On 10/06/2013 10:32 AM, mick wrote: > On Sun, 06 Oct 2013 02:36:20 +0000 > mirimir <[email protected]> allegedly wrote: >> >> Still, if one uses nested VPN tunnels from multiple providers in >> suitably chosen spheres of influence, it will be nontrivial for >> adversaries to install enough taps. Going through China, for example, >> would be a serious roadblock for US-aligned TLAs. Even with four >> nested VPN tunnels, latency and bandwidth are far better than using >> Tor. >> >> Finally, it's not either/or. It's easy to include Tor in nested VPN >> configurations. Latency is typically over two seconds, but bandwidth >> is adequate, especially for UDP traffic. >> > Forgive me, I'm not sure I understand this. Could you elaborate please > on the nesting of the VPN tunnels with Tor? Since Tor does not > (currently) support UDP, what architectural model do you have in mind? > (e.g. openVPN tunnelled through openVPN to a Tor guard entry?)
Yes, Tor supports only TCP. But OpenVPN can optionally use TCP, and once the VPN tunnel is established, it supports both TCP and UDP traffic. It's easy to tunnel a VPN through Tor using Whonix in VirtualBox. First get a free SecurityKISS account. Then install network-manager-openvpn on the Whonix workstation, and configure Network Manager for SecurityKISS in TCP mode. By default, Whonix will use the transproxy port for OpenVPN. Once the VPN tunnel is up, you can use both TCP and UDP with remote sites. However, you can't access hidden services, for obvious reasons. You can also run an OpenVPN server in TCP mode as a Tor hidden service. You install the server on the Whonix workstation, and configure torrc on the Whonix gateway. Alternatively, you can use ra's Tor gateway, which is an OpenWRT VM with a Tor client and DHCP server, plus a Debian VM for the OpenVPN server. More generally, you can use multiple pfSense router/firewall VMs as clients for various VPN providers, and OpenWRT Tor gateway VMs. Internet traffic routing reflects the local routing of gateway VMs. > Mick > --------------------------------------------------------------------- > > Mick Morgan > gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 > http://baldric.net > > --------------------------------------------------------------------- > -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
