removing IP-address autodetection, Tor integration

Brian Warner warner at lothar.com
Fri Jun 19 02:46:59 UTC 2015


On 6/18/15 1:02 PM, Leif Ryge wrote:

>  * It could be desirable to connect to a grid (possibly of non-onion
>    storage servers) using Tor to reach all of the servers *except* the
>    user's own servers, which are reachable via their LAN or VPN.

How would a client know which ones are "mine" vs someone else's?

>  * It could be desirable to have a server listen on both an onion
>    address and a LAN address.

Hm. Foolscap's API makes it pretty easy to listen in multiple ways (you
call tub.addListener(spec) multiple times). I'm not sure how to best
express that from the Tahoe side, though. "--listen=X,Y"? "--listen=X
--listen=Y"?

I suppose you could hack it by having tahoe listen on TCP port X,
configure your Tor HS to forward onion connections to localhost:X, and
then advertise "HOST:X,onion:HS.onion:80".

But is that.. useful? Safe? You aren't hiding the server's address.. I
guess you're making life easier for clients who want to come in via Tor
(we could make them prefer the onion address, and avoid exit nodes), but
it'd be slower than the usual tor-to-the-public-IP exit-node style. Who
would it protect?

>  * It could be desirable to connect to some servers via different
>    addresses than they are advertising (say, because you know its LAN
>    address).

Huh, that's tricky. I can imagine a local override table, something that
says "if you ever want to talk to host X, use this hint Y instead of
whatever their FURL said". But that'd be kinda wacky. Did I really
implement such a thing? :).

> I'm looking forward to being able to use the i2p grid (which I believe
> is the largest and longest running public tahoe grid) and the onion
> grid simultaneously!

Having a server listen on both .onion and .i2p at the same time makes a
lot more sense to me than onion+TCP.


thanks,
 -Brian



More information about the tahoe-dev mailing list