#18387 closed enhancement (duplicate)
Allow Listening on :: for IPv6
Reported by: | DJX | Owned by: | |
---|---|---|---|
Priority: | Low | Milestone: | Tor: 0.2.9.x-final |
Component: | Core Tor/Tor | Version: | Tor: 0.2.7.6 |
Severity: | Minor | Keywords: | ipv6 |
Cc: | Actual Points: | ||
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
Running tor-win32-0.2.7.6, SocksPort and ORPort do not allow binding to "::1" for "all IPv6 interfaces". They do allow binding to "0.0.0.0" for "all IPv4 interfaces" though. This ticket is a feature request to allow binding to "::1" for "all IPv6 interfaces" in torrc.
Child Tickets
Change History (13)
comment:1 Changed 3 years ago by
Component: | - Select a component → Tor |
---|
comment:2 Changed 3 years ago by
comment:4 Changed 3 years ago by
Summary: | Allow Listening on ::1 for IPv6 → Allow Listening on :: for IPv6 |
---|
comment:6 Changed 3 years ago by
Milestone: | → Tor: 0.2.9.x-final |
---|---|
Status: | new → needs_information |
What torrc option are you using, and what error message(s) do you get?
Do you know if this only happens on Windows?
I can launch tor 0.2.7.6 on OS X with:
DataDirectory /tmp/tor.$$ ORPort 0.0.0.0:9000 ORPort [::]:12345
comment:7 Changed 3 years ago by
Keywords: | ipv6 added |
---|
comment:8 Changed 3 years ago by
Not sure, here is my log:
Mar 01 12:15:24.000 [notice] Tor 0.2.7.6 (git-7a489a6389110120) opening new log file. Mar 01 12:15:24.435 [notice] Tor v0.2.7.6 (git-7a489a6389110120) running on Windows 7 [server] with Libevent 2.0.21-stable, OpenSSL 1.0.1q and Zlib 1.2.8. Mar 01 12:15:24.436 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Mar 01 12:15:24.741 [notice] Read configuration file "C:\ProgramData\Tor\torrc". Mar 01 12:15:24.754 [warn] You specified a public address '0.0.0.0:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason. Mar 01 12:15:24.754 [warn] You specified a public address '[::]:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason. Mar 01 12:15:24.754 [warn] Tor is currently configured as a relay and a hidden service. That's not very secure: you should probably run your hidden service in a separate Tor process, at least -- see https://trac.torproject.org/8742 Mar 01 12:15:24.754 [notice] Based on detected system memory, MaxMemInQueues is set to 2048 MB. You can override this by setting MaxMemInQueues by hand. Mar 01 12:15:24.760 [warn] You specified a public address '0.0.0.0:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason. Mar 01 12:15:24.760 [warn] You specified a public address '[::]:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason. Mar 01 12:15:24.760 [notice] Opening Socks listener on 0.0.0.0:9150 Mar 01 12:15:24.760 [notice] Opening Socks listener on [::]:9150 Mar 01 12:15:24.762 [notice] Opening Control listener on 127.0.0.1:9151 Mar 01 12:15:24.762 [notice] Opening Control listener on [::1]:9151 Mar 01 12:15:24.762 [notice] Opening OR listener on 0.0.0.0:4343 Mar 01 12:15:24.763 [notice] Opening OR listener on [::]:4343 Mar 01 12:15:24.000 [notice] Parsing GEOIP IPv4 file C:\Program Files (x86)\Tor\geoip. Mar 01 12:15:25.000 [notice] Parsing GEOIP IPv6 file C:\Program Files (x86)\Tor\geoip6. Mar 01 12:15:25.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. Mar 01 12:15:26.000 [notice] Your Tor server's identity key fingerprint is '***' Mar 01 12:15:26.000 [notice] Your Tor bridge's hashed identity key fingerprint is '***' Mar 01 12:15:26.000 [notice] Bootstrapped 0%: Starting Mar 01 12:17:03.000 [notice] Bootstrapped 80%: Connecting to the Tor network Mar 01 12:17:05.000 [notice] Bootstrapped 85%: Finishing handshake with first hop Mar 01 12:17:05.000 [notice] Bootstrapped 90%: Establishing a Tor circuit Mar 01 12:17:05.000 [notice] Guessed our IP address as *.*.*.* (source: 192.42.116.161). Mar 01 12:17:06.000 [warn] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. Mar 01 12:17:07.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Mar 01 12:17:07.000 [notice] Bootstrapped 100%: Done Mar 01 12:17:07.000 [notice] Now checking whether ORPort *.*.*.*:4343 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) Mar 01 12:17:09.000 [warn] Failure from drain_fd: No error Mar 01 12:17:09.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Mar 01 12:17:09.000 [warn] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly. Mar 01 12:17:12.000 [notice] Performing bandwidth self-test...done.
Here is my torrc:
SocksPort 0.0.0.0:9150 SocksPort [::]:9150 ControlPort 127.0.0.1:9151 ControlPort [::1]:9151 ORPort 0.0.0.0:4343 ORPort [::]:4343 ClientUseIPv6 1 ClientPreferIPv6ORPort 1 DataDirectory C:\ProgramData\Tor GeoIPFile C:\Program Files (x86)\Tor\geoip GeoIPv6File C:\Program Files (x86)\Tor\geoip6 Log notice file C:\ProgramData\Tor\Log.log BridgeRelay 1 PublishServerDescriptor 1 HardwareAccel 1 Nickname *** ContactInfo HostMaster <hostmaster AT ***> HashedControlPassword *** SocksPolicy accept private:* HiddenServiceDir C:\ProgramData\Tor\site HiddenServicePort 80 *.*.*.*:80 HiddenServicePort 443 *.*.*.*:443
comment:9 Changed 3 years ago by
Looking at the logs, tor appears to allow binding SOCKSPort to [::], but it warns you this is unsafe.
Mar 01 12:15:24.754 [warn] You specified a public address '[::]:9150' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Can you connect to the SOCKSPort on any of your IP addresses?
Again looking at the logs, while tor allows you to bind ORPort to [::], it won't post a descriptor with [::] as the IPv6 address, because clients and other relays need to know one of your actual IPv6 addresses to connect to you.
Mar 01 12:17:06.000 [warn] Unable to use configured IPv6 address "[::]" in a descriptor. Skipping it. Try specifying a globally reachable address explicitly.
Try using an IPv6 address which can be reached on the Internet instead of ::
in your ORPort [::]:4343
configuration line.
comment:10 Changed 3 years ago by
Yes, the SOCKS connection works.
The second warning is the one I'm concerned with as this works for IPv4.
Specifying a literal IPv6 address makes this warning go away but I do not have to do this for IPv4 so I do not want to do this for IPv6.
That's why I submitted the ticket as a low priority/wish/enhancement ticket.
comment:11 Changed 3 years ago by
Resolution: | → duplicate |
---|---|
Status: | needs_information → closed |
This is a duplicate of #5940.
When tor can figure out its own IPv6 address, it will have an address (other than [::]) to put in its descriptor.
comment:13 Changed 3 years ago by
Replying to DJX:
Sorry, thank you.
No problem. Duplicates happen all the time.
Just so you know, we want to implement this enhancement in the next release (0.2.9).
Edit: It was triaged out.
Replying to DJX:
Why would ::1, the /loopback/ address, be used as the wildcard? In6addr_any is a thing, fyi.