[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] tor with vpn



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/04/2016 09:04 PM, grarpamp wrote:
> On 7/4/16, Mirimir <mirimir@xxxxxxxxxx> wrote:
>> If you're using the plain tor client, you can route a VPN through
>> Tor by adding these lines to the openvpn .conf file in
>> /etc/openvpn:
>> 
>> socks-proxy 127.0.0.1 9050 /etc/openvpn/up socks-proxy-retry
> 
> And if you're then trying to point various socks5 enabled apps
> through the VPN without having to setup all sorts of heavyweight
> VM's and packet filters on your box, you should review and support
> this ticket...

Yes, VMs are heavyweight. But iptables rules for this are pretty
trivial. Drop everything (input, forward and output). Accept output on
eth0 only for user debian-tor. Accept all output on tun0.

<SNIP>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXeyndAAoJEGINZVEXwuQ+tzgH/3VlLbFRP3ur+tNNH6Zk+wBn
IDmR0jEb/e6Uj6EvvaFWLU5bRkNJUuDXkdvdGkgnQH6gAnCNqr4ZGOsQersNEYtD
QPpCd+S1p0f4nbhlfnEk9EhbJO3yK6+ZUUsPX9537he/oIk9K6TGo4Zc3Bnzswr5
QPWnSmnYhjClKrfvkykhZjBH08bS3cwHUf02JJZ5qIZ7tj3rwbo8x+mCDOYPgCB9
M5TRn9E7uhBbRDZw872u0PJ5kezTXdxlwxSef0M5IYNx3U9sR4MZ6mmDUuBclsNw
+ntLFkTJr545zn5XaXkdYuQYJWe8ENHvZ9WvQobkhpZx/W3VT1bNtYjEKAgKuHs=
=eZSu
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk