Re: [Tails-dev] Why OnionCat + Mumble - why not just Mumble?

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Why OnionCat + Mumble - why not just Mumble?
Hi,

bancfc@??? wrote (09 Aug 2014 16:41:54 GMT) :
> I'm currently working on getting UDP based chat clients like Linphone working over
> Onioncat using Whonix.


Great news! I'm very glad to see someone working on this, which I've
been wanting to do for years, but clearly failed to. Woohoo :)

> Since you will be using UDP settings anyway, then IMHO concentrating on serverless
> options are probably the better way forward as it lessens the burden on users.


Full ACK. I'm personally wary of encouraging users to put trust into
yet another server, hence my interest in OnionCat: I've been
maintaining it in Debian for years, in the hope it can be useful for
such uses; glad to see someone trying it out!

> 1. Can you please tell me if there is any additional configuration that you did to
> your firewall to make Onioncat work?


We've made it work 2-3 years ago in Tails, but I'm afraid I don't
remember any of the details. Are you actually seeing reject logs from
the firewall, that indicate it's the culprit?

> 2. From looking at this: https://www.cypherpunk.at/onioncat_trac/wiki/Security I got
> the impression that anyone running Onioncat can connect to anyone else that has it
> too. I don't know if the version currently available in Debian stable has the
> authentication features in r555.


As one can see in the source package, Wheezy's 0.2.2+svn553-3 doesn't
apply any patch on top of the upstream source. If needed, I can
rebuild and upload Jessie's 0.2.2+svn559-1 to wheezy-backports.

> What firewall precautions are needed to cope with this situation if necessary?


No idea. I would instead look into handling the authorization and
authentication in the VoIP client instead.

Cheers,
--
intrigeri