Hi,
got multiple vpn tun interfaces. One of them is used as default interface (strict mode) for several clients. How can i route tcp+dns traffic through tor behind this default vpn tun interface?
VPN PBR shows "tor/53->9053/80,443->9040", but can't select the interface to create a rule.
Found this instruction: https://openwrt.org/docs/guide-user/services/tor/client.
Guess, I don't need to create any rule?
Thank you for help. Best regards.
The redirects in the wiki apply to the entire LAN subnet.
You may want to limit the redirect scope to specific IPs or MACs.
If you're familiar with CLI, let me know, I have a newer luci app for you to test.
Let's try.
Updated packages vpn pbr and the luci app to latest (https://github.com/stangri/repo.openwrt.melmac.net).
Can select TOR interface. But I get several service warnings:
Please unset 'src_addr', 'src_port' and 'dest_port' for policy 'TOR'
Please unset 'proto' or set 'proto' to 'all' for policy 'TOR'
or
Policy 'TOR' missing all IPs/ports.
It works when I specify remote addresses. DNS request is still over vpn.
The goal is to use tor interface for all domains with several clients.
At the moment, only remote address/IPs are supported for TOR policies.
I can work on implementing additional features if you can test what's currently supported first.
Worked fine until update 21.02. rc2 + 0.3.4-6
Now, this is a problem I had several times after updating the device.
I need to unset my default vpn connection as default route. Otherwise, rules based on other vpn connections do not work. TOR based rules worked fine.
Now I set wan and unset all vpn connections as default route.
VPN based rules work again.
I set my default vpn connection by rule (all local and remote ports).
This overwrites TOR based rules.
Look, realistically, what do you want me to do with this?
I worked hard on the README and it has a full list of information required for any sort of informative attempt to fix issues (not very often) or point out misconfigurations (very frequently), there's no action I can possibly take on a statement "Worked fine until update 21.02. rc2 + 0.3.4-6".
Also, this:
Is troubling. How many VPN connections do you have set as a default route?
Yeah, because @theAeon posted configs: VPN Policy-Based Routing + Web UI -- Discussion - #1339 by theAeon
Oh its fixed? Nice. Did they screw something up with the uci config changes or something?
I am struggling to get Tor to work with OpenWRT. With the offiicial guide, I copy pasted those commands in and it completely locked me out and failed.
Do I need to do a VPN FIRST and then do Tor?
(I followed this)
Probably all traffic was redirected to Tor (sections Intercept TCP/DNS traffic)
VPN is not necessary, but recommended as an additional security layer.
If you like to try to run Tor over VPN PR 0.3.4-8:
/eth/config/dhcp
option noresolv '1'
option rebind_protection '0'
# DNS over TOR for .onion suffix only. Change to 127.0.0.1#9053 if you prefer to redirect all DNS.
list server '/onion/127.0.0.1#9053'
/etc/tor/custom
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
VirtualAddrNetworkIPv4 172.16.0.0/12
DNSPort 127.0.0.1:9053
TransPort 0.0.0.0:9040
# Specify this address if you need, e.g. TOR over VPN
# OutboundBindAddress 0.0.0.0
/etc/config/vpn-policy-routing
config policy
option interface 'tor'
option name 'TOR'
option dest_addr 'some.clearnet.com some.onion'
list supported_interface 'lan'
list supported_interface 'tor'
list supported_interface 'wan'
Else, try to intercept only wan traffic and redirect to TOR instead lan+wan.