>On Monday, January 22nd, 2024 at 10:41 AM, Jochen Bern <jochen.b...@binect.de> >wrote:
> On 20.01.24 07:24, Peter Davis wrote: > > > On Friday, January 19th, 2024 at 5:04 PM, Jochen Bern jochen.b...@binect.de > > wrote: > > > > > On 19.01.24 13:59, Peter Davis via Openvpn-users wrote: > > > > > > > I want to tunnel OpenVPN on Tor and I found the following iptables > > > > rules: > > > > > > > > # export OVPN=tun0 > > > > # IPTABLES -A INPUT -i $OVPN -s 10.8.0.0/24 -m state --state NEW -j > > > > ACCEPT > > > > # IPTABLES -t nat -A PREROUTING -i $OVPN -p udp --dport 53 -s > > > > 10.8.0.0/24 -j DNAT --to-destination 10.8.0.1:53530 > > > > # IPTABLES -t nat -A PREROUTING -i $OVPN -p tcp -s 10.8.0.0/24 -j DNAT > > > > --to-destination 10.8.0.1:9040 > > > > # IPTABLES -t nat -A PREROUTING -i $OVPN -p udp -s 10.8.0.0/24 -j DNAT > > > > --to-destination 10.8.0.1:9040 > > > > > > Please explain what your definition of "tunnel OpenVPN on Tor" is. These > > > rules look rather like [...] hosing any traffic normal VPN clients try to > > > send through > > > the server. > > > > When someone connects to this server with OpenVPN and uses the Internet, > > then all his\her Internet connections are tunneled through Tor. > > I want to know which group of iptables rules are sufficient! > > > Neither. > > If you want ALL his connections to the Internet to get redirected to > Tor, then you'll need to either a) remember IP and port he's actually > trying to connect to, or b) get the client to "talk proxy" (different > protocol) if it didn't yet. Blindly applying "-j DNAT --to 10.8.0.1:..." > everywhere erases that information from the actual connection attempt, > and does nothing to inform the client of changed requirements. > > Kind regards, > -- > Jochen Bern > Systemingenieur > > Binect GmbH > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users Hi, Thanks again. But it works, and when the user connects to the OpenVPN server, all his\her internet connections are tunneled through Tor. I just want to know which iptables rules are extra! What iptables rules do you use for such a scenario? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
