Chris Laprise: > On 5/2/20 6:54 AM, unman wrote: >> On Sat, May 02, 2020 at 08:22:57AM +0000, taran1s wrote: >>> >>> >>> unman: >>>> On Fri, May 01, 2020 at 11:54:27AM +0000, taran1s wrote: >>>>> >>>>> >>>>> taran1s: >>>>>> >>>>>> >>>>> Chris, I tried now to connect to the kraken.com, which seems to be tor >>>>> unfriendly through me->tor->VPN->kraken.com but it returns error on >>>>> the >>>>> site "Disabled". >>>>> >>>>> I learned now that despite I use the above connection model, using VPN >>>>> as an exit, I still exit from the tor exit not and not from the VPN. I >>>>> am not sure what broke. >>>>> >>>> >>>> If I understand your model: me->tor->VPN->kraken.com >>>> you are running Tor *through* your VPN - this means that your service >>>> provider sees your connection to the VPN, and your VPN provider sees >>>> your connection to the first Tor hop. >>>> Naturally, when you exit the VPN and set up the TOR circuit, it's a Tor >>>> exit node that connects to kraken. >>>> The VPN is NOT an exit in this model. Nothing has broken. >>>> >>> >>> I am actually using mullvad VPN. The idea is to have the possibility to >>> access websites or services (like kraken.com) that are not tor-friendly. >>> I would like to connect first to Tor through sys-whonix than connect to >>> the VPN through VPN AppVM and from that VPN to connect to the clearnet. >>> >>> I set the AppVMs networking following way: anon-whonix networking set >>> to -> sys-whonix networking set to -> VPN-AppVM proxy that connects to >>> the clearnet. Is that right for my model? >>> >> No. >> Think about it. >> anon-whonix creates a request. >> sys-whonix takes that request, and builds a circuit. >> VPN-AppVM sees the traffic to the first hop, and sends it down the VPN. >> The VPN provider gets the Tor traffic, and sends it on to the first >> hop. >> Then it goes via Tor to the exit node and then to the target. >> Your ISP sees traffic to the VPN; the VPN provider sees traffic from you >> going to Tor; the target sees traffic coming from Tor network. >> >> *Always* use check.torproject.org to confirm your exit IP in this sort of >> case (always) so that actual matches expectations. >> >> What you have built (in packet terms) is: >> me - Tor - VPN - target. >> >> What you seem to want is: >> me - VPN - Tor - target >> >> To do that you need to build the VPN traffic and send it down a Tor >> circuit. >> Your Qubes network configuration should be: >> client - VPN qube - Tor qube - sys-firewall - sys-net > > A good rule of thumb is that whichever proxyVM is directly attached to > your appVM will be the type of network that the remote service sees. > >> >> I have no idea if Whonix will let you do this. > > This should work for most VPNs, as Patrick and I and others have tested > it (though I haven't tested Whonix specifically with Mullvad). The only > constraint is that the VPN use TCP instead of UDP. >
Thank you for the hint with ProxyVM logic. I tried both configurations from Mullvad with UDP and TCP 443, but didn't get it work. The VPN-ProxyVM cycles at ready to start link but never goes to the Link Up. Mullvad's options are Default (UDP), UDP 53, TCP 80 and TCP 443. Chris, if you have any chance to try the setup, would be very much appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d657f35-0639-6467-851b-7cedb6f9f9ef%40mailbox.org.
0xA664B90BD3BE59B3.asc
Description: application/pgp-keys
