How to go from Tor to a VPN?

Discussion in 'privacy technology' started by lucygrl, Jan 1, 2014.

Thread Status:
Not open for further replies.
  1. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    How do I safely set it up to go from Tor to a VPN? I only want to use open source software for this.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    If you want to hide Tor use from your ISP etc, run a VPN client in your computer. Then install VirtualBox, and import the Whonix VMs. Then install a second VPN in the Whonix workstation VM. You must use TCP mode because Tor can't route UDP. Once the second VPN connects, switch the Tor Browser to "Transparent Torification" using the Tor Button.
     
  3. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Thankyou Mirimir,

    a few questions, What VPN Client should I install?

    Second, if im only using the pluggable transports and obfuscated bridges tor package does my ISP still know Im using Tor?

    thankyou.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I get that your focus is privacy, not torrenting, so I recommend either AirVPN or iVPN.

    Also, I recommend using the stock OpenVPN client, and using a firewall to prevent leaks.

    I'm not sure. If you've ever had a bridge blocked, they probably do, because it wouldn't have been blocked unless they knew it was a Tor bridge. But that's just a guess, by someone who doesn't know Tor very well.

    De nada :)
     
  5. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Thankyou Mirimir,

    I have no interest in torrents. I need two level privacy, in office and in the field. The office I have the answers for now thanks to the help from everyone here on Wilders. The field is the issue here for me and that is what im trying to find the best solution. I cant just go straight into Tor or it will give it away and I cant just go straight into a VPN for the same reason. I need another option, and so far the pluggable transports and obfuscated bridges is the best option. What I would like to do is go from that to a VPN. That seems the best option, hope you understand what I mean,

    thankyou.
     
  6. Noctis

    Noctis Registered Member

    Joined:
    Nov 15, 2013
    Posts:
    15
    Just a curiosity guys, if we use a vpn before connecting to Tor our ISP cant know that we are using Tor. What about the VPN? Of course the vpn knows that we are using Tor since we are connecting directly trough it but it can see our traffic or only the exit node is able to see it? (im always talking about the vpn behind Tor, i know that if we use the vpn after connecting to Tor we will use it as our exit node). Thanks
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I've never used Tor with pluggable transports and obfuscated bridges, so I can't say for sure how to proceed. One option is using Whonix, with Tor in the gateway VM set up as you need. Then you would run a VPN in the workstation VM. Getting the browser to use the VPN is easy, as I described below. Getting other apps to use the VPN is harder, and I recommend that you ask adrelanos.

    Another option is setting up Tor in an OpenWRT VM, and using the VPN and TBB in an attached Linux VM. If you'll just be using the VPN through Tor, and not Tor directly, you can just create one SocksPort, and point the VPN at it. To do that, add "socks-proxy server port up" (where "server" is the gateway IP, "port" is the SocksPort, and "up" is a file containing the username and password for the gateway VM) and "socks-proxy-retry" to the OpenVPN configuration file.

    Also, if you specify a numeric IP address for the OpenVPN server, you don't need to set up Tor for DNS resolution. And securing the Tor gateway VM is easy, You don't need (and don't want) any routes through the gateway, and you create a firewall rules that block everything from LAN except to the router itself.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Using Tor through a VPN, the VPN provider can only see your IP address, and the Tor entry guard relays that you use. It sees only encrypted traffic between you and the entry guards.
     
  9. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802

    thing is what you need use is the latest obfuscated bridge protocoll aka obfs3 addresses not obfs2 relay addresses wich can be more easily decrypted if theres interest :ninja:, as for where to get those addresses would be the usual https://bridges.torproject.org/bridges , the alternative would be using a anonymous gmail email over tor to get a list of obfs3 relays


    https://gitweb.torproject.org/plugg.../blob/HEAD:/doc/obfs3/obfs3-protocol-spec.txt

    thing is i trust my vpn more than tor , so i would go with isp > vpn 1>tor pluggable transports and obfuscated bridges bundle> internet , or if you wanna do it right go with isp > vpn 1> tor vm > vpn 2> internet or tor pluggable transports and obfuscated bridges bundle then internet , wich ssl/ssh tunneling can be used for the vpn connection and if you dont trust your first vpn wich wouldnt make any sense in the first place

    since they see your real ip, so it should be a trusted and peer reviewed vpn in the first place matter of fact all of your vpns should be but exspecially the first one , anyhow could have tor bundle use obfs3 relays ontop since the tor vm doesnt support obfuscated bridges to my knowledge, and of course as mirimir mentioned all this can be done using whonix instances as well

    and this is a little clip to explain how obfs and future improvements in that category are being worked on

    https://www.youtube.com/watch?v=u0iueUlY6dQ&hd=1&list=UL
     
    Last edited: Jan 2, 2014
  10. Noctis

    Noctis Registered Member

    Joined:
    Nov 15, 2013
    Posts:
    15
    Thank you Mir, exhaustive and precise answer as always : )
     
  11. MikeRogers

    MikeRogers Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    25
    Perhaps potential TOR/VPN users should look at this post, which so far seems to have gained little traction:

    https://www.wilderssecurity.com/showthread.php?t=358039

    One highly pertinent quote from the report is this:
    For an adversary with a global surveillance capability, such a system would seriously compromise the effectiveness of the TOR system. It might also help to explain how some recent TOR users have been apprehended.
     
  12. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    thats nothing , read this article

    http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

    tbh , again if you setup your vpn connection as most of us do , aka creating seperate pfsense vpn vms and having the vpn connect through that pfsense vm to the host isp internet , i dont see any reason to be afraid of packet poisoning , wich can be double checked with apps such as wireshark, but please do tell if ive missed something , mind you im only an average user not a network guru, and about poisoned tor relays , well thats up to the tor devs to blacklist them in the first place , not that it would be that much of an issue anyhow imo , if youre extremely paranoid use

    a quarantined setup such as vpn 1> tor gateway >vpn2 ...internet or tor pluggable transports and obfuscated bridges bundle with obfs3 relays and then internet , and make sure your router isnt from your isp


    and to remind you guys that think the nsa is bad , well theres a ton more around the world that have different names but essentially do the same thing so its not just the nsa/usa mind you, not that there arent many other organizations that work together with them or out achieve them meaning its kinda like a global competition on who can spy the best and mine the most data ;)


    and about recent tor users being apprehended well , first id like to have that article then only can i comment on that
     
    Last edited: Jan 6, 2014
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That's true. But the NSA is the best, no? On the other hand, the Chinese are gaining fast, and they make most of the world's hardware now.
     
  14. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    There is no real competition in the same league as the NSA. They are, as they say, in a league of their own. The USA black box budget is off the charts and has been for years. The "public" budget for these things is off the charts as far as that goes. Yes, others can do much of what the NSA does (many on this board can do many of those things), but no other country can do it in such quantity and (most importantly) with the ability, technology, and funds to analyze the enormous amounts of data. The question really isn't even one worth discussing. There's only one NSA and it's a beast.
     
  15. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    i wouldnt be so sure , you never know ;)
     
  16. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Even those U.S. allies that have large intelligence assets learn much of what they know in Warrenton, VA - from who? The NSA/CIA/Army Intelligence.

    By the way, I'm not being "pro-NSA"....I only mean it in a factual way, for better or worse.
     
  17. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Could you please explain further on this? And if not from the ISP, then what brand should I get and how can I be sure it has not already been compromised before I buy it? Is there something I should do when I first buy a Modem or Router?
     
Loading...
Thread Status:
Not open for further replies.