Forum: Customer Support

How to connect via Tor?

How to connect to OFS server via Tor network?

This should be possible via a generic solution like 'torify', but there are often application-specific caveats, hence asking.

Hi Teddy,

Thanks for your inquiry. TOR of course provides IP address obfuscation. Our goal was to provide obfuscation of IP addresses by default, whether or not a user is connecting through a service such as TOR, via a VPN, an XMPP proxy, or the like.

This is accomplished through PageKites. A PageKite has a front-end and a back-end, and works like a reverse gender-changer. User clients connect to the front-end. The back-end connects to the front-end, and forwards packets sent by the front-end to the server (what TOR calls a hidden service). The connection between user and front-end is encrypted, and so is the connection between the ends of the kite. In addition, there is also encryption end-to-end between the user's client and the server.

As a result of this architecture:

  • The user's IP address is only seen by the PageKite front-end. The server being connected to cannot see it (as with TOR).
  • The PageKite front-end does not know the IP address of the server.
  • The PageKite front-end does not even contain the IP address of the back-end, because the connection is established from back to front using a configured keypair.
  • Neither end of the PageKite can decrypt user traffic (as with TOR relay nodes).
  • In fact, the server does not have any public-facing IP addresses (unlike a .onion server). The only public IPs are on the front-ends.

So it's impossible for the server to determine the client's IP, and vice versa. We believe this is actually more secure than using TOR, and accomplishes the same objective.

Now, if on top of that you wish to add more indirection, then you would need to insert it between your computer and the PageKite front-end. These available front-ends are listed in the client in the Connection menu. If you established a route through a VPN or through TOR to those host:port combinations, you would then have an additional level of protection.

Hope this helps!

With regard to the Connections menu, it exists in the webapp clients. In the SVSpark app, it exists via the gateway drop-down list on the front/login page.