Please see below for my response to your helpful comments.
On 2016-08-08 11:18, Ben Tasker wrote:
If you're using Firefox, one thing you want to consider is DNS leakage.
If you go into about:config, see whether network.proxy.socks_remote_dns
exists. If not create it and set to True.
Without that, DNS won't use the tunnel. As you've got a VPN running
it'll
likely egress from the VPN endpoint instead.
Point taken. It did exist and was set to "true".
VPN ---> Torsocks (on 127.0.0.1) ---> SSH (bound to port 33333) --->
VPS
---> Internet.
How do you pay for the VPS? If it's in your name (or can be linked to
you)
then all you're doing is preventing your local ISP from seeing what
you're
connecting to (which might, of course, be your aim). You do, in effect,
have a fixed exit point though, so it's worth bearing in mind that in
some
ways it makes you more identifiable from the point of view of services
you're connecting to.
Bitcoin is my friend! I appreciate that using a VPS with a static IP
does provide a fixed exit point.
I'm wondering if you feel, based on your expertise, that my system looks
secure (see below).
Thanks again.
On Mon, Aug 8, 2016 at 11:55 AM, <blo...@openmailbox.org> wrote:
I, like many other uses of Tor, have become increasingly frustrated
with
sites like Craigslist which discriminate against Tor. It makes these
sites
hard to use. I therefore decided to discover if it is possible to use
Tor
but end up with a non-Tor IP.
I use Torsocks to login to a VPS server via SSH and bind SSH to a
specific
port with SSH’s -D option.
My configuration is: torsocks ssh -D 33333 n...@vps.com (33333 is just
a
random unused port).
My normal Firefox browser (not the Tor Browser Bundle) has in
Preferences
/ Advanced / Connection the SOCKS host set to 127.0.0.1, the port set
to
33333, SOCKS v5 is ticked, and remote DNS is ticked. The “No proxy
for” box
is blank.
I also use a VPN for added privacy to ensure that my ISP cannot tell
that
I am connecting to Tor. The result is (in my opinion):
VPN ---> Torsocks (on 127.0.0.1) ---> SSH (bound to port 33333) --->
VPS
---> Internet.
First, I connect to my VPN provider. Second, I connect to port 33333
on
127.0.0.1 where Tor (via Torsocks) and SSH is running. Third, I
connect to
a VPS (over SSH) and SSH is bound to port 33333. Torsocks transmits
the
HTTP(S) traffic through three Tor nodes. Finally, the Tor routing ends
at
the VPS and the traffic goes out onto the internet from the
infrastructure
of the VPS.
In my browser, I checked https://www.whatismyip.com/ which shows the
IP
address of the VPS. When I SSH into the VPS, I see that the last IP
that
logged in is that of a Tor exit node. In Wireshark, I see that my VPN
interface connects to the IP address of a Tor entry node.
I have two questions. Does this setup appear sensible and secure? I am
sure there are other ways to achieve the same goal but I would like to
know
my system is valid. I think my system is secure but I would appreciate
opinions from more experienced users.
The result of this model is that my IP is that of the VPS which is
static.
I did add a HTTP proxy to Preferences / Advanced / Connection in
Firefox
but the result was that the SOCKS proxy (and thus Torsocks and SSH)
were
ignored so the result was VPN –-> HTTP proxy –-> Internet (which
bypasses
Tor). Is it possible to use a HTTP(S) (or another type) of proxy to
alter
the IP. The ideal model would be: VPN –-> Torsocks (on 127.0.0.1) –->
SSH
(bound to port 33333) –-> VPS –-> Proxy (e.g. HTTP(S)) –-> Internet.
Thank you for your help. I appreciate any advice and suggestions.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
Ben Tasker
https://www.bentasker.co.uk
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk