Jump to content
Not connected, Your IP: 3.23.92.64
AirVPN
rootsecure9797

Network lock and tor

By rootsecure9797, ... in Eddie - AirVPN Client

Recommended Posts

LZ1    672

LZ1
Posted ...

Hello!

 

I don't think that's in the cards at the moment. But there's nothing stopping you from using Tor or Network Lock right now.

Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ.
Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post

Link to post

rootsecure9797    1

rootsecure9797
Posted ...

Hello!

 

I don't think that's in the cards at the moment. But there's nothing stopping you from using Tor or Network Lock right now.

Can you tell me how i can do it?

Share this post

Link to post

LZ1    672

LZ1
Posted ...

For network lock you just download the Eddie client and click to enable it.

 

For Tor you download the Tor browser bundle typically, start the browser and then go into the Eddie preferences>protocols and enable Tor. Then you click the test button, to make sure it works.

Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ.
Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post

Link to post

zhang888    1066

zhang888
Posted ...

Tor>VPN and Network Lock are 2 quite self-refuting ideas.

Network Lock ensures that you are connecting only to Air nodes, while with Tor before VPN

you are randomly connecting to as many guards as possible.

 

This is an important point you have to understand before trying other various approaches.

One of the easy solutions would be creating a virtual network interface, or another virtual machine,

binding Tor on that network with a firewall rule to push all traffic via Tor, then enabling Network Lock

with an exception for local networks and connecting over that to VPN.

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

Macppl    2

Macppl
Posted ...

Tor>VPN and Network Lock are 2 quite self-refuting ideas.

Network Lock ensures that you are connecting only to Air nodes, while with Tor before VPN

you are randomly connecting to as many guards as possible.

 

This is an important point you have to understand before trying other various approaches.

One of the easy solutions would be creating a virtual network interface, or another virtual machine,

binding Tor on that network with a firewall rule to push all traffic via Tor, then enabling Network Lock

with an exception for local networks and connecting over that to VPN.

Sounds interesting. Could you please explain more on the practical steps on how to create virtual network interface and binding Tor? I use Mac OSX. For ordinary users like me it is too technical.

Share this post

Link to post

zhang888    1066

zhang888
Posted ...

https://support.apple.com/kb/PH21618?viewlocale=en_US&locale=en_US

 

Or using the command line:

 

sudo ifconfig bridge1 create

sudo ifconfig bridge1 192.168.1.123/24

 

Assuming your network segment is 192.168.1.1/24 and you are assigning 192.168.1.123 to your new bridge.

Then some additional torrc configuration has to be done, according to:

https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy

 
¶ Local Redirection and Anonymizing Middlebox
VirtualAddrNetworkIPv4 192.168.1.123/32
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
 
Then you have to configure pf rules as per this example (save to a file, then pfctl -f /some/file) :
 
int_if = "bridge1"
trans_port = "9040"
set skip on lo
match in all scrub (no-df random-id)
pass in quick on $int_if inet proto tcp to !($int_if) rdr-to 127.0.0.1 port $trans_port
pass in quick on $int_if inet proto udp to port domain rdr-to 127.0.0.1 port domain
 
Then you need to block outgoing connections from your main interface, here it will be very
specific to each setup (Ethernet/Wireless) and interface names, but generally it will be something like:
 

block drop out on en0 inet proto tcp all

block drop out on en0 inet proto udp all

LZ1 reacted to this

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

rootsecure9797    1

rootsecure9797
Posted ...

https://support.apple.com/kb/PH21618?viewlocale=en_US&locale=en_US

 

Or using the command line:

 

sudo ifconfig bridge1 create

sudo ifconfig bridge1 192.168.1.123/24

 

Assuming your network segment is 192.168.1.1/24 and you are assigning 192.168.1.123 to your new bridge.

Then some additional torrc configuration has to be done, according to:

https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy

 
¶ Local Redirection and Anonymizing Middlebox
VirtualAddrNetworkIPv4 192.168.1.123/32
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
 
Then you have to configure pf rules as per this example (save to a file, then pfctl -f /some/file) :
 
int_if = "bridge1"

trans_port = "9040"

set skip on lo

match in all scrub (no-df random-id)

pass in quick on $int_if inet proto tcp to !($int_if) rdr-to 127.0.0.1 port $trans_port

pass in quick on $int_if inet proto udp to port domain rdr-to 127.0.0.1 port domain

 
Then you need to block outgoing connections from your main interface, here it will be very
specific to each setup (Ethernet/Wireless) and interface names, but generally it will be something like:
 

block drop out on en0 inet proto tcp all

block drop out on en0 inet proto udp all

Is it soo hard to add this feature in to eddie client? because i am not good in english...

Share this post

Link to post

zhang888    1066

zhang888
Posted ...

The question here is not hard or not but if it is the correct way to get things done.

Not everything that is potentially possible should be part of the client, one of the reasons is that

this adds major networking complexity that might break things for people who are not familiar with it.

 

 

Note that the more common, secure and recommended approach to have such setup is running Tor

completely isolated in a VM, which will do the Tor tasks with minimum privileges in a virtual environment.

 

https://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network

https://www.malwaretech.com/2015/08/creating-ultimate-tor-virtual-network.html

rootsecure9797 reacted to this

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

rootsecure9797    1

rootsecure9797
Posted ...

The question here is not hard or not but if it is the correct way to get things done.

Not everything that is potentially possible should be part of the client, one of the reasons is that

this adds major networking complexity that might break things for people who are not familiar with it.

 

 

Note that the more common, secure and recommended approach to have such setup is running Tor

completely isolated in a VM, which will do the Tor tasks with minimum privileges in a virtual environment.

 

https://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network

https://www.malwaretech.com/2015/08/creating-ultimate-tor-virtual-network.html

I am tried with pfSense, can`t install pkg >< soo i can`t install this.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...