VPN Server as Tor Router?

[dahai8]

I have a Raspberry Pi VPN Server setup and running great in my home. I connect to it when I'm out and about on open WiFi networks.
Now, on that same Pi, I'd like to run a Tor router and have all the data that the VPN Server forwards out to the Internet to instead go through the Tor Router.
I can't figure out how to: Tell the VPN Server to route its output to Tor, or if even that's the correct way to do it.
Maybe setup the Tor Router on a Virtual IP and route the VPN output to that IP?
Not sure I know what I'm talking about.
Any suggestions?

Thanks.

[dahai8]

So I set up an Virtual IP such that eth0.0 router is eth0

nano /etc/network/interfaces

Code: Select all

iface eth0 inet manual

auto eth0.0
iface eth0.0 inet manual
    vlan-raw-device eth0

nano /etc/dhcpcd.conf

Code: Select all

interface eth0
  static ip_address=192.168.3.50/24
  static routers=192.168.3.3
  static domain_name_servers=8.8.8.8 8.8.4.4

interface eth0.0
  static ip_address=192.168.3.51/24
  static routers=192.168.3.50
  static domain_name_servers=8.8.8.8 8.8.4.4

Then set up OpenVPN
nano /etc/openvpn/server.conf

Code: Select all

local 192.168.3.51
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/TestPortal.crt
key /etc/openvpn/easy-rsa/keys/TestPortal.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.3.51 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
comp-lzo
persist-key
persist-tun
user nobody
group nogroup
cipher AES-128-CBC
log /var/log/openvpn.log
status /var/log/openvpn-status.log 20
verb 1

And I set up Tor
nano /etc/tor/torrc

Code: Select all

Log notice file /var/log/tor/notices.log
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 192.168.3.50:9040
DNSPort 192.168.3.50:5353

And then set the iptable filters

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.3.51
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT --to-ports 5353
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5353 -j REDIRECT --to-ports 5353
iptables -t nat -A PREROUTING -i eth0 -p tcp --syn -j REDIRECT --to-ports 9040

And reboot
On 192.168.3.51 via ssh:
curl whatsmyip.co => my external IP address
curl --socks 127.0.0.1:9050 whatsmyip.co ==> some random IP address (shows that Tor works through socks)

However, connecting to the OpenVPN server on 192.168.3.51 and going to whatsmyip.co ==> my external IP address and not some random Tor one

So, for some reason, the output of the VPN Server on 192.168.3.51 is not going to 192.168.3.50 and being picked up by Tor Anonymized.

Any ideas where to check/change/test?

Thanks.

[Nuno18]

Hello,

Can you get your openVPN server configuration with the tor network up and running?

I have an identical idea to do but to put into a R7000 router through the XWRT firmware.