Join Log in
Score:0
avatar Server

VPN through Tor. Are there any errors in my settings and can anonymity be improved?

in flag
Gytuup

I need to route traffic from multiple mobile apps and all sites through tor.

Some apps and websites block tor traffic. For this reason, I decided to use tor and vpn together (vpn through tor). I know this may carry additional problems for anonymity, but I think it's reasonable compromise.

I have:

1.Gateway: Debian 11 live, installed tor, redsocks, nftables. 2 network interfaces: wifi connected to the internet, ethernet to workstation.

2.Workstation: Debian 11 live, genymotion android emulator, tor browser, vpn client. 1 network interface: ethernet connected to the gateway

I don't understand networking, security, etc., but the information I found on different sites says that separating the gateway and the workstation avoids some anonymity issues.

I use debian live because I want to use amnesic os, but I have very old motherboards and can't run tails on this one.

The gateway has the following settings:

torrc

SocksPort 192.168.42.1:20080
DNSPort 192.168.42.1:10053

redsocks.conf

base {
    log_debug = off;
    log_info = on;
    log = stderr;
    daemon = off;
    redirector = iptables;
}

redsocks {
    local_ip = 192.168.42.1;
    local_port = 10080;
    ip = 192.168.42.1;
    port = 20080;
    type = socks5;
}

nftables

table inet filter { # handle 45
    chain input { # handle 1
        type filter hook input priority filter; policy accept;
        iifname "lo" counter packets 0 bytes 0 accept # handle 4
    }

    chain forward { # handle 2
        type filter hook forward priority filter; policy accept;
    }

    chain output { # handle 3
        type filter hook output priority filter; policy accept;
    }
}
table ip nat { # handle 46
    chain PREROUTING { # handle 1
        type nat hook prerouting priority filter; policy accept;
        iifname "enp2s0" tcp dport { 1-65500 } counter packets 0 bytes 0 dnat to 192.168.42.1:10080 # handle 3
        iifname "enp2s0" udp dport { 53 } counter packets 0 bytes 0 dnat to 192.168.42.1:10053 # handle 12
    }
}

/etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

To not route tor via tor, but to use the tor browser advantages (noscript, disabled webrtc, automatic cookie cleaning, etc.) I disabled the connection of the tor browser to the tor network by making the following settings in about:config

extensions.torlauncher.start_tor = FALSE
network.dns.disabled = FALSE
network.proxy.socks_remote_dns = FALSE
network.proxy.type, 0

As for vpn, I installed the client for ubuntu 20, not for debian, because it has a configured killswitch, and I could not configure this myself

For me these settings work, all workstation traffic is routed through torus and vpn, but i would like to know

  1. Are DNS leaks possible with such settings?
  2. Is it safe to run js in tor browser?
  3. Any tips and tricks on how can I improve my anonymity, what additional settings need to be made and what vulnerabilities are in the scheme I described?

I will be grateful for any advice.

39
0 + 0
vpn
tor
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.