Re: [Tails-dev] Why OnionCat + Mumble - why not just Mumble…

Borrar esta mensaxe

Responder a esta mensaxe
Autor: bancfc
Data:  
Para: The Tails public development discussion list
Asunto: Re: [Tails-dev] Why OnionCat + Mumble - why not just Mumble?
On 2014-08-09 18:10, intrigeri wrote:
> Hi,
>
> bancfc@??? wrote (09 Aug 2014 16:41:54 GMT) :
>> I'm currently working on getting UDP based chat clients like Linphone
>> working over
>> Onioncat using Whonix.
>
> Great news! I'm very glad to see someone working on this, which I've
> been wanting to do for years, but clearly failed to. Woohoo :)
>
>> Since you will be using UDP settings anyway, then IMHO concentrating
>> on serverless
>> options are probably the better way forward as it lessens the burden
>> on users.
>
> Full ACK. I'm personally wary of encouraging users to put trust into
> yet another server, hence my interest in OnionCat: I've been
> maintaining it in Debian for years, in the hope it can be useful for
> such uses; glad to see someone trying it out!
>
>> 1. Can you please tell me if there is any additional configuration
>> that you did to
>> your firewall to make Onioncat work?
>
> We've made it work 2-3 years ago in Tails, but I'm afraid I don't
> remember any of the details. Are you actually seeing reject logs from
> the firewall, that indicate it's the culprit?
>
>> 2. From looking at this:
>> https://www.cypherpunk.at/onioncat_trac/wiki/Security I got
>> the impression that anyone running Onioncat can connect to anyone else
>> that has it
>> too. I don't know if the version currently available in Debian stable
>> has the
>> authentication features in r555.
>
> As one can see in the source package, Wheezy's 0.2.2+svn553-3 doesn't
> apply any patch on top of the upstream source. If needed, I can
> rebuild and upload Jessie's 0.2.2+svn559-1 to wheezy-backports.
>
>> What firewall precautions are needed to cope with this situation if
>> necessary?
>
> No idea. I would instead look into handling the authorization and
> authentication in the VoIP client instead.
>
> Cheers,


My status report so far: The conflict is not caused by the firewall form
the logs I checked. However onioncat keeps complaining about not finding
a peer to forward to. Any idea what this is about or what I need to do?

From what I understand using Onioncat is as simple as running it with

ocat <MyHiddenServiceID>

and then connecting to the IPv6 address of the other endpoint with the
software in question. In this case its the local Linphone client calling
the user@[IPv6] address. Correct?


N.B.
As an aside, The Linphone version in Wheezy does not support ZRTP.
Suppose I get this working, will that be a problem?