Jump to content
Not connected, Your IP: 44.222.116.199
Sign in to follow this  
P2Kdu6aMe4a

OpenVPN over Tor using uBuntu Linux with proxy?

Recommended Posts

Greetings,

I've tried (and failed) to get OpenVPN to work over the Tor network by using OpenVPN's ability to use a local http proxy running on 127.0.0.1, and then forward via SOCKS to Tor. I've tried both Privoxy and Polipo as the http proxy, and even downloaded the Windows OperaTOR zip I've seen you reference in posts, to check how they set things up in their config - unfortunately they weren't doing anything different to what I had set here.

I know my Tor works okay; I know my http proxy works okay; I know I can set Firefox to use the http proxy, which in turn will forward using SOCKS to Tor, and that works okay - I get www pages loading. But when I SUDO OpenVPN --config air.ovpn from a terminal, while it completes as expected it will soon 'ping timemout' and cycle and try to reestablish the VPN. I have not successfully managed to get to the airvpn.org web pages when the VPN is over Tor.

Do you know if anyone is successfully using OpenVPN, Tor, Privoxy / Polipo http proxies on Linux (I'm using uBuntu), and have a working config?

Thanks for your time.

Share this post


Link to post

Hello!

Yes, Air over TOR has been successfully tested repeatedly. Please make sure that you use a TCP port for connection to an AirVPN server (check the line "proto tcp" in the configuration file).

Can you please send us the logs of failed connection attempts?

Kind regards

Share this post


Link to post

Hello, thanks for your reply.

I have OpenVPN config set to use TCP.

The curious thing is the connection looks to be successful until I try to get traffic down it, browse airvpn.org etc. and then I don't have traffic.

Here's the log:

==========================================

Wed Jan 4 02:19:38 2012 OpenVPN 2.1.0 i686-pc-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 12 2010

Wed Jan 4 02:19:38 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Wed Jan 4 02:19:38 2012 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>

Wed Jan 4 02:19:38 2012 LZO compression initialized

Wed Jan 4 02:19:38 2012 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]

Wed Jan 4 02:19:38 2012 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]

Wed Jan 4 02:19:38 2012 Local Options hash (VER=V4): '958c5492'

Wed Jan 4 02:19:38 2012 Expected Remote Options hash (VER=V4): '79ef4284'

Wed Jan 4 02:19:38 2012 Attempting to establish TCP connection with [AF_INET]127.0.0.1:8118 [nonblock]

Wed Jan 4 02:19:38 2012 TCP connection established with [AF_INET]127.0.0.1:8118

Wed Jan 4 02:19:38 2012 Send to HTTP proxy: 'CONNECT 89.149.226.185:443 HTTP/1.0'

Wed Jan 4 02:19:39 2012 HTTP proxy returned: 'HTTP/1.1 200 Tunnel established'

Wed Jan 4 02:19:41 2012 Socket Buffers: R=[87552->131072] S=[50724->131072]

Wed Jan 4 02:19:41 2012 TCPv4_CLIENT link local: [undef]

Wed Jan 4 02:19:41 2012 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:8118

Wed Jan 4 02:19:42 2012 TLS: Initial packet from [AF_INET]127.0.0.1:8118, sid=11688a9e 8be7ce0e

Wed Jan 4 02:19:47 2012 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

Wed Jan 4 02:19:47 2012 VERIFY OK: nsCertType=SERVER

Wed Jan 4 02:19:47 2012 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Wed Jan 4 02:20:03 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Wed Jan 4 02:20:03 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Wed Jan 4 02:20:03 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Wed Jan 4 02:20:03 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Wed Jan 4 02:20:03 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Wed Jan 4 02:20:03 2012 [server] Peer Connection Initiated with [AF_INET]127.0.0.1:8118

Wed Jan 4 02:20:05 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Wed Jan 4 02:20:06 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.5.0.1,comp-lzo no,route 10.5.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.5.1.190 10.5.1.189'

Wed Jan 4 02:20:06 2012 OPTIONS IMPORT: timers and/or timeouts modified

Wed Jan 4 02:20:06 2012 OPTIONS IMPORT: LZO parms modified

Wed Jan 4 02:20:06 2012 OPTIONS IMPORT: --ifconfig/up options modified

Wed Jan 4 02:20:06 2012 OPTIONS IMPORT: route options modified

Wed Jan 4 02:20:06 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Wed Jan 4 02:20:06 2012 ROUTE default_gateway=192.168.1.1

Wed Jan 4 02:20:06 2012 TUN/TAP device tun0 opened

Wed Jan 4 02:20:06 2012 TUN/TAP TX queue length set to 100

Wed Jan 4 02:20:06 2012 /sbin/ifconfig tun0 10.5.1.190 pointopoint 10.5.1.189 mtu 1500

Wed Jan 4 02:20:06 2012 /sbin/route add -net 127.0.0.1 netmask 255.255.255.255 gw 192.168.1.1

Wed Jan 4 02:20:06 2012 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.5.1.189

Wed Jan 4 02:20:06 2012 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.5.1.189

Wed Jan 4 02:20:07 2012 /sbin/route add -net 10.5.0.1 netmask 255.255.255.255 gw 10.5.1.189

Wed Jan 4 02:20:07 2012 Initialization Sequence Completed

===========================================================================================================

At this point I seem to have OPenVPN up over Tor but I cannot browse to airvpn.org in Firefox, it times out in the browser.

===========================================================================================================

Wed Jan 4 02:22:06 2012 [server] Inactivity timeout (--ping-restart), restarting

Wed Jan 4 02:22:06 2012 TCP/UDP: Closing socket

Wed Jan 4 02:22:06 2012 SIGUSR1[soft,ping-restart] received, process restarting

Wed Jan 4 02:22:06 2012 Restart pause, 5 second(s)

Wed Jan 4 02:22:11 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Wed Jan 4 02:22:11 2012 Re-using SSL/TLS context

Wed Jan 4 02:22:11 2012 LZO compression initialized

Wed Jan 4 02:22:11 2012 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]

Wed Jan 4 02:22:11 2012 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]

Wed Jan 4 02:22:11 2012 Local Options hash (VER=V4): '958c5492'

Wed Jan 4 02:22:11 2012 Expected Remote Options hash (VER=V4): '79ef4284'

Wed Jan 4 02:22:11 2012 Attempting to establish TCP connection with [AF_INET]127.0.0.1:8118 [nonblock]

Wed Jan 4 02:22:11 2012 TCP connection established with [AF_INET]127.0.0.1:8118

Wed Jan 4 02:22:11 2012 Send to HTTP proxy: 'CONNECT 89.149.226.185:443 HTTP/1.0'

Wed Jan 4 02:22:17 2012 recv_line: TCP port read timeout expired: Operation now in progress (errno=115)

Wed Jan 4 02:22:17 2012 TCP/UDP: Closing socket

Wed Jan 4 02:22:17 2012 /sbin/route del -net 10.5.0.1 netmask 255.255.255.255

Wed Jan 4 02:22:17 2012 /sbin/route del -net 127.0.0.1 netmask 255.255.255.255

Wed Jan 4 02:22:17 2012 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0

Wed Jan 4 02:22:17 2012 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0

Wed Jan 4 02:22:17 2012 Closing TUN/TAP interface

Wed Jan 4 02:22:17 2012 /sbin/ifconfig tun0 0.0.0.0

Wed Jan 4 02:22:17 2012 SIGTERM[soft,init_instance] received, process exiting

Cheers

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...