[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor VPN Server selfmade

1) You didn't e-mail me or coderman directly and
2) I don't always stay on top of the Tor mailing list so
3) Here's your open source solution the Tor project paid us for.


For whatever reason, ask Roger or someone else, Tor VM isn't hosted on the
torproject.org site anymore.  Probably due to the fact that it has not been
updated in quite some time.  However, the basic idea of making something
that is "leak-proof" still holds true.

I would recommend you download this ASAP if you want it as I'm dumping my
hosting provider at the end of the week and I haven't picked a replacement

Whether it's a VM or dedicated hardware, you can still achieve the same

Good luck.

On Thu, Jan 5, 2012 at 9:17 PM, <hmoh@xxxxxxxxxxxxx> wrote:

> The goal is to create a bulletproof environment where nothing can leak
> thought configuration mistakes, dns, java, flash, plugins and even side
> channel attacks, local infections, trojans... Additionally it's also nice
> to know that all applications can be torified even if they do not support
> proxy settings and it does no longer matter if they probable implement
> socks4a or only socks4.
> Unfortunately JanusVM is closed source, unsecure (see malinglist at the
> end of last month) and unmaintained (no answer from the JanusVM devs). But
> the concept can be adjusted.
> Initial step is to learn how to setup a VPN server and how to connect to a
> VPN server and to use it's internet connection. After that's done this
> internet connection needs to be torified.
> The frist virtual machine (VM) - which can be of course also be a spare
> physical device - will run a VPN server. It's quite easy to setup a VPN
> server. pptp VPN might not be the most secure choose but when only used
> locally then I see no problem if the encryption might be broken. I choosed
> pptp because it's easier to setup, no bothering with certificates. Here are
> some instructions how to set it up.
> http://www.howtogeek.com/51237/setting-up-a-vpn-pptp-server-on-debian/
> http://www.debiantutorials.com/installing-and-configuring-pptp-vpn-server-on-lenny/
> The first VM also needs three virtual network cards.
> - host only connection (for administrative tasks, SSH access, not that
> important, can be done directly as well, but if you plan to use real
> hardware later it's worth to think about it)
> - NAT connection (access to clearnet)
> - VMnet private network
> The second VM can use an operating system of your choose. As of right now
> I also see no reason why this couldn't be even Windows. The second VM needs
> one virtual network card, a VMnet private network. That is important. Do
> not use NAT. The VPN connection might work as well but as soon as the VPN
> breaks down or is shut down the host ip might leak.
> VM-2 is only able to connect to VM-1 (thanks to VMnet private network).
> And VM-2 has no way to determine that real clear external host ip address.
> VM-2 will VPN connect to VM-1. Thanks to VM-2 to accept the VPN connection
> and to forward all traffic thought Tor.
> The "forward all traffic thought Tor" could become the tricky part,
> hopefully the Tor wiki article Tor Transparent Proxy will help out here.
> That's the concept so far. Hopefully this overcomes the weak points of
> JanusVM (closed source, unmaintained, unsecure, outdated, possible leak
> when VPN breaks down).
> Any thoughts about weaknesses, improvements, ideas, whatsoever are welcome.
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
tor-talk mailing list