[Tuto/HowTo] [GNU/Linux] How to connect to OpenVPN over Tor via SSH Tunneling

Avatar du membre
voxdemonix
Messages : 1336
Enregistré le : lun. févr. 02, 2015 7:28 pm

[Tuto/HowTo] [GNU/Linux] How to connect to OpenVPN over Tor via SSH Tunneling

Message par voxdemonix » lun. mai 08, 2017 11:16 pm

Modifié en dernier par voxdemonix le lun. mai 08, 2017 11:44 pm, modifié 3 fois.
~ Infernalis Creatorem ~
  • Rejoins le côté obscure, on a des cookies !
Donation Bitcoin : 1N8QGrhJGWdZNQNSspm3rSGjtXaXv9Ngat
Donation Dash : XmowiBRku3tsEREp7PhpheY4TgeLLDyKdM

Avatar du membre
voxdemonix
Messages : 1336
Enregistré le : lun. févr. 02, 2015 7:28 pm

Re: [Tuto/HowTo] [GNU/Linux] How to connect to OpenVPN over Tor via SSH Tunneling

Message par voxdemonix » lun. mai 08, 2017 11:17 pm

[_precheurori_] Install & Configure on the OpenVPN Server
Change the 'OpenVPN UDP port by a TCP port
NotaBene : If you don't know why we make that : Tor can't use UDP.
  1. Edit the file /etc/openvpn/server.conf
  2. Replace proto udp par proto tcp
  3. Make same operation for all client's configuration's file
    • On PiVPN edit files in /home/pivpn/ovpns/, the next command make the job for you :
      • Code : Tout sélectionner

        sudo sed -i -- 's/proto udp/proto tcp/g' /home/pivpn/ovpns/*.ovpn
        Adapt eventually the pivpn user by the user you have define during PiVPN installation.
Install the SSH server and configure a Tor Hidden Service
  • Nota Bene : lunch each commande, don't copy-past the command block ;)

    Code : Tout sélectionner

    sudo su
    apt-get install tor openssh-server
    mkdir -p /var/lib/tor/hidden_service/ssh
    echo "HiddenServiceDir /var/lib/tor/hidden_service/ssh" >> /etc/tor/torrc
    echo "HiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc
    chown debian-tor:root -R /var/lib/tor/hidden_service/
    chmod 700 -R /var/lib/tor/hidden_service/
    service tor restart
    cat /var/lib/tor/hidden_service/ssh/hostname
    • Copy the last command result, you need id for your client's configuration.

Creat the dedied user for receive the SSH tunneling
  1. Creat your dedied user
  2. Creat his keys
    • Code : Tout sélectionner

      su proxy-ssh
      ssh-keygen -t ed25519 -o -a 666
      ssh-keygen -t rsa -b 4096 -o -a 666
      
      • proxy-ssh le pseudo de votre utilisateur sur le serveur
        -o -a 666 : permet de faire boucler l’algorithme 666 fois
        -b 4096 : précise qu'on veut une clés a 4096 bits
        -t rsa : on utilise l’algorithme RSA
        -t ed25519 : on utilise l'algorithme EdDSA
  3. Edit /etc/ssh/sshd/config
  4. Add the following line after have adapt them
    • Code : Tout sélectionner

      Match user proxy-ssh
              PermitOpen 127.0.0.1:*
      • proxy-ssh votre utilisateur dédié
  5. Reboot the SSH server
Modifié en dernier par voxdemonix le lun. mai 08, 2017 11:30 pm, modifié 1 fois.
~ Infernalis Creatorem ~
  • Rejoins le côté obscure, on a des cookies !
Donation Bitcoin : 1N8QGrhJGWdZNQNSspm3rSGjtXaXv9Ngat
Donation Dash : XmowiBRku3tsEREp7PhpheY4TgeLLDyKdM

Avatar du membre
voxdemonix
Messages : 1336
Enregistré le : lun. févr. 02, 2015 7:28 pm

Re: [Tuto/HowTo] [GNU/Linux] How to connect to OpenVPN over Tor via SSH Tunneling

Message par voxdemonix » lun. mai 08, 2017 11:17 pm

[_precheurori_] Mise en place sur le Client
Monter un tunnel SSH cross canal au démarrage puis lancer openvpn
  1. Install requiered packages
  2. Download on your client the openvpn client configuration's file (.ovpn) and push it in /etc/openvpn/
  3. Make compatible the ssh client with the Tor network
  4. Export your keys on your SSH server
  5. Creat the folder /opt/scripts
  6. Creat the script
  7. Adapt and add the following scripts
    • Code : Tout sélectionner

      #!/bin/bash
      #  -> WTFPL - infos script : https://www.0rion.netlib.re/forum4/viewtopic.php?f=79&t=590#p1261
      # -> code by voxdemonix <-
      # -> V1.3 <-
      #su monUser -c 'autossh -M 0 -q -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -L 8080:127.0.0.1:80 proxy-ssh@torOrWanadress.onion -f'
      
      
      if [ ! "$SUDO_USER" ]; then
      echo "!!! i need root !!!"
      exit 0
      fi
      
      
      IpVpnLocale="192.168.1.42" # the LAN IP of your VPN/SSH server
      AdresseServerOnion="torOrWanadress.onion" # the tor adress for ssh hidden service
      MacVpnLocal="00:00:00:00:00:00" # mac adress of your VPN/SSH server
      UserLocalForSshTunneling="myLocalUser" # the user on your machine for mount the ssh tunneling (the user who has export the ssh client key)
      UserRemoteForSshTunneling="proxy-ssh" # the user used on your VPN/SSH server ( /!\ NEVER USE root !)
      portEntree="1194" # the local machine port, by default 1194
      portSortie="1194" # the VPN server port , by default 1194
      fichierOVPN="myUser.ovpn" # the filename of your configuration file (.ovnp)
      
      
              # we wait the network
      stop="0"
      while [ $stop -lt 1 ]
      do
      sleep 120       # temps d'attente entre chaque tentative
      
      _IP=$(hostname -I) || true
      if [ "$_IP" ]; then
              #printf "My IP address is %s\n" "$_IP"
              stop=1
      fi
      done
      
      ping $IpVpnLocale -c 2 >> /dev/null 2>&1
      macRecover=$(arp -n | grep -i -o $MacVpnLocal)
      
      if [ "$macRecover" == "$MacVpnLocal" ]; then
      #        echo "local"
              su $UserLocalForSshTunneling -c "autossh -M 0 -q -N -o 'ServerAliveInterval 60' -o 'ServerAliveCountMax 3' -L $portEntree:127.0.0.1:$portSortie $UserRemoteForSshTunneling@$IpVpnLocale -f"
      else
      #        echo "tor/wan"
              su $UserLocalForSshTunneling -c "autossh -M 0 -q -N -o 'ServerAliveInterval 60' -o 'ServerAliveCountMax 3' -L $portEntree:127.0.0.1:$portSortie $UserRemoteForSshTunneling@$AdresseServerOnion -f"
      fi
      sleep 10
      
      	# on Ubuntu add --route-nopull to the next command if you don't want force the trafic throught to the VPN
      openvpn --daemon --cd /etc/openvpn --config $fichierOVPN
      
      • IpOwncloudLocale="192.168.1.42" => the LAN IP of your VPN/SSH server
        AdresseServerOnion="monTorHiddenService.onion" the tor adress for ssh hidden service
        MacOwncloudLocal="00:00:00:00:00:00" => mac adress of your VPN/SSH server
        UserLocalForSshTunneling="myUserLocal" => the user on your machine for mount the ssh tunneling (the user who has export the ssh client key)
        UserRemoteForSshTunneling="myUserServer" => the user used on your VPN/SSH server ( /!\ NEVER USE root !)
        portEntree="1194" => the local machine port, by default 1194
        portSortie="1194" => the VPN server port , by default 1194
        fichierOVPN="myUser.ovpn" => the filename of your configuration file (.ovnp) (in /etc/openvpn/)
  8. Make executable the script
  9. Edit /etc/rc.local for lunch the script at boot
Add 127.0.0.1 for the hostname of your VPN server in the file /etc/hosts
  1. Edit your /etc/hosts file
  2. Adapt and add the following line
~ Infernalis Creatorem ~
  • Rejoins le côté obscure, on a des cookies !
Donation Bitcoin : 1N8QGrhJGWdZNQNSspm3rSGjtXaXv9Ngat
Donation Dash : XmowiBRku3tsEREp7PhpheY4TgeLLDyKdM

Qui est en ligne

Utilisateurs parcourant ce forum : CommonCrawl [Bot] et 0 invité