3 "Project-Id-Version: Nos oignons website\n"
4 "POT-Creation-Date: 2020-07-06 12:13+0200\n"
5 "PO-Revision-Date: 2020-07-06 11:59+0200\n"
6 "Last-Translator: Nos oignons <webmaster@nos-oignons.net>\n"
7 "Language-Team: English <webmaster@nos-oignons.net>\n"
10 "Content-Type: text/plain; charset=UTF-8\n"
11 "Content-Transfer-Encoding: 8bit\n"
15 msgid "[[!meta title=\"Tor, IPv6 et prises de tête\"]]\n"
16 msgstr "[[!meta title=\"Tor's IPv6 exit policy idiosyncrasy \"]]\n"
20 msgid "[[!meta date=\"2020-07-06 12:00:00\"]]\n"
21 msgstr "[[!meta date=\"2020-07-06 12:00:00\"]]\n"
25 "Chez nos-oignons, nous faisons tourner [plusieurs relais de sortie tor à "
26 "haute capacité](https://nos-oignons.net/Services/index.fr.html), et comme "
27 "nous sommes en 2020, la plupart ont de l'IPv6. Tout allait bien, jusqu'à ce "
28 "qu'on se penche sur le cas d'[elenagb](https://metrics.torproject.org/rs."
29 "html#details/F47B13BFCE4EF48CDEF6C4D7C7A99208EBB972B5), notre nœud hébergé "
30 "chez [Aquilenet](https://www.aquilenet.fr/), et nommé d'après la professeure "
31 "et écrivaine italienne [Elena Gianini Belotti]( https://fr.wikipedia.org/"
32 "wiki/Elena_Gianini_Belotti ). En effet, le consensus pensait que son *exit "
33 "policy* était `reject *:*`, alors que nous voulions qu'il soit un relai de "
34 "sortie. La seule différence avec nos autre relais était que comme notre "
35 "hébergeur ne nous attribuait pas l'IPv4, nous nous étions mis d'accord pour "
36 "n'avoir que du trafic sortant du réseau tor en IPv6. Il y avait donc, "
37 "quelque part, sûrement, un soucis de configuration. Le `torrc` ressemblait "
38 "à ça. En partant du principe que tout le reste soit correctement configuré "
39 "(`ORPort`, `address`, …), arrivez-vous à débusquer l'erreur?"
41 "At nos-oignons we're running a couple of high-speed [tor exit nodes](https://"
42 "nos-oignons.net/Services/index.fr.html), and since it's 2020, most of them "
43 "have IPv6 addresses.\n"
44 "A particular node, [elenagb](https://metrics.torproject.org/rs.html#details/"
45 "F47B13BFCE4EF48CDEF6C4D7C7A99208EBB972B5), named after the Italian feminist "
46 "writer and teacher [Elena Gianini Belotti](https://it.wikipedia.org/wiki/"
47 "Elena_Gianini_Belotti), hosted by [Aquilenet](https://www.aquilenet.fr/ )was "
48 "doing something odd: the consensus thought that its exit policy was `reject "
49 "*:*`, while we wanted it to be an exit node.\n"
50 "The only major difference with our other servers is that we have some issues "
51 "with IPv4 attribution, we agreed with our hoster to only have IPv6 traffic "
52 "exiting from the tor network. There was likely a configuration issue "
53 "somehow, somewhere.\n"
54 "The torrc files looked like this, assuming that everything else (`ORPort`, "
55 "`address`, …) was correct, can you spot the mistake?"
60 #| "# No exit in ipv4\n"
62 #| "ExitPolicy reject *:*\n"
66 #| "# Reduced exit policy in IPv6\n"
68 #| "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
72 #| "ExitPolicy accept6 *:64738 # Mumble\n"
74 #| "ExitPolicy reject6 *:*\n"
78 "ExitPolicy reject *:*\n"
80 "# Reduced exit policy in IPv6\n"
81 "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
83 "ExitPolicy accept6 *:64738 # Mumble\n"
84 "ExitPolicy reject6 *:*\n"
88 "ExitPolicy reject *:*\n"
92 "# Reduced exit policy in IPv6\n"
94 "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
98 "ExitPolicy accept6 *:64738 # Mumble\n"
100 "ExitPolicy reject6 *:*\n"
105 "L'astuce comme souligné dans le [ticket 16069](https://trac.torproject.org/"
106 "projects/tor/ticket/16069) est que la configuration `reject *:*` rejette "
107 "l'IPv4 **ainsi** que l'IPv6 pour des raisons historiques. À ce sujet, la "
108 "[documentation](https://torproject.org/docs/tor-manual.html.en) indique :"
110 "The trick, as outlined in the [ticket 16069](https://trac.torproject.org/)is "
111 "that reject *:* will reject both IPv6 and IPv4, for legacy reasons.On this "
112 "topic, the [torrc's documentation](https://torproject.org/docs/tor-manual."
113 "html.en) states the following:"
118 "> Les entrées `accept6` et `reject6` affectent seulement les politiques de\n"
119 "sortie Ipv6. Utiliser des IPv4 avec `accept6` et `reject6` sera ignoré et\n"
120 "générera une alerte. Les entrées `accept`/`reject` permettent de prendre en\n"
121 "compte l'IPv4 ainsi que l'IPv6. Utiliser `*4` comme adresse IPv4 générique, et `*6`\n"
122 "comme IPv6 générique. `accept`/`reject *` sont utilisés comme générique\n"
123 "concernant IPv4 et IPv6.\n"
125 "> accept6 and reject6 only produce IPv6 exit policy entries. Using an IPv4\n"
126 "address with accept6 or reject6 is ignored and generates a warning.\n"
127 "accept/reject allows either IPv4 or IPv6 addresses. Use *4 as an IPv4\n"
128 "wildcard address, and *6 as an IPv6 wildcard address.\n"
129 "accept/reject * expands to matching IPv4 and IPv6 wildcard address rules.\n"
132 msgid "La bonne configuration ressemblerait donc plutôt à ceci:"
133 msgstr "So the correct configuration looks like this:"
138 #| "# No exit in ipv4\n"
140 #| "ExitPolicy reject *4:*\n"
144 #| "# Reduced exit policy in IPv6\n"
146 #| "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
148 #| "ExitPolicy accept6 *:43 # WHOIS\n"
152 #| "ExitPolicy accept6 *:64738 # Mumble\n"
154 #| "ExitPolicy accept6 *:64738 # Mumble\n"
156 #| "ExitPolicy reject6 *:*\n"
161 "# No exit in ipv4\n"
162 "ExitPolicy reject *4:*\n"
164 "# Reduced exit policy in IPv6\n"
165 "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
166 "ExitPolicy accept6 *:43 # WHOIS\n"
168 "ExitPolicy accept6 *:64738 # Mumble\n"
169 "ExitPolicy accept6 *:64738 # Mumble\n"
170 "ExitPolicy reject6 *:*\n"
173 "# No exit in ipv4\n"
175 "ExitPolicy reject *4:*\n"
179 "# Reduced exit policy in IPv6\n"
181 "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n"
183 "ExitPolicy accept6 *:43 # WHOIS\n"
187 "ExitPolicy accept6 *:64738 # Mumble\n"
189 "ExitPolicy accept6 *:64738 # Mumble\n"
191 "ExitPolicy reject6 *:*\n"
198 "Une bonne partie de la soirée fût passée à s'user les yeux sur le problème, "
199 "et évidement, aussitôt le mystère résolu, notre hébergeur nous a informé que "
200 "l'IPv4 nous était maintenant correctement attribuée, et qu'elenagb pouvait "
201 "donc avoir du trafic sortant de tor à la fois en IPv4 et en IPv6."
203 "An embarrassingly large portion of the evening was wasted, and of course, as "
204 "soon as the mystery was solved, our beloved hoster told us that they solved "
205 "the attribution issue, and that we're free to use IPv4 as well for the exit "