[tor-talk] Emulating a VPN service with Tor

[grarpamp]

>>        Tor2webMode 0|1
>>            When this option is set, Tor connects to hidden services
>>            non-anonymously. This option also disables client connections to
>>            non-hidden-service hostnames through Tor. It must only be used when
>>            running a tor2web Hidden Service web proxy. To enable this option
>>            the compile time flag --enable-tor2webmode must be specified.
>>            (Default: 0)

>> I'll look in torspec to see if it says anything about
>> what this actually does.
> It throw away the first 3 hop of "client side" of  a connection to a Tor
> Hidden Service, de-facto removing the "client anonymity" protection when
> connecting to a Tor Hidden Service considering that the RP would be able
> to know "who the client is".

> From a performance perspective in such particular use case, it would be
> very nice if someone would make a patch to make possible also the
> opposite: Allowing a Tor Hidden Service to throw away the "server side"
> 3 hop.

I think this would require signature of the client on a configuration
message to the server, and the server must authorize that signature
first. And to have a signed encryption channel. Otherwise all sorts
of imposters could do bad things to the lengths.

Of course I would prefer this general solution case, as opposed to
running another Tor instance just for this configuration of a private
local onion.

There is probably some good utility in being able to set up two levels
of VPN depth per your needs (4 and 2 hop):
client node node node HS
client node HS

Both I2P and Phantom allow control over the paths you own.
But I don't believe anyone has yet thought of that you might own
both ends and want this kind of depth selection and authorization.

We can see interactive performance with SSH with the
standard Tor 4 hops to clearnet. And is usually not too nice.

I hope to test some clearnet 2 hop VPN service with double
encryption to feel that part.