Hello, I have combined OpenVPN with Tor and when clients connect to the OpenVPN server, their connection is routed into the Tor network.
The Tor configuration is: RunAsDaemon 1 DataDirectory /var/lib/tor_OpenVPN MaxCircuitDirtiness 3600 VirtualAddrNetwork 10.192.0.0/10 AutomapHostsOnResolve 1 DNSPort 10.10.0.1:53530 TransPort 10.10.0.1:9040 And The OpenVPN configuration is: port 2024 proto udp dev tun2 ca /.../ca.crt cert /.../Employee_Server.crt key /.../Employee_Server.key dh /.../dh.pem server 10.10.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 10.10.0.1" push "route 10.10.0.1 255.255.255.255" push "block-outside-dns" topology subnet keepalive 10 120 tls-crypt /etc/openvpn/server/Employee/ta.key 0 cipher AES-256-GCM data-ciphers AES-256-GCM user nobody group nogroup persist-key persist-tun verb 3 explicit-exit-notify 1 The iptables is: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :f2b-sshd - [0:0] # Allow loopback -A INPUT -i lo -j ACCEPT # Allow ICMP (ping) with rate limiting -A INPUT -p icmp --icmp-type 8 -m limit --limit 2/sec -j ACCEPT -A INPUT -p icmp --icmp-type 8 -j DROP -A INPUT -p icmp -j ACCEPT # Allow established connections -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # OpenVPN and Tor ports -A INPUT -p udp --dport 2024 -j ACCEPT -A INPUT -p tcp --dport 9050 -j ACCEPT -A INPUT -p tcp --dport 1337 -j ACCEPT # Allow VPN clients to access Tor -A INPUT -s 10.10.0.0/24 -i tun2 -p udp --dport 53530 -j ACCEPT -A INPUT -s 10.10.0.0/24 -i tun2 -p tcp --dport 9040 -j ACCEPT # Allow new VPN connections -A INPUT -s 10.10.0.0/24 -i tun2 -m state --state NEW -j ACCEPT # Fail2ban rule -A INPUT -p tcp --dport 1337 -j f2b-sshd # Forwarding rules -A FORWARD -i enX1 -o tun2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 10.10.0.0/24 -o enX1 -j ACCEPT COMMIT *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] # Redirect DNS to Tor -A PREROUTING -s 10.10.0.0/24 -i tun2 -p udp --dport 53 -j DNAT --to-destination 10.10.0.1:53530 # Redirect all other traffic to Tor -A PREROUTING -s 10.10.0.0/24 -i tun2 -p tcp -j DNAT --to-destination 10.10.0.1:9040 -A PREROUTING -s 10.10.0.0/24 -i tun2 -p udp -j DNAT --to-destination 10.10.0.1:9040 # Masquerade VPN traffic -A POSTROUTING -s 10.10.0.0/24 -o enX1 -j MASQUERADE COMMIT The problem is that the speed is extremely slow and some apps like Telegram keep disconnecting. Where is the problem in the configuration? Thank you. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
