> If you run a VPN client and Tor client on the same machine, you will > connect to the Tor network through the VPN. I should have mentioned that > in my initial reply. Could you take a look at my iptables rules ? I don't have much knowledge of firewalls and I am not good at writing them myself, so I couldn't yet get it working correctly.
#!/bin/sh iptables -F iptables -t nat -F iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -d 224.0.0.0 -j REJECT iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP iptables -A INPUT -p tcp -m tcp --tcp-flags ACK,FIN FIN -j DROP iptables -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP iptables -t nat -A OUTPUT -m owner --uid-owner 181 -j RETURN iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A OUTPUT ! -o lo -p tcp -m tcp -m owner ! --uid-owner 181 ! -d VPN.IP.ADDR.HERE -j REDIRECT --to-ports 9040 iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m owner --uid-owner 181 -j ACCEPT iptables -A OUTPUT -p icmp -j DROP iptables -A INPUT -p icmp -j DROP iptables -A OUTPUT ! -o lo -p udp -j DROP iptables -A INPUT ! -i lo -p udp -j DROP ip6tables -F ip6tables -t nat -F ip6tables -A INPUT -j DROP ip6tables -A OUTPUT -j DROP 181 is the uid that tor runs under. With these rules I can establish a connection to the OpenVPN server but I can't do anything after that. DNS requests time out, unable to access websites or use IM (not just DNS, when connecting directly). The problem isn't with the VPN, if I close all of my programs, clear the iptables rules and connect to the VPN, the internet is working without problems. > I've assumed that VPNs are generally less suspicious than Tor, given > their popularity for file sharing. Also, file sharing through the VPN > (with throughput throttled appropriately) while using Tor might help > hide the Tor traffic. How much file sharing traffic do you think would be required? I'm on a 1.5Mbps connection with a 10GB monthly limit, so anything serious would make the internet unusable (and after a while, blocked for the month). _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
