Skip to content

Instantly share code, notes, and snippets.

@coldnew
Forked from b4284/direct_vpn.md
Created November 4, 2017 01:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save coldnew/b24c4e5c280f218215c41745a61e9aee to your computer and use it in GitHub Desktop.
Save coldnew/b24c4e5c280f218215c41745a61e9aee to your computer and use it in GitHub Desktop.
Get Instant VPN Using Tor and OpenVPN for Computers Behind Firewalls

Get Instant VPN Using Tor and OpenVPN for Computers Behind Firewalls

Scenario

Both computers are behind firewall and NAT, and both has direct access to the Internet.

Steps

Step 1: Computer A

  1. Install curl, Tor, OpenSSH and OpenVPN.
  2. Setup Tor, a Hidden Service, and SSH server. That is, having these lines in your Tor configuration file (usually /etc/tor/torrc):
    HiddenServiceDir <TOR_DIR> # In Arch Linux, this is /var/lib/tor/hidden_service
    HiddenServicePort 22 127.0.0.1:22
    
    The Onion Address will be available in <TOR_DIR> (the Onion Address is hereafter <A_ONION_ADDR>).
  3. Use torify ssh <A_ONION_ADDR> to make sure service availibility.

Step 2: Computer B

  1. Install Tor, OpenVPN.
  2. Setup Tor.
  3. Connect to computer A by torify ssh <A_ONION_ADDR>.
  4. On remote session of computer A, use curl ifconfig.co to identify its Internet address (hereafter <A_IP>).
  5. Also use curl ifconfig.co to identify the Internet address of computer B (hereafter <B_IP>).
  6. Execute openvpn --genkey --secret /tmp/openvpn.key to generate a shared key file.
  7. Copy /tmp/openvpn.key to computer A, that is, torify scp /tmp/openvpn.key <A_ONION_ADDR>:/tmp.
  8. On remote session of computer A, execute sudo openvpn --dev tap --secret /tmp/openvpn.key --cipher AES-256-CBC --remote <B_IP> --ifconfig 192.168.0.1 255.255.255.0.
  9. Execute sudo openvpn --dev tap --secret /tmp/openvpn.key --cipher AES-256-CBC --remote <A_IP> --ifconfig 192.168.0.2 255.255.255.0.

After these steps, computer A and B should be direct connection to each other through the address 192.168.0.1 and 192.168.0.2. You can thereafter re-run the openvpn by appending the command-line with --daemon to make the process run in the background.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment