msgid "" msgstr "" "Project-Id-Version: Nos oignons website\n" "POT-Creation-Date: 2020-08-20 18:26+0200\n" "PO-Revision-Date: 2020-07-06 11:59+0200\n" "Last-Translator: Nos oignons \n" "Language-Team: English \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Plain text #, no-wrap msgid "[[!meta title=\"Tor, IPv6 et prises de tête\"]]\n" msgstr "[[!meta title=\"Tor's IPv6 exit policy idiosyncrasy \"]]\n" #. type: Plain text #, no-wrap msgid "[[!meta date=\"2020-07-06 12:00:00\"]]\n" msgstr "[[!meta date=\"2020-07-06 12:00:00\"]]\n" #. type: Plain text msgid "" "Chez nos-oignons, nous faisons tourner [plusieurs relais de sortie tor à " "haute capacité](https://nos-oignons.net/Services/index.fr.html), et comme " "nous sommes en 2020, la plupart ont de l'IPv6. Tout allait bien, jusqu'à ce " "qu'on se penche sur le cas d'[elenagb](https://metrics.torproject.org/rs." "html#details/F47B13BFCE4EF48CDEF6C4D7C7A99208EBB972B5), notre nœud hébergé " "chez [Aquilenet](https://www.aquilenet.fr/), et nommé d'après la professeure " "et écrivaine italienne [Elena Gianini Belotti]( https://fr.wikipedia.org/" "wiki/Elena_Gianini_Belotti ). En effet, le consensus pensait que son *exit " "policy* était `reject *:*`, alors que nous voulions qu'il soit un relai de " "sortie. La seule différence avec nos autre relais était que comme notre " "hébergeur ne nous attribuait pas l'IPv4, nous nous étions mis d'accord pour " "n'avoir que du trafic sortant du réseau tor en IPv6. Il y avait donc, " "quelque part, sûrement, un soucis de configuration. Le `torrc` ressemblait " "à ça. En partant du principe que tout le reste soit correctement configuré " "(`ORPort`, `address`, …), arrivez-vous à débusquer l'erreur?" msgstr "" "At nos-oignons we're running a couple of high-speed [tor exit nodes](https://" "nos-oignons.net/Services/index.fr.html), and since it's 2020, most of them " "have IPv6 addresses.\n" "A particular node, [elenagb](https://metrics.torproject.org/rs.html#details/" "F47B13BFCE4EF48CDEF6C4D7C7A99208EBB972B5), named after the Italian feminist " "writer and teacher [Elena Gianini Belotti](https://it.wikipedia.org/wiki/" "Elena_Gianini_Belotti), hosted by [Aquilenet](https://www.aquilenet.fr/ )was " "doing something odd: the consensus thought that its exit policy was `reject " "*:*`, while we wanted it to be an exit node.\n" "The only major difference with our other servers is that we have some issues " "with IPv4 attribution, we agreed with our hoster to only have IPv6 traffic " "exiting from the tor network. There was likely a configuration issue " "somehow, somewhere.\n" "The torrc files looked like this, assuming that everything else (`ORPort`, " "`address`, …) was correct, can you spot the mistake?" #. type: Plain text #, fuzzy, no-wrap #| msgid "" #| "# No exit in ipv4\n" #| "\n" #| "ExitPolicy reject *:*\n" #| "\n" #| "\n" #| "\n" #| "# Reduced exit policy in IPv6\n" #| "\n" #| "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n" #| "\n" #| "…\n" #| "\n" #| "ExitPolicy accept6 *:64738 # Mumble\n" #| "\n" #| "ExitPolicy reject6 *:*\n" #| "\n" msgid "" "# No exit in ipv4\n" "\n" "ExitPolicy reject *:*\n" "\n" "\n" "\n" "# Reduced exit policy in IPv6\n" "\n" "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n" "\n" "…\n" "\n" "ExitPolicy accept6 *:64738 # Mumble\n" "\n" "ExitPolicy reject6 *:*\n" "\n" msgstr "" "# No exit in ipv4\n" "\n" "ExitPolicy reject *:*\n" "\n" "\n" "\n" "# Reduced exit policy in IPv6\n" "\n" "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n" "\n" "…\n" "\n" "ExitPolicy accept6 *:64738 # Mumble\n" "\n" "ExitPolicy reject6 *:*\n" "\n" #. type: Plain text msgid "" "L'astuce comme souligné dans le [ticket 16069](https://trac.torproject.org/" "projects/tor/ticket/16069) est que la configuration `reject *:*` rejette " "l'IPv4 **ainsi** que l'IPv6 pour des raisons historiques. À ce sujet, la " "[documentation](https://torproject.org/docs/tor-manual.html.en) indique :" msgstr "" "The trick, as outlined in the [ticket 16069](https://trac.torproject.org/)is " "that reject *:* will reject both IPv6 and IPv4, for legacy reasons.On this " "topic, the [torrc's documentation](https://torproject.org/docs/tor-manual." "html.en) states the following:" #. type: Plain text #, no-wrap msgid "" "> Les entrées `accept6` et `reject6` affectent seulement les politiques de\n" "sortie Ipv6. Utiliser des IPv4 avec `accept6` et `reject6` sera ignoré et\n" "générera une alerte. Les entrées `accept`/`reject` permettent de prendre en\n" "compte l'IPv4 ainsi que l'IPv6. Utiliser `*4` comme adresse IPv4 générique, et `*6`\n" "comme IPv6 générique. `accept`/`reject *` sont utilisés comme générique\n" "concernant IPv4 et IPv6.\n" msgstr "" "> accept6 and reject6 only produce IPv6 exit policy entries. Using an IPv4\n" "address with accept6 or reject6 is ignored and generates a warning.\n" "accept/reject allows either IPv4 or IPv6 addresses. Use *4 as an IPv4\n" "wildcard address, and *6 as an IPv6 wildcard address.\n" "accept/reject * expands to matching IPv4 and IPv6 wildcard address rules.\n" #. type: Plain text msgid "La bonne configuration ressemblerait donc plutôt à ceci:" msgstr "So the correct configuration looks like this:" #. type: Plain text #, fuzzy, no-wrap #| msgid "" #| "# No exit in ipv4\n" #| "\n" #| "ExitPolicy reject *4:*\n" #| "\n" #| "\n" #| "\n" #| "# Reduced exit policy in IPv6\n" #| "\n" #| "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n" #| "\n" #| "ExitPolicy accept6 *:43 # WHOIS\n" #| "\n" #| "…\n" #| "\n" #| "ExitPolicy accept6 *:64738 # Mumble\n" #| "\n" #| "ExitPolicy accept6 *:64738 # Mumble\n" #| "\n" #| "ExitPolicy reject6 *:*\n" #| "\n" #| "\n" #| "\n" msgid "" "# No exit in ipv4\n" "\n" "ExitPolicy reject *4:*\n" "\n" "\n" "\n" "# Reduced exit policy in IPv6\n" "\n" "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n" "\n" "ExitPolicy accept6 *:43 # WHOIS\n" "\n" "…\n" "\n" "ExitPolicy accept6 *:64738 # Mumble\n" "\n" "ExitPolicy accept6 *:64738 # Mumble\n" "\n" "ExitPolicy reject6 *:*\n" "\n" "\n" "\n" msgstr "" "# No exit in ipv4\n" "\n" "ExitPolicy reject *4:*\n" "\n" "\n" "\n" "# Reduced exit policy in IPv6\n" "\n" "ExitPolicy accept6 *:20-23 # FTP, SSH, telnet\n" "\n" "ExitPolicy accept6 *:43 # WHOIS\n" "\n" "…\n" "\n" "ExitPolicy accept6 *:64738 # Mumble\n" "\n" "ExitPolicy accept6 *:64738 # Mumble\n" "\n" "ExitPolicy reject6 *:*\n" "\n" "\n" "\n" #. type: Plain text msgid "" "Une bonne partie de la soirée fût passée à s'user les yeux sur le problème, " "et évidement, aussitôt le mystère résolu, notre hébergeur nous a informé que " "l'IPv4 nous était maintenant correctement attribuée, et qu'elenagb pouvait " "donc avoir du trafic sortant de tor à la fois en IPv4 et en IPv6." msgstr "" "An embarrassingly large portion of the evening was wasted, and of course, as " "soon as the mystery was solved, our beloved hoster told us that they solved " "the attribution issue, and that we're free to use IPv4 as well for the exit " "traffic."