Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #17975
Closed (moved) (moved)
Open
Issue created Jan 02, 2016 by naif@naif

Introduce OutboundExitAddress to enable exit-only traffic to go via a different IP address

There are use cases of Tor where the inbound IP address of the Tor Relay is not the Tor Relay traffic, that's managed trough the use of OutBoundBindAddress directive.

However in multi-homed environments, it could provide much more flexibility to be able to specify a specific IP address to be used only for Tor Exit Traffic, with a directive that could be "OutboundExitAddress" .

With such an approach a family of Tor Nodes, handling inbound/outbound OR traffic, could implement custom routing architecture only for Tor Exit traffic (that's the one generating abuses), by tunnelling it across more "abuse resilient servers" .

If the assumption that 66.66% of traffic is non-exit OR traffic (i'm dividing by 3), then only 33.33% would go trough a more resilient "Exit Gateway" that could also not be at all a Tor Relay.

If such information would stay in the Consensus, it would be possible to map which Tor Relay is explicitly doing that kind "asymmetric routing" vs. who's doing it "implicitly" (and thus, it maybe a pattern of suspicious activity) .

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking