Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense with Tor with transparent proxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense with Tor with transparent proxy (Read 1052 times)
Labber53
Newbie
Posts: 7
Karma: 0
OPNsense with Tor with transparent proxy
«
on:
July 14, 2024, 06:40:09 pm »
BLUF: can't get Tor and transparent proxy working again
Some time ago I had OPNsense working with transparent proxy and Tor to isolate my Lab.
I just rebuilt everything on XCP-ng instead of ESXi. I lost the password to my OPNsense VM, so I am re-creating from scratch and writing a Tutorial on how I did it. My intention is to post it in the Tutorials section.
I'm stuck. Anyone have a link or a tutorial for the latest version of OPNsense?
Here is what I have so far if you want to play along and help fix it. Simple firewall WAN, LAN. configure/test from a PC on the LAN.
1. Log in to firewall via https
2. System > Firmware > Plugins
- os-tor - click "+" to install
3. Refresh the page
4. Click Services > Tor > Configuration
- General Tab
- Enable: Yes
- Listen Interfaces: LAN
- Enable Advanced Mode
- Check Enable Transparent Proxy
- Confirm SOCKS port number: 9050
- Confirm Control Port: 9051
- Confirm Transparent port: 9040
- Confirm Transparent DNS port: 9053
- Click Save
5. Firewall > Rules > LAN
- Add rule to top of policy
- Action: Pass
- Quick: Checked
- Interface: LAN
- Direction: in
- TCP/IP Version: IPv4
- Protocol: TCP/UDP
- Source: LAN net
- Destination: This Firewall
- Destination port range: From 53 to 53 (DNS)
- Log: This is not recommended for this Lab, but enable if you wish
- Description: Allow DNS to firewall
- Click Save
- Move the new rule to the top if necessary
- Put a Check next to new rule Allow DNS to Firewall
- Click the arrow icon to the right of the first rule to move it to the top
- Allow LAN net to This Firewall IP for TCP/IP DNS
- Add a second rule just below it
- Action: Blick
- Quick: Checked
- Interface: LAN
- Direction: in
- TCP/IP Version: IPv4
- Protocol: TCP/UDP
- Source: LAN net
- Destination: any
- Destination port range: From 53 to 53 (DNS)
- Log: This is not recommended for this Lab, but enable if you wish
- Description: Deny unsanctioned DNS
- Click Save
- Move the new rule below the first rule if necessary
- Put a Check next to new rule Deny unsanctioned DNS
- Click the arrow icon to the right of the <ins>second</ins> rule to move it to the second position
- Allow LAN net to This Firewall IP for TCP/IP DNS
- Click Apply Changes
6. Firewal > NAT > Port Forward
- Add rule
- Click the "+" to add a rule
- Interface: LAN (be sure you ONLY select LAN)
- TCP/IP Version: IPv4
- Protocol: TCP (TOR rejects UDP packets except for DNS requests)
- Source: LAN net
- Source port range: any
- Destination: ANY
- Destination Port: ANY
- Redirect Target IP: Single Host or Network: 127.0.0.1
- Redirect Target Port: (other) 9040 (this is the Transparent TOR port)
- Log: This is not recommended for this Lab, but enable if you wish
- Description: Port forward to Tor
- Filter rule association:
- (default) add associated filter rule
- Click Save
- Click Apply changes
- Reboot the firewall
- Power > Reboot > confirm
- Using your browser connect to
https://check.torproject.org
- You should see "Congratulations. This browser is configured to use Tor."
Logged
Labber53
Newbie
Posts: 7
Karma: 0
Re: OPNsense with Tor with transparent proxy
«
Reply #1 on:
July 24, 2024, 08:12:42 pm »
There is no longer Services > Web Proxy > Administration in the OPNsense menu.
At least not in community edition 24.1.10_3
https://docs.opnsense.org/manual/how-tos/proxytransparent.html
refers to Go to Services ‣ Web Proxy ‣ Administration
Is there a way to enable the transparent proxy in 24.1.10_3?
Logged
Patrick M. Hausen
Hero Member
Posts: 6826
Karma: 573
Re: OPNsense with Tor with transparent proxy
«
Reply #2 on:
July 24, 2024, 08:36:12 pm »
System > Firmware > Plugins
Install the os-squid plugin.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense with Tor with transparent proxy