Changes between Version 5 and Version 6 of doc/TorBOX/OptionalConfigurations/TunnelingUDPoverTor

Sep 27, 2012, 11:45:15 PM (7 years ago)



  • doc/TorBOX/OptionalConfigurations/TunnelingUDPoverTor

    v5 v6  
    1 [[TOC(noheading, depth=0)]]
    2 [ aos Homepage]
     1TorBOX has been renamed to Whonix.
    4 The Tor software does not support UDP itself yet. aos provides a limited workaround for using UDP anyway, in the best possible secure manner.
     3This page has been moved. The History of this page might still be interesting.
    6 = VPN method [WORKING] =
    7 Read first: [ Tor Plus VPN] and [ aos VPN disclaimer].
    9 This tutorial uses OpenVPN. Other VPN implementations, such as PPTP, might be useful as well, but we haven't researched that yet.
    11 Obviously a VPN provider is required. For testing purposes [] was used. They have been chosen, because they were free and didn't block the tested outgoing UDP port. The free version of can probable only be used for testing purposes, as it's only a test version, which force disconnects every 7 minutes. For longer and serious/stable use, you'll probable need another, perhaps paid, VPN account.
    13 At the moment we are not aware of any free OpenVPN accounts fulfilling the requirements. [[BR]]
    14 1. Possible to connect to the VPN over TCP, because Tor does not support UDP. [[BR]]
    15 2. Not blocking outgoing UDP, as this is, what we want to tunnel. [[BR]]
    17 Perhaps there exist other VPN implementations, which also support UDP, and were free services exist, which allow UDP. We haven't researched that yet.
    19 Install rdate for UDP and TCP testing.
    20 {{{
    21 sudo apt-get install rdate
    22 }}}
    24 Install lynx (console browser).
    25 {{{
    26 sudo apt-get install lynx-curl
    27 }}}
    29 Test if your aos setup is working in general.
    30 {{{
    31 lynx
    32 }}}
    33 Which should show "Congratulations. Your browser is configured to use Tor.".
    35 Before we setup the VPN, you should make yourself with rdate familiar. The command line switch -p results in just showing the date and time, without setting it. -u uses UDP instant of TCP (default).
    37 Commands for UDP testing are.
    38 {{{
    39 rdate -u -p
    40 rdate -u -p
    41 rdate -u -p
    42 }}}
    44 Your tests should reveal, that without a VPN, you can run TCP over Tor (drop the -u command line switch), but not UDP.
    46 Install OpenVPN.
    47 {{{
    48 sudo apt-get install openvpn
    49 }}}
    51 Go to [] and click on free demo. Download the It contains the OpenVPN configuration files. Unpack. Open a shell and get into the folder 'cd usaip'. List all files 'dir'. Connect to a VPN, for example:
    52 {{{
    53 sudo openvpn /home/user/usaip/eu-luxemburg.ovpn
    54 }}}
    55 The page stated, the password was 'demo', password also 'demo'. Wait until it's connected. When success, it will show "Initialization Sequence Completed". It might happen, that the connection will not succeed for some unknown reason. In this case try replacing the eu-luxemburg.ovpn from the example above with another <country>.ovpn from the usaip folder.
    57 Open a new shell and check if you can still connect to 'lynx' This time it should answer "Sorry. You are not using Tor." (Because you are now connected to the VPN.)
    59 Note, usaip probable blocks SSL, therefore 'lynx' will not work.
    61 Test rdate again, first in TCP mode, then in UDP mode. Both should work.
    63 = SSH method [NOT DOCUMENTED] =
    64 In theory we can also use SSH servers to tunnel UDP over Tor. Unfortunately we can't provide instructions here. Free SSH services are rarely available, that makes developing such as solution impossible. The existing free SSH services are blocking certain ports, which does not make this easier as well. Even though SSH can provide a socks5 proxy, it is not capable of providing [ support for tunneling UDP itself]. Extra software installed on the client, and even worse on the server is required (needs root). Most admins will not do this. The link in the instructions are most likely only useful for you, if you have your own server. But even then, you are probable better off, using the VPN method.
    66 = socks5 proxy method [FAILED] =
    67 Moved to [ aos/dev Tunneling UDP over Tor].