Tunnel UDP over Tor
Introduction[edit]
The Tor software does not yet support UDP, [1] although Tor provides a DnsPort.
If UDP is urgently required in Whonix ™, a limited workaround is provided - see the VPN Method below.
On top of the workaround, it would be required to allow UDP in Whonix-Workstation ™ firewall.
VPN Method[edit]
This tutorial uses OpenVPN and works well inside Whonix ™. Additional VPN implementations like PPTP might be useful -- as well as other VPN protocols which are free and support UDP -- but further research is required.
Before setting up the VPN:
- Refer to related VPN documentation: How to connect to Tor before a VPN (User → Tor → VPN → Internet).
- Familiarize yourself with
curlandrdate. Therdatecommand line switch-presults in just showing the date and time, without setting it.-uuses UDP instead of TCP (the default).
1. Test the Whonix ™ setup is generally working. [2] [3]
This should output "Congratulations. Your browser is configured to use Tor."
2. Whonix-Workstation Firewall configuration
See allow UDP in Whonix-Workstation ™ firewall.
3. Install rdate for UDP and TCP testing.
4. Run commands for TCP testing.
5. Run commands for UDP testing.
The tests should reveal that without a VPN, TCP works over Tor, but not UDP.
6. Configure a VPN tunnel link in Whonix ™.
Obviously a VPN provider that does not block UDP is required. Follow the setup instructions on the VPN Tunnel Setup Examples page; the riseup and usaip examples are functional for this purpose.
Afterwards test rdate again, first in TCP mode and then in UDP mode -- both should work correctly.
SSH Method[edit]
This method is currently undocumented. In theory, SSH servers could be utilized to tunnel UDP over Tor. Obstacles:
- Free SSH services are rarely available.
- The existing free SSH services block certain ports, which makes this even harder.
- Even though SSH can provide a SOCKS5 proxy, it is not capable of providing tunneling support for UDP itself
.
- Extra software needs to be installed on both the client and (even worse) the server with root access. Most administrators of free SSH services will not allow this configuration.
- Acquiring a server comes with its own challenges.
- Easy: allow UDP in Whonix-Workstation ™ firewall.
Therefore this method is only useful if you have your own server, but even then the VPN method is usually preferable.
SOCKS5 Proxy Method[edit]
Attempts to tunnel UDP with this configuration have failed. See the Dev Archive for full details: Tunneling UDP over Tor (w).
Footnotes / References[edit]
- ↑
https://gitlab.torproject.org/legacy/trac/-/issues/7830
- ↑ While enforcing SSL.
- ↑ Alternatively the test can be run without enforcing SSL because some VPN services appear to block it.
UWT_DEV_PASSTHROUGH=1 curl http://check.torproject.org
At Whonix we believe in freedom and trust. That's why we fully support Open Source and Freedom Software.
Learn more.
Whonix ™ is supported by Evolution Host DDoS Protected VPS.
Whonix is the most watertight privacy operating system in the world
Scan the QR code or use the wallet address below.
Please help us to improve the Whonix ™ Wikipedia Page. Also see the feedback thread.