Hi,
got multiple vpn tun interfaces. One of them is used as default interface (strict mode) for several clients. How can i route tcp+dns traffic through tor behind this default vpn tun interface?
VPN PBR shows "tor/53->9053/80,443->9040", but can't select the interface to create a rule.
Found this instruction: https://openwrt.org/docs/guide-user/services/tor/client.
Guess, I don't need to create any rule?
Updated packages vpn pbr and the luci app to latest (https://github.com/stangri/repo.openwrt.melmac.net).
Can select TOR interface. But I get several service warnings:
Please unset 'src_addr', 'src_port' and 'dest_port' for policy 'TOR'
Please unset 'proto' or set 'proto' to 'all' for policy 'TOR'
or
Policy 'TOR' missing all IPs/ports.
It works when I specify remote addresses. DNS request is still over vpn.
The goal is to use tor interface for all domains with several clients.
Now, this is a problem I had several times after updating the device.
I need to unset my default vpn connection as default route. Otherwise, rules based on other vpn connections do not work. TOR based rules worked fine.
Now I set wan and unset all vpn connections as default route.
VPN based rules work again.
I set my default vpn connection by rule (all local and remote ports).
This overwrites TOR based rules.
Look, realistically, what do you want me to do with this?
I worked hard on the README and it has a full list of information required for any sort of informative attempt to fix issues (not very often) or point out misconfigurations (very frequently), there's no action I can possibly take on a statement "Worked fine until update 21.02. rc2 + 0.3.4-6".
Also, this:
Is troubling. How many VPN connections do you have set as a default route?
Probably all traffic was redirected to Tor (sections Intercept TCP/DNS traffic)
VPN is not necessary, but recommended as an additional security layer.
If you like to try to run Tor over VPN PR 0.3.4-8:
/eth/config/dhcp
option noresolv '1'
option rebind_protection '0'
# DNS over TOR for .onion suffix only. Change to 127.0.0.1#9053 if you prefer to redirect all DNS.
list server '/onion/127.0.0.1#9053'
/etc/tor/custom
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
VirtualAddrNetworkIPv4 172.16.0.0/12
DNSPort 127.0.0.1:9053
TransPort 0.0.0.0:9040
# Specify this address if you need, e.g. TOR over VPN
# OutboundBindAddress 0.0.0.0
/etc/config/vpn-policy-routing
config policy
option interface 'tor'
option name 'TOR'
option dest_addr 'some.clearnet.com some.onion'
list supported_interface 'lan'
list supported_interface 'tor'
list supported_interface 'wan'
Else, try to intercept only wan traffic and redirect to TOR instead lan+wan.