Actions

Tunnel UDP over Tor

From Whonix


Introduction[edit]

Ambox notice.png The Tor software does not yet support UDP, [1] although Tor provides a DnsPort.

If UDP is urgently required in Whonix ™, a limited workaround is provided - see the VPN Method below.

VPN Method[edit]

This tutorial uses OpenVPN and works well inside Whonix ™. Additional VPN implementations like PPTP might be useful -- as well as other VPN protocols which are free and support UDP -- but further research is required.

Before setting up the VPN:

1. Test the Whonix ™ setup is generally working. [2] [3]

UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https https://check.torproject.org

This should output "Congratulations. Your browser is configured to use Tor."

2. Install rdate for UDP and TCP testing.

sudo apt-get update
sudo apt-get install rdate

3. Run commands for TCP testing.

rdate -p time.u.washington.edu
rdate -p time.nist.gov
rdate -p ptbtime1.ptb.de

4. Run commands for UDP testing.

rdate -u -p time.u.washington.edu
rdate -u -p time.nist.gov
rdate -u -p ptbtime1.ptb.de

The tests should reveal that without a VPN, TCP works over Tor, but not UDP.

5. Configure a VPN tunnel link in Whonix ™.

Obviously a VPN provider that does not block UDP is required. Follow the setup instructions on the VPN Tunnel Setup Examples page; the riseup and usaip examples are functional for this purpose.

Afterwards test rdate again, first in TCP mode and then in UDP mode -- both should work correctly.

SSH Method[edit]

This method is currently undocumented. In theory, SSH servers could be utilized to tunnel UDP over Tor. Obstacles:

  • Free SSH services are rarely available.
  • The existing free SSH services block certain ports, which makes this even harder.
  • Even though SSH can provide a SOCKS5 proxy, it is not capable of providing tunneling support for UDP itself [archive].
    • Extra software needs to be installed on both the client and (even worse) the server with root access. Most administrators of free SSH services will not allow this configuration.
  • Acquiring a server comes with its own challenges.

Therefore this method is only useful if you have your own server, but even then the VPN method is usually preferable.

SOCKS5 Proxy Method[edit]

Attempts to tunnel UDP with this configuration have failed. See the Dev Archive for full details: Tunneling UDP over Tor [archive] (w [archive]).

Footnotes / References[edit]

  1. https://trac.torproject.org/projects/tor/ticket/7830 [archive]
  2. While enforcing SSL.
  3. Alternatively the test can be run without enforcing SSL because some VPN services appear to block it.
    UWT_DEV_PASSTHROUGH=1 curl http://check.torproject.org


Want to help create awesome, up-to-date screenshots for the Whonix wiki? Help is most welcome!

https [archive] | (forcing) onion [archive]
Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.

Monero donate whonix.png