-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/04/2016 09:04 PM, grarpamp wrote: > On 7/4/16, Mirimir <miri...@riseup.net> wrote: >> If you're using the plain tor client, you can route a VPN through >> Tor by adding these lines to the openvpn .conf file in >> /etc/openvpn: >> >> socks-proxy 127.0.0.1 9050 /etc/openvpn/up socks-proxy-retry > > And if you're then trying to point various socks5 enabled apps > through the VPN without having to setup all sorts of heavyweight > VM's and packet filters on your box, you should review and support > this ticket...
Yes, VMs are heavyweight. But iptables rules for this are pretty trivial. Drop everything (input, forward and output). Accept output on eth0 only for user debian-tor. Accept all output on tun0. <SNIP> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXeyndAAoJEGINZVEXwuQ+tzgH/3VlLbFRP3ur+tNNH6Zk+wBn IDmR0jEb/e6Uj6EvvaFWLU5bRkNJUuDXkdvdGkgnQH6gAnCNqr4ZGOsQersNEYtD QPpCd+S1p0f4nbhlfnEk9EhbJO3yK6+ZUUsPX9537he/oIk9K6TGo4Zc3Bnzswr5 QPWnSmnYhjClKrfvkykhZjBH08bS3cwHUf02JJZ5qIZ7tj3rwbo8x+mCDOYPgCB9 M5TRn9E7uhBbRDZw872u0PJ5kezTXdxlwxSef0M5IYNx3U9sR4MZ6mmDUuBclsNw +ntLFkTJr545zn5XaXkdYuQYJWe8ENHvZ9WvQobkhpZx/W3VT1bNtYjEKAgKuHs= =eZSu -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
