Notice: TOR Does NOT Automatically Connect Through VPN

Discussion in 'privacy technology' started by notthatguy, Sep 25, 2012.

Thread Status:
Not open for further replies.
  1. notthatguy

    notthatguy Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    34
    Well this is a bit of a strange issue, I use a VPN service and never have bothered running TOR on it as I have no need. Out of boredom today I tried it and here's the situation. I have my Comodo Firewall set to block internet access to certain software in the case my VPN disconnects. This has been tried and true dozens of times and has NEVER caused me any problems.

    But when I attempted to set this settings to the Browser Bundle, I was unable to connect. But if I removed the "VPN Only" rules on the firewall it would connect no problem. This leads me to believe that TOR is NOT routed through the VPN.

    I use Open VPN for my service, anyone know any way to force it to run through the VPN? Because it seems to go around it.

    I figured I'd better post this on Wilders as many people in the past have just stated to run it after connecting to your VPN. Which obviously is NOT the case.
     
    Last edited: Sep 25, 2012
  2. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    You should be able to run Tor after connecting to your VPN with no problem. Perhaps your firewall rules just need some adjusting. In particular, Tor and its components need access to the loopback zone on the local network in order to function correctly. Try this rule set instead:

    tbb-firefox.exe
    • Allow TCP Out From MAC Any To IP 127.0.0.1 Where Source Port Is Any And Destination Port Is Any
    tor.exe
    • Allow TCP Out From [VPN Only] To MAC Any Where Source Port Is Any And Destination Port Is Any
    • Allow TCP Out From MAC Any To IP 127.0.0.1 Where Source Port Is Any And Destination Port Is Any
    vidalia.exe
    • Allow TCP Out From MAC Any To IP 127.0.0.1 Where Source Port Is Any And Destination Port Is 9051
    Don't worry about those "MAC Any" connections to 127.0.0.1 - that IP address only exists on the local machine, so it is safe (and necessary). The actual connections to external internet addresses are handled exclusively by the "tor.exe" application. By implementing that first rule for tor.exe, you are effectively binding the connection to your VPN zone, so there won't be any leaks.
     
  3. notthatguy

    notthatguy Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    34
    Casper would you mind going over a small tutorial on how to do that? My selections in Comodo look nothing like what you've written there so I'm obviously doing something wrong. Not sure how to implement the MAC any rule even.

    Any help would be appreciated.
     
  4. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    There's probably more than one way to do it. What I usually do is just create rules on the fly, meaning I allow (or block) whatever the application is asking for, and then fine-tune the rules to be more specific (if necessary).

    Not really sure if I can explain it any better, but I'll try posting some screen shots.

    Firewall Behavior Settings

    General Settings
    Firewall Security Level = Custom Policy
    Create rules for safe applications = Checked​
    Alert Settings
    Alert Frequency Level = "Very High"​

    Network Security Policy
    Application Rules (Summary):

    a.jpg

    Example Rule #1 for tor.exe:
    Allow TCP Out From [IP range or network zone for VPN] To MAC Any Where Source Port Is Any And Destination Port Is Any

    bh.jpg

    Example Rule #2 for tor.exe:
    Allow TCP Out From MAC Any To IP 127.0.0.1 Where Source Port Is Any And Destination Port Is Any

    ch.jpg
     
    Last edited: Sep 26, 2012
  5. notthatguy

    notthatguy Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    34
    Wow Casper that is more than I could have asked for! Thank you!
     
  6. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    also :thumb:
    thanx
    Popcorn
     
Loading...
Thread Status:
Not open for further replies.