[tor-relays] Ops request: Deploy OpenVPN terminators

Bogglesnatch Candycrush bogglesnatch at yahoo.com
Mon Jun 16 16:59:55 UTC 2014





On Monday, June 16, 2014 2:29 AM, grarpamp <grarpamp at gmail.com> wrote:
 
> No, it does not break any anonymity. And it doesn't matter what
>> OpvenVPN sends because it all happens over the users already secured
>> Tor circuit '--'. You just don't understand the model. Here it is
>> again. '<>' is a single computer, there are two computers pictured.
>> Packets travel through the listed processes and computers from left
>> to right. '++' is the usual clearnet beyond the exit box.
>
>
>> A)
>> <user - ovpncli - torcli> -- <tor_exit_relay_or_ip - ovpn_term_ip> ++ world


It seems to me in this case the OpenVPN endpoint would know who the user is, based on their OpenVPN client certificate or shared secret.  Even absent those, they might be able to do packet fingerprinting, since the packets won't be scrubbed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140616/b3980bc3/attachment.html>


More information about the tor-relays mailing list