Changes between Version 23 and Version 24 of doc/TorBOX/OtherAnonymizingNetworks

Apr 19, 2012, 12:31:35 AM (8 years ago)



  • doc/TorBOX/OtherAnonymizingNetworks

    v23 v24  
    105105= Using VPN's as a Tor replacement on Tor-Gateway =
     106Not finished yet. UNTESTED!
    106108It is already possible to [ Tunnel Tor through proxy, '''VPN''' or SSH] or to [ Tunnel Proxy/SSH/'''VPN''' through Tor], or a combination of both methods.
    110112In this chapter we explain, how you can replace Tor with a VPN. Regarding security see 'Introduction' on this page at the top. It's your responsibility to find a (non-logging, safe) free/paid VPN provider or to stick with Tor.
    112 Not written yet.
     114[ source], Windows related but the routing stuff is valid for Linux as well.
     116First we have to ensure, that the VPN-Gateway will only connect trough the VPN service and nothing else. There are some weak alternative ways to do this. Some "VPN-Monitor" check every, let's say 500 ms, if the VPN IP is still valid, if not, kill a list of applications. This is not very secure, it's a game if that time period is sufficient to stop a leak and if killing the applications is fast enough. Another more serious option would be to use iptables rules, allow only traffic to the VPN server and to no other targets. This maybe additionally implemented later. However, using iptables for this scenario isn't the most secure option. When the IP of the VPN service gets assigned to another server, you could end up connecting to a malicious server. The most secure option is to modify the routing table.
     1181. Test if your host internet connection is working.
     1202. Test if your tor internet connection is working.
     1223. Store your routing table before starting the VPN and before modifying anything. Type in console:
     1274. Start VPN.
     129sudo openvpn /etc/openvpn/client.conf
     1325. Test if your ISP IP gets replaced with the VPN IP.
     1346. Store the modified routing table. Type in console:
     1397. Delete your default route and set your new default route to the virtual VPN network adapter.
     141sudo route del default
     142sudo route add default dev tun0
     1458. Test if your VPN IP is still valid.
     1479. Store the modified routing table. Type in console:
     15210. For testing purposes, kill your OpenVPN connection.
     154sudo killall openvpn
     15711. Test if you can NOT connect to anything anymore. That's the whole point to prevent any leaks in the clear.
     159TODO: [[BR]]
     160- Testing. [[BR]]
     161- Autostart everything. [[BR]]
     162- Use up in /etc/network/interfaces. [[BR]]
     163- Final step: forwarding traffic from the Workstation to the Gateway.
     165Not finished yet. UNTESTED!