I have a Raspberry Pi VPN Server setup and running great in my home. I connect to it when I'm out and about on open WiFi networks.
Now, on that same Pi, I'd like to run a Tor router and have all the data that the VPN Server forwards out to the Internet to instead go through the Tor Router.
I can't figure out how to: Tell the VPN Server to route its output to Tor, or if even that's the correct way to do it.
Maybe setup the Tor Router on a Virtual IP and route the VPN output to that IP?
Not sure I know what I'm talking about.
Any suggestions?
Thanks.
VPN Server as Tor Router?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 17
- Joined: Sat Oct 03, 2015 7:17 am
Re: VPN Server as Tor Router?
So I set up an Virtual IP such that eth0.0 router is eth0
nano /etc/network/interfaces
nano /etc/dhcpcd.conf
Then set up OpenVPN
nano /etc/openvpn/server.conf
And I set up Tor
nano /etc/tor/torrc
And then set the iptable filters
And reboot
On 192.168.3.51 via ssh:
curl whatsmyip.co => my external IP address
curl --socks 127.0.0.1:9050 whatsmyip.co ==> some random IP address (shows that Tor works through socks)
However, connecting to the OpenVPN server on 192.168.3.51 and going to whatsmyip.co ==> my external IP address and not some random Tor one
So, for some reason, the output of the VPN Server on 192.168.3.51 is not going to 192.168.3.50 and being picked up by Tor Anonymized.
Any ideas where to check/change/test?
Thanks.
nano /etc/network/interfaces
Code: Select all
iface eth0 inet manual
auto eth0.0
iface eth0.0 inet manual
vlan-raw-device eth0
Code: Select all
interface eth0
static ip_address=192.168.3.50/24
static routers=192.168.3.3
static domain_name_servers=8.8.8.8 8.8.4.4
interface eth0.0
static ip_address=192.168.3.51/24
static routers=192.168.3.50
static domain_name_servers=8.8.8.8 8.8.4.4
nano /etc/openvpn/server.conf
Code: Select all
local 192.168.3.51
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/TestPortal.crt
key /etc/openvpn/easy-rsa/keys/TestPortal.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.3.51 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
comp-lzo
persist-key
persist-tun
user nobody
group nogroup
cipher AES-128-CBC
log /var/log/openvpn.log
status /var/log/openvpn-status.log 20
verb 1
nano /etc/tor/torrc
Code: Select all
Log notice file /var/log/tor/notices.log
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 192.168.3.50:9040
DNSPort 192.168.3.50:5353
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.3.51
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT --to-ports 5353
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5353 -j REDIRECT --to-ports 5353
iptables -t nat -A PREROUTING -i eth0 -p tcp --syn -j REDIRECT --to-ports 9040
On 192.168.3.51 via ssh:
curl whatsmyip.co => my external IP address
curl --socks 127.0.0.1:9050 whatsmyip.co ==> some random IP address (shows that Tor works through socks)
However, connecting to the OpenVPN server on 192.168.3.51 and going to whatsmyip.co ==> my external IP address and not some random Tor one
So, for some reason, the output of the VPN Server on 192.168.3.51 is not going to 192.168.3.50 and being picked up by Tor Anonymized.
Any ideas where to check/change/test?
Thanks.
-
- OpenVpn Newbie
- Posts: 18
- Joined: Fri Nov 27, 2015 6:30 pm
Re: VPN Server as Tor Router?
Hello,
Can you get your openVPN server configuration with the tor network up and running?
I have an identical idea to do but to put into a R7000 router through the XWRT firmware.
Can you get your openVPN server configuration with the tor network up and running?
I have an identical idea to do but to put into a R7000 router through the XWRT firmware.