IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2022/01/20
dr|z3d yeah, true, there's no one size fits all solution
eyedeekay anonymousmaybe I was confusing eeproxy and httptunnel, httptunnel is the one that works best/is simple
eyedeekay httptunnel is the one that contains multiproxy
anonymousmaybe yeah was working with SAM as well right?
eyedeekay Yes it uses SAM for all of it's tunnel-building needs
anonymousmaybe yeah but was solving different stuff
eyedeekay No that's the one that does per-site or per-pseudonym tunnels
anonymousmaybe anyway i think you need a network complex designer which is hard to find tbh
anonymousmaybe maybe we need some communications with some anon-devs projects or similar like gnunet,tpo,namecoin..etc they might have good ideas on how to solve this
eyedeekay Well it's just a smarter proxy, though. Tor has 5 little torrc options that ultimately control this behavior on their end, the one most relevant to us is probably `IsolateSOCKSAuth`
eyedeekay IsolateSOCKSAuth is what httptunnel/multiproxy emulates
anonymousmaybe can it be implemented directly within the tunnel?
eyedeekay Not without breaking at least one existing feature
eyedeekay It can readily be pluginized or packaged as a freestanding app
anonymousmaybe plugins is horrible, HTTP i2p tunnel is sick by itself and need its own design fixation
eyedeekay Then a freestanding binary is the path of least resistance
eyedeekay Although the line is thinner than it used to be
anonymousmaybe break existing feature like what?
eyedeekay Offhand, encrypted leasesets might break, anything that *requires* a persistent tunnel will break, existing dest timeouts will no longer make sense
eyedeekay It's really a browser tunnel and very little else
anonymousmaybe "anything that *requires* a persistent tunnel will break" sound good to me
anonymousmaybe because it shouldnt at the first place.
eyedeekay Unless you run a service that authorizes specific users by client destination
eyedeekay Which is actually useful
eyedeekay Private nextcloud services might do this, for instance.
anonymousmaybe isnt the tunnel different for server VS http (surfing the net)?
anonymousmaybe i mean user can make a static tunnel for that purpose
eyedeekay Yes, but suppose you have a NextCloud instance you only want to make available to a handful of authorized HTTP clients, you might have your clients persist a destination in order to authenticate so that other observers cannot tell you're hosting a NextCloud instance
eyedeekay anonymousmaybe: i mean user can make a static tunnel for that purpose
eyedeekay ^ this is why I think it needs to be 2 tunnel types, "HTTP Proxy" and "Browser Proxy" for instance. The needs are actually different
anonymousmaybe we can call it persistent tunnel and browsing tunnel
anonymousmaybe persistent for stuff like i want to use as client to client without changing like login to SSH
eyedeekay Probably more descriptive, persistent might be better
anonymousmaybe or as you said a nextclould or so
anonymousmaybe that would be good idea
anonymousmaybe browser tunnel is persistent as far as the eepsite kept open, once closed the tunnel close
eyedeekay It's also easier to accomplish, because you can mostly reuse persistent tunnels inside of the browsing tunnel, all it has to do is organize them
anonymousmaybe ofcourse we are talking about multiple-isolated tunnels each one for each destination/eepsite/website
eyedeekay Or Auth Header or whatever
anonymousmaybe sound good to me
eyedeekay Lots of models are easy to build once you're able to multiplex HTTP proxies
anonymousmaybe actually from the same browsing tunnel we can make a feature built inside it by adding something like:
anonymousmaybe add your websites/HTTP for persistent tunnel: [empty field]
anonymousmaybe once user put like xyz.i2p inside it
anonymousmaybe a persistent static tunnel will be created for it
anonymousmaybe so all other browsing will be non-persistent dying tunnel except those in the filled in the empty field
eyedeekay IIRC I planned to do that in multiproxy for anything that used an encrypted leaseset
eyedeekay But regardless it requires the tunnel multiplexing ability
anonymousmaybe yeah sure require that
anonymousmaybe i hope this to be one of the top priorities
anonymousmaybe DHT kadmelia vs R5N/Freenet style thats another major enhancement but lets leave it for its time
eyedeekay UDP tunnels are on top of my list right now but I can make this after that
anonymousmaybe what is this UDP tunnels?
anonymousmaybe you mean some issues discovered in UDP connections need to be fixed?
eyedeekay We're going to make it possible to build UDP tunnels across I2P for some cases using the Hidden Services Manager/I2PTunel in Java I2P
eyedeekay Feature add not bug fix
eyedeekay i2pd has had them for a while but not I2P
anonymousmaybe ah thought it support that
anonymousmaybe have you looked at QUIC and is it beneficial in/for I2P?
anonymousmaybe since we are talking about UDP stuff
eyedeekay QUIC is informing the design of SSU connection migration at least
anonymousmaybe i have stupid question but i hope to get an answer for it lol
anonymousmaybe in the tunnel there is an option called "Enable Direct Client-to-Client protocol. Note that this will compromise your anonymity and is not recommended."
anonymousmaybe if assuming my client will be directly connecting to the other X client and im willing to expose myself but what about the other client?
anonymousmaybe am i going to expose his IP and connect to him directly?
eyedeekay It will only work if both ends enable it IIUC
eyedeekay BRB can do DCC over SAM
eyedeekay But it won't work with the IRC tunnel version
eyedeekay So can Dispatch for that matter
anonymousmaybe ah so if the server allow DCC option then his server IP can be exposed but ofcourse by his will because he choose that
anonymousmaybe am i thinking correctly?
anonymousmaybe if yes, then thats is dangerous to be abused by an attacker
anonymousmaybe but yeah Tor has this option called no hop or single hop feature
eyedeekay No it's that if the DCC option is enabled then the 2 IRC clients will be able to establish a direct connection between eachother, exposing their IP addresses to eachother
anonymousmaybe ah sorry its only for IRC thing? not general feature?
eyedeekay Yes IRC only
anonymousmaybe oh i got it wrong
anonymousmaybe thanks for the explanation
eyedeekay no problem
dr|z3d yeah, except DCC over I2P creates a second dest so no ip is exposted.
dr|z3d *exposed.
dr|z3d this is my understanding based on comments by zzz. I'd always thought dcc was a no no, but apparently it's safe using the IRC client tunnel.
dr|z3d that's it's flagged as unsafe in the tunnel manager is probably why no one uses it.
eyedeekay Stood up a site mirror, just as a warning this one may slightly differ from the official mirror at times because I'm using it to make potential changes visible before they go on i2p.net/geti2p.net