[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Fwd: [tor-relays] Ops request: Deploy OpenVPN terminators



On 05/14/2014 09:07 PM, grarpamp wrote:
>> On Tue, May 13, 2014 at 5:48 PM, Jeroen Massar <jeroen@xxxxxxxxx> wrote:

<SNIP>

>> <user - ovpn - torcli> -- <exit torrelay or_ip - localhost - ovpn_ip> -- world
> 
>> That "ovpn" part on the left is easily detected by any party in the
>> middle doing
> 
> No. Understand the diagram. It is not detectable by anyone
> between torcli and torrelay, because that is just normal
> tor.
> 
>> Note that you are running IP over TCP over Tor (which is over TCP).
> 
> Of course. Unless of course, as suggested before, some operators
> choose the method of binding/routing their exit over an ip different
> from their OR_IP, then it would just be native tor and native TCP.
> 
>> The performance of that will be very bad. Tor network is already
>> overloaded enough as it is.
> 
> No it won't, I've tested it, it works just fine. The only issue is the
> exit ip may change. So the exit operator is expected to block
> access to ovpn_ip from anything other than their associated or_ip,
> and the user is expected to config their client to use only the
> associated exit per whatever 'world' usage session they have in
> mind. It's not supposed to be point-click easy, only possible.

That's a very cool idea :) Using $5/mo VPS, there could be a large pool
of exit IPs for each Tor exit.

<SNIP>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk