On 2014-05-14 03:58, grarpamp wrote:
On Tue, May 13, 2014 at 8:40 PM, Andy Isaacson adi@hexapodia.org wrote:
Anecdotally, the GFW blocks OpenVPN endpoints as well.
You need to specify context... access *to* ovpn nodes?, which is moot because that is not the deployment specified here in diagram...
That was not the setup you described originally. The diagram that you included makes your intentions much clearer.
Please note that you are not solving anything for most Tor users. They get blocked from _accessing_ the Tor network, not from getting out of it.
[..]
It's about enabling quite some other users other means to get around silly ip based blocklists derived from the consensus, the tor dns query thing, or poor management models by the site the user wishes to access, etc.
As I noted, 'getting out', or better 'who allows Tor nodes to connect to their sites' is a decision to be made by those operators.
Trying to circumvent that will just cause more blockage there, noting it is much easier to do so for such an operator and in their full right (if you like it or not).
We provide tor exits
Who is "we" here? I am fairly confident you do not speak for any kind of majority of exit node operators. Note that most exit nodes have a port and network blocks themselves to avoid them from being abused.
exact so users can get around stuff
What site is it again that you are trying to circumvent?
Did you list it on: https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlocking...
or is it some private thing you are banned from?
so adding in an ovpn on a spare ip is no philosophical difference there.
There is a HUGE difference. As noted above, most exits have a block list for address space and ports. You would have to do the same for openvpn, next to that, as that is not integrated into Tor, tor cannot make a decision about when something is being blocked and thus chose another 'exit'.
Yes, it is a fuck you to old way of playing nice by saying "here's all our public nodes, block us",
You clearly do not understand why the DNSEL is published. Please read up on it.
and it might cost $few more a month for the ip, and eat some cpu on localhost, but that's about it. If it helps some users it's worth doing, to each operators own desire.
OpenVPN, especially in crypted mode, requires quite a lot more CPU power on the nodes running OpenVPN node.
Next to that, due to the overhead of IP over OpenVPN-TCP which then goes over Tor, your performance will be really bad.
You do not need OpenVPN to solve a 'different exit than published', the exit operator can just randomly forward/NAT outbound packets over different IPs.
Same goes for binding/routing your tor exit out a different ip than your OR ip. Except that using OpenVPN can permit other protocols for help of user than only TCP.
Which is likely the real requirement you have. Do you want to do gaming, or is it torrenting you want to do? Or... even worse: the ability to send raw packets?
Greets, Jeroen