Version 18 (modified by ln5, 7 years ago) (diff)


"Turns out, 4 billion addresses wasn't enough." -- nickm

The work with adding IPv6 support to Tor follows these phases, roughly the same as outlined in xxx-ipv6-roadmap.txt. This page is meant to function as a status page for each of the phases and of the project as a whole.

There's also information about how to help out with testing.

At the bottom of the page can be found a section with pointers to related resources.

The phases and their status

Clients to private bridges (

Private bridges are bridge relays that don't register with the bridge authority (PublishServerDescriptor 0). Support for running a private bridge with an IPv6 OR port and clients connecting to it was added to tor in (2011-12-08).

This work was tracked in #3563.

Clients to ordinary bridges (,

Ordinary bridges publish their descriptor to the bridge authority. Support for bridge authorities to handle announced IPv6 OR ports and to hand them out were merged to master on 2012-07-19. Planned to be released in tor no later than 2012-09-07.

This work is tracked in #4563.

This code has not been tested thoroughly.

Clients to relays (

Relays that not are bridges publish their descriptor to the directory authoritites. Directory authorities vote on relays and publish a consensus document. Support for relays with an IPv6 OR port and for directory authorities to handle their descriptors, voting on them and publishing a consensus containing IPv6 OR ports has been merged onto master, planned to be released in

This work is tracked in #4564.

This code has not been tested thoroughly but you can help!

Exit relays to IPv6 destinations

Exit relays connect to hosts on internet. The work with connecting to IPv6 addresses on internet has not been started.

Relays to relays

Relays talk to other relays. The work with relays talking to other relays over IPv6 has not been started.

Directory authorities on IPv6

Clients and relays talk to directory authorities. The work with making directory authorities reachable over IPv6 has not been started.

Help testing

If you have the opportunity, please help out testing this.

Please file a bug report in Trac if you find something that doesn't work or seem to be doing the wrong thing.

To test functions in the network that are not yet deployed on the public authoritites there are two options. Either you run your own Tor network or you join our private IPv6 testing network. Note that you'll need both IPv4 and IPv6 connectivity in order to run a relay in the testing network.

Testing clients running with bridges

In order to test a client to connect to a bridge over IPv6, run tor or later. Configure it to use the IPv6 bridge using the Bridge configuration option, like this:

    Bridge [2001:DB8::1]:9050

Testing private bridges

In order to test a private bridge running an OR port on IPv6, run tor or later. Configure it to bind to and announce an IPv6 OR port by using the ORPort configuration option, like this:

    ORPort [2001:DB8::1]:9050

Note that you'll have to have an IPv4 OR port configured as well, or your bridge will bootstrap but leave its clients hanging at 50% (see #4847).

Note also that even with that bug fixed, a bridge will need IPv4 connectivity for talking to other relays. That won't change any time soon.

As long as the bridge authority doesn't handle IPv6 OR ports, your bridge will not be announced anywhere. You'll have to tell your users about your bridge addresses yourself. This is changing mid September when the bridge authority will start handling IPv6 OR ports. You can add the 'NoListen' option to the IPv4 'ORPort' config option in order to announce only your IPv6 OR port.

Testing public bridges

In order to test public bridges, run tor / or later. Set up your own private Tor network (possibly by using Chutney) or test on the private IPv6 testing network.

If you run your own network, configure a bridge authority with

    AuthoritativeDirectory 1
    BridgeAuthoritativeDir 1
    AuthDirHasIPv6Connectivity 1
    AssumeReachable 0

A client in that networks should be able to find a bridge with an IPv6 OR port through the bridge authority.

Testing public relays

The code for public relays is very fresh (read buggy). There's a convenience branch for testers, branch ipv6-testing-network, in Linus' public repo (linus/tor.git). It contains all the changes to the subtasks of project 4564 ready for testing. It can be viewed as a tor-next for IPv6. It should be used for testing public relays.

Set up your own private network (possibly by using Chutney) or test on the private IPv6 testing network.

If you run your own network, set up at least three directory authorities in order to be able to test that voting works as expected:

    AuthoritativeDirectory 1
    V3AuthoritativeDirectory 1
    AuthDirHasIPv6Connectivity 1

Testing clients connecting to public relays

Run branch ipv6-testing-network in Linus' public repo, as described in Testing public relays above.

In order for clients to actually use the IPv6 OR port of a relay it needs to be configured with

    ClientUseIPv6 1

The likelyhood of the client picking the IPv6 OR port over the IPv4 increases if configured with

    ClientPreferIPv6ORPort 1

Related resources