OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: randomwalk on May 01, 2018, 08:17:51 am
-
Hello,
I've set up a VPN client and firewall rules to redirect all non-local traffic to go out via the VPN gateway. DNS is via unbound in resolver mode, and the outgoing interface is the VPN as well. In effect, all non-local traffic on LAN is going out the VPN. See attached picture of my firewall rules.
I recently set up Tor just to play around with it. See attached Tor settings. When I set by browser to use Sock5 proxy at the Opnsense router:9050 (see attached Firefox settings), I am successfully connecting via the Tor network (confirmed using Tor check).
My question is: does Tor and VPN interact in this set up? Is the Tor outgoing traffic bypassing the VPN and going to the internet via WAN? Or is it going out via the VPN gateway? It seems like the Tor traffic (from my browser to Opnsense router, then Opnsense router to Tor entry point) is leaving the Opnsense router via the VPN gateway. But I'm not really sure.
Similarly, how does DNS lookup work in this Tor setup? In Firefox, I checked "Proxy DNS when usign SOCKS v5." Does that mean DNS queries from my browser are all going through Tor? Does that mean that DNS queries are bypassing unbound?
I would appreciate if someone could educate me on how this works.
Thanks!
-
My question is: does Tor and VPN interact in this set up? Is the Tor outgoing traffic bypassing the VPN and going to the internet via WAN? Or is it going out via the VPN gateway? It seems like the Tor traffic (from my browser to Opnsense router, then Opnsense router to Tor entry point) is leaving the Opnsense router via the VPN gateway. But I'm not really sure.
I don't know but is there a reason to care? Only the entry nodes will see your IP.
Similarly, how does DNS lookup work in this Tor setup? In Firefox, I checked "Proxy DNS when usign SOCKS v5." Does that mean DNS queries from my browser are all going through Tor? Does that mean that DNS queries are bypassing unbound?
DNS will be sent over Tor in that case. SOCKS5 supports UDP. You can also use Tor DNS if you like (advanced setting) and Tor as a transparent Proxy.
-
Thanks, Fabian. I think most people use something like Opnsense because we want to take greater control over how our network traffic is flowing, and learn about how networking works. Same motivation here. I also want to understand how Tor and VPN interact in Opnsense because that will help me decide whether and how Tor would be useful to me.
I would appreciate any other thoughts on this issue, or suggestions on how I might investigate to determine the answer.
-
If tor is using the vpngateway depends on how you setup the vpn and at what time you start the services.
Usually if you configure an openvpn client with a common vpn provider, the default route is set to the vpn gateway.
In this case the tor traffic is going over the vpn.
BUT this is NOT enforced.
If the VPN tunnel is not up when you start tor, there is nothing that blocks tor from connecting over the WAN Gateway.
If you need to hide that you are using tor, this setup is not recommend, instead you should use only vpn on opnsense and enforce traffic from your clientpc to use the VPN gateway and install tor on that clientpc.