Routing a VPN connection to a socks proxy on the same server

2

I'm running a VPS with the OpenVPN service. On the same server I also set up a local socks proxy (it's Tor, but I don't think it really matters for this case).

Can I somehow route my VPN connection to that socks proxy, without any changes in my local browser/device settings?

The connection I want to set up looks something like

(my device) -> VPN tunnel -> (VPN server -> Tor SOCKS proxy) -> Tor network
                             (this connection is inside VPS)

I see two options

1) Routing happens entirely on the server, transparently for a client

2) The VPN pushes socks proxy options (as it can push routes, DNS servers etc)

but I have no clue how to achieve either one.

I frequently use OpenVPN to bypass blocking, and I want to use the same routine to connect to the Tor network both from Windows and Android devices, without bothering to change proxy settings, running local tor/orbot etc. Ideally I plan to run it alongside a regular VPN connection that routes all traffic to the Internet (this is already set up and working fine) but on a different port.

Oleg Shemetov

Posted 2018-08-08T09:25:04.523

Reputation: 121

Answers

0

Finally got to it.

First you need to run another OpenVPN instance. Just copy your openvpn/server.conf and change

port [some free port]
server [another subnet, if your first instance was on 10.8.0.0, set it to 10.8.1.0] 255.255.255.0
push "dhcp-option DNS [we will use TOR DNS, so this will be TOR proxy IP, e.g. 10.8.1.1]"

you may want to generate another keypair.

Then you start TOR in transparent proxy mode (please note that official documentation lists this mode as potentially insecure, refer to https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy for details). It will serve as your gateway and DNS server. Change default torrc file appending this configuration

VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort [address in your subnet, e.g. 10.8.1.1]:9040 
DNSPort [same, 10.8.1.1]:53

and finally route all subnet requests to TOR proxy (special configuration for DNS traffic)

iptables -t nat -A PREROUTING -s [your subnet, e.g. 10.8.1.0/24] -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A PREROUTING -s [your subnet, e.g. 10.8.1.0/24] -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040

make sure you allow internal 10.8.1.0 subnet traffic in your firewall.

Connecting to different ports will allow you to switch from TOR network to regular internet connection through VPN. No client configuration necessary.

Oleg Shemetov

Posted 2018-08-08T09:25:04.523

Reputation: 121

Asked: 2018-08-08T09:25:04.523

Viewed: 483 times

Active: 2019-02-25T15:01:59.573