Using AirVPN with Tor
This connection mode works ONLY with AirVPN Client, because our software talks to Tor Control to detect and route correctly the guard(s) IP addresses. Otherwise an infinite connection loop occurs because communication between Tor and the guard node (the first node of each circuit) will fall back to the VPN (causing errors like Inactivity timeout, recv_socks_reply: TCP port read timeout expired: Operation now in progress, Assertion failed at misc.c:785). Warning: not compatible with Network Lock at the moment.
- Download and launch Tor browser bundle
- Set Tor as connection mode in AirVPN -> Preferences, press the Test button. If there is some problem, refer to the section Tor Control authentication below.
- Additional privacy layer: our VPN server will not see your real IP address but the IP of the Tor exit node (you can check your Tor exit IP in the Client Area)
- Option to connect to web sites under Tor protection, even to those sites which refuse Tor connections
- Access to Tor from all the applications transparently: no need to configure each application, one by one
- Support to non-TCP applications which can not be supported by Tor
- Access to AirVPN DDNS
- Access to AirVPN DNS and micro-routing against IP address-based geo-location discriminations
- Access to Remote Port Forwarding
- Avoidance of any traffic discrimination from Tor exit nodes (packets are still encrypted when they pass through Tor exit node)
- Major security layer in the event you pass through a compromised/malicious Tor exit node (packets are still encrypted when they pass through the Tor exit node)
- Poor performance
- Fixed Tor circuit for each OpenVPN session
- Access to .onion sites only from browsers configured to connect directly to Tor
- Browsing with the Tor Browser, or running any application configured to use Tor Socks, generates traffic that's always directed to the Tor network and OUTSIDE the VPN tunnel. Technically because they use a connection that had been established before the VPN connection started.
- If you use the Tor Browser to reach https://airvpn.org, the bottom box will always show a red 'Not connected', with an IP address of a Tor Exit Node. This is because Tor browser enters directly the Tor network. If you use another browser (not configured to use Tor socks proxy), you will see the correct green box displaying 'Connected!'.
- Our client automatically works with the default torrc configuration file included in the Tor Browser Bundle. If you change something, for example Socks/Control ports or control authentication settings, you need to update AirVPN client options accordingly. In the torrc default configuration file of different packages, minor but essential modifications may be necessary.
- If you want to use an OpenVPN version <2.3.4, you need to define PreferSOCKSNoAuth in your torrc TOR configuration file. For example:
SOCKSPort 127.0.0.1:9150 PreferSOCKSNoAuth
Tor Control authenticationAirVPN client needs access to Tor Control to works properly. To check if it already works, use the Test button in Preferences > Mode
With the default Tor Browser Bundle (that has Control Port and Cookie authentication enabled by default), AirVPN will automatically works.
In other environments, some configuration in torrc (probably under /etc/tor/torrc) may be required. First of all, ensure that ControlPort is enabled
ControlPort 9151Now you have two choices.
- Enable cookie authentication
CookieAuthentication 1AirVPN will automatically find your cookie and use it for authentication.
Enable password authentication
Run from terminal
# tor --hash-password mypasswordEnter the output hash in your torrc config, for example
HashedControlPassword 16:851734B275BAD36760FDE881DF23C79D2D55B45962F0DE96A1BD2499CDDon't forget to restart Tor daemon. Enter your password in AirVPN preferences.
Using Tor over AirVPN
If you wish to connect over Tor over AirVPN:
- Connect normally to an Air server, in any mode except Tor mode
- Launch Tor after the connection to a VPN server has been established.
- Our servers can see your real IP address.
- Our servers can not see your traffic content, real origin and real destinations.
- The Tor entry-node will not see your real IP address, it will see the exit-IP address of the Air server you're connected to.
- Your are not protected against malicious Tor exit nodes if you send/receive unencrypted traffic to/from the final host you connect to.