[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] using UDPGW and tun2socks over Tor
On Fri, Oct 24, 2014 at 1:35 AM, Nathan Freitas <nathan@xxxxxxxxxxx> wrote:
> Is there any reason we shouldn't consider supporting UDP over Tor with
> Orbot, by tunneling the packets using the combination of badvpn's
> tun2socks and udpgw ("udp gateway") feature?
There's no reason raw IP itself (any/none of its numbered protocols)
shouldn't / couldn't be transported over Tor using OpnVPN (at least
until Tor itself is extended as such).
> This has come up as we are
> implementing the Android VPNService, and discovered how easy to
> implement and well performing the badvpn UDP tunneling capability is.
> This means we can support SIP calling over Tor, video conference and
> streaming, among other applications...
... Not necessarily, unless you're statically mapping all the people
(IP's) you want to communicate with beforehand, (which you can't with
random unknown participants ie: Bittorrent, or people on dynamic or
mobile), you're currently constrained by address collisions:
- Trying to pack the entire IPv4 address space you might want to
'call' into your tiny 10.0.0.0/24 adapter space. Same for put entire IPv6
space into your private IPv6/48 adapter space.
- Similarly what you're going to do when Tor moves to wider than
80bit onion addressing which currently fits nicely into a private IPv6/48.
(Need a secure IPv6<->onion address mapping layer pushed into a
DHT/blockchain or just resorting to trusting some volunteer run in-net
edit: Just noticed badvpn's mention of pushing a *VM* on a 10 address
through socks with this, at least for TCP, which is simpler. As opposed
to pushing any app on the raw iron through a *VPN* which could be
constrained as above. Left this anyway for thought in related things.
> It does mean that someone would have to operate the
> gateway/infrastructure portion of udpgw at a capacity necessary to
> handle all udp streaming traffic sent for all Orbot users, but I would
> consider that to be feasible. Perhaps udpgw instances can be run along
> side all Tor exit nodes?
Read below thread flowing on both tor-talk and tor-relays, flows over
May and June, with better specification/answers in later posts.
Subject: Ops request: Deploy OpenVPN terminators
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to