OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: umask on November 23, 2019, 11:30:25 am

Title: HOWTO - UnboundDNS+DNSCrypt+Tor DNS proxy+onion resources
Post by: umask on November 23, 2019, 11:30:25 am
Hi, i used a tutorial from this topic: https://forum.opnsense.org/index.php?topic=10670.0 (https://forum.opnsense.org/index.php?topic=10670.0) and this works for me.

But one exception.. im from Russia, and our providers block many internet resources, tor is the way to avoid this blocks and get resources worked again. In this howto i made work together a DNSCrypt and resolving .onion resources.

Supposed you are a complete all steps from this https://forum.opnsense.org/index.php?topic=10670.0 (https://forum.opnsense.org/index.php?topic=10670.0), and it works. Tor transparent proxy works too.

Code: [Select]
domain-insecure: "onion"
private-domain: "onion"
do-not-query-localhost: no
local-zone: "onion." nodefault

forward-zone:
    name: "onion"
    forward-addr: 127.0.0.1@9053
forward-zone:
   name: "."
   forward-addr: ::1@5353
   forward-addr: 127.0.0.1@5353
Profit.

All DNS traffic except .onion zone will be forwarded by DNSCrypt Proxy, and .onion zone will be forwarded to TOR DNS proxy, connections to .onion sites will be mapped to net 172.29.0.0/16 and forwarded by TOR Transparent proxy on port 9040.

No other config needed on the client PC.

Thank you, and sorry for my english.