taran1s: > > > unman: >> On Sat, May 02, 2020 at 08:22:57AM +0000, taran1s wrote: >>> >>> >>> unman: >>>> On Fri, May 01, 2020 at 11:54:27AM +0000, taran1s wrote: >>>>> >>>>> >>>>> taran1s: >>>>>> >>>>>> >>>>> Chris, I tried now to connect to the kraken.com, which seems to be tor >>>>> unfriendly through me->tor->VPN->kraken.com but it returns error on the >>>>> site "Disabled". >>>>> >>>>> I learned now that despite I use the above connection model, using VPN >>>>> as an exit, I still exit from the tor exit not and not from the VPN. I >>>>> am not sure what broke. >>>>> >>>> >>>> If I understand your model: me->tor->VPN->kraken.com >>>> you are running Tor *through* your VPN - this means that your service >>>> provider sees your connection to the VPN, and your VPN provider sees >>>> your connection to the first Tor hop. >>>> Naturally, when you exit the VPN and set up the TOR circuit, it's a Tor >>>> exit node that connects to kraken. >>>> The VPN is NOT an exit in this model. Nothing has broken. >>>> >>> >>> I am actually using mullvad VPN. The idea is to have the possibility to >>> access websites or services (like kraken.com) that are not tor-friendly. >>> I would like to connect first to Tor through sys-whonix than connect to >>> the VPN through VPN AppVM and from that VPN to connect to the clearnet. >>> >>> I set the AppVMs networking following way: anon-whonix networking set >>> to -> sys-whonix networking set to -> VPN-AppVM proxy that connects to >>> the clearnet. Is that right for my model? >>> >> No. >> Think about it. >> anon-whonix creates a request. >> sys-whonix takes that request, and builds a circuit. >> VPN-AppVM sees the traffic to the first hop, and sends it down the VPN. >> The VPN provider gets the Tor traffic, and sends it on to the first >> hop. >> Then it goes via Tor to the exit node and then to the target. >> Your ISP sees traffic to the VPN; the VPN provider sees traffic from you >> going to Tor; the target sees traffic coming from Tor network. >> >> *Always* use check.torproject.org to confirm your exit IP in this sort of >> case (always) so that actual matches expectations. >> >> What you have built (in packet terms) is: >> me - Tor - VPN - target. >> >> What you seem to want is: >> me - VPN - Tor - target >> >> To do that you need to build the VPN traffic and send it down a Tor >> circuit. >> Your Qubes network configuration should be: >> client - VPN qube - Tor qube - sys-firewall - sys-net >> >> I have no idea if Whonix will let you do this. >> >> unman >> > > Ah, omg I see. I thought about it in regards of seeing other AppVMs like > sys-whonix -> sys-firewall -> sys-net. I am not experienced in > networking and so just followed the logic of whats first gets first. But > now I see that packet wise, it is vice versa. It is a bit confusing for > me, but if it is working, I will be more than happy :) > > So if I understand it properly, I set the networking of the AppVMs > following way: > > anon-whonix -> VPN-AppVM -> sys-whonix -> clearnet. In this case I use > tor first, exit from tor-exit-node to the VPN and than exit from VPN to > clearnet. Am I right? >
I tried the setup, but in this case the the VPN proxy doesn't go to Link UP and TB in anon-whonix isn't connected to the internet. Any ideas? BTW I downloaded the default UDP setting package from mullvadVPN as Chris mentioned. I know that tor is using TCP only. Could this be an issue with this setup and I should get the TCP package instead of UDP? Just to sum it up: I would like to first connect to the Tor, than exit from Tor to the VPN and from VPN to the clearnet target. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3c8a884a-6a3e-499e-6355-88b85da8f550%40mailbox.org.
0xA664B90BD3BE59B3.asc
Description: application/pgp-keys
