Delivery-Date: Thu, 09 Jul 2015 16:05:14 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id D17901E0C56;
	Thu,  9 Jul 2015 16:05:12 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0393E36589;
	Thu,  9 Jul 2015 20:05:07 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 5F6A33655F
 for <tor-talk@lists.torproject.org>; Thu,  9 Jul 2015 20:05:03 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0nKso1hJZ1Q8 for <tor-talk@lists.torproject.org>;
 Thu,  9 Jul 2015 20:05:03 +0000 (UTC)
Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com
 [IPv6:2607:f8b0:4001:c03::231])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 3AFDC36557
 for <tor-talk@lists.torproject.org>; Thu,  9 Jul 2015 20:05:03 +0000 (UTC)
Received: by ietj16 with SMTP id j16so10713945iet.0
 for <tor-talk@lists.torproject.org>; Thu, 09 Jul 2015 13:05:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=Nd63ysIUQ1n89QJdVnJnMIbNCRqjY2bb140RfpUPdBI=;
 b=jDrC8dVlwvokeptDm+tjIGbRDYvqQPdY4FN8iYEneDsXSMHJf272g8EWzr4/A4vV1P
 +lRdgaZknkKbLOI0VOPWvBIOLojg0lq+gRDS3o1kLmx/MWQYPRaBYnThNXRKGROtUe5F
 x02dRP46AQ86AX6MZs7dBq2POhJZ6bIb9pjj1a2vm9jHpBnqAHeSW2tuhG5y3qW3I/ZY
 haBPNM5vsXj+W3FI7VohLBgU2LjKngC2a7wvtOC2F3tsrRA1/iX6P/Ufh00L1f0zge/U
 WIjZCiUZdALsGctZTrAvryGEoCLffN3CBVFFRUnNDZ7+w6Mtr3uxcnR+BzwBgJabPYgr
 ylKQ==
MIME-Version: 1.0
X-Received: by 10.107.38.129 with SMTP id m123mr817229iom.22.1436472300893;
 Thu, 09 Jul 2015 13:05:00 -0700 (PDT)
Received: by 10.36.44.69 with HTTP; Thu, 9 Jul 2015 13:05:00 -0700 (PDT)
In-Reply-To: <CAJVRA1R53GVbK-9y8Lmz6D_opp4fPiqKUmKmp9FrOxCRr=NUJQ@mail.gmail.com>
References: <CAD2Ti29Tx+ACu+RMDhLrYgYaPz0sh+PLuwiJ1aMwVuauwsZsOA@mail.gmail.com>
 <CAJVRA1R53GVbK-9y8Lmz6D_opp4fPiqKUmKmp9FrOxCRr=NUJQ@mail.gmail.com>
Date: Thu, 9 Jul 2015 16:05:00 -0400
Message-ID: <CAD2Ti29CHk9D6T4HV5F5hrf+H7U4yjxLJnOZA3MQK8oZNv6QiQ@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] app -> socks5-openvpn -> socks5-tor ?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Thu, Jul 9, 2015 at 3:42 AM, coderman <coderman@gmail.com> wrote:
> a http-proxy/socks-proxy

privoxy can stuff http over socks, so whether or not this socks to
vpn tool supports http-proxy is moot.

(nb: ip traffic of socks can't be stuffed over http without a far
end de-encapsulator. Same reason why socks provided by SSH won't
work here.)

> it did not create a tun/tap device on host.

Not sure it would need to do that, yet one of two things is probably
needed...

A) socks5 server code in openvpn itself (like Tor has) so that openvpn
can send it directly through the process and physically out the tun
to the far side, including any DNS lookups on behalf of client.
(Yes, useful :)

B) A standalone shim with socks5 on the front
 1) that knows how to route on the back (in conjunction with setting
    arp to the vpn far end ip, or can talk to the raw tun).
 2) or tell the kernel to ignore the route table for such a socks
    server bound to the tun interface (like dante), combined with
    arp to actually route. SO_DONTROUTE isn't that, SO_SETFIB might.
 Also complicated by the tun interface bouncing up-down and/or it's
 ip address/mask changing. See also policy/source/user/process
 routing, etc. Seems to make B even more complex than VM.

If you're certain your app usage will only talk to a known set of
hosts, simply openvpn with split horizon routing table entries works.

But if you're testing a browser, torrent, bitcoin, something that can
randomly contact anywhere... and you want to use your stack normally
with other apps... you can't default everything into openvpn, so you
need to use the app's socks containment channel. Thus this thread.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

