Re: [tor-talk] Am I successfully using Torsocks, SSH, and a VPS? Please advise, thanks!

[blobby@xxxxxxxxxxxxxxx]

Please see below for my response to your helpful comments.

On 2016-08-08 11:18, Ben Tasker wrote:
> If you're using Firefox, one thing you want to consider is DNS leakage.
>
> If you go into about:config, see whether network.proxy.socks_remote_dns
> exists. If not create it and set to True.
>
> Without that, DNS won't use the tunnel. As you've got a VPN running 
> it'll
> likely egress from the VPN endpoint instead.

Point taken. It did exist and was set to "true".

> > VPN ---> Torsocks (on 127.0.0.1) ---> SSH (bound to port 33333) ---> 
> > VPS
> ---> Internet.
>
> How do you pay for the VPS? If it's in your name (or can be linked to 
> you)
> then all you're doing is preventing your local ISP from seeing what 
> you're
> connecting to (which might, of course, be your aim). You do, in effect,
> have a fixed exit point though, so it's worth bearing in mind that in 
> some
> ways it makes you more identifiable from the point of view of services
> you're connecting to.

Bitcoin is my friend! I appreciate that using a VPS with a static IP 
does provide a fixed exit point.

I'm wondering if you feel, based on your expertise, that my system looks 
secure (see below).

Thanks again.

>




> On Mon, Aug 8, 2016 at 11:55 AM, <blobby@xxxxxxxxxxxxxxx> wrote:
>
> > I, like many other uses of Tor, have become increasingly frustrated 
> > with
> > sites like Craigslist which discriminate against Tor. It makes these 
> > sites
> > hard to use. I therefore decided to discover if it is possible to use 
> > Tor
> > but end up with a non-Tor IP.
> >
> > I use Torsocks to login to a VPS server via SSH and bind SSH to a 
> > specific
> > port with SSH’s -D option.
> >
> > My configuration is: torsocks ssh -D 33333 name@xxxxxxx (33333 is just 
> > a
> > random unused port).
> >
> > My normal Firefox browser (not the Tor Browser Bundle) has in 
> > Preferences
> > / Advanced / Connection the SOCKS host set to 127.0.0.1, the port set 
> > to
> > 33333, SOCKS v5 is ticked, and remote DNS is ticked. The “No proxy 
> > for” box
> > is blank.
> >
> > I also use a VPN for added privacy to ensure that my ISP cannot tell 
> > that
> > I am connecting to Tor. The result is (in my opinion):
> >
> > VPN ---> Torsocks (on 127.0.0.1) ---> SSH (bound to port 33333) ---> 
> > VPS
> > ---> Internet.
> >
> > First, I connect to my VPN provider. Second, I connect to port 33333 
> > on
> > 127.0.0.1 where Tor (via Torsocks) and SSH is running. Third, I 
> > connect to
> > a VPS (over SSH) and SSH is bound to port 33333. Torsocks transmits 
> > the
> > HTTP(S) traffic through three Tor nodes. Finally, the Tor routing ends 
> > at
> > the VPS and the traffic goes out onto the internet from the 
> > infrastructure
> > of the VPS.
> >
> > In my browser, I checked https://www.whatismyip.com/ which shows the 
> > IP
> > address of the VPS. When I SSH into the VPS, I see that the last IP 
> > that
> > logged in is that of a Tor exit node. In Wireshark, I see that my VPN
> > interface connects to the IP address of a Tor entry node.
> >
> > I have two questions. Does this setup appear sensible and secure? I am
> > sure there are other ways to achieve the same goal but I would like to 
> > know
> > my system is valid. I think my system is secure but I would appreciate
> > opinions from more experienced users.
> >
> > The result of this model is that my IP is that of the VPS which is 
> > static.
> > I did add a HTTP proxy to Preferences / Advanced / Connection in 
> > Firefox
> > but the result was that the SOCKS proxy (and thus Torsocks and SSH) 
> > were
> > ignored so the result was VPN –-> HTTP proxy –-> Internet (which 
> > bypasses
> > Tor). Is it possible to use a HTTP(S) (or another type) of proxy to 
> > alter
> > the IP. The ideal model would be: VPN –-> Torsocks (on 127.0.0.1) –-> 
> > SSH
> > (bound to port 33333) –-> VPS –-> Proxy (e.g. HTTP(S)) –-> Internet.
> >
> > Thank you for your help. I appreciate any advice and suggestions.
> > --
> > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
>
> --
> Ben Tasker
> https://www.bentasker.co.uk

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk