Tunnel UDP over Tor
From Whonix
(Redirected from UDP)
Introduction[edit]
The Tor software does not yet support UDP, [1] although Tor provides a DnsPort.
If UDP is urgently required in Whonix ™, a limited workaround is provided - see the VPN Method below.
On top of the workaround, it would be required to allow UDP in Whonix-Workstation ™ firewall.
VPN Method[edit]
This tutorial uses OpenVPN and works well inside Whonix ™. Additional VPN implementations like PPTP might be useful -- as well as other VPN protocols which are free and support UDP -- but further research is required.
Before setting up the VPN:
- Refer to related VPN documentation: How to connect to Tor before a VPN (User → Tor → VPN → Internet).
- Familiarize yourself with
curlandrdate. Therdatecommand line switch-presults in just showing the date and time, without setting it.-uuses UDP instead of TCP (the default).
1. Test the Whonix ™ setup is generally working. [2] [3]
UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https https://check.torproject.org
This should output "Congratulations. Your browser is configured to use Tor."
2. Whonix-Workstation Firewall configuration
See allow UDP in Whonix-Workstation ™ firewall.
3. Install rdate for UDP and TCP testing.
sudo apt-get update
sudo apt-get install rdate
4. Run commands for TCP testing.
rdate -p time.u.washington.edu
rdate -p time.nist.gov
rdate -p ptbtime1.ptb.de
5. Run commands for UDP testing.
rdate -u -p time.u.washington.edu
rdate -u -p time.nist.gov
rdate -u -p ptbtime1.ptb.de
The tests should reveal that without a VPN, TCP works over Tor, but not UDP.
6. Configure a VPN tunnel link in Whonix ™.
Obviously a VPN provider that does not block UDP is required. Follow the setup instructions on the VPN Tunnel Setup Examples page; the riseup and usaip examples are functional for this purpose.
Afterwards test rdate again, first in TCP mode and then in UDP mode -- both should work correctly.
SSH Method[edit]
This method is currently undocumented. In theory, SSH servers could be utilized to tunnel UDP over Tor. Obstacles:
- Free SSH services are rarely available.
- The existing free SSH services block certain ports, which makes this even harder.
- Even though SSH can provide a SOCKS5 proxy, it is not capable of providing tunneling support for UDP itself [archive].
- Extra software needs to be installed on both the client and (even worse) the server with root access. Most administrators of free SSH services will not allow this configuration.
- Acquiring a server comes with its own challenges.
- Easy: allow UDP in Whonix-Workstation ™ firewall.
Therefore this method is only useful if you have your own server, but even then the VPN method is usually preferable.
SOCKS5 Proxy Method[edit]
Attempts to tunnel UDP with this configuration have failed. See the Dev Archive for full details: Tunneling UDP over Tor [archive] (w [archive]).
Footnotes / References[edit]
- ↑ https://trac.torproject.org/projects/tor/ticket/7830 [archive]
- ↑ While enforcing SSL.
- ↑ Alternatively the test can be run without enforcing SSL because some VPN services appear to block it.
UWT_DEV_PASSTHROUGH=1 curl http://check.torproject.org
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Did you know that anyone can edit the Whonix ™ wiki to improve it?
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.