First, setup the /etc/ssh/sshd_config to allow port forwarding:
root@torVPS:~# vim /etc/ssh/sshd_config
root@torVPS:~# cat /etc/ssh/sshd_config | grep Gateway
GatewayPorts yes
root@torVPS:~# systemctl restart sshd
Then run the SSH tunnel command to go through tor via a local TOR bridge node:
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ apt install tor obfs4proxy -y
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ vim /etc/tor/torrc
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ cat /etc/tor/torrc
UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Bridge obfs4 10.0.0.195:8042 2E73653A148DFFF3CA28D53F0C366936FE554335 cert=znEl9kidNa4TgqiasENSDvxLPDVMOvdIPcVhqwMR27iVUoMn+MtjoxmcpikFpsYAbtSpMw iat-mode=0
DataDirectory /var/lib/tor
TransPort 9040
SocksPort 9050
DNSPort 53
User debian-tor
[ 10.0.0.101/16 ] [ /dev/pts/3 ] [~]
→ vim /etc/tor/torsocks.conf
[ 10.0.0.101/16 ] [ /dev/pts/3 ] [~]
→ cat /etc/tor/torsocks.conf | grep AllowOutboundLocalhost
AllowOutboundLocalhost 1
[ 10.0.0.101/16 ] [ /dev/pts/3 ] [~]
→ systemctl restart tor
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ torify ssh -fN -R 0.0.0.0:443:127.0.0.1:443 torVPS
root@torVPS:~# nmap 127.0.0.1 -p 443
Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-14 17:41 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000068s latency).
PORT STATE SERVICE
443/tcp open https
root@torVPS:~# nmap $(curl ifconfig.me) -p 443
Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-14 17:41 CEST
Nmap scan report for ip.88.217.167.104.hivedatacenter.com (104.167.217.88)
Host is up (0.000038s latency).
PORT STATE SERVICE
443/tcp open https
And the 443 port has been port forwarded to both localhost and the destination public IP ! Now let's make sure it auto restarts:
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ apt install autossh
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ torify autossh -fN -R 0.0.0.0:443:127.0.0.1:443 torVPS
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ torify autossh -fN -R 0.0.0.0:80:127.0.0.1:80 torVPS
Then we make sure it starts at boot:
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ which torify autossh
/usr/bin/torify
/usr/bin/autossh
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ vim sshtunnels.sh
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ cat sshtunnels.sh
#!/bin/bash
while true; do
if [ $(pidof autossh ssh | wc -l) -eq 0 ]; then
echo "[+] STARTING SSH TUNNELS ..."
kill -9 $(pidof autossh ssh) 2>/dev/null
/usr/bin/torify /usr/bin/autossh -fN -R 0.0.0.0:80:127.0.0.1:80 torVPS
/usr/bin/torify /usr/bin/autossh -fN -R 0.0.0.0:443:127.0.0.1:443 torVPS
else
echo "[+] SSH TUNNELS ACTIVE..."
pidof ssh autossh
fi
sleep 3
done
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ pwd
/root
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ chmod +x sshtunnels.sh
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ cat sshtunnels.sh
#!/bin/bash
/usr/bin/torify /usr/bin/autossh -fN -R 0.0.0.0:80:127.0.0.1:80 torVPS
/usr/bin/torify /usr/bin/autossh -fN -R 0.0.0.0:443:127.0.0.1:443 torVPS
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ vim /etc/systemd/system/sshtunnel.service
[ 10.8.0.3/24 ] [ /dev/pts/0 ] [~]
→ cat /etc/systemd/system/sshtunnel.service
[Unit]
Description=SSH Tunnels
After=network-online.target
Wants=network-online.target
[Service]
Type=Simple
ExecStart=/root/sshtunnels.sh
ExecStop=kill -9 $(pidof autossh ssh)
[Install]
WantedBy=multi-user.target
Then we test it:
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ kill -9 $(pidof autossh)
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ systemctl daemon-reload
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ systemctl start sshtunnel
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ systemctl status sshtunnel
● sshtunnel.service - SSH Tunnels
Loaded: loaded (/etc/systemd/system/sshtunnel.service; disabled; vendor preset: enabled)
Active: inactive (dead)
May 14 18:06:05 home systemd[1]: Started SSH Tunnels.
May 14 18:06:06 home autossh[31304]: starting ssh (count 1)
May 14 18:06:06 home autossh[31304]: ssh child pid is 31306
May 14 18:06:06 home systemd[1]: sshtunnel.service: Succeeded.
May 14 18:06:06 home autossh[31304]: received signal to exit (15)
It ran successfully, now we test if the ports are properly forwarded:
root@torVPS:~# nmap 127.0.0.1 -p 80,443
Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-14 18:08 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000068s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
root@torVPS:~# nmap $(curl ifconfig.me 2>/dev/null) -p 80,443
Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-14 18:08 CEST
Nmap scan report for ip.88.217.167.104.hivedatacenter.com (104.167.217.88)
Host is up (0.000050s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
And it is! now if we want the web server to also VPN to the torVPS machine, we can do that too, following the Openvpn Over TOR setup:
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ cat home.ovpn
client
proto tcp-client
remote x.x.x.x 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_0OoqAjLKoDz7Zu2d name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
### TOR SETTINGS ###
socks-proxy 127.0.0.1 9050
socks-proxy-retry
up-delay
route 10.0.0.195 255.255.255.255 net_gateway
###################
[...]
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ vim /etc/systemd/system/vpn.service
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ cat /etc/systemd/system/vpn.service
[Unit]
Description=VPN
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
ExecStart=/usr/sbin/openvpn /root/home.ovpn
ExecStop=kill -9 $(pidof openvpn)
Restart=always
[Install]
WantedBy=multi-user.target
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ vim /etc/systemd/system/torwatch.service
You have new mail.
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ cat /etc/systemd/system/torwatch.service
[Unit]
Description=torwatcher
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
ExecStart=/root/monitor_tor.sh
ExecStop=kill -9 $(pidof /root/monitor_tor.sh)
Restart=always
[Install]
WantedBy=multi-user.target
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ vim monitor_tor.sh
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ cat monitor_tor.sh
#!/bin/bash
counter=0
while true; do
echo TESTING
timeout 10 ping -c1 10.8.0.1 &>/dev/null
if [ $? -eq 0 ]; then
echo OK;
sleep 3
else
if [ $counter -gt 0 ];
then
echo 'RESTARTING TOR...'
systemctl restart tor
counter=0
sleep 10
else
counter=$((counter+1))
echo "FAIL ( $counter / 2)";
sleep 3
fi
fi
done
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ vim /etc/systemd/system/tortables.service
You have new mail.
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ cat /etc/systemd/system/tortables.service
[Unit]
Description=Tor IP Tables
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
ExecStart=/root/iptables_vpn_tor.sh
[Install]
WantedBy=multi-user.target
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ vim iptables_vpn_tor.sh
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ cat iptables_vpn_tor.sh
#!/bin/bash
#default private networks
sudo iptables -F
sudo iptables -A INPUT -m iprange --src-range 192.168.0.0-192.168.255.255 -j ACCEPT
sudo iptables -A INPUT -m iprange --src-range 172.16.0.0-172.31.255.255 -j ACCEPT
sudo iptables -A INPUT -m iprange --src-range 10.0.0.0-10.255.255.255 -j ACCEPT
sudo iptables -A INPUT -m iprange --src-range 127.0.0.0-127.255.255.255 -j ACCEPT
sudo iptables -A OUTPUT -m iprange --dst-range 192.168.0.0-192.168.255.255 -j ACCEPT
sudo iptables -A OUTPUT -m iprange --dst-range 172.16.0.0-172.31.255.255 -j ACCEPT
sudo iptables -A OUTPUT -m iprange --dst-range 10.0.0.0-10.255.255.255 -j ACCEPT
sudo iptables -A OUTPUT -m iprange --dst-range 127.0.0.0-127.255.255.255 -j ACCEPT
#ip range of tor VPN:
sudo iptables -A OUTPUT -o tun0 -j ACCEPT
sudo iptables -A INPUT -i tun0 -j ACCEPT
sudo iptables -A INPUT -j DROP
sudo iptables -A OUTPUT -j DROP
#sudo iptables -A INPUT -j DROP
#sudo iptables -A OUTPUT -j DROP
You have new mail.
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ chmod +x iptables_vpn_tor.sh
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ chmod +x monitor_tor.sh
[ 10.0.0.101/16 ] [ /dev/pts/2 ] [~]
→ systemctl restart torwatch tortables tor vpn
[ 10.0.0.101/16 ] [ /dev/pts/0 ] [~]
→ systemctl enable --now torwatch tortables tor vpn sshtunnel
Synchronizing state of tor.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable tor
Created symlink /etc/systemd/system/multi-user.target.wants/torwatch.service → /etc/systemd/system/torwatch.service.
Created symlink /etc/systemd/system/multi-user.target.wants/tortables.service → /etc/systemd/system/tortables.service.
Created symlink /etc/systemd/system/multi-user.target.wants/vpn.service → /etc/systemd/system/vpn.service.
[ 10.8.0.3/24 ] [ /dev/pts/0 ] [~]
→ systemctl status sshtunnel vpn tor torwatch tortables
● sshtunnel.service - SSH Tunnels
Loaded: loaded (/etc/systemd/system/sshtunnel.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-05-14 19:14:31 CEST; 1min 16s ago
Main PID: 394 (sshtunnels.sh)
Tasks: 6 (limit: 4700)
Memory: 8.1M
CGroup: /system.slice/sshtunnel.service
├─ 394 /bin/bash /root/sshtunnels.sh
├─1290 /usr/lib/autossh/autossh -N -R 0.0.0.0:80:127.0.0.1:80 torVPS
├─1292 /usr/bin/ssh -L 39557:127.0.0.1:39557 -R 39557:127.0.0.1:39558 -N -R 0.0.0.0:80:127.0.0.1:80 torVPS
├─1306 /usr/lib/autossh/autossh -N -R 0.0.0.0:443:127.0.0.1:443 torVPS
├─1308 /usr/bin/ssh -L 39858:127.0.0.1:39858 -R 39858:127.0.0.1:39859 -N -R 0.0.0.0:443:127.0.0.1:443 torVPS
└─1793 sleep 3
May 14 19:15:35 home sshtunnels.sh[394]: [+] SSH TUNNELS ACTIVE...
May 14 19:15:35 home sshtunnels.sh[394]: 1308 1292 1306 1290
May 14 19:15:38 home sshtunnels.sh[394]: [+] SSH TUNNELS ACTIVE...
May 14 19:15:38 home sshtunnels.sh[394]: 1308 1292 1306 1290
May 14 19:15:41 home sshtunnels.sh[394]: [+] SSH TUNNELS ACTIVE...
May 14 19:15:41 home sshtunnels.sh[394]: 1308 1292 1306 1290
May 14 19:15:44 home sshtunnels.sh[394]: [+] SSH TUNNELS ACTIVE...
May 14 19:15:44 home sshtunnels.sh[394]: 1308 1292 1306 1290
May 14 19:15:47 home sshtunnels.sh[394]: [+] SSH TUNNELS ACTIVE...
May 14 19:15:47 home sshtunnels.sh[394]: 1308 1292 1306 1290
● vpn.service - VPN
Loaded: loaded (/etc/systemd/system/vpn.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-05-14 19:14:31 CEST; 1min 16s ago
Main PID: 397 (openvpn)
Tasks: 1 (limit: 4700)
Memory: 3.2M
CGroup: /system.slice/vpn.service
└─397 /usr/sbin/openvpn /root/home.ovpn
May 14 19:14:39 home openvpn[397]: Sat May 14 19:14:39 2022 ROUTE_GATEWAY 10.0.0.1/255.255.0.0 IFACE=ens18 HWADDR=96:b0:53:08:49:a6
May 14 19:14:39 home openvpn[397]: Sat May 14 19:14:39 2022 TUN/TAP device tun0 opened
May 14 19:14:39 home openvpn[397]: Sat May 14 19:14:39 2022 TUN/TAP TX queue length set to 100
May 14 19:14:39 home openvpn[397]: Sat May 14 19:14:39 2022 /sbin/ip link set dev tun0 up mtu 1500
May 14 19:14:39 home openvpn[397]: Sat May 14 19:14:39 2022 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
May 14 19:14:39 home openvpn[397]: Sat May 14 19:14:39 2022 /sbin/ip route add 127.0.0.1/32 via 10.0.0.1
May 14 19:14:39 home openvpn[397]: Sat May 14 19:14:39 2022 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
May 14 19:14:39 home openvpn[397]: Sat May 14 19:14:39 2022 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
May 14 19:14:39 home openvpn[397]: Sat May 14 19:14:39 2022 /sbin/ip route add 10.0.0.195/32 dev ens18
May 14 19:14:39 home openvpn[397]: Sat May 14 19:14:39 2022 Initialization Sequence Completed
● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-05-14 19:14:31 CEST; 1min 16s ago
Main PID: 378 (tor)
Tasks: 13 (limit: 4700)
Memory: 74.1M
CGroup: /system.slice/tor.service
├─378 /usr/sbin/tor -f /etc/tor/torrc
└─454 /usr/bin/obfs4proxy
May 14 19:14:32 home tor[378]: May 14 19:14:32.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
May 14 19:14:33 home tor[378]: May 14 19:14:33.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
May 14 19:14:34 home tor[378]: May 14 19:14:34.000 [notice] Bootstrapped 0%: Starting
May 14 19:14:36 home tor[378]: May 14 19:14:36.000 [notice] Starting with guard context "bridges"
May 14 19:14:36 home tor[378]: May 14 19:14:36.000 [notice] new bridge descriptor 'voidyt' (cached): $2E73653A148DFFF3CA28D53F0C366936FE554335~voidyt at 10.0.0.195
May 14 19:14:36 home tor[378]: May 14 19:14:36.000 [notice] Delaying directory fetches: Pluggable transport proxies still configuring
May 14 19:14:36 home tor[378]: May 14 19:14:36.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
May 14 19:14:36 home tor[378]: May 14 19:14:36.000 [notice] Bootstrapped 80%: Connecting to the Tor network
May 14 19:14:36 home tor[378]: May 14 19:14:36.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
May 14 19:14:36 home tor[378]: May 14 19:14:36.000 [notice] Bootstrapped 100%: Done
● torwatch.service - torwatcher
Loaded: loaded (/etc/systemd/system/torwatch.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-05-14 19:14:31 CEST; 1min 16s ago
Main PID: 398 (monitor_tor.sh)
Tasks: 2 (limit: 4700)
Memory: 2.7M
CGroup: /system.slice/torwatch.service
├─ 398 /bin/bash /root/monitor_tor.sh
└─1772 sleep 3
May 14 19:15:34 home monitor_tor.sh[398]: TESTING
May 14 19:15:34 home monitor_tor.sh[398]: OK
May 14 19:15:37 home monitor_tor.sh[398]: TESTING
May 14 19:15:37 home monitor_tor.sh[398]: OK
May 14 19:15:40 home monitor_tor.sh[398]: TESTING
May 14 19:15:40 home monitor_tor.sh[398]: OK
May 14 19:15:43 home monitor_tor.sh[398]: TESTING
May 14 19:15:43 home monitor_tor.sh[398]: OK
May 14 19:15:46 home monitor_tor.sh[398]: TESTING
May 14 19:15:46 home monitor_tor.sh[398]: OK
● tortables.service - Tor IP Tables
Loaded: loaded (/etc/systemd/system/tortables.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Sat 2022-05-14 19:14:35 CEST; 1min 12s ago
Process: 396 ExecStart=/root/iptables_vpn_tor.sh (code=exited, status=0/SUCCESS)
Main PID: 396 (code=exited, status=0/SUCCESS)
May 14 19:14:35 home sudo[624]: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/iptables -A INPUT -i tun0 -j ACCEPT
May 14 19:14:35 home sudo[624]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 14 19:14:35 home sudo[624]: pam_unix(sudo:session): session closed for user root
May 14 19:14:35 home sudo[626]: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/iptables -A INPUT -j DROP
May 14 19:14:35 home sudo[626]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 14 19:14:35 home sudo[626]: pam_unix(sudo:session): session closed for user root
May 14 19:14:35 home sudo[628]: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/iptables -A OUTPUT -j DROP
May 14 19:14:35 home sudo[628]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 14 19:14:35 home sudo[628]: pam_unix(sudo:session): session closed for user root
May 14 19:14:35 home systemd[1]: tortables.service: Succeeded.
And that's it! Now you have a local service, which automatically port forwards it's http and https services via SSH tunnels to a remote host, and it automatically connects there via a VPN Over TOR setup.
Until there is Nothing left.
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@nihilism.network (PGP)