[tor-talk] OnionCat hostname resolution?
grarpamp
grarpamp at gmail.com
Mon Jul 21 18:30:36 UTC 2014
On Mon, Jul 21, 2014 at 6:55 AM, Rene Bartsch <ml at bartschnet.de> wrote:
> if OnionCat ist used, does the TOR Hidden Service name resolve/route to the
> OnionCat IPv6 address?
No, not in the clearnet sense.
Overview...
There is a one-to-one mapping between the Tor provided HS .onion address
and the onioncat provided IPv6 tun(4) interface address. You can pass
IPv6 packets between hosts over Tor as if Tor was one big IPv6/48
Layer3 network. TCP/UDP/ICMP/whatever... it's very cool.
The only way to reach the onioncat IPv6 tun(4) interface address is from
another onioncat provided IPv6 address across Tor (excepting locally
through the stack on your host, which you've hopefully firewalled as
needed). The only thing you can reach 'via the TOR HS hostname' is
the ocat daemon on 8060.
(ocat::1 <--> foo.onion:8060) <-----> (bar.onion:8060 <--> ocat::2)
You can 'resolve' (actually, 'convert' for configuration usage) onion
and IPv6 addresses with ocat -i/-o. Onioncat takes care of that
automatically when passing traffic to and from your node.
You can also key the onions in torrc, use IPSEC, firewall, etc
if you need more control against access/spoofing.
> Is it possible to reach a server process running on
> the OnionCat IPv6-address via the TOR Hidden Service hostname?
Yes. You can use torrc HiddenServicePort to forward an onion
port to a port on your ocat IPv6 address, or ::1, or 127.0.0.1, etc.
In this case, there is no 'resolve', but it does 'route'.
user -----> (bar.onion:443 --> ocat::2:443)
More information about the tor-talk
mailing list