onionpipe VS cloudflared

onionpipe - Onion addresses for anything. onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa. Written in Go.

The internet is no longer as peer-to-peer friendly as it once was. Hence the existence of commercially-motivated hacks run by third parties such as hosting, e.g., Cloudflare, etc., including tunneling, e.g., ngrok, etc. Alternatively, Tor relies on third parties but AFAIK it's not so centralised and it's not commercially-motivated.

That is what differentiates it from all the other options. There is no company behind it trying to make money by exploiting internet subscribers trying to connect with each other (not the so-called "tech" company).

Tor can have uses other than the ones normally discussed such as anonymity and evading censorship. Tor can provide reachability without use of commercial eavesdropping third party intermediaries.

For example, one can use Onion Services for advertising open IP:port information that is needed for peer-to-peer connections over other, faster peer-to-peer overlay networks, not the Tor network. The Onion Service can function as the "rendezvous" server for making peer-to-peer connection outside of Tor. Tor's Onion Services can be used to exchange IP:port information for making direct connections over the internet without using Tor. No need to use commercial third parties. Ngrok, Tailscale, etc. all require use of servers run by a commercial third party. Tor does not. There is ample free software that can establish peer-to-peer connections over the internet but in every case it requires some reachable server running this software on the internet, and for most users that means they have to run a server and pay a commercial third party for hosting. Tor has no such requirement.

Imagine being able to share content with family, friends, colleagues without the need for so-called "tech" companies^1 acting as intermediaries ("middlemen"). With a reachable IPv4 address this becomes possible. It would be nice if every home internet access subscriber received a reachable IPv4 address from their ISP. No doubt, some do. But on today's internet most do not. The so-called "tech" companies all have reachable IPv4 addresses. Hence they assume the roles of middlemen and use this position to exploit internet subscribers for profit.

Something like Tor provides a solution. Again, it is not always necessary to route all traffic over Tor. Tor can have other uses. When the goal is simply peer-to-peer connections, Onion Services can be used to bootstrap peer-to-peer overlay connections using the user's choice of software by providing a secure, reliable way to exchange IP:port information. Goal here when using Tor is not anonymity nor censorship evasion, it's reachability. Similarly, goal of peer-to-peer is not necessarily anonymity nor evading censorship either, it's bypassing commercially-motivated, eavesdropping middlemen known as "tech" companies, and avoiding the annoyances of advertising. A possible additional benefot of using Tor in this way is elevated privacy. Google, for example, cannot easily discover Onion Services. No one can discover Onion Services using ICANN DNS.

1. The term "tech" as in "tech company" means a company, usually a website, that collects data from and about people to support the sale of advertising services because advertising services are the only services the company can sell on a scale large enough to sustain a profitable business.

More reading/viewing:

https://github.com/anderspitman/awesome-tunneling

Tor Hidden Services (now called "Onion Services")

https://jamielittle.org/2016/08/28/hidden.html

As one author wrote on Github:

"onion-expose is a utility that allows one to easily create and control temporary Tor onion services.

onion-expose can be used for any sort of TCP traffic, from simple HTTP to Internet radio to Minecraft to SSH servers. It can also be used to expose individual files and allow you to request them from another computer.

Why not just use ngrok?

ngrok is nice. But it requires everything to go through a central authority (a potential security issue), and imposes artificial restrictions, such as a limit of one TCP tunnel per user. It also doesn't allow you to expose files easily (you have to set it up yourself)."

https://github.com/ethan2-0/onion-expose

As another Github contributor put it:

"With onionpipe, that service doesn't need a public IPv4 or IPv6 ingress. You can publish services with a globally-unique persistent onion address, and share access securely and privately to your own allowlist of authorized keys.

You don't need to rely on, and share your personal data with for-profit services (like Tailscale, ZeroTier, etc.) to get to it."

https://github.com/cmars/onionpipe

https://news.ycombinator.com/item?id=36734956

https://news.ycombinator.com/item?id=30445421

https://news.ycombinator.com/item?id=29929399

"Finally, onion services are private by default, meaning that users must discover these sites organically, rather than with a search engine." [Small websites with small audiences get buried by advertising-supported search engines anyway.]

https://nymity.ch/onion-services/pdf/sec18-onion-services.pd...

https://media.ccc.de/v/31c3_-_6112_-_en_-_saal_2_-_201412301...

https://wiki.termux.com/wiki/Bypassing_NAT (Termux recommends Tor over Ngrok)

https://github.com/ajvb/awesome-tor

I use onionpipe (formerly known as oniongrok), which is ngrok, but free and exposes local services as Tor services.

I made a little utility for tunneling with the Tor daemon. Check out https://github.com/cmars/onionpipe.

onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.

cloudflared - Exposes local servers to the public internet over secure tunnels

Cloudflare Tunnel - Excellent free option. Nicely integrates tunneling with the rest of Cloudflare's products, which include DNS and auto HTTPS. Client source code is Apache 2.0 licensed and written in Golang.

I run a RaspberryPi 3 with FreeBSD 13 booting off an SD card and a USB SSD for storage [1]. Coincidentally today (1/7/2024) is its one year anniversary.

It runs a jail with my single user GotoSocial ActivityPub server [2] reasonably well with cloudflared [3] handling incoming traffic and acting as CDN to take some of the load. Originally it was only using an SD card, but there was too much IO contention so a USB-SSD adapter is used to offload the IO.

I choose FreeBSD over Linux since I have other Rpis with Linux already and wanted more experience with *BSD, jails, and ZFS. Unfortunately ZFS wasn't the best choice on an Rpi since it's more cpu intensive and switched back to UFS.

Overall it's been solid, multiple GTS updates and have it on my list to update to FreedBSD 14 but not really in a rush.

1. https://social.ecliptik.com/@micheal/statuses/01GP860MYM2CGH...

2. https://gotosocial.org/

3. https://github.com/cloudflare/cloudflared

# Install apt dependencies !apt install dotnet-sdk-7.0 git # Install Clouldflared (not on apt) !wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb !dpkg -i cloudflared-linux-amd64.deb # Download StableSwarmUI !git clone https://github.com/Stability-AI/StableSwarmUI # Download ComfyUI backend %cd /content/StableSwarmUI !mkdir /content/StableSwarmUI/dlbackend %cd /content/StableSwarmUI/dlbackend !git clone https://github.com/comfyanonymous/ComfyUI %cd /content/StableSwarmUI/dlbackend/ComfyUI # Setup ComfyUI !pip install -r requirements.txt

curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb && sudo dpkg -i cloudflared.deb && sudo systemctl restart cloudflared

Something like cloudflared would be awesome. https://github.com/cloudflare/cloudflared

if you're on windows, you can install it with the exe: https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-windows-amd64.exe (or https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-windows-386.exe if your using 32bit windows.)

So, the "more than one" issue is kind of discussed HERE and HERE but for sure, for whatever reason, this caused me sleepless nights.

%cd /content/naifu !pip install virtualenv && bash ./setup.sh !curl -Ls https://github.com/ekzhang/bore/releases/download/v0.4.0/bore-v0.4.0-x86_64-unknown-linux-musl.tar.gz | tar zx -C /usr/bin !curl -Lo /usr/bin/cloudflared https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 && chmod +x /usr/bin/cloudflared !/content/naifu/venv/bin/python -m pip install -qq pytorch_lightning==1.7.7

Anyway, here is the Github link for Cloudflared (aka Cloudflare Tunnel client) which should allow you to remotely tunnel into your Synology server instead of using the HTTP-based reverse proxying method: https://github.com/cloudflare/cloudflared