Allow Listening on :: for IPv6

Running tor-win32-0.2.7.6, SocksPort and ORPort do not allow binding to "::1" for "all IPv6 interfaces". They do allow binding to "0.0.0.0" for "all IPv4 interfaces" though. This ticket is a feature request to allow binding to "::1" for "all IPv6 interfaces" in torrc.

Trac:
Username: DJX

changed milestone to %Tor: 0.2.9.x-final

added component::core tor/tor ipv6 milestone::Tor: 0.2.9.x-final priority::low reporter::DJX resolution::duplicate severity::minor status::closed type::enhancement version::tor 0.2.7.6 labels

Trac:
Username: DJX
Component: - Select a component to Tor

Replying to DJX:

"::1" for "all IPv6 interfaces". This ticket is a feature request to allow binding to "::1" for "all IPv6 interfaces" in torrc.

Why would ::1, the /loopback/ address, be used as the wildcard? In6addr_any is a thing, fyi.

They probably meant "::"

Trac:
Username: DJX
Summary: Allow Listening on ::1 for IPv6 to Allow Listening on :: for IPv6

Yes, sorry :: equivalent for 0.0.0.0. I wasn't thinking.

Trac:
Username: DJX

What torrc option are you using, and what error message(s) do you get? Do you know if this only happens on Windows?

I can launch tor 0.2.7.6 on OS X with:

DataDirectory /tmp/tor.$$
ORPort 0.0.0.0:9000
ORPort [::]:12345

Trac:
Status: new to needs_information
Milestone: N/A to Tor: 0.2.9.x-final

Trac:
Keywords: N/A deleted, ipv6 added

Not sure, here is my log:

Mar 01 12:15:24.000 [notice] Tor 0.2.7.6 (git-7a489a6389110120) opening new log file.
Mar 01 12:15:24.435 [notice] Tor v0.2.7.6 (git-7a489a6389110120) running on Windows 7 [server] with Libevent 2.0.21-stable, OpenSSL 1.0.1q and Zlib 1.2.8.
Mar 01 12:15:24.436 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Mar 01 12:15:24.741 [notice] Read configuration file "C:\ProgramData\Tor\torrc".
Mar 01 12:15:24.754 [warn] You specified a public address '0.0.0.0:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Mar 01 12:15:24.754 [warn] You specified a public address '[::]:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Mar 01 12:15:24.754 [warn] Tor is currently configured as a relay and a hidden service. That's not very secure: you should probably run your hidden service in a separate Tor process, at least -- see https://trac.torproject.org/8742
Mar 01 12:15:24.754 [notice] Based on detected system memory, MaxMemInQueues is set to 2048 MB. You can override this by setting MaxMemInQueues by hand.
Mar 01 12:15:24.760 [warn] You specified a public address '0.0.0.0:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Mar 01 12:15:24.760 [warn] You specified a public address '[::]:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Mar 01 12:15:24.760 [notice] Opening Socks listener on 0.0.0.0:9150
Mar 01 12:15:24.760 [notice] Opening Socks listener on [::]:9150
Mar 01 12:15:24.762 [notice] Opening Control listener on 127.0.0.1:9151
Mar 01 12:15:24.762 [notice] Opening Control listener on [::1]:9151
Mar 01 12:15:24.762 [notice] Opening OR listener on 0.0.0.0:4343
Mar 01 12:15:24.763 [notice] Opening OR listener on [::]:4343
Mar 01 12:15:24.000 [notice] Parsing GEOIP IPv4 file C:\Program Files (x86)\Tor\geoip.
Mar 01 12:15:25.000 [notice] Parsing GEOIP IPv6 file C:\Program Files (x86)\Tor\geoip6.
Mar 01 12:15:25.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Mar 01 12:15:26.000 [notice] Your Tor server's identity key fingerprint is '***'
Mar 01 12:15:26.000 [notice] Your Tor bridge's hashed identity key fingerprint is '***'
Mar 01 12:15:26.000 [notice] Bootstrapped 0%: Starting
Mar 01 12:17:03.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Mar 01 12:17:05.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Mar 01 12:17:05.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Mar 01 12:17:05.000 [notice] Guessed our IP address as *.*.*.* (source: 192.42.116.161).
Mar 01 12:17:06.000 [warn] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. 
Mar 01 12:17:07.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Mar 01 12:17:07.000 [notice] Bootstrapped 100%: Done
Mar 01 12:17:07.000 [notice] Now checking whether ORPort *.*.*.*:4343 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Mar 01 12:17:09.000 [warn] Failure from drain_fd: No error
Mar 01 12:17:09.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Mar 01 12:17:09.000 [warn] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. 
Mar 01 12:17:12.000 [notice] Performing bandwidth self-test...done.

Here is my torrc:

SocksPort 0.0.0.0:9150
SocksPort [::]:9150
ControlPort 127.0.0.1:9151
ControlPort [::1]:9151
ORPort 0.0.0.0:4343
ORPort [::]:4343
ClientUseIPv6 1
ClientPreferIPv6ORPort 1
DataDirectory C:\ProgramData\Tor
GeoIPFile C:\Program Files (x86)\Tor\geoip
GeoIPv6File C:\Program Files (x86)\Tor\geoip6
Log notice file C:\ProgramData\Tor\Log.log
BridgeRelay 1
PublishServerDescriptor 1
HardwareAccel 1
Nickname ***
ContactInfo HostMaster <hostmaster AT ***>
HashedControlPassword ***
SocksPolicy accept private:*
HiddenServiceDir C:\ProgramData\Tor\site
HiddenServicePort 80 *.*.*.*:80
HiddenServicePort 443 *.*.*.*:443

Trac:
Username: DJX

Looking at the logs, tor appears to allow binding SOCKSPort to [::], but it warns you this is unsafe. Mar 01 12:15:24.754 [warn] You specified a public address '[::]:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.

Can you connect to the SOCKSPort on any of your IP addresses?

Again looking at the logs, while tor allows you to bind ORPort to [::], it won't post a descriptor with [::] as the IPv6 address, because clients and other relays need to know one of your actual IPv6 addresses to connect to you. Mar 01 12:17:06.000 [warn] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly.

Try using an IPv6 address which can be reached on the Internet instead of :: in your ORPort [::]:4343 configuration line.

Yes, the SOCKS connection works.

The second warning is the one I'm concerned with as this works for IPv4. Specifying a literal IPv6 address makes this warning go away but I do not have to do this for IPv4 so I do not want to do this for IPv6.

That's why I submitted the ticket as a low priority/wish/enhancement ticket.

Trac:
Username: DJX

This is a duplicate of #5940 (moved).

When tor can figure out its own IPv6 address, it will have an address (other than [::]) to put in its descriptor.

Trac:
Status: needs_information to closed
Resolution: N/A to duplicate

Sorry, thank you.

Trac:
Username: DJX

Replying to DJX:

Sorry, thank you.

No problem. Duplicates happen all the time.

Just so you know, we want to implement this enhancement in the next release (0.2.9).

Edit: It was triaged out.

closed

moved to tpo/core/tor#18387 (closed)