to list, not me.
---------- Forwarded message ---------- From: Mirimir mirimir@riseup.net Date: Wed, May 14, 2014 at 11:58 PM Subject: Re: [tor-talk] Fwd: [tor-relays] Ops request: Deploy OpenVPN terminators
On 05/14/2014 09:07 PM, grarpamp wrote:
On Tue, May 13, 2014 at 5:48 PM, Jeroen Massar jeroen@massar.ch wrote:
<SNIP>
<user - ovpn - torcli> -- <exit torrelay or_ip - localhost - ovpn_ip> -- world
That "ovpn" part on the left is easily detected by any party in the middle doing
No. Understand the diagram. It is not detectable by anyone between torcli and torrelay, because that is just normal tor.
Note that you are running IP over TCP over Tor (which is over TCP).
Of course. Unless of course, as suggested before, some operators choose the method of binding/routing their exit over an ip different from their OR_IP, then it would just be native tor and native TCP.
The performance of that will be very bad. Tor network is already overloaded enough as it is.
No it won't, I've tested it, it works just fine. The only issue is the exit ip may change. So the exit operator is expected to block access to ovpn_ip from anything other than their associated or_ip, and the user is expected to config their client to use only the associated exit per whatever 'world' usage session they have in mind. It's not supposed to be point-click easy, only possible.
That's a very cool idea :) Using $5/mo VPS, there could be a large pool of exit IPs for each Tor exit.
<SNIP> ----------