On 20.01.24 07:24, Peter Davis wrote:
On Friday, January 19th, 2024 at 5:04 PM, Jochen Bern <jochen.b...@binect.de> wrote:On 19.01.24 13:59, Peter Davis via Openvpn-users wrote:I want to tunnel OpenVPN on Tor and I found the following iptables rules:# export OVPN=tun0 # IPTABLES -A INPUT -i $OVPN -s 10.8.0.0/24 -m state --state NEW -j ACCEPT # IPTABLES -t nat -A PREROUTING -i $OVPN -p udp --dport 53 -s 10.8.0.0/24 -j DNAT --to-destination 10.8.0.1:53530 # IPTABLES -t nat -A PREROUTING -i $OVPN -p tcp -s 10.8.0.0/24 -j DNAT --to-destination 10.8.0.1:9040 # IPTABLES -t nat -A PREROUTING -i $OVPN -p udp -s 10.8.0.0/24 -j DNAT --to-destination 10.8.0.1:9040Please explain what your definition of "tunnel OpenVPN on Tor" is. These rules look rather like [...] hosing any traffic normal VPN clients try to send through the server.When someone connects to this server with OpenVPN and uses the Internet, then all his\her Internet connections are tunneled through Tor. I want to know which group of iptables rules are sufficient!
Neither.If you want *ALL* his connections to the Internet to get redirected to Tor, then you'll need to either a) remember IP and port he's actually trying to connect to, or b) get the client to "talk proxy" (different protocol) if it didn't yet. Blindly applying "-j DNAT --to 10.8.0.1:..." everywhere erases that information from the actual connection attempt, and does nothing to inform the client of changed requirements.
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
