Jump to content
Not connected, Your IP: 52.14.100.101
Sign in to follow this  
pDSotrUn

Tor over VPN disconnects after a few requests

Recommended Posts

Hi

I'm trying to use transparent proxying Tor over VPN on Debian latest x64 and standard OpenVPN client with port 2018 configuration file generated from Air client area.

 

My problem is that I will either be reduced to an intermittent connection or no connection after a few (simultaneous?) requests. I can connect to the VPN, and get a page in the terminal with "wget" or "curl" without problems. If I then open my browser (latest Firefox) and try to load a page, it may load without issues, it may take over a minute to load, or it may not load at all. During this time, the previously working wget and curl, don't work. I also can't resolve hostnames (using Tor's DNSPort). It may start working again a while later, and then I will try to load a site that has a lot of content, and it will stop working again. Maybe it will stop working entirely.

The solution is to disconnect from the VPN and reconnect.

 

Nothing is shown in Tor log, VPN log (connecting is normal), or system logs.

Another problem is that UDP traffic will still go through. I can connect to a UDP service and the VPN IP is shown, but I want it blocked entirely.

 

My iptables rules, which may be incorrect, I'm not experienced with them:

 

#!/bin/sh
iptables -F
iptables -t nat -F
 
iptables -t nat -A OUTPUT -m owner --uid-owner 110 -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A OUTPUT -d 192.168.0.0/24 -j RETURN
iptables -t nat -A OUTPUT  ! -o lo -p tcp -m tcp -m owner ! --uid-owner 110 -j REDIRECT --to-ports 9040
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner 110 -j ACCEPT
iptables -A OUTPUT -p icmp -j DROP
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -i tun0 -p udp -j RETURN
iptables -A OUTPUT -o tun0 -p udp -j RETURN
iptables -A INPUT -i lo -p udp -j RETURN
iptables -A OUTPUT -o lo -p udp -j RETURN
iptables -A INPUT -p udp -s 192.168.0.0/24 -j RETURN
iptables -A OUTPUT -p udp -d 192.168.0.0/24 -j RETURN
iptables -A INPUT -p udp ! --source-port 2018 -j DROP
iptables -A OUTPUT -p udp ! --destination-port 2018 -j DROP

ip6tables -F
ip6tables -t nat -F
ip6tables -A INPUT -j DROP
ip6tables -A OUTPUT -j DROP

 

Thanks in advance.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...