[guardian-dev] Progress on OrbotVPN
Nathan of Guardian
nathan at guardianproject.info
Tue Oct 21 13:09:00 EDT 2014
I have successfully gotten the Psiphon version of tun2socks working with
Orbot. You can see the code here:
https://github.com/n8fr8/orbot/tree/dev_orbotvpn
The trick with Android VPNService is that you have to mark sockets
"protected" in order to not have them be sent through the VPN. Tor opens
a ton of sockets all the time to many remote servers, so it is hard to
track those at the Android/Java level, since those are happening in the
Tor native process. Instead, I set Tor to use a mini outbound SOCKS
proxy I am running in the TorService class, and then I mark all the
sockets outbound from that proxy I mark protected. Seems to work without
much performance issue.
Aside from UI integration, the main outstanding issue is getting DNS to
work. When you create an Android VPNServer instance, you can only set
the DNS host "127.0.0.1" but not the port. Since Tor's DNS service is
running on 127.0.0.1:5400 I somehow need to get DNS packets to go there,
and drop the rest of the UDP.
My idea is to use the udpgw_client feature of tun2socks, and then run
the udpgw daemon on the device. I have already modified the tun2socks
code to change all DNS packets to use 5400 port, before they get sent
through udpgw.
I did also have the idea for a bit of setting up a ton of remote udpgw
servers that Orbot users could randomly connect through, because that
would allow for UDP to work over Tor... I really don't like
running/managing servers however, but maybe Tor exit providers could
start running udpgw instances?
More on badvpn-tun2socks and udpgw here:
https://code.google.com/p/badvpn/wiki/tun2socks
https://github.com/guardianproject/badvpn
+n
--
Nathan of Guardian
nathan at guardianproject.info
More information about the Guardian-dev
mailing list