Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Boosting number of servers via tunnel forwarding #16

Open
basil00 opened this issue Feb 8, 2018 · 2 comments
Open

Boosting number of servers via tunnel forwarding #16

basil00 opened this issue Feb 8, 2018 · 2 comments
Labels
Feature

Comments

@basil00
Copy link
Owner

basil00 commented Feb 8, 2018
edited
Loading

Currently, running a ReQrypt server requires support for IP spoofing, which is disallowed by most networks due to the potential for abuse. This makes it difficult to set up new ReQrypt servers to help support the network. As such, ReQrypt is vulnerable to ISPs simply blocking traffic to the (currently single) server (#13).

One solution might be to support "tunnel forwarding", where a server acts as a front for another server, as illustrated below:

                     +-----------+
     +---------------|    WEB    |-------------+
     |               |  SERVER   |             |
     |               +-----------+             |
     |                                         |
     V                                         |
+-----------+        +-----------+        +----------+
|    PC     |------->|  SERVER'  |------->|  SERVER  |
|  a.b.c.d  |<-------|  p.q.r.s  |<-------|  x.y.z.w |
+-----------+        +-----------+        +----------+

Under this idea, the user connects to the main ReQrypt server (SERVER) by tunneling through another server (SERVER'). Control messages (from SERVER to PC) are also sent via SERVER', meaning that there is no direct communication with the main server (SERVER).

This has some big advantages:

  • To the end user, SERVER' behaves just like a regular ReQrypt server, so no change to the user experience.
  • SERVER' does not need to support IP spoofing, making it easier to set up "new" servers. Thus if an ISP blocks SERVER' then it is easy to set up SERVER'', etc., making it much easier to support a larger network and play cat-and-mouse games.
  • The ISP does not see any traffic to the main server (SERVER), so cannot block it.

The main disadvantage is a performance reduction due to extra hops. But this should be minimal if both SERVER and SERVER' are geographically close together.

Implementing this would also require a bit of work.
@basil00 basil00 added the Feature label Feb 8, 2018
@ValdikSS
Copy link

ValdikSS commented Feb 8, 2018

Actually when I was thinking about such system before I discovered ReQrypt, I was thinking to set spoofing server on Tor (as a hidden service), and bundle client software with Tor compiled in zero-hop mode (tor2web). This drastically complicate discovery of server's IP address while still maintain sane speed.

@basil00
Copy link
Owner Author

basil00 commented Feb 8, 2018

That's definitely an interesting idea. It might require a lot of work to implement, since currently does not even support tunneling over TCP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@basil00 @ValdikSS