Jump to content


Photo

[Solved] VPN over TOR

vpn linux tor networkmanager socks timeout vpn over tor Eddie

  • Please log in to reply
9 replies to this topic

#1 linux1905

linux1905

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 07 April 2016 - 05:06 PM

Hi everbody,

 

I wanna use VPN over TOR but there is no Internet traffic after successfully VPN connection. Besides VPN connection disconnects almost after 1 minute because of TCP connection timeout.

 

I've configured proxies from Advanced section of NetworkManager and I'm using SOCKS protocol as proxy type.

 

I'm using Linux OS and NetworkManager to manage my network interfaces and VPN connections. My OpenVPN version is 2.3.0.

 

I've already read this manuel but I couldn't find any solution. Is there any suggestion to overcome this problem?

https://airvpn.org/tor/

 

Solution:

- Use Eddie client,

- Enable control port and cookie authentication in your torrc file as described at this URL https://airvpn.org/tor/

- Set Tor as connection mode in AirVPN -> Preferences, don't use TCP + Socks Proxy as me (my first mistake)

- Be careful with the port numbers; because default port numbers in manuel and Eddie client are respectively 9150 and 9151 but in my torrc file they are 9050, 9051 and it's very easy to overlook for example my situation. (my second mistake)

- You can export ovpn configuration file which is special for "VPN over TOR" from Eddie client, so you can use that file to connect VPN from command line using openvpn command. For me it's more easy than using Eddie client.

 



#2 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2214 posts

Posted 07 April 2016 - 05:16 PM

Can you try the (official) Eddie client?

This should work seamlessly and will also allow us to investigate issues from it's log console

if there will be any.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#3 linux1905

linux1905

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 07 April 2016 - 08:50 PM

Ok, I'm using now mono version of Eddie. How can I share my logs or can you monitor log by Eddie client?



#4 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2214 posts

Posted 07 April 2016 - 08:54 PM

You should paste them here, if the Tor option doesn't work for some reason.

Note that the Tor daemon should be running in the background in order for this

to work.

 

Just to be clear, no one can read your logs without you posting them.

This would defeat the whole purpose of the service :)


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#5 linux1905

linux1905

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 08 April 2016 - 05:31 AM

Here is my configuration and logs.

 

Eddie ยป Preferences

Generel tab is as usual.

Protocol TCP port 443 is selected.

Proxy type is Socks, Host is localhost, Port is 9050, Authentication is none.

Routers & Advanced section are as usual.

TOR service is active and running.

 

I'm choosing any server from NL.

 

It seems problem is due to "checking route" but I'm not sure. I've tried to uncheck the option of "if the tunnel effectively works" but it didn't work.

By the way I can't ping DNS server of AirVPN

 

ping 10.5.0.1
PING 10.5.0.1 (10.5.0.1) 56(84) bytes of data.
^C
--- 10.5.0.1 ping statistics ---
15 packets transmitted, 0 received, 100% packet loss, time 14006ms
 

 

 

so what is the problem?

 

Here is my log:

I 2016.04.08 07:54:53 - Checking login ...
! 2016.04.08 07:54:54 - Logged in.
I 2016.04.08 07:57:39 - Session starting.
W 2016.04.08 07:57:39 - Unable to understand if IPV6 is active.
I 2016.04.08 07:57:39 - Checking authorization ...
! 2016.04.08 07:57:40 - Connecting to Skat (Netherlands, Alblasserdam)
. 2016.04.08 07:57:40 - OpenVPN > OpenVPN 2.3.8 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 13 2015
. 2016.04.08 07:57:40 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
. 2016.04.08 07:57:40 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100
. 2016.04.08 07:57:40 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file
. 2016.04.08 07:57:40 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.04.08 07:57:40 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.04.08 07:57:40 - OpenVPN > Socket Buffers: R=[87380->262144] S=[16384->262144]
. 2016.04.08 07:57:40 - OpenVPN > Attempting to establish TCP connection with [AF_INET]127.0.0.1:9050 [nonblock]
. 2016.04.08 07:57:40 - OpenVPN > TCP connection established with [AF_INET]127.0.0.1:9050
. 2016.04.08 07:57:40 - OpenVPN > TCPv4_CLIENT link local: [undef]
. 2016.04.08 07:57:40 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:9050
. 2016.04.08 07:57:40 - OpenVPN > TLS: Initial packet from [AF_INET]127.0.0.1:9050, sid=b52c071e fe54af81
. 2016.04.08 07:57:41 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2016.04.08 07:57:41 - OpenVPN > Validating certificate key usage
. 2016.04.08 07:57:41 - OpenVPN > ++ Certificate has key usage  00a0, expects 00a0
. 2016.04.08 07:57:41 - OpenVPN > VERIFY KU OK
. 2016.04.08 07:57:41 - OpenVPN > Validating certificate extended key usage
. 2016.04.08 07:57:41 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2016.04.08 07:57:41 - OpenVPN > VERIFY EKU OK
. 2016.04.08 07:57:41 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
. 2016.04.08 07:57:43 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2016.04.08 07:57:43 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.04.08 07:57:43 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2016.04.08 07:57:43 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.04.08 07:57:43 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
. 2016.04.08 07:57:43 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]127.0.0.1:9050
. 2016.04.08 07:57:45 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
. 2016.04.08 07:57:46 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.5.0.1,comp-lzo no,route-gateway 10.5.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.5.4.230 255.255.0.0'
. 2016.04.08 07:57:46 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified
. 2016.04.08 07:57:46 - OpenVPN > OPTIONS IMPORT: LZO parms modified
. 2016.04.08 07:57:46 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2016.04.08 07:57:46 - OpenVPN > OPTIONS IMPORT: route options modified
. 2016.04.08 07:57:46 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2016.04.08 07:57:46 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
. 2016.04.08 07:57:46 - OpenVPN > TUN/TAP device tun0 opened
. 2016.04.08 07:57:46 - OpenVPN > TUN/TAP TX queue length set to 100
. 2016.04.08 07:57:46 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
. 2016.04.08 07:57:46 - OpenVPN > /sbin/ifconfig tun0 10.5.4.230 netmask 255.255.0.0 mtu 1500 broadcast 10.5.255.255
. 2016.04.08 07:57:51 - OpenVPN > /sbin/route add -net 127.0.0.1 netmask 255.255.255.255 gw 192.168.1.1
. 2016.04.08 07:57:51 - OpenVPN > /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.5.0.1
. 2016.04.08 07:57:51 - OpenVPN > /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.5.0.1
. 2016.04.08 07:57:51 - Starting Management Interface
. 2016.04.08 07:57:51 - OpenVPN > Initialization Sequence Completed
I 2016.04.08 07:57:51 - /etc/resolv.conf renamed to /etc/resolv.conf.airvpn as backup
I 2016.04.08 07:57:51 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated)
I 2016.04.08 07:57:51 - Flushing DNS
I 2016.04.08 07:57:51 - Checking route
W 2016.04.08 07:58:41 - The request timed out
! 2016.04.08 07:58:41 - Disconnecting
. 2016.04.08 07:58:41 - Management - Send 'signal SIGTERM'
. 2016.04.08 07:58:41 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM'
. 2016.04.08 07:58:41 - OpenVPN > /sbin/route del -net 127.0.0.1 netmask 255.255.255.255
. 2016.04.08 07:58:41 - OpenVPN > /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
. 2016.04.08 07:58:41 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
. 2016.04.08 07:58:41 - OpenVPN > /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
. 2016.04.08 07:58:41 - OpenVpn Management > SUCCESS: signal SIGTERM thrown
. 2016.04.08 07:58:41 - OpenVPN > Closing TUN/TAP interface
. 2016.04.08 07:58:41 - OpenVPN > /sbin/ifconfig tun0 0.0.0.0
. 2016.04.08 07:58:41 - OpenVPN > SIGTERM[hard,] received, process exiting
. 2016.04.08 07:58:41 - Connection terminated.
I 2016.04.08 07:58:41 - DNS of the system restored to original settings (Rename method)
I 2016.04.08 07:58:44 - Checking authorization ...
! 2016.04.08 07:59:05 - Connecting to Diphda (Netherlands, Alblasserdam)
. 2016.04.08 07:59:05 - OpenVPN > OpenVPN 2.3.8 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 13 2015
. 2016.04.08 07:59:05 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
. 2016.04.08 07:59:05 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100
. 2016.04.08 07:59:05 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file
. 2016.04.08 07:59:05 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.04.08 07:59:05 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.04.08 07:59:05 - OpenVPN > Socket Buffers: R=[87380->262144] S=[16384->262144]
. 2016.04.08 07:59:05 - OpenVPN > Attempting to establish TCP connection with [AF_INET]127.0.0.1:9050 [nonblock]
. 2016.04.08 07:59:05 - OpenVPN > TCP connection established with [AF_INET]127.0.0.1:9050
. 2016.04.08 07:59:05 - OpenVPN > TCPv4_CLIENT link local: [undef]
. 2016.04.08 07:59:05 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:9050
. 2016.04.08 07:59:05 - OpenVPN > TLS: Initial packet from [AF_INET]127.0.0.1:9050, sid=4a267a83 1ac8cdbf
. 2016.04.08 07:59:06 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2016.04.08 07:59:06 - OpenVPN > Validating certificate key usage
. 2016.04.08 07:59:06 - OpenVPN > ++ Certificate has key usage  00a0, expects 00a0
. 2016.04.08 07:59:06 - OpenVPN > VERIFY KU OK
. 2016.04.08 07:59:06 - OpenVPN > Validating certificate extended key usage
. 2016.04.08 07:59:06 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2016.04.08 07:59:06 - OpenVPN > VERIFY EKU OK
. 2016.04.08 07:59:06 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
. 2016.04.08 07:59:08 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2016.04.08 07:59:08 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.04.08 07:59:08 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2016.04.08 07:59:09 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.04.08 07:59:09 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
. 2016.04.08 07:59:09 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]127.0.0.1:9050
. 2016.04.08 07:59:11 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
. 2016.04.08 07:59:12 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.5.0.1,comp-lzo no,route-gateway 10.5.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.5.4.203 255.255.0.0'
. 2016.04.08 07:59:12 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified
. 2016.04.08 07:59:12 - OpenVPN > OPTIONS IMPORT: LZO parms modified
. 2016.04.08 07:59:12 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2016.04.08 07:59:12 - OpenVPN > OPTIONS IMPORT: route options modified
. 2016.04.08 07:59:12 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2016.04.08 07:59:12 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
. 2016.04.08 07:59:12 - OpenVPN > TUN/TAP device tun0 opened
. 2016.04.08 07:59:12 - OpenVPN > TUN/TAP TX queue length set to 100
. 2016.04.08 07:59:12 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
. 2016.04.08 07:59:12 - OpenVPN > /sbin/ifconfig tun0 10.5.4.203 netmask 255.255.0.0 mtu 1500 broadcast 10.5.255.255
. 2016.04.08 07:59:17 - OpenVPN > /sbin/route add -net 127.0.0.1 netmask 255.255.255.255 gw 192.168.1.1
. 2016.04.08 07:59:17 - OpenVPN > /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.5.0.1
. 2016.04.08 07:59:17 - OpenVPN > /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.5.0.1
. 2016.04.08 07:59:17 - Starting Management Interface
. 2016.04.08 07:59:17 - OpenVPN > Initialization Sequence Completed
I 2016.04.08 07:59:17 - /etc/resolv.conf renamed to /etc/resolv.conf.airvpn as backup
I 2016.04.08 07:59:17 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated)
I 2016.04.08 07:59:17 - Flushing DNS
I 2016.04.08 07:59:17 - Checking route
W 2016.04.08 08:00:07 - The request timed out
! 2016.04.08 08:00:07 - Disconnecting


#6 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2214 posts

Posted 08 April 2016 - 10:46 AM

Does your Tor connection works normal, without the VPN? Seems like there is an issue with it.

The route checking step should not take longer than a few seconds.

Can you try to connect without Tor, just for the troubleshooting stage?


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#7 RidersoftheStorm

RidersoftheStorm

    Advanced Member

  • Members
  • PipPipPip
  • 127 posts
  • LocationPellucidar

Posted 09 April 2016 - 05:53 AM

If you want to use an OpenVPN version <2.3.4, you need to define PreferSOCKSNoAuth in your torrc TOR configuration file. For example:

SOCKSPort 127.0.0.1:9150 PreferSOCKSNoAuth

You state your version of openvpn is 2.3.0 which is less than 2.3.4.

 

I do not know if this is the real problem or not.

 

Hi everbody,

 

I wanna use VPN over TOR but there is no Internet traffic after successfully VPN connection. Besides VPN connection disconnects almost after 1 minute because of TCP connection timeout.

 

I've configured proxies from Advanced section of NetworkManager and I'm using SOCKS protocol as proxy type.

 

I'm using Linux OS and NetworkManager to manage my network interfaces and VPN connections. My OpenVPN version is 2.3.0.

 

I've already read this manuel but I couldn't find any solution. Is there any suggestion to overcome this problem?

https://airvpn.org/tor/



#8 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7568 posts

Posted 09 April 2016 - 07:35 AM

I wanna use VPN over TOR but there is no Internet traffic after successfully VPN connection. Besides VPN connection disconnects almost after 1 minute because of TCP connection timeout.

 

I've configured proxies from Advanced section of NetworkManager and I'm using SOCKS protocol as proxy type.

 

I'm using Linux OS and NetworkManager to manage my network interfaces and VPN connections. My OpenVPN version is 2.3.0.

 

Hello,

 

this is an incorrect setting that causes the "infinite routing loop problem". See for example here http://tor.stackexchange.com/questions/1232/me-tor-vpn-how

 

You need a different approach. For example our free and open source client determines the Tor guards IP addresses and set proper routes to prevent an infinite routing loop. Otherwise you will necessarily need a middle-box (for example a VM).

 

Kind regards



#9 linux1905

linux1905

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 09 April 2016 - 05:20 PM

@zhang888

 

Yes, TOR connection works normal, I can use TOR as a Sockcs proxy for my browser. I can connect to VPN server without TOR, there is no problem without TOR.

 

@LastChance

 

I had used to connect NetworkManager via GUI or OpenVPN client via command line when I posted my first message. But after zhang888's reply I used Eddie client but nothing was changed. It didn't work. By the way option of PreferSOCKSNoAuth has been already defined in my torrc file.

 

@Staff

 

As you see my answer to @LastChance I'd used NetworkManager or OpenVPN cli client when I posted my first message. Then I used Eddie client at my second attempt but nothing was changed. The above logs are from Eddie client. So neither Eddie client nor the other methods worked for my situation. I couldn't figure out the problem.



#10 linux1905

linux1905

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 09 April 2016 - 06:15 PM

Thank you very much, I've solved my problem and edited my first post.







Similar Topics Collapse


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 12930 - BW: 43566 Mbit/sYour IP: 54.145.83.79Guest Access.