Tunnel UDP over Tor
If UDP is urgently required in Whonix ™, a limited workaround is provided - see the VPN Method below.
On top of the workaround, it would be required to allow UDP in Whonix-Workstation ™ firewall.
This tutorial uses OpenVPN and works well inside Whonix ™. Additional VPN implementations like PPTP might be useful -- as well as other VPN protocols which are free and support UDP -- but further research is required.
Before setting up the VPN:
- Refer to related VPN documentation: How to connect to Tor before a VPN (User → Tor → VPN → Internet).
- Familiarize yourself with
rdatecommand line switch
-presults in just showing the date and time, without setting it.
-uuses UDP instead of TCP (the default).
This should output "Congratulations. Your browser is configured to use Tor."
2. Whonix-Workstation Firewall configuration
rdate for UDP and TCP testing.
4. Run commands for TCP testing.
5. Run commands for UDP testing.
The tests should reveal that without a VPN, TCP works over Tor, but not UDP.
6. Configure a VPN tunnel link in Whonix ™.
rdate again, first in TCP mode and then in UDP mode -- both should work correctly.
This method is currently undocumented. In theory, SSH servers could be utilized to tunnel UDP over Tor. Obstacles:
- Free SSH services are rarely available.
- The existing free SSH services block certain ports, which makes this even harder.
- Even though SSH can provide a SOCKS5 proxy, it is not capable of providing tunneling support for UDP itself.
- Extra software needs to be installed on both the client and (even worse) the server with root access. Most administrators of free SSH services will not allow this configuration.
- Acquiring a server comes with its own challenges.
- Easy: allow UDP in Whonix-Workstation ™ firewall.
Therefore this method is only useful if you have your own server, but even then the VPN method is usually preferable.
SOCKS5 Proxy Method
Footnotes / References
- While enforcing SSL.
- Alternatively the test can be run without enforcing SSL because some VPN services appear to block it.
UWT_DEV_PASSTHROUGH=1 curl http://check.torproject.org