IPv6 with dynamic prefix behind NAT

The Tor developers should check if this is a currently unsupported functionality or a bug.

Hello @Dosee, it seems a bug. I created a ticket for this issue. Meanwhile, you can disable your relay IPv6.


Thank you very much

Same problem here behind my AVM Fritzboxq

Nov 25 13:57:23 xxx Tor[2369]: Auto-discovered IPv6 address [2003:xx:270a:e300:xx37:2622:a0d9:xxx]:9852 has not been found reachable. However, IPv4 address is reachable. Publishing server descriptor without IPv6 address. [2 similar message(s) suppressed in last 2400 seconds]

is there already a solution?

Thanks and greetings from Bavaria

No, you can disable IPv6 for now.


You actually can run a relay with a dynamic IPv6 prefix. I do it with CenturyLink GPON 6rd:

However, you need to do one of the following:

  1. Allow incoming connections to your relay ORPort in your router
  2. Use a static, non-privacy extensions SLAAC, and open up the suffix

Point 1 is likely easier and will work with most firewalls.

Point 2 can be done on Linux-based firewalls like OpenWrt and VyOS and many consumer-level routers, but not BSD-based firewalls like pfSense and OPNsense. Commercial routers may vary, I believe MikroTik and Ubiquiti do allow IPv6 suffix, but maybe not Juniper or Cisco.

If your router is using Point 2, FreeBSD has static SLAAC by default but Linux/OpenBSD/Windows use privacy extensions so in the very likely latter case, disable privacy extensions.

1 Like

My ipv6 suffix is generated using the EUI64 method (based on MAC address), but the relay is still going offline whenever the ISP sends me a new prefix. Shouldn’t this be working then? Or maybe I misunderstand what point 2 is about.

My router runs OpenWrt, by the way.

I assume your ISP uses DHCP and DHCPv6-PD looking at your message. I use PPPoE with 6rd so my experience is different.

Assuming you aren’t running a relay on Windows, one thing you could do is make a cron script (Linux/BSD/Mac) or systemd timer (Linux-only) that checks if the IPv6 has changed, and if so, restarts Tor.

I can’t code one up, sorry. If you were to code one up, make sure it runs every minute, but not so frequent or so infrequent (to avoid downtime).

1 Like

I’m not sure how it works on the ISP side, but my router is using SLAAC, definitely not DHCPv6. I also connect via PPPoE.

Sorry for the late reply.

I don’t know if “router” means Tor relay or your NAT/PPP router, so I am assuming your Tor router uses SLAAC.

Your PPPoE session, usually a Wi-Fi router, ISP gateway, pfSense or Ubiquiti box uses DHCPv6-PD on top of the PPPoE session to assign a prefix to your LAN, which in turns assigns the SLAAC to your Tor server.

Some ISPs such as CenturyLink use 6rd instead of DHCPv6-PD on top of PPPoE.

Are you worried that your IPv6 prefix changes so often? If so, a Hurricane Electric IPv6 tunnel is a good choice for your relay while you use your ISP IPv6 for everything else.

The OpenWrt wifi router (which makes the PPPoE call) has these options set:

dhcp.lan.ra_flags='managed-config' 'other-config'

That’s what I meant.

sorry that I’m answering so late. My now working solution is to use a script in combination with ddclient. Every time the ddclient detects a change of the ipv6 it automatically restarts the tor service. that is atm a working solution for me. the downsite is, that my relay has a much shorter uptime.