How about ngrok? Works great.Reply
Another option is a VPN as a service solution like tailscale. Tailscale does a lot of work to get around NAT and has some great articles on their blog about it. https://tailscale.com/blog/how-nat-traversal-works/Reply
Every single tor .onion URL in this article no longer works in Tor clients. Why? Because the tor project decided to throw away 15 years of communities and interlinking and search indices just to make sure people don't accidentally use tor v2 (which is still more secure than the clear web) and force them to use the far more secure tor v3 (an entirely new network). They did this in Oct/Nov 2021 after a couple years of warning of depreciation (not deletion).Reply
The main downside to this is that performance will generally be quite bad. Tor trades performance for anonymity. Unless you specifically need anonymity — which is highly unlikely when you are just trying to reach back to a host of your own behind a NAT — there probably isn't any benefit in using Tor.Reply
Another benefit is that Tor has built-in load balancing and failover.
You can use it with onionbalance.Reply
There are essentially 3 ways proxy tunneling like this is done:
1. The Tor method mentioned in this article - Will probably be the worst performance but it's free and offers some privacy features.
2. VPN - WireGuard (Tailscale is popular), OpenVPN, IPsec etc. Best performance, but requires some low-level configuration on both the client and server. You'll probably need admin privileges on the client to configure network interfaces. This is usually automated in practice. If you're on network that blocks UDP, that can also be an issue. You also need a server with a public IP, which generally you'll have to pay for.
3. User-space tunnels - Solutions like SSH remote port forwarding, ngrok, etc. Convenient because on the client you don't need elevated privileges. Performance will likely be somewhere between Tor and VPN. Although note that unless you have very fast internet upload speeds, tunnel performance isn't likely to be your bottleneck. Many solutions multiplex over a single TCP connection, which can cause issues in lossy network conditions due to head-of-line blocking. You need a server with a public IP just like with a VPN.
I maintain a list of proxy tunneling solutions here:Reply
If you use Tor, you should stop. I believe that it is mostly used by criminals and that it is largely ran by law enforcement agencies. I cannot prove this but I believe it is true. Simply using it makes you suspect.
Also, if you have a need to use Tor for work purposes, get written permission from your senior management and describe exactly what you will do while using Tor (scan our hosts externally, test our firewall rules, find exposed services or mis-configured systems, etc.).
If your goal is to be anonymous while surfing the Internet, find some other way, but stop using Tor for that.Reply
For some reason I'm under the impression that onion services were discoverable, or partially discoverable by relay operators, or some such. IT's been quite awhile though and I think there was some talk of changing that.
Does anyone know if that has changed? Last time someone suggested to me, which was several years ago, it didn't seem to have the security properties the person suggesting the approach thought it had, specifically that tor was adding security via the onion service.
Anyone have up to date information?Reply