Changes between Version 23 and Version 24 of doc/TorBOX/OtherAnonymizingNetworks


Ignore:
Timestamp:
Apr 19, 2012, 12:31:35 AM (8 years ago)
Author:
proper
Comment:

VPN

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorBOX/OtherAnonymizingNetworks

    v23 v24  
    104104
    105105= Using VPN's as a Tor replacement on Tor-Gateway =
     106Not finished yet. UNTESTED!
     107
    106108It is already possible to [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/OptionalConfigurations#TunnelingTorthroughproxyVPNorSSH Tunnel Tor through proxy, '''VPN''' or SSH] or to [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/OptionalConfigurations#TunnelingProxySSHVPNthroughTor Tunnel Proxy/SSH/'''VPN''' through Tor], or a combination of both methods.
    107109
     
    110112In this chapter we explain, how you can replace Tor with a VPN. Regarding security see 'Introduction' on this page at the top. It's your responsibility to find a (non-logging, safe) free/paid VPN provider or to stick with Tor.
    111113
    112 Not written yet.
     114[http://cranthetrader.blogspot.de/2011/10/dont-allow-non-vpn-traffic.html source], Windows related but the routing stuff is valid for Linux as well.
     115
     116First we have to ensure, that the VPN-Gateway will only connect trough the VPN service and nothing else. There are some weak alternative ways to do this. Some "VPN-Monitor" check every, let's say 500 ms, if the VPN IP is still valid, if not, kill a list of applications. This is not very secure, it's a game if that time period is sufficient to stop a leak and if killing the applications is fast enough. Another more serious option would be to use iptables rules, allow only traffic to the VPN server and to no other targets. This maybe additionally implemented later. However, using iptables for this scenario isn't the most secure option. When the IP of the VPN service gets assigned to another server, you could end up connecting to a malicious server. The most secure option is to modify the routing table.
     117
     1181. Test if your host internet connection is working.
     119
     1202. Test if your tor internet connection is working.
     121
     1223. Store your routing table before starting the VPN and before modifying anything. Type in console:
     123{{{
     124route
     125}}}
     126
     1274. Start VPN.
     128{{{
     129sudo openvpn /etc/openvpn/client.conf
     130}}}
     131
     1325. Test if your ISP IP gets replaced with the VPN IP.
     133
     1346. Store the modified routing table. Type in console:
     135{{{
     136route
     137}}}
     138
     1397. Delete your default route and set your new default route to the virtual VPN network adapter.
     140{{{
     141sudo route del default
     142sudo route add default dev tun0
     143}}}
     144
     1458. Test if your VPN IP is still valid.
     146
     1479. Store the modified routing table. Type in console:
     148{{{
     149route
     150}}}
     151
     15210. For testing purposes, kill your OpenVPN connection.
     153{{{
     154sudo killall openvpn
     155}}}
     156
     15711. Test if you can NOT connect to anything anymore. That's the whole point to prevent any leaks in the clear.
     158
     159TODO: [[BR]]
     160- Testing. [[BR]]
     161- Autostart everything. [[BR]]
     162- Use up in /etc/network/interfaces. [[BR]]
     163- Final step: forwarding traffic from the Workstation to the Gateway.
     164
     165Not finished yet. UNTESTED!