[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] WebRTC via Tor

On 06/12/2013 11:29 PM, David Huerta wrote:

> On Mon, Jun 10, 2013 at 11:57 PM, mirimir <mirimir@xxxxxxxxxx> wrote:
>> On 06/10/2013 03:54 PM, Jeffrey Walton wrote:
>>> On Mon, Jun 10, 2013 at 12:56 AM, David Huerta <huertanix@xxxxxxxxxxx>
>> wrote:
>>>> Hash: SHA1
>>>> ... The problem is that
>>>> Twilio WebRTC requires UDP connections over ports 10,000 to 60,000 and
>>>> at least from my research (correct me if I'm wrong), Tor doesn't do
>>>> onion routing for UDP traffic....
>>> UDP does not work on some smart phones because many carriers allow UDP
>>> from the phone (send) but block UDP to the phone (receive). In the US,
>>> you will have probably trouble with Verizon, Sprint, and AT&T (and
>>> likely others).
>> If traffic uses VPN via Tor, the carrier will see only TCP.
> I'm unsure at which points in the connection there should be a VPN; Should
> it basically look like below?
> Alice running Tor --[OpenVPN connection in TCP mode via Tor]--> Machine
> running Tor --[Connection via Tor to Mumble server or some other voice data
> jumping point]--> Bob
> amidoinitrite?

I don't think so.

There needs to be a VPN tunnel wherever Alice wants Tor to carry UDP
traffic. If Alice wants to connect with Bob via an Internet VoIP
service, such as Twilio, she needs to use a third-party VPN service.

It would look like this:

Alice running Tor and OpenVPN --[OpenVPN connection in TCP mode via
Tor]--> VPN server --[Internet]--> VoIP server --[however Bob
connects]--> Bob

The simplest way to route VPNs through Tor is with Whonix. She would
just install OpenVPN on the Whonix workstation, and copy the VPN
service's connection files to /etc/openvpn. At boot, openvpn connects to
the designated VPN server via Tor.

Alice's anonymity with that approach is limited by the money trail to
the VPN service that she's using. Free VPNs wouldn't suffice because of
their throughput limits. Some VPN services accept cash through the mail,
however, and allow connections via Tor.

Alternatively, Alice could (1) run her own OpenVPN server as a Tor
hidden service, and (2) run her own VoIP server that accepts connections
on the VPN. Bob etc would run Whonix with an OpenVPN client, and connect
to Alice's hidden service. That provides Alice with better anonymity,
but it's harder to set up.

tor-talk mailing list