On 06/30/2017 01:43 PM, teor wrote: > >> On 30 Jun 2017, at 19:26, Mirimir <[email protected]> wrote: >> >> On 06/29/2017 08:41 PM, teor wrote: >>> >>>> On 30 Jun 2017, at 16:55, Scott Bennett <[email protected]> wrote: >> >> <SNIP> >> >>>> Also, is there a problem with having IPv6-only exit service where a >>>> relay is accessable via IPv4 for clients and other relays? >>> >>> Most tor clients send a DNS name, and flags that say whether they >>> allow IPv4 and IPv6, and which one they prefer. They rely on the Exit >>> to resolve the IP address and connect to the site. >>> >>> On the current network, an IPv6-only Exit won't get the Exit flag, and >>> therefore won't get much client traffic. >> >> OK, so exits need both IPv4 and IPv6. > > Or just IPv4 works fine, too.
:) >>> And it probably shouldn't, until almost all internet sites are on IPv6. >>> Otherwise clients will ask it to connect to IPv4-only sites, and it >>> will fail them. >> >> This confuses me a little. From another subthread: >> >> On 06/29/2017 02:02 PM, teor wrote: >> >> <SNIP> >> >>> Many Exit operators already enable IPv6Exit. >>> Most Tor clients automatically Exit through IPv6 when it is available. >>> (It is the default in recent versions of Tor.) >> >> What happens for Tor clients without local IPv6 stacks, when they use a >> dual-stack exit to hit a dual-stack site? An IPv4 connection, right? > > The Tor protocol is cells over circuits. > > Those circuits are built over SSL connections, which use whatever > IP versions are available to the client, relays, and remote site / > onion service. Each connection's IP version can be different across > the circuit. > > For client to entry, this is mostly IPv4. > For relays, this is always IPv4. > For exit to internet site, this is IPv6 if available, and IPv4 > otherwise. So a client with only IPv4 stack, using a dual-stack exit, can hit IPv6-only Internet sites. Right? That's very cool! Because then, Tor not only offers privacy and anonymity advantages, but also allows users without IPv6 connectivity to reach IPv6-only Internet sites. That will be increasingly important as IPv6-only sites become common. > For service entry to onion service, this is mostly IPv4. So IPv6-only machines can host onion services, as long as they use a dual-stack guard. Also very cool. >> If the client is on a dual-stack machine, it would default to IPv6, >> right? So Tor circuits would be doing IPv6 over IPv4, yes? > > No, there's no IP encapsulation inside Tor circuits, only cells. Yes, of course. But Tor can be rather like an IPv4-IPv6 adapter. > T > > -- > Tim Wilson-Brown (teor) > > teor2345 at gmail dot com > PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B > ricochet:ekmygaiu4rzgsk6n > xmpp: teor at torproject dot org > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
