Using Tor over IPv6 to bypass locks

Speeches about the need to introduce IPv6 have been going on for a long time ( IPv6 is a more progressive version of IP protocol that can provide more than 300 million IP addresses per inhabitant of the Earth).

The main argument is usually the exhaustion of the available "white" IP addresses , which the average user most often does not care.
Recently, however, blocking sites have become an actual problem for many, and, under the slogan of the fight against drugs and CP, opposition sites or resources expressing alternative points of view on historical events are being blocked.

The current legislation of the Russian Federation and the Republic of Belarus does not impose penalties for obtaining access to blocked resources, therefore many citizens who consider themselves entitled to choose pulp fiction independently bypass the blocking of sites by providers.

To begin with, some of the blocked resources themselves provide access over IPv6 . If your provider does not provide IPv6 capabilities, you can configure an IPv4-IPv6 tunnel using a tunnel broker , various tunnel services, Teredo (for Windows) or Miredo (for Linux) (however, I will briefly write about Miredo in this article) .
')
Many blocked resources allow access only over IPv4, and bypassing their locks is often done using the Tor Browser. However, Tor is also starting to block , so I want to suggest a method for working with Tor via IPv6 .

As you already understood, we need an IPv4-IPv6 tunnel. Let me tell you what to do, using Ubuntu as an example.

Install Miredo:

sudo apt install miredo 

Check performance:

 $ ping6 ipv6.google.com PING ipv6.google.com(waw02s08-in-x0e.1e100.net) 56 data bytes 64 bytes from waw02s08-in-x0e.1e100.net: icmp_seq=1 ttl=56 time=352 ms 64 bytes from waw02s08-in-x0e.1e100.net: icmp_seq=2 ttl=56 time=111 ms 64 bytes from waw02s08-in-x0e.1e100.net: icmp_seq=3 ttl=56 time=123 ms 64 bytes from waw02s08-in-x0e.1e100.net: icmp_seq=4 ttl=56 time=113 ms 64 bytes from waw02s08-in-x0e.1e100.net: icmp_seq=5 ttl=56 time=150 ms ^C --- ipv6.google.com ping statistics --- 6 packets transmitted, 5 received, 16% packet loss, time 5007ms rtt min/avg/max/mdev = 111.319/170.281/352.361/92.092 ms 

Now we can work with IPv6! Simple, isn't it? It remains a small step to configure Tor. If you are using Tor Browser, you need to go to the / path / to / tor / tor-browser_en-US / Browser / TorBrowser / Data / Tor / subdirectory and edit the torrc file.

Feel free to delete the entire contents of the config and insert a single line there:

 ClientUseIPv4 0 

The rest of the contents of the Tor configuration at startup will complement independently. The setting we made will prevent Tor from connecting to IPv4 addresses that may be blocked by your provider. It is worth noting here that in the future IPv6 addresses can also be blocked , but at the moment neither in Russia nor in Belarus this happens .

If you are using the installed Tor package for Linux, bring your / etc / tor / torrc config to something like this:

 ClientUseIPv4 0 SocksPort 9050 Exitpolicy reject *:* ExitPolicy reject6 *:* ExtORPort auto ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed 

Note that with IPv6, you can still obfuscate traffic.

How will Tor work with our settings? The first of the three nodes in the Tor chain will be an IPv6-supporting node, access to which is not blocked. The output will remain an IPv4 node.

It should be noted that only relatively newer versions of Tor (older than 0.2.3.9-alpha) support IPv6. Interestingly, my tor installed on the system via IPv6 connects much faster than the Portable Tor Bundle.

If you want your node to work via IPv6, use this instruction .

There are not many bridges working over IPv6, by the way. Unpublished bridges that support IPv6, I could not find at all through bridges.torproject.org .


PS I want to say a special thank you to ValdikSS for promoting IPv6 on Habré and Hiktimes.