Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Advice on setting up TOR over VPN server
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Advice on setting up TOR over VPN server

rc6962rc6962 Member
in General

I've currently got several VPN servers setup using OpenVPN and wireguard. However I'm wanting to enable the option to connect to my VPN server and it route that traffic from that connection to the TOR network. I know this is possible because Proton VPN among others offer it, although I'm experienced in Linux Server Admin and Network Admin, I'm not sure of the best/most secure way to do this. I've searched online and found a few suggestions but nothing that really helped. I'm hoping someone in this community can point me in the right direction.

Thanks!

Comments

  • ZoobDudeZoobDude Member

    I don't see the advantage of adding a fourth hop to a already slow connection. Wouldn't it make more sense to use a client such as https://github.com/Und3rf10w/kali-anonsurf or use the official SOCKS Proxy

  • farsighterfarsighter Member
    edited July 2023

    Since I'm lazy here is GPT4 answer to your post:

    Connecting a VPN server to the TOR network involves a few steps:

    Configure your OpenVPN or Wireguard server: You need to ensure your VPN server is correctly configured and working. From the information given, it sounds like you already have this part handled.
    Install and configure a TOR proxy on your VPN server: The TOR network works by bouncing your requests around a distributed network of servers called onion routers. To connect to this network, you need to install a TOR proxy on your VPN server. This proxy will route all traffic from your VPN to the TOR network.
    Here's an example of how you can install and configure TOR on a Ubuntu server:

    sudo apt update
    sudo apt install tor
    After installing TOR, you need to configure it to allow your VPN server to connect to it. Open the TOR configuration file with a text editor:

    sudo nano /etc/tor/torrc
    Then, add the following lines to the file:

    SocksPort 0
    SocksPolicy accept *
    DNSPort 53
    TransPort 9040
    These lines configure TOR to accept connections from your VPN server and route them to the TOR network.

    Configure your VPN server to route all traffic through the TOR proxy: After setting up the TOR proxy, you need to change your VPN server configuration to route all traffic through the TOR proxy. This can be done by modifying the 'iptables' of your server to redirect all traffic to the TOR proxy.
    Here's an example of how you can do this:

    sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --syn -j REDIRECT --to-ports 9040
    sudo iptables -t nat -A PREROUTING -i tun0 -p udp --dport 53 -j REDIRECT --to-ports 53
    These commands redirect all TCP traffic and DNS requests from your VPN (assumed to be 'tun0') to the TOR proxy.

    Please note that the above are just examples and the exact commands might vary depending on your server setup and VPN configuration.

    In terms of security, this setup is reasonably secure as it combines the encryption of a VPN with the anonymity of the TOR network. However, it's worth noting that while this setup provides a high degree of privacy, it can significantly reduce your internet speed due to the additional hops in the TOR network. Also, some websites block traffic from the TOR network due to its association with illicit activities.

    Regarding ProtonVPN and other VPN providers offering TOR over VPN, it's important to note that they likely use their client applications to manage this setup, as indicated by responses from NordVPN and ProtonVPN https://restoreprivacy.com/vpn/wireguard/. Implementing this on your own server means you'll have to manage the configurations yourself.

    End of quote.
    Try it and if you're still having problems please narrow your question to a specific step.

  • babywhalebabywhale Member

    from my experience the only thing that your limited by would be your bandwidth

  • DataIdeas-JoshDataIdeas-Josh Member, Patron Provider
    edited July 2023

    Edit: I need to learn how to read...

  • TimboJonesTimboJones Member

    Oh shit. Lmgtfy will be replaced with lmgpttfy.

    Thanked by 1farsighter
  • rc6962rc6962 Member

    @farsighter said:
    Since I'm lazy here is GPT4 answer to your post:

    Connecting a VPN server to the TOR network involves a few steps:

    Configure your OpenVPN or Wireguard server: You need to ensure your VPN server is correctly configured and working. From the information given, it sounds like you already have this part handled.
    Install and configure a TOR proxy on your VPN server: The TOR network works by bouncing your requests around a distributed network of servers called onion routers. To connect to this network, you need to install a TOR proxy on your VPN server. This proxy will route all traffic from your VPN to the TOR network.
    Here's an example of how you can install and configure TOR on a Ubuntu server:

    sudo apt update
    sudo apt install tor
    After installing TOR, you need to configure it to allow your VPN server to connect to it. Open the TOR configuration file with a text editor:

    sudo nano /etc/tor/torrc
    Then, add the following lines to the file:

    SocksPort 0
    SocksPolicy accept *
    DNSPort 53
    TransPort 9040
    These lines configure TOR to accept connections from your VPN server and route them to the TOR network.

    Configure your VPN server to route all traffic through the TOR proxy: After setting up the TOR proxy, you need to change your VPN server configuration to route all traffic through the TOR proxy. This can be done by modifying the 'iptables' of your server to redirect all traffic to the TOR proxy.
    Here's an example of how you can do this:

    sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --syn -j REDIRECT --to-ports 9040
    sudo iptables -t nat -A PREROUTING -i tun0 -p udp --dport 53 -j REDIRECT --to-ports 53
    These commands redirect all TCP traffic and DNS requests from your VPN (assumed to be 'tun0') to the TOR proxy.

    Please note that the above are just examples and the exact commands might vary depending on your server setup and VPN configuration.

    In terms of security, this setup is reasonably secure as it combines the encryption of a VPN with the anonymity of the TOR network. However, it's worth noting that while this setup provides a high degree of privacy, it can significantly reduce your internet speed due to the additional hops in the TOR network. Also, some websites block traffic from the TOR network due to its association with illicit activities.

    Regarding ProtonVPN and other VPN providers offering TOR over VPN, it's important to note that they likely use their client applications to manage this setup, as indicated by responses from NordVPN and ProtonVPN https://restoreprivacy.com/vpn/wireguard/. Implementing this on your own server means you'll have to manage the configurations yourself.

    End of quote.
    Try it and if you're still having problems please narrow your question to a specific step.

    Is it advisable/and or required to run the TOR Proxy on the same VPN server, or setup a separate instance of Ubuntu to act just as a Tor proxy?

  • farsighterfarsighter Member
    edited July 2023

    @rc6962 said:

    Is it advisable/and or required to run the TOR Proxy on the same VPN server, or setup a separate instance of Ubuntu to act just as a Tor proxy?

    Since we started with it I'll give GPT4 the honor to answer your follow up question (just ignore that "Both VPN and TOR can be resource-intensive" paragraph which is irrelevant to today's average servers).

    GPT4:

    Running the TOR proxy on the same server as the VPN server is perfectly fine and is a common setup. It simplifies the process as you don't have to manage multiple servers and deal with inter-server communication.

    However, there are a few reasons why you might want to consider running the TOR proxy on a separate server:

    Security: If someone manages to compromise your VPN server, they could potentially gain access to your TOR proxy as well if they're on the same machine. By keeping them separate, you add an additional layer of security.
    Performance: Both VPN and TOR can be resource-intensive. If your server doesn't have sufficient resources, running both on the same machine could degrade performance. In such a case, separating them onto different servers could help.
    Maintenance and scalability: Having them on separate servers allows you to maintain and scale each service independently. For example, you could upgrade or restart the TOR server without affecting the VPN server and vice versa.

    Here's a general guide on how to set up a separate TOR proxy server:

    Install Ubuntu on a new server instance.
    Install and configure the TOR service as described in the previous answer.
    Update the iptables rules on your VPN server to redirect traffic to the TOR proxy server instead of localhost. You'd need to replace 127.0.0.1 with the IP address of your TOR server:
    sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --syn -j DNAT --to-destination <tor-server-ip>:9040
    sudo iptables -t nat -A PREROUTING -i tun0 -p udp --dport 53 -j DNAT --to-destination <tor-server-ip>:53
    ```
    Remember to replace tor-server-ip with the actual IP address of your TOR server.

    In conclusion, whether to run the TOR proxy on the same server as the VPN or on a separate server depends on your specific needs and constraints. Both options have their pros and cons, and you'll need to consider factors such as security, performance, and maintenance when making your decision

    End of quote.
    BTW in previous gpt answer it forgot to add about running 'service tor start' command before TOR service can work (almost sure you know that but just in case).

    Thanked by 1rc6962
Sign In or Register to comment.