Actions

Tunnel UDP over Tor

From Whonix

Introduction[edit]

Ambox notice.png The Tor software does not yet support UDP, [1] although Tor provides a DnsPort.

If UDP is urgently required in Whonix ™, a limited workaround is provided - see the VPN Method below.

VPN Method[edit]

This tutorial uses OpenVPN and works well inside Whonix ™. Additional VPN implementations like PPTP might be useful -- as well as other VPN protocols which are free and support UDP -- but further research is required.

Before setting up the VPN:

1. Test the Whonix ™ setup is generally working. [2] [3]

UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https https://check.torproject.org

This should output "Congratulations. Your browser is configured to use Tor."

2. Install rdate for UDP and TCP testing.

sudo apt-get update
sudo apt-get install rdate

3. Run commands for TCP testing.

rdate -p time.u.washington.edu
rdate -p time.nist.gov
rdate -p ptbtime1.ptb.de

4. Run commands for UDP testing.

rdate -u -p time.u.washington.edu
rdate -u -p time.nist.gov
rdate -u -p ptbtime1.ptb.de

The tests should reveal that without a VPN, TCP works over Tor, but not UDP.

5. Configure a VPN tunnel link in Whonix ™.

Obviously a VPN provider that does not block UDP is required. Follow the setup instructions on the VPN Tunnel Setup Examples page; the riseup and usaip examples are functional for this purpose.

Afterwards test rdate again, first in TCP mode and then in UDP mode -- both should work correctly.

SSH Method[edit]

This method is currently undocumented. In theory, SSH servers could be utilized to tunnel UDP over Tor. Obstacles:

  • Free SSH services are rarely available.
  • The existing free SSH services block certain ports, which makes this even harder.
  • Even though SSH can provide a SOCKS5 proxy, it is not capable of providing tunneling support for UDP itself.
    • Extra software needs to be installed on both the client and (even worse) the server with root access. Most administrators of free SSH services will not allow this configuration.
  • Acquiring a server comes with its own challenges.

Therefore this method is only useful if you have your own server, but even then the VPN method is usually preferable.

SOCKS5 Proxy Method[edit]

Attempts to tunnel UDP with this configuration have failed. See the Dev Archive for full details: Tunneling UDP over Tor (w).

Footnotes / References[edit]

  1. https://trac.torproject.org/projects/tor/ticket/7830
  2. While enforcing SSL.
  3. Alternatively the test can be run without enforcing SSL because some VPN services appear to block it.
    UWT_DEV_PASSTHROUGH=1 curl http://check.torproject.org

No user support in comments. See Support. Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.


Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.


Random News:

Join us in testing our new AppArmor profiles for improved security! (forum discussion)


https | (forcing) onion

Follow: Twitter | Facebook | gab.ai | Stay Tuned | Whonix News

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.