Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Tor in transparent mode not resolving .onion domains
« previous
next »
Print
Pages: [
1
]
Author
Topic: Tor in transparent mode not resolving .onion domains (Read 2173 times)
vlorentz
Newbie
Posts: 15
Karma: 0
Tor in transparent mode not resolving .onion domains
«
on:
June 02, 2021, 01:26:22 pm »
I am most probably doing something wrong, and it makes me crazy. Here is my config:
OPNsense 21.1.6-amd64
FreeBSD 12.1-RELEASE-p16-HBSD
OpenSSL 1.1.1k 25 Mar 2021
For all the tests, I am using Firefox (lastest version).
Let's consider the following:
- LAN1 (not a VLAN): Tor is configured to listen on this interface, using SOCKS5: when I configure Firefox with SOCKS5, it works perfectly. The check.torproject.org site is showing that Tor is configured successfully, and *.onion domains are resolved successfully.
- VLAN88 (on same physical interface as LAN1): Tor is configured as Transparent Proxy. The UDP trafic on port 53 is redirected to port 9053. All TCP traffic on all ports is redirected to the port transparent port 9040. The check.torproject.org site is showing that Tor is configured successfully,
but
*.onion domains are not resolved.
I am using Unbound as DNS resolver/forwarder. I have tried to add none, parts or all of the following commands that I found to make the *.onion domain name resolution work, but without success:
domain-insecure: "onion"
private-domain: "onion"
do-not-query-localhost: no
local-zone: "onion." nodefault
forward-zone:
name: "onion"
forward-addr: 127.0.0.1@9053
forward-first: no
In my understanding, the transparent DNS port 9053 should be doing the *.onion resolution itself (i.e., without any interaction with Unbound), so I should actually not need to add anything in Unbound DNS! I am using exclusively DoT in Unbound, and my DNS servers are only added under "Miscellaneous". Maybe I am wrong here in my understanding, but all the rest was apparently running fine in the last months. The unbound.conf file looks fine.
Can somebody help me to figure out where is my understanding problem?
Logged
vlorentz
Newbie
Posts: 15
Karma: 0
Re: Tor in transparent mode not resolving .onion domains
«
Reply #1 on:
June 02, 2021, 07:45:07 pm »
I was able to figure out where the problem was.
First of all, as expected, there is no need to enter anything in the "Show advanced option" under "Unbound DNS" --> "General". You can leave this totally empty: it will not hinder you to use Tor in Transparent Mode.
I had an error in the Port Forwarding when redirecting the traffic to the port 9040: I was only redirecting the traffic that did not contain any non-routable Tor IPv4 address as destination. The solution was to redirect all TCP traffic, without filtering out any IP networks.
Now that it is working, I have to figure out more exactly which traffic should be redirected and which one not.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Tor in transparent mode not resolving .onion domains