hdavis83 0 Posted 11/02/2023 I used to follow this guide when I was a Mullvad customer to run my VPN over Tor, (Me -> Tor -> VPN -> Site) After Mullvad cut port-forwarding, I've switched to AirVPN. This is a killer feature for me. As this forum-post shows, its definitely possible with AirVPN, but this covers how to do it using the eddie client. I'd like to know how to do it on a headless system with an .ovpn or wireguard.conf Any networking wizards able to help out? Quote Share this post Link to post
OpenSourcerer 1445 Posted 11/03/2023 Is the Tor guide not sufficient? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
hdavis83 0 Posted 11/03/2023 (edited) On 11/3/2023 at 12:06 PM, OpenSourcerer said: Is the Tor guide not sufficient? This covers how to do it with the AirVPN/Eddie client, My environment unfortunately makes it NOT POSSIBLE to use the Eddie client (along with all other software not explicitly whitelisted via a binary hash) and I need to know which changes I have to make to my .ovpn with just a text editor. The AirVPN guide does not make clear what needs to be done when just working with an .ovpn. The Mullvad guide I linked has 3 lines that are to be appended to the .ovpn file, appending the same to an AirVPN .ovpn does not succeed, and I've tried changing the route IP to what I think would work with AirVPN but have not succeeded. Edited 11/03/2023 by hdavis83 added extra information Quote Share this post Link to post
Staff 10026 Posted 11/03/2023 @hdavis83 Hello! Caveat: this answer isn't written by an Eddie developer. If you need more details or information please tell us so and someone more competent on the matter will be queried for a reply in the next days. The guide you linked features an apparently different connection mode. To establish OpenVPN over Tor connection and route all the system traffic (except the traffic directly going to Tor) over OpenVPN over Tor, Eddie talks to Tor Control (that's why Tor must be already running: Eddie will not run it by itself), obtains the IP address of the Tor entry guard, routes it outside the VPN tunnel to prevent infinite routing loop, and establishes the VPN connection to the final VPN server over Tor SOCKS proxy:https://github.com/AirVPN/Eddie/blob/a9ebf22515133616811b630caee762b3ef970149/src/Lib.Core/TorControl.cs#L25 Observe the routing table, consult the configuration file (dynamically generated by Eddie) and read Eddie log when you connect over OpenVPN over Tor with Eddie (use some testing system with a DE for example). In order to simplify communications with Tor Control, you may consider something like the following CLI tool:https://github.com/adrelanos/tor-ctrl Kind regards Quote Share this post Link to post
hdavis83 0 Posted 11/05/2023 On 11/3/2023 at 4:35 PM, Staff said: @hdavis83 Hello! Caveat: this answer isn't written by an Eddie developer. If you need more details or information please tell us so and someone more competent on the matter will be queried for a reply in the next days. The guide you linked features an apparently different connection mode. To establish OpenVPN over Tor connection and route all the system traffic (except the traffic directly going to Tor) over OpenVPN over Tor, Eddie talks to Tor Control (that's why Tor must be already running: Eddie will not run it by itself), obtains the IP address of the Tor entry guard, routes it outside the VPN tunnel to prevent infinite routing loop, and establishes the VPN connection to the final VPN server over Tor SOCKS proxy:https://github.com/AirVPN/Eddie/blob/a9ebf22515133616811b630caee762b3ef970149/src/Lib.Core/TorControl.cs#L25 Observe the routing table, consult the configuration file (dynamically generated by Eddie) and read Eddie log when you connect over OpenVPN over Tor with Eddie (use some testing system with a DE for example). In order to simplify communications with Tor Control, you may consider something like the following CLI tool:https://github.com/adrelanos/tor-ctrl Kind regards Im unfortunately unable to use the Eddie client, I only have the .ovpn available to me. Is it not possible with your service to OpenVPN over Tor without Eddie? Quote Share this post Link to post
Staff 10026 Posted 11/05/2023 On 11/5/2023 at 3:27 AM, hdavis83 said: On 11/3/2023 at 4:35 PM, Staff said: @hdavis83 Im unfortunately unable to use the Eddie client, I only have the .ovpn available to me. Is it not possible with your service to OpenVPN over Tor without Eddie? Hello! It's explained in our previous message, the one you quoted, to let you see all the required steps. Kind regards Quote Share this post Link to post
ss11 21 Posted 11/06/2023 (edited) What you are asking is quite simple, unless I am misunderstanding something. 1. Take WireGuard out of your head. WiregGuard is UDP only VPN, and Tor only transports TCP streams. So, you cannot use it to connect to WireGuard -- this is not something AirVPN specific, this is something universal, it's how WireGuard works. Our Tor guide should be updated with a mention of this, of course for cases where users want to connect TO AirVPN VIA Tor without Eddie and just using raw OpenVPN or WireGuard software. 2. You can connect easy with OpenVPN conf file via Tor. Just a) Make sure there is a Tor daemon or Tor Browser instance running on the machine, or it is somehow reachable via a ssh tunnel or maybe internal network, I don't know. Let's pretend in example 1: it runs on same machine (localhost) on port 9050 (default for Tor Linux Daemon) or in example 2: it's on the internal network router running with SocksPort open to 192.168.1.1 port 9050 b) Go to AirVPN -> Config Genrator -> Advanced config. Make sure you select from the list OpenVPN TCP protocol -- this is very important otherwise it will not work. It needs to be TCP protocol. edit with a text editor the openvpn .conf file downloaded from AirVPN and add as first line one entry: socks-proxy 127.0.0.1 9050 # for example 1 or socks-proxy 192.168.1.1 9050 # for example 2 There are more advanced things you can do that are outside the scope, for example if Tor's SocksPort is password protected you can add a pass.txt argument to the socks-proxy line with a path to a file that contains the credentials to authenticate to the socks5 server. Read OpenVPN manual if you need this, otherwise it should work simply without anything more as described above. P.S. I recommend you using [::1] instead of 127.0.0.1 and fe80::something instead of 192.168.1.1 - somehow examples still look good with IPv4 notations but it's really end of 2023 so we have to be over them at some point for good Edited 11/06/2023 by ss11 Quote Share this post Link to post