3 "Project-Id-Version: Nos oignons website\n"
4 "POT-Creation-Date: 2020-08-20 18:26+0200\n"
5 "PO-Revision-Date: 2020-07-06 11:59+0200\n"
6 "Last-Translator: Nos oignons <webmaster@nos-oignons.net>\n"
7 "Language-Team: English <webmaster@nos-oignons.net>\n"
10 "Content-Type: text/plain; charset=UTF-8\n"
11 "Content-Transfer-Encoding: 8bit\n"
15 msgid "[[!meta title=\"Tor, IPv6 et prises de tête\"]]\n"
16 msgstr "[[!meta title=\"Tor's IPv6 exit policy idiosyncrasy \"]]\n"
20 msgid "[[!meta date=\"2020-07-06 12:00:00\"]]\n"
21 msgstr "[[!meta date=\"2020-07-06 12:00:00\"]]\n"
25 "Chez nos-oignons, nous faisons tourner [plusieurs relais de sortie tor à "
26 "haute capacité](https://nos-oignons.net/Services/index.fr.html), et comme "
27 "nous sommes en 2020, la plupart ont de l'IPv6. Tout allait bien, jusqu'à ce "
28 "qu'on se penche sur le cas d'[elenagb](https://metrics.torproject.org/rs."
29 "html#details/F47B13BFCE4EF48CDEF6C4D7C7A99208EBB972B5), notre nœud hébergé "
30 "chez [Aquilenet](https://www.aquilenet.fr/), et nommé d'après la professeure "
31 "et écrivaine italienne [Elena Gianini Belotti]( https://fr.wikipedia.org/"
32 "wiki/Elena_Gianini_Belotti ). En effet, le consensus pensait que son *exit "
33 "policy* était `reject *:*`, alors que nous voulions qu'il soit un relai de "
34 "sortie. La seule différence avec nos autre relais était que comme notre "
35 "hébergeur ne nous attribuait pas l'IPv4, nous nous étions mis d'accord pour "
36 "n'avoir que du trafic sortant du réseau tor en IPv6. Il y avait donc, "
37 "quelque part, sûrement, un soucis de configuration. Le `torrc` ressemblait "
38 "à ça. En partant du principe que tout le reste soit correctement configuré "
39 "(`ORPort`, `address`, …), arrivez-vous à débusquer l'erreur?"
41 "At nos-oignons we're running a couple of high-speed [tor exit nodes](https://"
42 "nos-oignons.net/Services/index.fr.html), and since it's 2020, most of them "
43 "have IPv6 addresses.\n"
44 "A particular node, [elenagb](https://metrics.torproject.org/rs.html#details/"
45 "F47B13BFCE4EF48CDEF6C4D7C7A99208EBB972B5), named after the Italian feminist "
46 "writer and teacher [Elena Gianini Belotti](https://it.wikipedia.org/wiki/"
47 "Elena_Gianini_Belotti), hosted by [Aquilenet](https://www.aquilenet.fr/ )was "
48 "doing something odd: the consensus thought that its exit policy was `reject "
49 "*:*`, while we wanted it to be an exit node.\n"
50 "The only major difference with our other servers is that we have some issues "
51 "with IPv4 attribution, we agreed with our hoster to only have IPv6 traffic "
52 "exiting from the tor network. There was likely a configuration issue "
53 "somehow, somewhere.\n"
54 "The torrc files looked like this, assuming that everything else (`ORPort`, "
55 "`address`, …) was correct, can you spot the mistake?"
60 #| "# No exit in ipv4\n"
62 #| "ExitPolicy reject *:*\n"
66 #| "# Reduced exit policy in IPv6\n"
68 #| "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
72 #| "ExitPolicy accept6 *:64738 # Mumble\n"
74 #| "ExitPolicy reject6 *:*\n"
79 "ExitPolicy reject *:*\n"
83 "# Reduced exit policy in IPv6\n"
85 "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
89 "ExitPolicy accept6 *:64738 # Mumble\n"
91 "ExitPolicy reject6 *:*\n"
96 "ExitPolicy reject *:*\n"
100 "# Reduced exit policy in IPv6\n"
102 "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
106 "ExitPolicy accept6 *:64738 # Mumble\n"
108 "ExitPolicy reject6 *:*\n"
113 "L'astuce comme souligné dans le [ticket 16069](https://trac.torproject.org/"
114 "projects/tor/ticket/16069) est que la configuration `reject *:*` rejette "
115 "l'IPv4 **ainsi** que l'IPv6 pour des raisons historiques. À ce sujet, la "
116 "[documentation](https://torproject.org/docs/tor-manual.html.en) indique :"
118 "The trick, as outlined in the [ticket 16069](https://trac.torproject.org/)is "
119 "that reject *:* will reject both IPv6 and IPv4, for legacy reasons.On this "
120 "topic, the [torrc's documentation](https://torproject.org/docs/tor-manual."
121 "html.en) states the following:"
126 "> Les entrées `accept6` et `reject6` affectent seulement les politiques de\n"
127 "sortie Ipv6. Utiliser des IPv4 avec `accept6` et `reject6` sera ignoré et\n"
128 "générera une alerte. Les entrées `accept`/`reject` permettent de prendre en\n"
129 "compte l'IPv4 ainsi que l'IPv6. Utiliser `*4` comme adresse IPv4 générique, et `*6`\n"
130 "comme IPv6 générique. `accept`/`reject *` sont utilisés comme générique\n"
131 "concernant IPv4 et IPv6.\n"
133 "> accept6 and reject6 only produce IPv6 exit policy entries. Using an IPv4\n"
134 "address with accept6 or reject6 is ignored and generates a warning.\n"
135 "accept/reject allows either IPv4 or IPv6 addresses. Use *4 as an IPv4\n"
136 "wildcard address, and *6 as an IPv6 wildcard address.\n"
137 "accept/reject * expands to matching IPv4 and IPv6 wildcard address rules.\n"
140 msgid "La bonne configuration ressemblerait donc plutôt à ceci:"
141 msgstr "So the correct configuration looks like this:"
146 #| "# No exit in ipv4\n"
148 #| "ExitPolicy reject *4:*\n"
152 #| "# Reduced exit policy in IPv6\n"
154 #| "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
156 #| "ExitPolicy accept6 *:43 # WHOIS\n"
160 #| "ExitPolicy accept6 *:64738 # Mumble\n"
162 #| "ExitPolicy accept6 *:64738 # Mumble\n"
164 #| "ExitPolicy reject6 *:*\n"
169 "# No exit in ipv4\n"
171 "ExitPolicy reject *4:*\n"
175 "# Reduced exit policy in IPv6\n"
177 "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
179 "ExitPolicy accept6 *:43 # WHOIS\n"
183 "ExitPolicy accept6 *:64738 # Mumble\n"
185 "ExitPolicy accept6 *:64738 # Mumble\n"
187 "ExitPolicy reject6 *:*\n"
192 "# No exit in ipv4\n"
194 "ExitPolicy reject *4:*\n"
198 "# Reduced exit policy in IPv6\n"
200 "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
202 "ExitPolicy accept6 *:43 # WHOIS\n"
206 "ExitPolicy accept6 *:64738 # Mumble\n"
208 "ExitPolicy accept6 *:64738 # Mumble\n"
210 "ExitPolicy reject6 *:*\n"
217 "Une bonne partie de la soirée fût passée à s'user les yeux sur le problème, "
218 "et évidement, aussitôt le mystère résolu, notre hébergeur nous a informé que "
219 "l'IPv4 nous était maintenant correctement attribuée, et qu'elenagb pouvait "
220 "donc avoir du trafic sortant de tor à la fois en IPv4 et en IPv6."
222 "An embarrassingly large portion of the evening was wasted, and of course, as "
223 "soon as the mystery was solved, our beloved hoster told us that they solved "
224 "the attribution issue, and that we're free to use IPv4 as well for the exit "