Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

HOWTO: VPN over TOR - Hide your IP from Cryptostorm, protect yourself from Tor exit nodes

Guides, HOWTOs etc on how to setup Cryptostorm on PCs, smartphones, tablets and routers.

Topic Author
kittenrocketTEMP

HOWTO: VPN over TOR - Hide your IP from Cryptostorm, protect yourself from Tor exit nodes

Postby kittenrocketTEMP » Tue Sep 01, 2015 11:47 am

NOTE :!: :!: :!: :!: :!: This is for running your VPN THROUGH a preexisting Tor connection. NOT running Tor over your VPN (ie this is not simply running the TBB after connecting to the VPN).

Why would you want to do this?

Anon21311 gave some nice examples:

I sometimes use VPN over Tor, but like parityboy asked, the big question here is "why"... Basically, it boils down to two possible answers:

a) you don't trust your VPN or you are paranoid about someone monitoring connections to the VPN and tracing those back to your home/workplace. In that case, with VPN over Tor, the VPN (and anyone watching) will only see that the connections to the VPN come from a Tor exit node.

b) you connect to sites where you need them to see a single consistent exit IP and one which is not a Tor-identified exit node. A VPN (and that includes a VPN over Tor, of course) provides that. Tor, which changes exit nodes every session and every ten minutes, does not.


The creative can figure out more. :think:

For those interested in trying this configuration I would consider this excerpt from the Tor docs:

General Disclaimer:

you -> Tor -> x[insert: x is VPN/Proxy/SSH]

This is generally a really poor plan.

Some people do this to evade Tor bans in many places. (When Tor exit nodes are blacklisted by the remote server.)

(Read first for understanding: How often does Tor change its paths?.)

Normally Tor switches frequently its path through the network. When you choose a permanent destination X, you give away this advantage, which may have serious repercussions for your anonymity.


via. https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

Some Details:

you -> Tor -> VPN/SSH

You can also route VPN/SSH services through Tor. That hides and secures your Internet activity from Tor exit nodes. Although you are exposed to VPN/SSH exit nodes, you at least get to choose them. If you're using VPN/SSHs in this way, you'll want to pay for them anonymously (cash in the mail [beware of your fingerprint and printer fingerprint], Liberty Reserve, well-laundered Bitcoin, etc).

However, you can't readily do this without using virtual machines. And you'll need to use TCP mode for the VPNs (to route through Tor). In our experience, establishing VPN connections through Tor is chancy, and requires much tweaking.

Even if you pay for them anonymously, you're making a bottleneck where all your traffic goes -- the VPN/SSH can build a profile of everything you do, and over time that will probably be really dangerous.


via. https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

Advantages

-Additional privacy layer: the VPN server will not see your real IP address but the IP of the Tor exit node (you can check your Tor exit IP in the Client Area)
-Option to connect to web sites under Tor protection, even to those sites which refuse Tor connections
-Access to Tor from all the applications transparently: no need to configure each application, one by one
-Support to non-TCP applications which can not be supported by Tor
-Access to Remote Port Forwarding
-Avoidance of any traffic discrimination from Tor exit nodes (packets are still encrypted when they pass through Tor exit node)
-Major security layer in the event you pass through a compromised/malicious Tor exit node (packets are still encrypted when they pass through the Tor exit node)

Disadvantages:

-Poor performance
-https://check.torproject.org will not work
-Fixed Tor circuit for each OpenVPN session
-Access to .onion sites only from browsers configured to connect directly to Tor

Simple Windows HOWTO:

1. Fire up Tor Browser Bundle
2. Run OpenVPN
3. Go to your OpenVPN tray icon, right click, left click settings.
4. Configure Manual Proxy Settings to:
Socks Proxy: 127.0.0.1 Port 9150
5. Connect to a TCP configured OpenVPN config file.
Client files from Cryptostorm GitHub:https://github.com/cryptostorm/cryptostorm_client_configuration_files/tree/master/windows
6. DO NOT CLOSE TOR BROWSER BUNDLE. It terminates the Tor connection.

Wham bam you should be connected. Now you can use Tor Browser Bundle for DIRECT TOR CONNECTIONS ONLY and your everyday browser for Tor->VPN browsing

But to be secured even moreso with ease, just run Whonix in a VM in any operating system.

Whonix Workstation(with Cryptostorm VPN)-->Whonix Gateway....profit

Great info/howto on Whonix:
https://www.whonix.org


thanks to the q's and a's in https://cryptostorm.org/viewtopic.php?f=67&t=8737

Return to “guides, HOWTOs & tutorials”

Who is online

Users browsing this forum: Bing [Bot] and 8 guests

Login