Actions

Tunnel UDP over Tor

From Whonix


Book-2869640.jpg

Introduction[edit]

Ambox notice.png The Tor software does not yet support UDP, [1] although Tor provides a DnsPort.

If UDP is urgently required in Whonix ™, a limited workaround is provided - see the VPN Method below.

On top of the workaround, it would be required to allow UDP in Whonix-Workstation ™ firewall.

VPN Method[edit]

This tutorial uses OpenVPN and works well inside Whonix ™. Additional VPN implementations like PPTP might be useful -- as well as other VPN protocols which are free and support UDP -- but further research is required.

Before setting up the VPN:

1. Test the Whonix ™ setup is generally working. [2] [3]

UWT_DEV_PASSTHROUGH=1 curl --tlsv1.3 --proto =https https://check.torproject.org

This should output "Congratulations. Your browser is configured to use Tor."

2. Whonix-Workstation Firewall configuration

See allow UDP in Whonix-Workstation ™ firewall.

3. Install rdate for UDP and TCP testing.

sudo apt-get update

sudo apt-get install rdate

4. Run commands for TCP testing.

rdate -p time.u.washington.edu

rdate -p time.nist.gov

rdate -p ptbtime1.ptb.de

5. Run commands for UDP testing.

rdate -u -p time.u.washington.edu

rdate -u -p time.nist.gov

rdate -u -p ptbtime1.ptb.de

The tests should reveal that without a VPN, TCP works over Tor, but not UDP.

6. Configure a VPN tunnel link in Whonix ™.

Obviously a VPN provider that does not block UDP is required. Follow the setup instructions on the VPN Tunnel Setup Examples page; the riseup and usaip examples are functional for this purpose.

Afterwards test rdate again, first in TCP mode and then in UDP mode -- both should work correctly.

SSH Method[edit]

This method is currently undocumented. In theory, SSH servers could be utilized to tunnel UDP over Tor. Obstacles:

Therefore this method is only useful if you have your own server, but even then the VPN method is usually preferable.

SOCKS5 Proxy Method[edit]

Attempts to tunnel UDP with this configuration have failed. See the Dev Archive for full details: Tunneling UDP over Tor [archive] (w [archive]).

Footnotes / References[edit]

  1. https://trac.torproject.org/projects/tor/ticket/7830 [archive]
  2. While enforcing SSL.
  3. Alternatively the test can be run without enforcing SSL because some VPN services appear to block it.
    UWT_DEV_PASSTHROUGH=1 curl http://check.torproject.org



Fosshost is sponsors Kicksecure ™ stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Tunnel UDP over Tor&body=https://www.whonix.org/wiki/Tunnel_UDP_over_Tor link=https://reddit.com/submit?url=https://www.whonix.org/wiki/Tunnel_UDP_over_Tor&title=Tunnel UDP over Tor link=https://news.ycombinator.com/submitlink?u=https://www.whonix.org/wiki/Tunnel_UDP_over_Tor&t=Tunnel UDP over Tor link=https://mastodon.technology/share?message=Tunnel UDP over Tor%20https://www.whonix.org/wiki/Tunnel_UDP_over_Tor&t=Tunnel UDP over Tor

Have you read our Documentation, Design and Developer Portal links yet?

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.