Handle unreachable addresses on v3 single onion services by using a 3 hop path
Here is how we make IPv6 (and other unreachable addresses) work with single-hop client and service connections to intro and rend points. It works for v2 single onion services. We talked about it for v3, but it never made it into the prop224 spec.
Here are the steps:
- The service chooses and connects to the intro point (possibly using a 3-hop path if it is a single onion service and can't reach it directly)
- The service always puts IPv4 and IPv6 in its descriptor link specifiers (if they are available in directory documents)
- If the link specifier has a reachable address, and the service is not a single onion service, a Tor2web client (currently v2 only) can use it to make a direct connection to the intro point
- Otherwise, the client connects over a 3-hop path via one of its reachable entry nodes
The process for client rendezvous is similar, but if the client knows that the service is a single onion service, it must connect to the rend point using a 3-hop path. (Again, this only matters for Tor2web, which is v2 only).
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information