[HN Gopher] Using ephemeral Onion Services for quick NAT traversal
___________________________________________________________________
Using ephemeral Onion Services for quick NAT traversal
Author : rl1987
Score : 63 points
Date : 2021-12-12 12:53 UTC (1 days ago)
(HTM) web link (www.trickster.dev)
(TXT) w3m dump (www.trickster.dev)
| marcodiego wrote:
| TOR allows to expose a service behind a NAT. But clients have to
| use TOR to access it. Anyone knows a way to remove the need for
| clients to use TOR?
|
| In the old days, with dial up internet, I had a real IP. I could
| pass it to anybody to access whatever I allowed in my machine. I
| miss that power.
| [deleted]
| zxcvbn4038 wrote:
| I've been using Tor to provide remote access to my private git
| repos while traveling and working remotely. I selected Tor
| because it eliminates the need for any fancy network transversal
| in either direction.
|
| The speed is generally in the 300-400 kbps range no matter where
| I am using it from. Fine for doing personal development but
| noticeably slower then direct connections - backups can take a
| while to complete.
|
| No issues with accessing it remotely while at home or an Airbnb.
| Most hotel chains block Tor servers - some will ban your MAC
| address if they detect you connecting to a Tor server, in both
| those cases I need to bring up a VPN before I start the Tor
| deamon. (You could also run a bridge but that takes the place of
| the guard node which defeats the purpose if your the only one
| using the bridge IMO).
|
| Rotating MAC addresses is easy once you've done it once, hotels
| don't seem to realize you can change them.
| whoisburbansky wrote:
| Why Tor over something like tailscale? Works out of the box,
| and they take care of all the fancy network traversal for you
| and you get essentially direct connection level speeds.
| sneak wrote:
| Tor is private and free and decentralized. Tailscale is none
| of those things, and requires signup.
| goodpoint wrote:
| And the centralized control server is not even open source.
| naveen99 wrote:
| Reverse ssh with cronjob does the trick also. Or setup a reverse
| ssh service:
|
| https://dev.to/bulletmark/create-a-reverse-ssh-tunnel-for-re...
| TheAdamAndChe wrote:
| I've done the same before, but nowadays I'd look into uPnP since
| Tor has many costs to it. Slow transfer speeds, exit node data
| interference, and possible ISP throttling or attention are all
| potential downsides.
| IngoBlechschmid wrote:
| > Slow transfer speeds
|
| This used to be case, but in my experience is no more. I'm
| routing all my traffic over Tor and don't feel slowed down the
| slightest.
| goodpoint wrote:
| > Tor has many costs to it.
|
| And many benefits, including privacy and resiliency.
|
| > Slow transfer speeds
|
| Not anymore.
|
| > exit node data interference
|
| No, Onion Services are safe.
|
| > and possible ISP throttling or attention are all potential
| downsides.
|
| No to both. Onion Services are not visible to ISPs or others.
| rany_ wrote:
| > exit node data interference
|
| Bad nodes could not interfere with onion services because the
| onion address itself is the public key (it's E2EE). If you're
| using TLS to access internet services or just accessing onions
| you should be fine.
| yjftsjthsd-h wrote:
| > exit node data interference
|
| This isn't using exit nodes, though? Onion services are
| completely internal to TOR.
| Nextgrid wrote:
| > attention
|
| The more legitimate usage of Tor there is the better as it will
| attract less attention. This also helps Tor users who use it
| for privacy protection.
| totetsu wrote:
| Similar discussion https://news.ycombinator.com/item?id=28370662
| DarylZero wrote:
| I was doing this ten years ago but since switched to Tox. The
| ToxCore library is just brilliant. The layered API so flexible.
|
| Another DHT-for-NAT-traversal-as-a-library is also available
| through the DAT project. There are probably others.
|
| The onion routing involved in Tor is actually a pointless
| inefficiency for this use case.
| MayeulC wrote:
| I'm a bit disappointed this is just accessing a service you
| expose as a hidden service, not a p2p NAT traversal service that
| happens to perform a handshake on Tor.
|
| IPFS p2p is also usable for that kind of thing (and will perform
| NAT traversal if possible), though Tor and i2p are probably
| better fits if traffic needs to be relayed.
|
| I also used yggdrasil, but you need to maintain at least a static
| peer. After that though, using IPv6 addresses is nice. cjdns and
| hyperbora work the same.
| otrahuevada wrote:
| hey I hadn't thought of that before! Pretty cool. I wonder if I
| can run a DHT on top of that.
| elliebike wrote:
| Yup you totally can! I've done this before + it works well. You
| may have to customise the DHT a bunch though
| kodablah wrote:
| Yes. Here's where I did it with IPFS libs a few years back:
| https://github.com/cretz/tor-dht-poc. The libs have improved
| since so it's probably easier.
| bauruine wrote:
| If you only use it for NAT traversal and don't need to hide your
| location you can setup a single onion service. This way your
| server makes a direct connection to the rendezvous points which
| reduces the number of hops from 6 to 3 which should increase the
| speed and reduce the load on the Tor network.
|
| This can be configured with two options.
|
| HiddenServiceNonAnonymousMode 1 HiddenServiceSingleHopMode 1
|
| Unfortunately you can't use it with the Tor Browser Bundle as you
| need to disable all client-side services on your Tor instance,
| including setting SOCKSPort to "0".
___________________________________________________________________
(page generated 2021-12-13 23:02 UTC)