovery gets disabled but evidence does not support my
>understanding. Is it a bug?
>Any other way to disable IPv6 auto-discovery?
Hi,
in my config:
ORPort 26709
ORPort []:26709
DirPort 26710
No IPv6 auto-discovery in my logs, and ipv6 flag putted on my relays
I got this config from the torproject documentation.
hope this help :)
--
GnuPG: AE157E0B29F0BEF2 at keys.openpgp.org
CA Cert: https://dl.casperlefantom.net/pub/ssl/root.der
signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
