[tor-talk] Help me secure my setup
Aeris
aeris+tor at imirhil.fr
Sun Jan 10 18:31:52 UTC 2016
Why do you absolutely want to route all your traffic through your VPN ?
You want to hide to your ISP the fact you use Tor ?
From my point of view, « secure » (no security possible without clean
specification of your threat model) network will be gateway of your network
with strong firewall allowing only output to known Tor node (with iptables and
ipset for example), and one Tor client per computer with all your TCP traffic
forwarded to TransPort, DNS traffic to DNSPort and UDP traffic blocked.
Because you say your VPN connection is not trustable, you can’t send plain
traffic inside, so you absolutely need Tor client side.
And then, unless you have to hide Tor to your ISP, you don’t need VPN at all.
If you want to hide Tor to your ISP, just forward all Tor connection from your
gateway through your VPN (I don’t take time to study the security of doing
this, perhaps other people here will find troubles).
Regards,
--
Aeris
Groupe crypto-terroriste individuel auto-radicalisé sur l’Internet digital
https://imirhil.fr/
Protégez votre vie privée, chiffrez vos communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20160110/1edb1ea2/attachment.sig>
More information about the tor-talk
mailing list