Skip to content

Instantly share code, notes, and snippets.

@kremalicious

kremalicious/tor-openvpn.sh

Last active February 25, 2024 07:40
Show Gist options
  • Star 68 You must be signed in to star a gist
  • Fork 15 You must be signed in to fork a gist
  • Save kremalicious/4c333c8c54fced00ab10c0a892a2304d to your computer and use it in GitHub Desktop.
Save kremalicious/4c333c8c54fced00ab10c0a892a2304d to your computer and use it in GitHub Desktop.
Download ZIP
Install and configure Tor as proxy for all OpenVPN server traffic
Raw
tor-openvpn.sh
# what we want:
# client -> OpenVPN -> Tor -> Internet
# Install & configure OpenVPN
# https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
# assumed OpenVPN configuration
# 10.8.0.1/24-Subnet
# tun0-Interface
# Install & configure Tor
sudo apt install tor
sudo vi /etc/tor/torrc
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
DNSPort 10.8.0.1:53530
TransPort 10.8.0.1:9040
sudo service tor restart
# Check ports
sudo netstat -tulpen | grep tor
tcp 0 0 10.8.0.1:9040 0.0.0.0:* LISTEN 0 3964140 1525/tor
tcp 0 0 127.0.0.1:9051 0.0.0.0:* LISTEN 0 3964141 1525/tor
udp 0 0 10.8.0.1:53530 0.0.0.0:* 0 3964139 1525/tor
# Config IPtables to route all traffic trough Tor proxy
export IPTABLES=/sbin/iptables
export OVPN=tun0
# transparent Tor proxy
$IPTABLES -A INPUT -i $OVPN -s 10.8.0.0/24 -m state --state NEW -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $OVPN -p udp --dport 53 -s 10.8.0.0/24 -j DNAT --to-destination 10.8.0.1:53530
$IPTABLES -t nat -A PREROUTING -i $OVPN -p tcp -s 10.8.0.0/24 -j DNAT --to-destination 10.8.0.1:9040
$IPTABLES -t nat -A PREROUTING -i $OVPN -p udp -s 10.8.0.0/24 -j DNAT --to-destination 10.8.0.1:9040
@Nathan9745354
Copy link

Could you tell me, if is it possible to access .onion's websites via client connected to OVPN with your configuration?
My browser is configured with Tor but not able to access .onion site check many onion sites but not able to access sites.
Normal sites are accessible but onion sites are not accessible.

I also Add AutomapHostsSuffixes .onion,.exit in the torrc file but no luck.

Hi Tufail431,

If you config Tor and iptables well . all openvpn traffic will through Tor exit node.

For example 10.8.0.0 / 24 that mean 10.8.0.1 - 10.8.0.255 will go TransPort 10.8.0.1:9040 and this gateway listening by tor.

if you successful config. you can connect your openvpn client and check the ip address is it Tor exit node. if it correct.

you could browse any onion site as well as possible. for me is worked with anything

@sitsaz
Copy link

sitsaz commented Sep 6, 2021

hello i am getting this error while i am trying to run the script

bash ovtotor.sh

gives me this :

ovtotor.sh: line 2: $'\r': command not found
ovtotor.sh: line 6: syntax error near unexpected token `elif'
'vtotor.sh: line 6: `elif ( ! dpkg-query --list openvpn | grep -q "ii"); then

@biscwii
Copy link

biscwii commented Feb 19, 2022
edited

Thanks for this, it helped me a lot !

I have a raspberry pi with AdGuard Home on it (which is a DNS blocker in order to block ads), I would like to configure my openVPN server to use it before routing the traffic through Tor. Do you have an idea where I should put the ip address of my DNS blocker?

EDIT : This is always after asking a question after several days of research that I find myself the answer :
I use @queeup 's script which is really useful (thank you), and replaced this line

$IPTABLES -t nat $arg PREROUTING -i $OVPN -p udp --dport 53 -s 10.8.0.0/24 -j DNAT --to-destination $VPN_IP:53530

with these lines :

$IPTABLES -t nat $arg PREROUTING -i $OVPN -p udp --dport 53 -s 10.8.0.0/24 -j DNAT --to-destination *AdGuard_Home_IP*
$IPTABLES -t nat $arg PREROUTING -i $OVPN -p tcp --dport 53 -s 10.8.0.0/24 -j DNAT --to-destination *AdGuard_Home_IP*

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment