[tor-relays] Fwd: [tor-talk] Fwd: Ops request: Deploy OpenVPN terminators

[grarpamp]

to list, not me.

---------- Forwarded message ----------
From: Mirimir <mirimir at riseup.net>
Date: Wed, May 14, 2014 at 11:58 PM
Subject: Re: [tor-talk] Fwd: [tor-relays] Ops request: Deploy OpenVPN
terminators

On 05/14/2014 09:07 PM, grarpamp wrote:
>> On Tue, May 13, 2014 at 5:48 PM, Jeroen Massar <jeroen at massar.ch> wrote:

<SNIP>

>> <user - ovpn - torcli> -- <exit torrelay or_ip - localhost - ovpn_ip> -- world
>
>> That "ovpn" part on the left is easily detected by any party in the
>> middle doing
>
> No. Understand the diagram. It is not detectable by anyone
> between torcli and torrelay, because that is just normal
> tor.
>
>> Note that you are running IP over TCP over Tor (which is over TCP).
>
> Of course. Unless of course, as suggested before, some operators
> choose the method of binding/routing their exit over an ip different
> from their OR_IP, then it would just be native tor and native TCP.
>
>> The performance of that will be very bad. Tor network is already
>> overloaded enough as it is.
>
> No it won't, I've tested it, it works just fine. The only issue is the
> exit ip may change. So the exit operator is expected to block
> access to ovpn_ip from anything other than their associated or_ip,
> and the user is expected to config their client to use only the
> associated exit per whatever 'world' usage session they have in
> mind. It's not supposed to be point-click easy, only possible.

That's a very cool idea :) Using $5/mo VPS, there could be a large pool
of exit IPs for each Tor exit.

<SNIP>
----------