Opened 13 months ago

Last modified 13 months ago

#32091 new enhancement

optional TUN interface to tor for mobile

Reported by: eighthave Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: Android, iOS, tbb-mobile, orbot, vpn
Cc: n8fr8, mtigas, tla Actual Points:
Parent ID: Points: 10+
Reviewer: Sponsor:


Orbot uses tun2socks to connect the Android VPN interface to the tor SOCKS port. iCepa/OnionBrowser on iOS uses tun2tor for a similar setup. Both of these approaches have issues since they involve setting up network sockets. Since both Android and iOS now both load tor as a shared library, the best possible interface would be for the tor shared library to directly provide the TUN interface on both platforms. It could be an optional feature like the HTTP CONNECT feature.

Child Tickets

Change History (6)

comment:1 Changed 13 months ago by eighthave

Type: defectenhancement

comment:2 Changed 13 months ago by tla

+1 from me.

tun2tor is needed in "Network Extensions", which are running in the background and provide so-called "VPN" functionality.

From the iOS side, we have a lot of trouble making it work. tun2tor is not stable and would need a lot of work to become so. If we could just ditch that, that would be wonderful.

Since we have the issue of iOS failing open on crashed network extensions (i.e. it immediately repeats requests over the normal network interface, when network extensions crash): With one piece of software needed less, the chances of crashing reduce drastically, therefore protecting the user better.

Also, there's the aspect of the 15 MByte RAM limit for Network Extensions:

With Tor directly supporting a TUN interface, we could massively reduce memory consumption for any intermediary piece of software which would keep a good distance from the limit, which would, again, reduce the possibility of crashes.

Please note: Onion Browser *doesn't* use tun2tor. We can hook a SOCKS proxy directly into UIWebView. Unfortunately, Apple deems UIWebView deprecated and they already announced, that they won't accept apps, and updates to apps, to the App Store containing it in the near (but still not exactly determined) future. So we *need* a Network Extension in the forseable future, since the successor of UIWebView, WKWebView doesn't provide any such functionality.

comment:3 Changed 13 months ago by dgoulet

Milestone: Tor: unspecified

comment:4 Changed 13 months ago by nickm

Points: 10+

comment:5 Changed 13 months ago by nickm

If I'm understanding this code right, it would apparently require adding a TCP stack to the inside of Tor; I'd like to look for ways not to do that, if possible -- at least in C.

comment:6 Changed 13 months ago by eighthave

@tla, @n8fr8, and I do not know the guts of the existing TUN implementations, so we're open to how this might be implemented. I imagine pulling in some parts of TCP will be a requirement since TUN is all about providing a TCP network interface. As far as I know, this could also be implemented in Rust. That should be workable on Android and iOS, though C would be easier to integrate.

Note: See TracTickets for help on using tickets.