Comments for ra`s fnord blog 2012-07-13T16:58:54Z WordPress http://ra.fnord.at/comments/feed/atom/ Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-91265 2012-07-13T16:58:54Z 2012-07-13T16:58:54Z there is no root password set. try “sudo su”. anyways changing the keyboard layout doesnt work for me neither. any hint is welcome.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-91264 2012-07-13T02:59:03Z 2012-07-13T02:59:03Z Thanks for the feedback. An IRC client will be included in the next release.

]]>
Comment on Easy and secure anonymous internet usage by smgl smgl http://ra.fnord.at/?p=247#comment-91258 2012-07-11T22:05:11Z 2012-07-11T22:05:11Z How can I change keyboard layout? Got kmaps via “ab” but “loadkmap < /usr/share/kmaps/qwertz/…" has no effect. su password necessary?

]]>
Comment on Easy and secure anonymous internet usage by smgl smgl http://ra.fnord.at/?p=247#comment-91257 2012-07-11T13:48:25Z 2012-07-11T13:48:25Z well, irc client would be nice.

]]>
Comment on Robert Anton Wilson Meme-orial Videos by Grandmaster RA-PUNZEL the dark coloured Grandmaster RA-PUNZEL the dark coloured http://tempel.eris23.com/ https://sunkist.annessi.at/wordpress/2007/08/01/robert-anton-wilson-meme-orial-videos/#comment-91023 2012-05-27T23:11:17Z 2012-05-27T23:11:17Z Es gibt hier nichts zu sehen, gehen Sie weiter.

Hail Eris
Großmeister RA-Punzel

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-91003 2012-05-23T22:08:12Z 2012-05-23T22:08:12Z I experienced the same behaviour when “testing” TorBOX – actually I could test it neither because of this error.

]]>
Comment on Easy and secure anonymous internet usage by Lauscher Lauscher http://ra.fnord.at/?p=247#comment-90912 2012-05-15T16:10:14Z 2012-05-15T16:10:14Z Hello!

Nice to find a discussion about TorBOX. I tried to test it today in VirtualBox on Ubuntu 12.04, but I got a critcal error; TorBOX tried to enable PAE, but my laptop doesn’t support PAE, so TorBOX crashed.

I hope it is ok im writing it here, I didn’t know how to contact the developers drictly.

Greetings, Lauscher

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90635 2012-03-28T10:53:14Z 2012-03-28T10:53:14Z (:

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90634 2012-03-28T10:52:25Z 2012-03-28T10:52:25Z The DNS servers are listed in /etc/resolv.conf and /etc/dhcpd.conf on the gateway.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90633 2012-03-28T09:35:11Z 2012-03-28T09:35:11Z I think the concept of the fast gateway is not clear enough – probably due to the lack of documentation.
-) The first FAQ states that path lengths ==1 and >3 (or >4) should not be used. The path length of the fast gateway is currently fixed at 2. Maybe it will be configureable (to choose between a path length of 2 or 3) in the future. Of course there is a trade of between anonymity and latency.
A path length of 2 IMHO is anonymous enough if one prefers low latency. If the entry and exit nodes you are using are evil and working together you are f*cked anyway – so the middle node makes not so much difference in terms of security.
-) The entry/exit nodes are _not_ hardcoded/whitelisted. They are dynamically chosen. Thats why the EntryNodes and ExitNodes directives are not being used.

]]>
Comment on Easy and secure anonymous internet usage by x x http://ra.fnord.at/?p=247#comment-90622 2012-03-26T21:47:06Z 2012-03-26T21:47:06Z The “fast gateway” is dangerous!

Of course you can whitelist which relays you want to use and go for the fast tor servers. This is how I suppose you make tor “faster”. No one should do that!

https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Youshouldletpeoplechoosetheirpathlength !

https://www.torproject.org/docs/faq#ChooseEntryExit !

Did you even read all of the tor website before you made this thing?

]]>
Comment on Easy and secure anonymous internet usage by Nomen Nescio Nomen Nescio http://ra.fnord.at/?p=247#comment-90617 2012-03-26T16:02:35Z 2012-03-26T16:02:35Z In the Virtual Box Host Only Network, there are no DNS server specified. What are they supposed to be?

Thanks

]]>
Comment on Easy and secure anonymous internet usage by Anonymous Anonymous http://ra.fnord.at/?p=247#comment-90590 2012-03-23T18:08:57Z 2012-03-23T18:08:57Z @Eli

>your project is much lighter than the bloated and malfunctioning TorBOX

If something isn’t working as expected please let us know at the wiki (no need to register, log in as cypherpunks, password: writecode)

About the size see: https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev/ClientVM#WhyisClientVM.ovasobig

Future Gateway.ova will be smaller.

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-90583 2012-03-23T05:12:10Z 2012-03-23T05:12:10Z WOW WOW WOW for the last few replies I read on all the thoughts, goodies and todo ideas…

Again all I can say is WOW, can’t wait to see this stuff in the near future…

But at least maybe TitaniumTor LOL… ;)

Cheers Ra! :)

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90571 2012-03-21T21:41:27Z 2012-03-21T21:41:27Z Thanks, these are good suggestions – I added them to the wiki https://github.com/ra–/Tor-gateway/wiki/Todo

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90570 2012-03-21T21:39:48Z 2012-03-21T21:39:48Z Using the gateway with multiple VMs concurrently is what it is designed for. I did not check yet if this works around the circuit sharing problem though.

]]>
Comment on Easy and secure anonymous internet usage by Eli Eli http://ra.fnord.at/?p=247#comment-90556 2012-03-20T15:01:25Z 2012-03-20T15:01:25Z Thanks for the reply.

For the message directly above this one, every time I post the link, the message doesn’t register so I’ve shortened it: http://bit.ly/GACRgo

As for a project name I’ve got a few suggestions and the philosophy behind them.

For the gateway:
OnionGate – Embodies the Tor mascot in it’s name.
ShadowGate – Because its virtual and transparent to the user
AnonymaTor – Implies that its a Tor based mechanism for anonymity.
Titanium – Describes it best, because it’s light,fast and powerful

For the workstation simply call it one of these: WorkBench, TinyBench, TinyStation, MicroStation; or simplyincluding one of the prefixes suggested above before the words bench/ station.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90555 2012-03-20T10:11:27Z 2012-03-20T10:11:27Z Thanks for your valuable feedback!

ad 1) OpenWRT does not provide any explicit hardening features AFAIK. It would be a nice-to-have feature but there are hardly any Linux distributions that fulfill the requirements – which reminds me that I should write them down explicitly (https://github.com/ra–/Tor-gateway/wiki/Todo)

ad 2) The default root password is empty and IMHO there is no need to define one, because one gets a root-shell on the console in VirtualBox only and there is no network service like ssh or telnet running. I can’t see a way where one of the two daemons (dhcpd and tor) could elevate their privileges. But if anyone comes up with an explaination why defining a root password would be a good thing to do, I will definitely add it to the FAQ (https://github.com/ra–/Tor-gateway/wiki/Faq).

ad 3) Netfilter protects the gateway from other VMs in a way that it doesn’t allow any direct connections but on UDP port 67 (for DHCP).

ad 4) There is a lot of work to do on the Tor workstation. Currently it is in a proof-of-concept state at best. The main problem unresolved yet is to find a distribution (like Tiny Core Linux) or setup (like a Live-CD) that guarantees that there is no data written to disk permanently and at the same time stays maintainable. I speculate on moving that feature to VirtualBox but it is currently not possible to export a VM and have a virtual disk be immutable.

ad 5) When using a NAT the user does not have to configure anything. When using a bridge the user has to define a local network device. Nevertheless the bridge configuration should probably go into a FAQ. I am currently moving the project to github andwrite up documentation. https://github.com/ra–/Tor-gateway/wiki

PAE/NX will probably make sense to use in the future.

ad 6) I did the leak testing as follows:
-) Prepare the Tor gateway to make it easier to test by adding
ReachableORAddresses *:443
to /etc/tor/torrc
-) Make VirtualBox capture all packets of the Tor gateway:
VBoxManage modifyvm “Tor gateway 0.5.1″ –nictrace1 on –nictracefile1 /tmp/torgw.pcap
-) Generate traffic on any Tor workstation or the Tor gateway itself.
-) Analyze the pcap file with Wireshark
wireshark -R ‘!(tcp.port == 443)’ /tmp/torgw.pcap

There should only be some DHCP and ARP packets between the Tor gateway VM and VirtualBox on the VM host visible.

If you do your own leak testing, please let me know about the results.

ad 7) The Tor fast gateway currently also is a proof-of-concept only but it seems to be fairly usable – even at its current state. I added to the TODO-list that the number of hops should be configureable. This should be easy to add but I must say that it’s not on top of my priority list yet.

]]>
Comment on Easy and secure anonymous internet usage by Eli Eli http://ra.fnord.at/?p=247#comment-90554 2012-03-20T02:35:31Z 2012-03-20T02:35:31Z Ok one more thing I forgot to add…

There is currently a problem with Tor known as identity correlation through circuit sharing, outlined in the link below. I guess that the gateway ccould be vulnerable to this but it’s not your fault since Tor has a problem with this now. Can the Gateway vm be used by multiple vms running at the same time? Is that recommended? I was thinking f a case where mutliple identities are running at the same time in separate domains, anonymously.
What is the likliehood that one vm could communicate/cross infect another that is behind the same gateway instance?

Thanks again.

]]>
Comment on Easy and secure anonymous internet usage by Eli Eli http://ra.fnord.at/?p=247#comment-90542 2012-03-19T01:58:57Z 2012-03-19T01:58:57Z Hi Ra, this is a re-post my message didn’t make it last time. I have a few security related suggestions/points for the Gateway.

1- Tor is currently not taking advantage of compile time hardening like NX, ld, gcc etc. but this is expected to change in the 0.2.3.X branch. Does OpenWRT have such security features? Can you please check if this distro is a security enhanced one? So far OpenWRT seems ideal in the sense that it has a reduced attack surface and lighter footprint. Chrooting would be of little use since if Tor becomes compromised it’s already too late. The suggested measures would make any theoretical vulnerabilities in Tor harder to explioit by a lot.

2- Should users change the default root password for the gtway vm? If so can you please post this as a suggestion in your topic?

3- Is netfilter protecting the tor in the gtway from compromise in the event that the workstation is rooted? If that’s not the case, is there a way to firewall the gtway components from direct communication from the workstation/

4- IMHO you should link to a light weight distro (puppy/DSL etc.) for a workstation since that will mean less effort to maintain the project. If you would still prefer to maintain the workstation then I would suggest you slim it down to one browser -not Opera :)- and enable many security features to thwart any potential attacks. Basically turning it into a super-secure micro workspace.

5- The gateway has NAT selected by default, can you please change that to bridged? This will allow the vms to be isolated from the host in the case of an attack. Also enabling PAE/NX by default would make sense when Tor is able to support hardening.

6- I would really like to help you test your gateway for leaks, regrettably I don’t have much Linux experience. I found a battery of suggested leaktests used in the TorBox project listed here:
https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/LeakTests
If you can tell me how i can go about running them I’ll see to it that it’s tested.

7- The Fast Gateway is working great. I’ve read that for safer anonymity purposes, however, a minimum of 3 hops is required. Is there a way to have 3 hops but only select fast nodes above a certain threshold to be included for selection? If this ruins performance then nevermind it’s just an idea.

Thanks for your dedication, your project is much lighter than the bloated and malfunctioning TorBOX that they have. Their gateway alone is a crazy 300mb in size! Too much bloat :S

PS: I’m communicating anonymously using disposable mail to prevent authority eavesdropping so please post your replies here as this is the only for me to know your opinions on this.

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-90539 2012-03-18T08:58:05Z 2012-03-18T08:58:05Z THANKS Ra for 0.5.1…

Keep up the GREAT WORK! :)

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90508 2012-03-14T15:15:02Z 2012-03-14T15:15:02Z Thanks for the feedback!

I uploaded Tor fast gateway 0.1.0 which includes an updated Tor package (0.2.2.35).

What IMHO is needed at least before announcing the project:
-) Move the project to another hoster (Move to github is in progress: https://github.com/ra–/Tor-gateway )
-) update source build scripts to including Tor package building (in progress but not finished yet)

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90507 2012-03-14T14:59:35Z 2012-03-14T14:59:35Z I uploaded Tor gateway 0.5.1 which includes Tor version 0.2.2.35.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90503 2012-03-14T10:36:02Z 2012-03-14T10:36:02Z Tor 0.2.1.32 is the currently recommended version for the 0.2.1.x branch. According to the Tor Changelog[0] 0.2.1.31 includes some security fixes and I can’t find any information on the 0.2.1.32 release.

Tor gateway 0.5.1-pre includes the currently recommended version for the 0.2.2.x branch (0.2.2.35).

[0] https://gitweb.torproject.org/tor.git/blob/HEAD:/ChangeLog

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-90496 2012-03-13T05:57:17Z 2012-03-13T05:57:17Z Hi Ra,

Ok sorry, I guess I misread those last replies, I see this is something in the planning you want to make, so that the end-user can update it.

Can’t wait to see that…

So in the Tor gateway 0.5.0, Tor 0.2.1.30 is safe to use?

THANKS

]]>
Comment on Easy and secure anonymous internet usage by Maz Maz http://ra.fnord.at/?p=247#comment-90490 2012-03-12T17:13:20Z 2012-03-12T17:13:20Z The pre-release version seems to be working nicely. I didn’t do any type of deep testing though, just ran it and it worked. It’s great to see that you added your project to sourceforge.

Can you please update the Tor package for the fast gateway as well? Using the fast gateway means no more need for relying on seedy VPN services to get faster speed. Thankyou RA keep it up. Please let the Tor project know so they can link to it for activists.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90485 2012-03-12T08:48:05Z 2012-03-12T08:48:05Z No, but I put a prerelease file online which includes an up to date Tor package (0.2.2.35). Though it didnt receive much testing yet.

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-90482 2012-03-12T07:07:38Z 2012-03-12T07:07:38Z Sorry I was talking about the OVA, so we can update tor inside it now at the terminal?

I haven’t installed this yet, is information listed in the term now how to do this?

THANKS

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90460 2012-03-09T11:35:02Z 2012-03-09T11:35:02Z It would be possible to set up a external OpenWRT repository to update the Tor package within the gateway. But I am not sure yet if this would really make sense. What I meant is to not depend on the Tor version shipped with OpenWRT and instead build an up to date Tor package that is included in the OVA-file.

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-90456 2012-03-08T23:23:47Z 2012-03-08T23:23:47Z So there’s going to be a script we run inside the gateway at the terminal, as example; sh update-tor and then this is going to automatically update the tor version inside the vm gateway?

THANKS ra! :)

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90451 2012-03-08T14:17:58Z 2012-03-08T14:17:58Z Although one could of course try to argument regarding security and stability in one or another direction it is pretty much a question of personal preference in my opinion. Though I have some experience with OpenBSD and FreeBSD I am much more familiar with Linux, so I prefer to use it.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90447 2012-03-08T10:12:39Z 2012-03-08T10:12:39Z Because 0.2.1.30 is the latest in the current stable release of OpenWRT. They also provide 0.2.2.24-alpha but I *think* it makes little difference since both are not up to date. Updating the Tor package is definetely the next thing on the list. Keeping it up to date with minimal effort is now possible due to the source build scripts.

]]>
Comment on Easy and secure anonymous internet usage by Anonymous Anonymous http://ra.fnord.at/?p=247#comment-90443 2012-03-08T04:38:41Z 2012-03-08T04:38:41Z Hello, just wanted to repost an idea since it didn’t come thru. I was suggesting that you experiment with a minimal install of freebsd as the base for your tor gateway vm. The *bsd family seems to be well regarded in terms of their security and stability comapred to anything else. Resource usage is even lighter. In your opinion, would this make the gateway more secure and resistant to compromise in the event that the workstation vm gets hosed?

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-90439 2012-03-08T00:46:19Z 2012-03-08T00:46:19Z I’m lost here, if the current stable is 0.2.2.35, why did you install 0.2.1.30?

THANKS

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90438 2012-03-07T22:07:26Z 2012-03-07T22:07:26Z Tor gateway 0.5.0 now includes Tor 0.2.1.30 and it should not be that hard to update it to Tor 0.2.2.x or even Tor 0.2.3.x-alpha.

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-90421 2012-03-05T03:57:20Z 2012-03-05T03:57:20Z Sorry I don’t know much about the transparent proxy, just something I heard was needed is all…

Well, look forward to some new updates!

Keep up the great work!

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90417 2012-03-04T21:54:06Z 2012-03-04T21:54:06Z The current stable Tor version is 0.2.2.35. The Tor version included in the Tor gateway is 0.2.1.24 which is not totally up to date. See the Changelog[0] for a list of changes between that two versions. I did not have the time yet to release an update to the gateway with Tor version 0.2.2.24-alpha, because I am focusing on releasing source code scripts to the whole project. That should make it easier for others to contribute.

On the gateway iptables is only used for the traffic redirection and filtering any kind of traffic but TCP/IPv4.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90416 2012-03-04T21:50:23Z 2012-03-04T21:50:23Z Which kind of transparent proxy do you think of?

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90415 2012-03-04T21:48:07Z 2012-03-04T21:48:07Z Great to hear that the fast gateway works well for you, since it is pretty much a proof of concept! (:

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90414 2012-03-04T21:46:58Z 2012-03-04T21:46:58Z Unfortunately it will take longer than a few days. ):

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90413 2012-03-04T21:05:49Z 2012-03-04T21:05:49Z You are totally right.
Unfortunately the server hosting this blog had some stability problems. I am about to move the blog to another server but it will take some time.

]]>
Comment on Easy and secure anonymous internet usage by Bizi Bizi http://ra.fnord.at/?p=247#comment-90305 2012-02-23T01:51:33Z 2012-02-23T01:51:33Z Is the Tor gateway still safe to use, 0.3.5.ova since this is an older version of Tor?

Also why the need for a firewall/iptables rules if someone already has a firewall on their box, isn’t that a bit redundant?

Thank you…

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-90302 2012-02-22T23:46:56Z 2012-02-22T23:46:56Z I thought the Bridges are only a means for people to connect to Tor, where in countries they are being blocked access;

https://www.torproject.org/docs/bridges

I never heard of anything where this is also a preferable method to get online instead of connecting directly and gain anything from it, or higher anonymity…

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90301 2012-02-22T12:40:27Z 2012-02-22T12:40:27Z email: r_a@lavabit.com

]]>
Comment on Easy and secure anonymous internet usage by Anonymous Anonymous http://ra.fnord.at/?p=247#comment-90299 2012-02-22T12:15:06Z 2012-02-22T12:15:06Z How to contact you directly? E-Mail?

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-90268 2012-02-11T02:04:25Z 2012-02-11T02:04:25Z I hope we can get an update to the Gateway it’s using a much older version of Tor… :(

Also what about a transparent proxy?

ta…

]]>
Comment on Easy and secure anonymous internet usage by Anonymous Anonymous http://ra.fnord.at/?p=247#comment-90261 2012-02-10T04:17:54Z 2012-02-10T04:17:54Z This will be very much appreciated. Thank you Ra. This will expose your project to the masses where I’m sure many people will benefit from your contribution and also add to it.

I would like to say that with your Fast Tor Gateway, I can achieve excellent bandwidth speeds, ones exactly equal to those under a normal setup directly from my ISP. Now I could really use the internet while Torrified, a far contrast with the typical dismal speeds of the TBB.

]]>
Comment on Easy and secure anonymous internet usage by Anonymous Anonymous http://ra.fnord.at/?p=247#comment-90254 2012-02-09T03:46:55Z 2012-02-09T03:46:55Z Do it yourself instructions are online.
https://trac.torproject.org/projects/tor/wiki/doc/TorBOX

Let’s cooperate.

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-90253 2012-02-08T23:29:31Z 2012-02-08T23:29:31Z Hi Ra,

Glad to see this site is still alive, but I’ve spent 2 weeks trying to get it to work, it seems that this blog is always down.

So you might consider getting another site or host, there are many great sites out there you can use for Free too!

If you don’t have a good running site that has very little down time, which should really be 99.9% up, then it makes the project look bad and it seems like every time I want to come to this blog since you’ve been running it, it’s down.

Keep up the great work, this really needs to be on the Tor Project! :)

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90248 2012-02-08T19:23:04Z 2012-02-08T19:23:04Z See above. Thank you for the feedback!

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90247 2012-02-08T19:22:40Z 2012-02-08T19:22:40Z Thanks for the feedback. I really appreciate it!
I will work hard in the next days to get this project in a decent shape to become an official Tor project.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90246 2012-02-08T19:10:57Z 2012-02-08T19:10:57Z I plan to set up a public GIT repository which would make it easier to implement changes and automatically build the Tor gateway images. This should also make it more clear on how the Tor gateway works. But before I have to decide if OpenWRT is really the right distribution for that task.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90245 2012-02-08T19:06:43Z 2012-02-08T19:06:43Z To manually configure the Tor gateway to use bridges:
-) Boot the Tor gateway VM
-) Press enter to activate a shell
-) Add (for example)
bridge 78.82.27.120:9001
bridge 67.164.36.152:9001
bridge 89.206.15.102:443
to /etc/tor/torrc (to get other bridges visit https://bridges.torproject.org/)
-) Execute /etc/init.d/tor stop && /etc/init.d/tor start

At the moment I have no idea on how to configure that one automatically. Any ideas welcome.

AFAIK Tor and I2P are fundamentally different as I2P is a standalone anonymousing network on top of IP whereas Tor anonymouses internet traffic.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90244 2012-02-08T18:40:59Z 2012-02-08T18:40:59Z I think was introduced by a Wordpress-Plugin[0] which I had activated for this blog. gravatar is now disabled.

[0] http://blog.2i2j.com/plugins/wordpress-thread-comment

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90243 2012-02-08T18:30:49Z 2012-02-08T18:30:49Z Interesting. Thanks!

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90242 2012-02-08T18:27:50Z 2012-02-08T18:27:50Z The gateway has two network interfaces (eth0 where traffic is routed to the internet and eth1 which is an internal-only network). All incoming tcp traffic on eth1 is redirected with iptables through the tor socks interface, incoming udp traffic with destination port 53 (dns) is also redirection through tor. Any other traffic is discarded. All locally generated traffic is also redirected through tor but the traffic generated by the tor user-id.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90241 2012-02-08T18:21:19Z 2012-02-08T18:21:19Z Take a look at the files /etc/iptables.conf, /etc/tor/torrc, /etc/dhcpd.conf and /etc/config/network in the Tor gateway.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-90240 2012-02-08T18:15:28Z 2012-02-08T18:15:28Z I consider the Tor workstation as proof of concept only, because it is not really nice to use in its current state. I hope I can post some ideas on how to improve the situation within the next days.

]]>
Comment on Easy and secure anonymous internet usage by Anonymous Anonymous http://ra.fnord.at/?p=247#comment-90140 2012-01-27T06:59:13Z 2012-01-27T06:59:13Z That’d be great. Offical Tor project would be superiour!

]]>
Comment on Easy and secure anonymous internet usage by Markus Markus http://ra.fnord.at/?p=247#comment-90129 2012-01-26T01:32:08Z 2012-01-26T01:32:08Z hi Ra, any chance that you could collaborate directly with the TorProject? Your implementation is far superior than their TorVM concept model. An advantage of working with them is that they will be more active at maintaining it.

]]>
Comment on Easy and secure anonymous internet usage by Jinsu Jinsu http://ra.fnord.at/?p=247#comment-90087 2012-01-20T20:24:18Z 2012-01-20T20:24:18Z Excellent initiative on your part Ra, it’s very easy to use. Can you please post how it’s possible to configure the tor gateway to utilize bridges instead of connecting directly to the network? Some state wide firewalls are designed to block access to the tor network directly so this would be essential in providing activists with a way to reach the outside while achieving higher anonymity than just using tor on its own.

Another idea I have is, would it be possible for you to design an I2P gateway vm? This is an alternative anonymizer project that enjoys much faster connection speeds and lower latency than tor due to the way they are designed.

]]>
Comment on Easy and secure anonymous internet usage by jex jex http://ra.fnord.at/?p=247#comment-89903 2012-01-03T20:21:36Z 2012-01-03T20:21:36Z Hi RA,
I’m browsing your site with tor browser (with certificate patrol) through an open VPN service,I’ve noticed that the browser is accepting and saving a certificate from gravatar.com every time, what could that be?

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-89891 2012-01-03T05:40:53Z 2012-01-03T05:40:53Z Hi Ra,

Actually when you have some time, do you think you could PLEASE put up a tutorial that shows how you created the Gateway?

I’d greatly apprecaite this! :)

THANKS Ra

]]>
Comment on Easy and secure anonymous internet usage by mirimir mirimir http://ra.fnord.at/?p=247#comment-89853 2011-12-31T00:07:04Z 2011-12-31T00:07:04Z I’ve been discussing VPN via Tor with Das on Wilders. Thanks to your quick reply, I was moved to try it again, using your Tor fast gateway, and pfSense VMs for VPN connections. It worked — VPN3->[Tor->(VPN2->VPN1)]. Details are at http://tinyurl.com/7lxt8tq

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-89839 2011-12-30T03:19:19Z 2011-12-30T03:19:19Z Hi Ra,

Thanks for the FAST reply, ok I understand for your Gateway image you make.

But if someone wants to install Tor on their computer running Linux, or on their own Linux guest, install Tor, how can we set this up so Tor runs over the network the same?

Please don’t misunderstand me, THANK YOU very much for your work, this is really great, it’s just that I’d like to learn how to do this and install Tor on my own computer and have everything going over Tor.

So can you please teach me how I can do this?

I’m a pretty good Linux geek of 10 years, I’m sure if you help me I can do this too.

THANKS

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-89838 2011-12-30T03:08:23Z 2011-12-30T03:08:23Z It’s exactly as you wrote. Configure your VM to use a single network interface (internal network “tor”), start the Tor gateway and your VM. All of the traffic generated by your VM is transparently routed through Tor. So if you connect to a VPN, also this connection goes through Tor (as long as it’s a TCP connection, UDP will be dropped).

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-89837 2011-12-29T23:10:57Z 2011-12-29T23:10:57Z Hi Ra,

Ok nice to hear and see it’s still being actively developed, sorry I haven’t been paying attention to it in a while, my bad it’s Da, same as Das too making the post… :)

Ra could you PLEASE be so kind as to either point me where I can read, or can you PLEASE tell me how I can setup Tor so that it works on the network level like you did in the Gateway, so that anything going online is routed over Tor?

I want to be able to route, connect to a VPN also going over Tor like this and I would really appreciate help for installing Tor and doing this?

THANKS

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-89819 2011-12-28T22:54:03Z 2011-12-28T22:54:03Z This is the latest Tor version available in OpenWRT 10.03 is 0.2.1.24. OpenWRT 10.03.1 has been released about a week ago and ships Tor 0.2.2.24. So the gateway should be upgraded to the newer OpenWRT version.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-89818 2011-12-28T22:49:42Z 2011-12-28T22:49:42Z Yes, the project is definitely active. The last release was not even two months ago..?

]]>
Comment on Easy and secure anonymous internet usage by Das Das http://ra.fnord.at/?p=247#comment-89806 2011-12-28T03:40:56Z 2011-12-28T03:40:56Z Hi,

How can we use our own VM, after setting the internal network to Tor, then when we start our VM and it’s running on the Tor network, connect to a VPN so that VPN is now going over Tor?

THANKS

]]>
Comment on Easy and secure anonymous internet usage by Lii Lii http://ra.fnord.at/?p=247#comment-89801 2011-12-28T00:16:31Z 2011-12-28T00:16:31Z Is this project still being actively developed?

From what I can see these versions have not changed in a long time?

THANKS

]]>
Comment on Easy and secure anonymous internet usage by anewerauser anewerauser http://ra.fnord.at/?p=247#comment-89408 2011-11-29T06:08:36Z 2011-11-29T06:08:36Z Hi Mr Ra
Please I want to know how to update the TOR program in the TORGATEWAY.
You know it is very important to have the latest version of TOR.
Thanks in advance.

]]>
Comment on Easy and secure anonymous internet usage by anewerauser anewerauser http://ra.fnord.at/?p=247#comment-89399 2011-11-28T15:04:31Z 2011-11-28T15:04:31Z Thanks a lot mr RA
Your work is very good.
But,can you please update Tor Gateway to include the latest TOR update?
Thanks in advance.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-89388 2011-11-28T00:39:43Z 2011-11-28T00:39:43Z No, not on OpenWRT.

]]>
Comment on Easy and secure anonymous internet usage by Skeptikal Hippo Skeptikal Hippo http://ra.fnord.at/?p=247#comment-89361 2011-11-26T08:26:49Z 2011-11-26T08:26:49Z Thank you so much for responding so quickly! I tried your new .ova file and it still didn’t work. I read that sometimes the files get corrupted. So I tried downloading the file with Chrome. File imported with no problem! It must have gotten corrupted on my end somehow. Thanks again for all the work you have done!

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-89340 2011-11-25T09:12:12Z 2011-11-25T09:12:12Z Can you get a more verbose error message (from a detailed output or log file)?

I did a fsck of the virtual disk and exported the VM – maybe this works for you: http://pluto.fsinf.at/~ra/Tor workstation 0.1.7-test1.ova

]]>
Comment on Easy and secure anonymous internet usage by Skeptikal Hippo Skeptikal Hippo http://ra.fnord.at/?p=247#comment-89327 2011-11-24T21:16:18Z 2011-11-24T21:16:18Z I’m trying to install Tor Workstation 0.1.6 using VB 4.1.6 (OS X Lion) and I’m getting the error “Could not create the clone medium ‘~/VirtualBox VMs/Tor Workstation/Tor workstation 0.1.6 disk1.vmdk’ (VERR_GENERAL_FAILURE)

Details:

Result Code:
VBOX_E_FILE_ERROR (0×80BB0004)
Component: Appliance
Interface: IAppliance {Hex String}

Tor Gateway 0.3.5 installed with no problems.
Any ideas?

]]>
Comment on Easy and secure anonymous internet usage by Ativismo na Internet - Stormfront Ativismo na Internet - Stormfront http://www.stormfront.org/forum/t841454/#post9686960 http://ra.fnord.at/?p=247#comment-88955 2011-10-28T16:52:23Z 2011-10-28T16:52:23Z [...] [...]

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-88156 2011-10-11T09:58:41Z 2011-10-11T09:58:41Z What you call “Tor workspace” I called “Tor workstation”, but honestly I think that your term is more appropriate.

The hidden service must be configured at the Tor gateway, but the service itself like HTTP may run on any machine on a reachable network. The gateway just does the TCP redirection. So it may also run on the Tor workspace.

]]>
Comment on Easy and secure anonymous internet usage by Bern Bern http://ra.fnord.at/?p=247#comment-88152 2011-10-10T23:04:52Z 2011-10-10T23:04:52Z There are 2 VMs running, “Tor workspace” and “Tor gateway”. Can the HTTP server be at “Tor workspace” VM? Or it must be at “Tor gateway”?

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-88151 2011-10-10T22:12:47Z 2011-10-10T22:12:47Z What do you mean by “Tor workspace”? The Tor client runs in the Tor [fast] gateway where you can configure a hidden service to redirect the traffic to a http server.

]]>
Comment on Easy and secure anonymous internet usage by Bern Bern http://ra.fnord.at/?p=247#comment-88149 2011-10-10T20:08:18Z 2011-10-10T20:08:18Z Would a http server in “Tor workspace” work if I configure the “torrc” file? (https://www.torproject.org/docs/tor-hidden-service.html.en#two)

]]>
Comment on Easy and secure anonymous internet usage by mirimir mirimir http://ra.fnord.at/?p=247#comment-88132 2011-10-07T07:32:16Z 2011-10-07T07:32:16Z OK, I get it. I have Ubuntu VM [10.232.64.2] running thttpd. In Tor fast gateway VM [10.232.64.1] I edit torrc to enable hidden service, and point to Ubuntu VM [HiddenServicePort 80 10.232.64.2:80]. And it works. Now I need to redo it using SSH port forward.

For my risk model, I need Tor gateway with LUKS-crypto. I see that it’s been ported to OpenWRT. Have you used it?

]]>
Comment on Easy and secure anonymous internet usage by mirimir mirimir http://ra.fnord.at/?p=247#comment-88121 2011-10-05T18:47:02Z 2011-10-05T18:47:02Z I get ext2 errors whenever I make any file changes in the Tor gateway and then kill the VM without first halting. I gather that ext2 is very easy to corrupt because it doesn’t journal. I have some questions that I’d rather not post in public. Please email me.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-88120 2011-10-05T12:17:50Z 2011-10-05T12:17:50Z Maybe adding the “sync” mount option could fix this..

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-88119 2011-10-05T12:16:45Z 2011-10-05T12:16:45Z This is the second time I hear about ext2 fs corruption. Is there a way I can reproduce this problem?

]]>
Comment on Easy and secure anonymous internet usage by mirimir mirimir http://ra.fnord.at/?p=247#comment-88114 2011-10-04T23:32:34Z 2011-10-04T23:32:34Z Edit: OK, I get it. It seems that killing VM after making changes corrupts ext2 filesystem. If I halt before killing, changes persist and I don’t see inode errors. Thanks.

]]>
Comment on Easy and secure anonymous internet usage by mirimir mirimir http://ra.fnord.at/?p=247#comment-88113 2011-10-04T21:41:46Z 2011-10-04T21:41:46Z Is it possible to edit torrc in Tor fast gateway to point to hidden service on another VM? My attemts have failed. Edits don’t persist, but missing inode errors do. I suspect that you’ve left no wasted space in the filesystem. Or used some other Linux magic. Thanks.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-88043 2011-08-19T15:28:45Z 2011-08-19T15:28:45Z The first public Tor fast gateway version is now online.

]]>
Comment on Easy and secure anonymous internet usage by Da Da http://ra.fnord.at/?p=247#comment-87991 2011-07-31T02:55:07Z 2011-07-31T02:55:07Z Hi,

Still all the same problems as the older version, to little memory, can’t run it in full screen without the screen tearing or the taskbar appearing in the wrong place…

Also can you consider making something so people can stop and start Tor, otherwise I guess for the moment the only thing you can do is close and restart the browser…

THANKS

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-87988 2011-07-29T10:39:58Z 2011-07-29T10:39:58Z Thanks for giving the VM a more in depth testing! (:

The DNS connection to 85.214.73.63 (which is just the first server listed in /etc/resolv.conf) you see in first place is needed for resolving the names of one of the NTP servers listed in /etc/config/system. Correct time is needed by the Tor client to work.

All other connections run through the Tor network (as you noticed 128.31.0.39:9101 is a Tor node).

A better solution would be to use the VirtualBox host->guest time synchronization but this would need building the VirtualBox kernel modules for OpenWRT which is still on the TODO-list.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-87987 2011-07-29T10:01:48Z 2011-07-29T10:01:48Z The Tor gateway uses the default Tor client circuit creation. Which are three hops default and there might be four in case of a hidden service connection for the rendevous point and two if there are not enough acceptable routers. This is the default Tor client behaviour.

]]>
Comment on Easy and secure anonymous internet usage by checkitout checkitout http://ra.fnord.at/?p=247#comment-87982 2011-07-29T06:16:00Z 2011-07-29T06:16:00Z Hi Checked this out. A very nice solution. But I did have a look at what the Gateway actually does :-)

The first connection is ALWAYS:

VirtualBoxVM
wants to connect to 85.214.73.63 on UDP port 53 (domain)

IP Address: 85.214.73.63
Reverse DNS Name: anonymisierungsdienst.foebud.org

Sooner or later always this comes up:

VirtualBoxVM wants to connect to 128.31.0.39 on TCP port 9101 (bacula-dir)

IP Address: 128.31.0.39
Reverse DNS Name: belegost.csail.mit.edu

CAN YOU PLEASE EXPLAIN this. It seems to be kind of a security hole always connecting the foebud first. Do you LOG this???

]]>
Comment on Easy and secure anonymous internet usage by anewerauser anewerauser http://ra.fnord.at/?p=247#comment-87978 2011-07-28T14:53:27Z 2011-07-28T14:53:27Z Please Mr Ra
How many nodes are there in your TOR GATEWAY?
I want to make sure that it is at least 3 nodes.
I am waiting for your answer.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-87976 2011-07-27T10:05:15Z 2011-07-27T10:05:15Z See EXTENDCIRCUIT in https://gitweb.torproject.org/torspec.git/blob/HEAD:/control-spec.txt

There are libraries for Java and Python available, jtorctl and pytorctl.

]]>
Comment on Easy and secure anonymous internet usage by anewerauser anewerauser http://ra.fnord.at/?p=247#comment-87972 2011-07-26T10:08:59Z 2011-07-26T10:08:59Z Hi Mr Ra

1-Please tell me how many nodes in a circuit in your TOR GATEWAY.
It should not be less than 3 nodes.
Make the 3 nodes default,and put option to change it with command line on the console and tell us what is this command.
2-Another point is :Make the eth0 interface of the Gateway Bridged-network not NAT,so we are sure that it is separate on the LAN [this last point can be achieved by changing the settings of the virtual machine of the virtual box].
3-As for the TOR workstation,You can look at the TAILS LIVE CD which is a good Debian based live cd made specifically for the anonymous surfing.
Thanks for your attention.

]]>
Comment on Easy and secure anonymous internet usage by anewerauser anewerauser http://ra.fnord.at/?p=247#comment-87971 2011-07-25T22:15:46Z 2011-07-25T22:15:46Z –[This will be used in the Tor fast gateway to build two hop circuits]–

Can you explain in more detail,please?
Is it 3 nodes or 2 nodes?
How can i build a new circuit?

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-87970 2011-07-25T11:57:08Z 2011-07-25T11:57:08Z I will publish a changelog with the next release.

Controlling Tor through command line is already possible through the control port. This will be used in the Tor fast gateway to build two hop circuits.

]]>
Comment on Easy and secure anonymous internet usage by anewerauser anewerauser http://ra.fnord.at/?p=247#comment-87968 2011-07-24T03:19:07Z 2011-07-24T03:19:07Z Hi Mr RA
Your effort is highly appreciated.
You may issue a change log for every release.
Also You may make a Command line Console in the TOR gateway to include:
-build a new circuit
-turn on tor
-restart TOR
-shutdown

Thanks a lot.

]]>
Comment on Easy and secure anonymous internet usage by ra ra http://ra.fnord.at/ http://ra.fnord.at/?p=247#comment-87958 2011-07-21T12:03:25Z 2011-07-21T12:03:25Z Mounting the VMDK file depends on the OS you are using. You should be able to find a solution by searching for “(Linux|Windows|MacOS) mount vmdk”.
Tor configuration files are usually in /etc/tor (and state files in /var/lib/tor).

]]>