How to Tunnels_Connecting to a proxy before Tor

“You would have to run the proxy software under the linux user account tunnel on Whonix-Gateway” Connecting to a Proxy before Tor

I’m in China,all Obfs 4 get ban, I have to use a local proxy software to help the connection. Should I copy the proxy software to ‘tunnel’ folder? Then?

Those instructions are not referring to location of software in filesystem.

The proxy software must be executed as user: tunnel in order to bypass firewall.

sudo -u tunnel /path/to/executable

2 Likes

Thank you very much! After some months wait, it’s the 1st time I get the Whonix work again! The proxy software is not open source, can it read my Tor network traffic or causes other security issue?

Yes! The gateway receives traffic directly from the workstation and then proceeds to encrypt and route to Tor. Malicious software can intercept and re-route traffic before Tor encryption. Content can be protected if the workstation encrypts first before sending to the gateway (ie https), but headers / metadata will still be unencrypted.

Do not install untrusted software in the gateway. It’s better (but more difficult) to put proxy software in a separate VM so if the proxy is compromised, your traffic is still encrypted by Tor.

1 Like

Dec 17 00:25:15.172 - 0m0s DEBUG flashlight.util: hash.go:19 Hashing file at path /home/user/Desktop/update_l
Dec 17 00:25:15.272 - 0m0s DEBUG flashlight: increase_nofiles.go:25 Current nofiles soft limit of 65536 is enough
Dec 17 00:25:15.272 - 0m0s DEBUG flashlight.app: settings.go:117 Loading settings
Dec 17 00:25:15.273 - 0m0s DEBUG app.settings: settings.go:125 Could not read file open /home/tunnel/.lantern/settings.yaml: no such file or directory
DEBUG flashlight.common: const.go:37 ****************************** stagingMode: false
DEBUG flashlight.logging: logging.go:54 Placing logs in /home/tunnel/.lantern/logs
Dec 17 00:25:15.285 - 0m0s DEBUG flashlight.util: hash.go:19 Hashing file at path /home/user/Desktop/update_l
Dec 17 00:25:15.399 - 0m0s DEBUG flashlight: increase_nofiles.go:25 Current nofiles soft limit of 65536 is enough
Dec 17 00:25:15.430 - 0m0s DEBUG flashlight.app: settings.go:117 Loading settings
Dec 17 00:25:15.431 - 0m0s DEBUG app.settings: settings.go:125 Could not read file open /home/tunnel/.lantern/settings.yaml: no such file or directory
No protocol specified

** (update_l:13836): WARNING **: Could not open X display
No protocol specified
Unable to init server: Could not connect: Connection refused

(update_l:13836): Gtk-WARNING **: cannot open display: :0

fail to run Lantern sudo -u tunnel /path/to/executable

Don’t really know. Looks like you’re trying to run as user: tunnel so program is looking for files in /home/tunnel/ but some of your files are in /home/user/. You could switch to tunnel user for consistency: sudo -u tunnel -i. Remember tunnel user is not in sudo group though.

Paper describing how easy it is to block all bridges (even private ones): https://www.cs.uml.edu/~xinwenfu/paper/Bridge.pdf (tor-friendly link: https://web.archive.org/web/20171218203107/https://www.cs.uml.edu/~xinwenfu/paper/Bridge.pdf)

1 Like

Did you adjust /path/to/executable with the actual path?

Related:

1 Like

I try to install and config i2pd.
Is there any problem?

user@host:~$ sudo dpkg -i /mnt/cdrom0/i2pd_2_1.deb /mnt/cdrom0/libbo000.deb /mnt/cdrom0/libboost.deb
[sudo] password for user:
Selecting previously unselected package i2pd.
(Reading database … 90676 files and directories currently installed.)
Preparing to unpack /mnt/cdrom0/i2pd_2_1.deb …
Unpacking i2pd (2.17.0-1jessie1) …
Selecting previously unselected package libboost-date-time1.55.0:i386.
Preparing to unpack /mnt/cdrom0/libbo000.deb …
Unpacking libboost-date-time1.55.0:i386 (1.55.0+dfsg-3) …
Selecting previously unselected package libboost-filesystem1.55.0:i386.
Preparing to unpack /mnt/cdrom0/libboost.deb …
Unpacking libboost-filesystem1.55.0:i386 (1.55.0+dfsg-3) …
Setting up libboost-date-time1.55.0:i386 (1.55.0+dfsg-3) …
Setting up libboost-filesystem1.55.0:i386 (1.55.0+dfsg-3) …
Setting up i2pd (2.17.0-1jessie1) …
adduser: Warning: The home directory `/var/lib/i2pd’ does not belong to the user you are currently creating.
Processing triggers for man-db (2.7.0.2-5) …
Processing triggers for systemd (215-17+deb8u7) …
Processing triggers for libc-bin (2.19-18+deb8u10) …
user@host:~$ i2pd
Could not find the database of available applications, run update-command-not-found as root to fix this
Command ‘i2pd’ is available in '/usr/sbin/i2pd’
The command could not be located because ‘/usr/sbin’ is not included in the PATH environment variable.
This is most likely caused by the lack of administrative priviledges associated with your user account.
i2pd: command not found
user@host:~$ sudo -u tunnel /usr/sbin/i2pd --reseed.zipfile /mnt/cdrom0/i2presee.zip
[sudo] password for user:
13:57:03@672/info - Log: min messages level set to info
13:57:03@672/info - i2pd v2.17.0 starting
13:57:03@672/info - Daemon: bandwidth set to 'low’
13:57:03@672/info - Daemon: using system limit in 65536 max open files
13:57:03@672/info - Daemon: starting NetDB
13:57:03@672/warn - Family: Can’t load family certificates from /home/tunnel/.i2pd/certificates/family
13:57:03@672/info - NetDb: 0 routers loaded (0 floodfils)
13:57:03@672/warn - Reseed: Can’t load reseed certificates from /home/tunnel/.i2pd/certificates/reseed
13:57:03@672/error - RouterInfo: Can’t open file
13:57:03@672/info - NetDb: RouterInfo added: eOGwDmE-5bqoH6mrs7g8mRae7OAy73=
13:57:03@672/info - NetDb: RouterInfo added: vJIIlxzOSeH3XSndbdnOVCNYPm-bH=
13:57:03@672/info - NetDb: RouterInfo added: W7c~E-5bqoH6mr93HiqnrLcJcKbdnOVC0=
13:57:03@672/info - NetDb: RouterInfo added: j84d7iPJlmHC71bdnOPPVFhTtJQb7XP3E=
13:57:03@672/info - NetDb: RouterInfo added: flcrNlpP6C71bdnOVCN-E-5bqoH6mr9Jap7=
13:57:03@672/info - NetDb: RouterInfo added: gC71bdnOCM9PJlmHslqY5av98nutoxqwry=
13:57:03@672/info - NetDb: RouterInfo added: i~EwdGicGv7d7iPJlmHC74q2ASXYz6E=
13:57:03@672/info - NetDb: RouterInfo added: 4v5d7iPJlmHC70AenIeNSSnbWeU=
13:57:03@672/info - NetDb: RouterInfo added: RyXBVMOG8QzSyXGWu6dCb4YC7PKSY=
13:57:03@672/info - NetDb: RouterInfo added: tMyXBVViymd7iPJlDXleIIuxJ-9Fynx8=
13:57:03@672/info - NetDb: RouterInfo added: AfJOG8QzSyXGwTC2DrYKBk~eCb4YC7E=
13:57:03@672/info - NetDb: RouterInfo added: SOG8QzSyXGEpwy8qtRMvPzC8YUpJjk=
13:57:03@672/info - NetDb: RouterInfo added: RSzUV9BH7gOG8QzSyXGNuDXleIIuxGfao=
13:57:03@672/info - NetDb: RouterInfo added: 6TreYG9o0bRHGG0ueY7i2wCX7O6t3jr7wy0Vu~hr=
13:57:03@672/info - NetDb: RouterInfo added: JZVqe-BBoZcoqY~oKIJN65EFBWsPJydnCYhQ3Zo4D9U=
13:57:03@672/info - NetDb: RouterInfo added: yGNpAvSmTgbX1BpgxAkJ1wSojPAwoY6dQNjrgtlJkw=
13:57:03@672/info - NetDb: RouterInfo added: smERuWrr5lMIvNeFw5-o0bRHGG0ueJocMgIQwms~lo=
13:57:03@672/info - Daemon: starting Transports
13:57:03@672/info - NTCP: Start listening TCP port 29233
13:57:03@672/info - Transports: Start listening UDP port 29233
13:57:03@672/info - Daemon: Transports started
13:57:03@672/info - Daemon: starting HTTP Server at 127.0.0.1:7070
terminate called after throwing an instance of 'boost::exception_detail::clone_impl >'
what(): bind: Address already in use
user@host:~$

Then after reboot open the konsole again

user@host:~$ sudo -u tunnel /usr/sbin/i2pd --reseed.zipfile /mnt/cdrom0/i2presee.zip
[sudo] password for user:
terminate called after throwing an instance of 'boost::filesystem::filesystem_error’
what(): boost::filesystem::directory_iterator::construct: Permission denied: “/home/tunnel/.i2pd/tags”

Last line
Likely I don’t have permission to create data which is required by i2pd