VPN over TOR issue

Tantalus · April 18, 2020, 8:55pm

Hi everyone,

I’m trying to use a VPN through TOR [NordVPN - TCP Protocol] as follow: Tor Browser in Whonix-Workstation -> sys-VPN -> sys-whonix [whonix-gateway] -> Internet. My goal is connect to my VPN after the TOR routing (Bypass the tor censorpship in some websites). But I lack the ability to achieve that goal (I’m noob)

1 - When I use the Tor Browser (whonix-ws) connected directly to whonix-gw, it works fine

2 - When I use a AppVM with my sys-VPN (configured with Qubes-vpn-support to connect to my VPN provider with TCP protocol), it works fine

3 - When I set my sys-VPN to connect to my VPN over Whonix-gateway, it works fine and I see the LINK IS UP popup.

4 - When I use my AppVM to connect to my sys-VPN over whonix-gateway it connects!

The problem is, when I set mt whonix-workstation to connect to sys-VPN over whonix-gw, My Tor Browser do not work anymore. If I disconnect the VPN inside sys-VPN, the Tor Browser start working as usual, but when my VPN is connected, it stops.

I’m assuming that is some kind of incompatibility of the Tor Browser with the VPN link (again, i’m already using TCP protocol), but I’m can’t figure how to fix this. Any ideas?

Is it possible to somehow make TOR Browser to access clearnet using a VPN connection after the TOR routing? Do I have to do some special config in the TOR Browser to allow that

I’m aware of the risks, but I really want to try such possibility

Patrick · April 18, 2020, 10:13pm

It’s mentioned in documentation.

Recommended reading first:

And then it’s here:

Tantalus · April 21, 2020, 8:21pm

Hey, Patrick, Thank you for reply.

I set the configs as explained in ‘Connecting to Tor before a VPN’ tutorial. As I am using QubesOS, so I did the steps provided in ’ Prevent Bypassing of the Tunnel-Link’ and the steps provided in Method 1 ‘Separate VPN-Gateway’ in my proxyVM.

I also did the Leak test as below and it did return my VPN IP. The only thing not working is the TOR Browser. I tried setting environment variable TOR_TRANSPROXY=1, no good. And (in a new VM) exporting as export TOR_TRANSPROXY=1, no good. TOR Browser always says Secure Connection Failed.

UWT_DEV_PASSTHROUGH=1 curl --silent --tlsv1.2 --proto =https (tor project link that is not allowed posting) | grep IP

Any ideas if any other configuration needs to be done in the TOR Browser?

Patrick · April 22, 2020, 12:09pm

That feature might have been broken (in newer releases of Tor Browser) (depending on configuration) by Tor Browser.

Remove the Whonix specific part of the question. Reproduce this issue on Debian without involving Whonix. Try make Tor Browser use system default networking (TOR_TRANSPROXY=1) and not Tor SocksPort. By doing so, you’ll be able to contact upstream, the developers of Tor Browser, the torproject.org as per Self Support First Policy for Whonix

Tantalus · April 22, 2020, 1:08pm

Thank you. I’ll try that