[tor-talk] Am I successfully using Torsocks, SSH, and a VPS? Please advise, thanks!

blobby at openmailbox.org blobby at openmailbox.org
Tue Aug 9 16:58:46 UTC 2016 

Please see below for my response to your helpful comments.

On 2016-08-08 11:18, Ben Tasker wrote:
> If you're using Firefox, one thing you want to consider is DNS leakage.
> 
> If you go into about:config, see whether network.proxy.socks_remote_dns
> exists. If not create it and set to True.
> 
> Without that, DNS won't use the tunnel. As you've got a VPN running 
> it'll
> likely egress from the VPN endpoint instead.
> 

Point taken. It did exist and was set to "true".

>> VPN ---> Torsocks (on 127.0.0.1) ---> SSH (bound to port 33333) ---> 
>> VPS
> ---> Internet.
> 
> How do you pay for the VPS? If it's in your name (or can be linked to 
> you)
> then all you're doing is preventing your local ISP from seeing what 
> you're
> connecting to (which might, of course, be your aim). You do, in effect,
> have a fixed exit point though, so it's worth bearing in mind that in 
> some
> ways it makes you more identifiable from the point of view of services
> you're connecting to.

Bitcoin is my friend! I appreciate that using a VPS with a static IP 
does provide a fixed exit point.

I'm wondering if you feel, based on your expertise, that my system looks 
secure (see below).

Thanks again.

> 
> 
> 




> 
> 
> On Mon, Aug 8, 2016 at 11:55 AM, <blobby at openmailbox.org> wrote:
> 
>> I, like many other uses of Tor, have become increasingly frustrated 
>> with
>> sites like Craigslist which discriminate against Tor. It makes these 
>> sites
>> hard to use. I therefore decided to discover if it is possible to use 
>> Tor
>> but end up with a non-Tor IP.
>> 
>> I use Torsocks to login to a VPS server via SSH and bind SSH to a 
>> specific
>> port with SSH’s -D option.
>> 
>> My configuration is: torsocks ssh -D 33333 name at vps.com (33333 is just 
>> a
>> random unused port).
>> 
>> My normal Firefox browser (not the Tor Browser Bundle) has in 
>> Preferences
>> / Advanced / Connection the SOCKS host set to 127.0.0.1, the port set 
>> to
>> 33333, SOCKS v5 is ticked, and remote DNS is ticked. The “No proxy 
>> for” box
>> is blank.
>> 
>> I also use a VPN for added privacy to ensure that my ISP cannot tell 
>> that
>> I am connecting to Tor. The result is (in my opinion):
>> 
>> VPN ---> Torsocks (on 127.0.0.1) ---> SSH (bound to port 33333) ---> 
>> VPS
>> ---> Internet.
>> 
>> First, I connect to my VPN provider. Second, I connect to port 33333 
>> on
>> 127.0.0.1 where Tor (via Torsocks) and SSH is running. Third, I 
>> connect to
>> a VPS (over SSH) and SSH is bound to port 33333. Torsocks transmits 
>> the
>> HTTP(S) traffic through three Tor nodes. Finally, the Tor routing ends 
>> at
>> the VPS and the traffic goes out onto the internet from the 
>> infrastructure
>> of the VPS.
>> 
>> In my browser, I checked https://www.whatismyip.com/ which shows the 
>> IP
>> address of the VPS. When I SSH into the VPS, I see that the last IP 
>> that
>> logged in is that of a Tor exit node. In Wireshark, I see that my VPN
>> interface connects to the IP address of a Tor entry node.
>> 
>> I have two questions. Does this setup appear sensible and secure? I am
>> sure there are other ways to achieve the same goal but I would like to 
>> know
>> my system is valid. I think my system is secure but I would appreciate
>> opinions from more experienced users.
>> 
>> The result of this model is that my IP is that of the VPS which is 
>> static.
>> I did add a HTTP proxy to Preferences / Advanced / Connection in 
>> Firefox
>> but the result was that the SOCKS proxy (and thus Torsocks and SSH) 
>> were
>> ignored so the result was VPN –-> HTTP proxy –-> Internet (which 
>> bypasses
>> Tor). Is it possible to use a HTTP(S) (or another type) of proxy to 
>> alter
>> the IP. The ideal model would be: VPN –-> Torsocks (on 127.0.0.1) –-> 
>> SSH
>> (bound to port 33333) –-> VPS –-> Proxy (e.g. HTTP(S)) –-> Internet.
>> 
>> Thank you for your help. I appreciate any advice and suggestions.
>> --
>> tor-talk mailing list - tor-talk at lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> 
> 
> 
> 
> --
> Ben Tasker
> https://www.bentasker.co.uk

More information about the tor-talk mailing list