Differences

This shows you the differences between two versions of the page.

Link to this comparison view

divertissements:tunneled [2011/04/29 10:12] (current)
Line 1: Line 1:
 +====== Tunneled TOR relay ======
  
 +Version 0.5
 +
 +Andrea Trentini - 2009
 +
 +tor AT atrent DOT it
 +
 +==== Goal ====
 +
 +Create a TOR (http://​www.torproject.org) relay setup to be run inside a NAT network with the option of running an EXIT node through a tunnel to a host with a public IP.
 +
 +==== Why? ====
 +
 +To //split// incoming TOR traffic from outgoing traffic: incoming is directed to the public IP, outgoing comes from NATted machine, this setup gives interesting achievements:​
 +
 +  * Spare bandwith on the VPS (useful if you have monthly/​periodical limits)
 +  * The public IP is an exit node but does not generate tipical exit-node traffic, i.e. if your public IP is monitored it will not raise alarms!
 +  * NAT translation adds another (weak, I admit) layer of indirection to the route
 +
 +
 +==== Status ====
 +
 +  * Proof-of-concept working
 +  * [[https://​torstatus.all.de/​router_detail.php?​FP=273fad73dd5ee3c25c8d0287297911e8d70f17a7
 +|Node running]] on [[http://​www.pcengines.ch/​alix3d3.htm|alix3d3]] small pc
 +
 +No package nor GUI available yet (but is it really needed?).
 +
 +
 +==== Photos ====
 +
 +Some photos of the alix3d3 running... with a home made refrigerating system ;)
 +
 +=== First version ===
 +
 +{{:​image004.jpg|two}}
 +
 +The small pot is half full of water.
 +
 +=== Second version ===
 +
 +{{:​newheat.jpg|new}}
 +
 +==== Idea ====
 +
 +If you have a pc inside a NAT network (e.g. http://​fastweb.it) and a VPS (Virtual Private Server) somewhere you can run a TOR relay using an ssh tunnel from your pc to the VPS.
 +
 +You configure a TOR relay on the pc in the usual way... almost ;)
 +
 +Then you set up a tunnel from your pc to the VPS, redirecting ORport and (optionally) DirPort to the "​inner"​ pc.
 +
 +Here following some excerpts from the config files...
 +
 +
 +=== SSH tunnels ===
 +
 +(Very simple) script I wrote to keep ssh tunnels going:
 +
 +  #ORPort 9002
 +  #DirPort 9032
 +  if
 +   ps aux|grep auto|grep -v grep >/​dev/​null
 +  then
 +   echo autossh running...
 +  else
 +   sudo -u atrentini autossh -f -M 20000 -R 9002:​localhost:​9002 ​  -R 9032:​localhost:​9032 -N user@hostnameOfVps
 +  fi
 +
 +The port numbers must be consistent with the ones specified in the TOR cfg (see below).
 +
 +I use it as a /​etc/​init.d/​... script, linked in /etc/rcX.d
 +
 +You must upload the ssh key on the VPS if you don't want to enter the user password every time the tunnel is set up.
 +
 +I also periodically run the script to ensure autossh is up and running, here's my crontab (root):
 +
 +   ​0 ​ * * * * /​etc/​init.d/​autossh >/​dev/​null
 +
 +
 +=== TOR cfg ===
 +
 +
 +Edit /​etc/​tor/​torrc and set (at least) the following values:
 +
 +  * Nickname
 +  * Address (this must point to the public IP, the VPS address)
 +  * ContactInfo
 +  * ORPort 9002 (this must me redirected in autossh)
 +  * DirPort 9032 (this must me redirected in autossh)
 +
 +Port numbers are examples, choose ports that suit you.
 +
 +==== Feedback... ====
 +
 +FIXME send me your feedback :)