On Fri, Oct 24, 2014 at 1:35 AM, Nathan Freitas <[email protected]> wrote: > Is there any reason we shouldn't consider supporting UDP over Tor with > Orbot, by tunneling the packets using the combination of badvpn's > tun2socks and udpgw ("udp gateway") feature?
There's no reason raw IP itself (any/none of its numbered protocols) shouldn't / couldn't be transported over Tor using OpnVPN (at least until Tor itself is extended as such). > This has come up as we are > implementing the Android VPNService, and discovered how easy to > implement and well performing the badvpn UDP tunneling capability is. > This means we can support SIP calling over Tor, video conference and > streaming, among other applications... > https://code.google.com/p/badvpn/ > https://code.google.com/p/badvpn/wiki/tun2socks > https://github.com/ambrop72/badvpn ... Not necessarily, unless you're statically mapping all the people (IP's) you want to communicate with beforehand, (which you can't with random unknown participants ie: Bittorrent, or people on dynamic or mobile), you're currently constrained by address collisions: - Trying to pack the entire IPv4 address space you might want to 'call' into your tiny 10.0.0.0/24 adapter space. Same for put entire IPv6 space into your private IPv6/48 adapter space. - Similarly what you're going to do when Tor moves to wider than 80bit onion addressing which currently fits nicely into a private IPv6/48. (Need a secure IPv6<->onion address mapping layer pushed into a DHT/blockchain or just resorting to trusting some volunteer run in-net lookup service.) edit: Just noticed badvpn's mention of pushing a *VM* on a 10 address through socks with this, at least for TCP, which is simpler. As opposed to pushing any app on the raw iron through a *VPN* which could be constrained as above. Left this anyway for thought in related things. > It does mean that someone would have to operate the > gateway/infrastructure portion of udpgw at a capacity necessary to > handle all udp streaming traffic sent for all Orbot users, but I would > consider that to be feasible. Perhaps udpgw instances can be run along > side all Tor exit nodes? Read below thread flowing on both tor-talk and tor-relays, flows over May and June, with better specification/answers in later posts. https://lists.torproject.org/pipermail/tor-relays/2014-May/004516.html Subject: Ops request: Deploy OpenVPN terminators -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
