Opened 3 years ago

Closed 3 years ago

Last modified 23 months ago

#18387 closed enhancement (duplicate)

Allow Listening on :: for IPv6

Reported by: DJX Owned by:
Priority: Low Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version: Tor: 0.2.7.6
Severity: Minor Keywords: ipv6
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Running tor-win32-0.2.7.6, SocksPort and ORPort do not allow binding to "::1" for "all IPv6 interfaces". They do allow binding to "0.0.0.0" for "all IPv4 interfaces" though. This ticket is a feature request to allow binding to "::1" for "all IPv6 interfaces" in torrc.

Child Tickets

Change History (13)

comment:1 Changed 3 years ago by DJX

Component: - Select a componentTor

comment:2 in reply to:  description Changed 3 years ago by cypherpunks

Replying to DJX:

"::1" for "all IPv6 interfaces".
This ticket is a feature request to allow binding to "::1" for "all IPv6 interfaces" in torrc.

Why would ::1, the /loopback/ address, be used as the wildcard? In6addr_any is a thing, fyi.

comment:3 Changed 3 years ago by nickm

They probably meant "::"

comment:4 Changed 3 years ago by DJX

Summary: Allow Listening on ::1 for IPv6Allow Listening on :: for IPv6

comment:5 Changed 3 years ago by DJX

Yes, sorry :: equivalent for 0.0.0.0.
I wasn't thinking.

comment:6 Changed 3 years ago by teor

Milestone: Tor: 0.2.9.x-final
Status: newneeds_information

What torrc option are you using, and what error message(s) do you get?
Do you know if this only happens on Windows?

I can launch tor 0.2.7.6 on OS X with:

DataDirectory /tmp/tor.$$
ORPort 0.0.0.0:9000
ORPort [::]:12345

comment:7 Changed 3 years ago by teor

Keywords: ipv6 added

comment:8 Changed 3 years ago by DJX

Not sure, here is my log:

Mar 01 12:15:24.000 [notice] Tor 0.2.7.6 (git-7a489a6389110120) opening new log file.
Mar 01 12:15:24.435 [notice] Tor v0.2.7.6 (git-7a489a6389110120) running on Windows 7 [server] with Libevent 2.0.21-stable, OpenSSL 1.0.1q and Zlib 1.2.8.
Mar 01 12:15:24.436 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Mar 01 12:15:24.741 [notice] Read configuration file "C:\ProgramData\Tor\torrc".
Mar 01 12:15:24.754 [warn] You specified a public address '0.0.0.0:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Mar 01 12:15:24.754 [warn] You specified a public address '[::]:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Mar 01 12:15:24.754 [warn] Tor is currently configured as a relay and a hidden service. That's not very secure: you should probably run your hidden service in a separate Tor process, at least -- see https://trac.torproject.org/8742
Mar 01 12:15:24.754 [notice] Based on detected system memory, MaxMemInQueues is set to 2048 MB. You can override this by setting MaxMemInQueues by hand.
Mar 01 12:15:24.760 [warn] You specified a public address '0.0.0.0:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Mar 01 12:15:24.760 [warn] You specified a public address '[::]:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Mar 01 12:15:24.760 [notice] Opening Socks listener on 0.0.0.0:9150
Mar 01 12:15:24.760 [notice] Opening Socks listener on [::]:9150
Mar 01 12:15:24.762 [notice] Opening Control listener on 127.0.0.1:9151
Mar 01 12:15:24.762 [notice] Opening Control listener on [::1]:9151
Mar 01 12:15:24.762 [notice] Opening OR listener on 0.0.0.0:4343
Mar 01 12:15:24.763 [notice] Opening OR listener on [::]:4343
Mar 01 12:15:24.000 [notice] Parsing GEOIP IPv4 file C:\Program Files (x86)\Tor\geoip.
Mar 01 12:15:25.000 [notice] Parsing GEOIP IPv6 file C:\Program Files (x86)\Tor\geoip6.
Mar 01 12:15:25.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Mar 01 12:15:26.000 [notice] Your Tor server's identity key fingerprint is '***'
Mar 01 12:15:26.000 [notice] Your Tor bridge's hashed identity key fingerprint is '***'
Mar 01 12:15:26.000 [notice] Bootstrapped 0%: Starting
Mar 01 12:17:03.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Mar 01 12:17:05.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Mar 01 12:17:05.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Mar 01 12:17:05.000 [notice] Guessed our IP address as *.*.*.* (source: 192.42.116.161).
Mar 01 12:17:06.000 [warn] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. 
Mar 01 12:17:07.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Mar 01 12:17:07.000 [notice] Bootstrapped 100%: Done
Mar 01 12:17:07.000 [notice] Now checking whether ORPort *.*.*.*:4343 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Mar 01 12:17:09.000 [warn] Failure from drain_fd: No error
Mar 01 12:17:09.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Mar 01 12:17:09.000 [warn] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. 
Mar 01 12:17:12.000 [notice] Performing bandwidth self-test...done.

Here is my torrc:

SocksPort 0.0.0.0:9150
SocksPort [::]:9150
ControlPort 127.0.0.1:9151
ControlPort [::1]:9151
ORPort 0.0.0.0:4343
ORPort [::]:4343
ClientUseIPv6 1
ClientPreferIPv6ORPort 1
DataDirectory C:\ProgramData\Tor
GeoIPFile C:\Program Files (x86)\Tor\geoip
GeoIPv6File C:\Program Files (x86)\Tor\geoip6
Log notice file C:\ProgramData\Tor\Log.log
BridgeRelay 1
PublishServerDescriptor 1
HardwareAccel 1
Nickname ***
ContactInfo HostMaster <hostmaster AT ***>
HashedControlPassword ***
SocksPolicy accept private:*
HiddenServiceDir C:\ProgramData\Tor\site
HiddenServicePort 80 *.*.*.*:80
HiddenServicePort 443 *.*.*.*:443

comment:9 Changed 3 years ago by teor

Looking at the logs, tor appears to allow binding SOCKSPort to [::], but it warns you this is unsafe.
Mar 01 12:15:24.754 [warn] You specified a public address '[::]:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.

Can you connect to the SOCKSPort on any of your IP addresses?

Again looking at the logs, while tor allows you to bind ORPort to [::], it won't post a descriptor with [::] as the IPv6 address, because clients and other relays need to know one of your actual IPv6 addresses to connect to you.
Mar 01 12:17:06.000 [warn] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly.

Try using an IPv6 address which can be reached on the Internet instead of :: in your ORPort [::]:4343 configuration line.

comment:10 Changed 3 years ago by DJX

Yes, the SOCKS connection works.

The second warning is the one I'm concerned with as this works for IPv4.
Specifying a literal IPv6 address makes this warning go away but I do not have to do this for IPv4 so I do not want to do this for IPv6.

That's why I submitted the ticket as a low priority/wish/enhancement ticket.

comment:11 Changed 3 years ago by teor

Resolution: duplicate
Status: needs_informationclosed

This is a duplicate of #5940.

When tor can figure out its own IPv6 address, it will have an address (other than [::]) to put in its descriptor.

comment:12 Changed 3 years ago by DJX

Sorry, thank you.

comment:13 in reply to:  12 Changed 3 years ago by teor

Replying to DJX:

Sorry, thank you.

No problem. Duplicates happen all the time.

Just so you know, we want to implement this enhancement in the next release (0.2.9).

Edit: It was triaged out.

Last edited 23 months ago by teor (previous) (diff)
Note: See TracTickets for help on using tickets.