torouter IPv6 support
This is a placeholder/discussion ticket for IPv6 support with torouter. IPv6 support is not a blocker or high priority at this time, and there is some concern about trusting "new" IPv6 daemons and code paths (citation needed!).
One way way IPv6 would work is that "downstream" devices connecting to the torouter (over the open wifi network or the local ethernet port) would auto-configure addresses from a site-local prefix (not globaly routed) and the torouter (via tsocks) would effectively provide NAT. With this scheme it would be possible to enable "downstream" IPv6 connectivity without proper "upstream" support (or vica versa).
"Upstream" IPv6 would require at least:
- tor network and daemon support (roadmap)
- ntp client support
- automatic SLAAC/DHCPv6 configuration
Presumably SLAAC would use a randomized address (not based on the ethernet MAC address). Bootstrap upstream DNS could go straight to global DNS servers known to return both AAAA records and reply to requests over IPv6.
"Downstream" IPv6 would require at least:
- a (hardened?) radvd
- IPv6 configuration and support of the onboard recursive DNS servers (ttdnsd, unbound, dnsmasq)
- support in tsocks
- appropriate firewall rules
- extension of the web interface to display and configure IPv6 options
In either case, kernel and iptable support would need to be enabled and the web interface extended to display and configure IPv6 options.