This is directed to anyone having knowledge about the inner
workings of openvpn software: how difficult would it be
to add an integer parameter to the invocation of openvpn
which would instruct the network of the number of times
to bounce packets around the network before going out
to the world?

This would allow any vpn server to act as tor.

TIA

On Fri, 31 Mar 2023 16:38:42 +0000, root wrote:
> This is directed to anyone having knowledge about the inner workings of
> openvpn software: how difficult would it be to add an integer parameter
> to the invocation of openvpn which would instruct the network of the
> number of times to bounce packets around the network before going out
> to the world?
>
> This would allow any vpn server to act as tor.

I fear that this question comes from a confusion about how the term "VPN"
is used and misused.

VPN stands for "Virtual Private Network", it sets up an encrypted
connection between two points and somehow emulates some kind of network
device at each end. This allows you to route network traffic between the
two points and even though the original connection between the two points
are considered unsafe as others might use tools like tcpdump or wireshark
to listen on the network traffic the VPN software will encrypt the
traffic on a more or less public network to give you a "Virtual Private
Network".

A proxy server is a completely different thing. A proxy server allows you
to connect to it, telling it which server you really wanted to connect
to. The proxy server will then connect to the server you asked for and
there might be differetn reasons for using different kinds of proxy
servers.

One reason to use a proxy server might be that it somehow "cleans" the
network traffic. The proxy server might block ads or stop you from
accessing known "bad" sites. Another reason to use a proxy server might
be anonymity, the server that you connect to will not see your IP address
but instead some IP address that belongs to your proxy server.

The confusion between these two different things come from the fact that
many more or less commercial services providing proxy servers provide a
VPN to connect to their proxy server. For some odd reason these service
providers often call their service a "VPN" even though the primary use
for their service is a proxy server.

Tor is a proxy service in multiple steps, this is so the end point don't
know where the traffic came from and the middle points don't know if
previous point was the traffic origin. There are tragic examples of
people who have mistaken tor for a way to encrypt the traffic to the
server that they wanted to connect to but the hard way found out that
traffic between tor the end point and server was unencrypted. Here is an
old article about that subject:

https://web.archive.org/web/20150705184539/https:/chloe.re/2015/06/20/a-
month-with-badonions/

OpenVPN is not intended to be something like tor, it is simply VPN
software in the true meaning of VPN, to encrypt network traffic between a
VPN server and one or more VPN clients.

Would it be possible to make OpenVPN behave like tor? Yes, with
opensource software like OpenVPN anything is possible, but you would be
required to make major modifications of those "configuration" files named
*.c .

regards Henrik

Hi, Henrik

On Fri, 31 Mar 2023 17:12:01 +0000, Henrik Carlqvist wrote:

> On Fri, 31 Mar 2023 16:38:42 +0000, root wrote:
>> This is directed to anyone having knowledge about the inner workings of
>> openvpn software: how difficult would it be to add an integer parameter
>> to the invocation of openvpn which would instruct the network of the
>> number of times to bounce packets around the network before going out
>> to the world?
>>
>> This would allow any vpn server to act as tor.
>
> I fear that this question comes from a confusion about how the term "VPN"
> is used and misused.
[snip]
> Would it be possible to make OpenVPN behave like tor? Yes, with
> opensource software like OpenVPN anything is possible, but you would be
> required to make major modifications of those "configuration" files named
> *.c .

This was the best analysis I've read on the differences between proxy servers,
VPNs, and commercial "VPN Services".

Thanks for the great synopsis.
--
Lew Pitcher
"In Skills We Trust"

Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> wrote:
>
> A proxy server is a completely different thing. A proxy server allows you
> to connect to it, telling it which server you really wanted to connect
> to. The proxy server will then connect to the server you asked for and
> there might be differetn reasons for using different kinds of proxy
> servers.

Thanks for responding Henrik.

For the purpose of my question the difference between vpn and
proxy does not matter. Your description informs me that I
get the use of a proxy server for about $3/month, but it is
called NORD vpn.

> OpenVPN is not intended to be something like tor, it is simply VPN
> software in the true meaning of VPN, to encrypt network traffic between a
> VPN server and one or more VPN clients.

I understand that the openvpn doesn't have what I want, but it does
take my traffic and sent it, via the intermediary, to where I want.
If, instead, it were to route the traffic among other instances
of the proxy it would, like TOR, be more difficult to work backward
from the destintion to me.

>
> Would it be possible to make OpenVPN behave like tor? Yes, with
> opensource software like OpenVPN anything is possible, but you would be
> required to make major modifications of those "configuration" files named
> *.c .

The configuration files I use all are .ovpn. I suppose you are not referring
to those.

>
> regards Henrik

On Sat, 01 Apr 2023 03:45:37 +0000, root wrote:

> Henrik Carlqvist <Henrik.Carlqvist@deadspam.com> wrote:
> For the purpose of my question the difference between vpn and proxy does
> not matter. Your description informs me that I get the use of a proxy
> server for about $3/month, but it is called NORD vpn.

Yes, that was my point and that is why the difference between a VPN and a
proxy server matters.
>> OpenVPN is not intended to be something like tor, it is simply VPN
>> software in the true meaning of VPN, to encrypt network traffic between
>> a VPN server and one or more VPN clients.
> I understand that the openvpn doesn't have what I want, but it does take
> my traffic and sent it, via the intermediary, to where I want.

For OpenVPN to be useful you will need to run OpenVPN at both ends. You
cannot solve any problem (VPN or proxy related) by only running OpenVPN
at your end.

> If, instead, it were to route the traffic among other instances of the
> proxy it would, like TOR, be more difficult to work backward from the
> destintion to me.

If you want tor, use tor. You will be able to use tor because all the
nodes involved with tor are running tor.

>> Would it be possible to make OpenVPN behave like tor? Yes, with
>> opensource software like OpenVPN anything is possible, but you would be
>> required to make major modifications of those "configuration" files
>> named *.c .
>
> The configuration files I use all are .ovpn. I suppose you are not
> referring to those.

No, I am not referring to those configuration files, I am referring to a
complete rewrite of the software.

But instead of adding tor functionality to OpenVPN you might be able to
use OpenVPN on top of tor. If an OpenVPN client is configured to connect
by a tor proxy on localhost the OpenVPN server will not be able to see
the IP address of the client. However, I don't see any point in doing so.
A VPN server usually don't allow any radnom client to connect to the VPN.
Usually some kind of credentials are used to connect to a VPN and those
credenials are used to identify the client regardless of IP address used
by the client.

regards Henrik

On Fri, 31 Mar 2023 17:12:01 +0000, Henrik Carlqvist wrote:

> Another reason to use a proxy server might
> be anonymity, the server that you connect to will not see your IP
> address but instead some IP address that belongs to your proxy server.
>

close....

Many proxy servers send X-forwarded-for and will still see your IP, this
is however more typical configuration of ISP/ASP/Enterprise and even more
os on their web servers.

Granted the likes of TOR should *not* send that, but exit nodes have been
known to leak before and no boubt will again.

proxy or VPN (and for VPN I'd be looking at wireguard over anything
else), your anonymity is only as good as the VPN/proxy operator and its
technical staff.

On 3/31/23 18:38, root wrote:
> This is directed to anyone having knowledge about the inner
> workings of openvpn software: how difficult would it be
> to add an integer parameter to the invocation of openvpn
> which would instruct the network of the number of times
> to bounce packets around the network before going out
> to the world?
>
> This would allow any vpn server to act as tor.
>
> TIA

What exactly is your purpose?
Do you want to hide to your ISP the fact that you are connecting to a
Tor node? Or does your ISP prevent you from doing so?

--
/

slash <slash@invalid.invalid> wrote:
>>
>> This would allow any vpn server to act as tor.
>>
>> TIA
>
> What exactly is your purpose?
> Do you want to hide to your ISP the fact that you are connecting to a
> Tor node? Or does your ISP prevent you from doing so?
>

Thanks for responding. My post was prompted by an article I read in
NewYorkTimes which talked about VPNs, but really meant Proxy
Servers. The article questioned how secure (meaning private) my
internet activity was with most VPNs. I will continue to use
VPN to mean these things with apology to Henrik.

The substance of the NYT article is that, say, a court order
could force a VPN to reveal what traffic goes through the
VPN to me. Regardless of whether such traffic is legal or
illegal, I don't want the "government" to have any knowledge
of the traffic. I have tried in the past to implement tor and
was put off by one thing or another. Finally when I managed to
get a browser (Brave I think) to work, the speed penalty was
horrible. Since my concept of what the Proxy is doing, is
to make my IP seem to be that of the Proxy and if that
isn't sufficient to prevent eavesdropping, I thought
that, like tor, if my traffic went through several proxies
in sequence it would be much more difficult to backtrace.
I imagined that by just a few hops the speed penalty would
be tolerable, but the "security" would be greatly increased.

BTW, when I first started using a "VPN" I chose Trust-Zone.
After some time I switched to PIA and saw a huge increase
in speed. Most recently I have been using NORD with an
even greater speed increase. The VPNs recommended by
NYT were several times the monthly cost of NORD.

On 4/4/23 02:21, root wrote:

> ...a court order
> could force a VPN to reveal what traffic goes through the
> VPN to me.

That's why you need Tor. A court could order the exit node to reveal
your identity, but the node couldn't comply. You need to trust the vpn
operator. Even if it's run by holy monks, it still needs to comply with
its country's law. You don't need to trust the Tor nodes, because they
couldn't betray you if they wanted to. At worst, they can be shut down,
but you will still be safe. Obviously, if you don't do anything stupid.
https://support.torproject.org/

> I have tried in the past to implement tor and
> was put off by one thing or another.

Try Tails. You boot from a usb key, and it's all set.
https://tails.boum.org/

--
/

On Tue, 04 Apr 2023 00:21:51 +0000, root wrote:
> I have tried in the past to implement tor and was put off by one thing
> or another. Finally when I managed to get a browser (Brave I think) to
> work, the speed penalty was horrible.

Most browsers have some setting for a proxy server which you can alter to
make them use tor.

But yes, a solution like tor does affect the speed. "Speed" is about two
things, bandwidth and latency. With tor you will suffer from the
bandwidth of the slowest node that you happen to jump by and your latency
will increase with a factor that roughly equals the number of nodes that
you pass by.

regards Henrik