Tor/VPN Router [How To Auto-Connect VPN After Tor Connected at Boot] Answered
Dear Instructables Family,
Hope you are well and healthy. My name is Enes and i am living in Istanbul. As you know in my country everything is being enforced by brute force to people. Tor, Wikipedia, Imgur, Pastebin, NordVPN, ProtonVPN, Privateinternetacces, PureVPN, etc. many website and service is blocked. There is no "privacy" in my country. For this reason i am looking for a "full privacy solution" for me and who is living same fate since years. I read many article and project but i couldn't believe they are "full privacy solution". Today i encountered with a "Raspberry Pi VPN server project" and i liked it. I have one (RPI 3B) and want to make a full privacy solution with VPN and Tor (with obfs4 bridges it is working but they are blocking everyday our bridges and we need to find another bridges every day). I created a Tor router with RPI and it is working good (little bit slow but i don't have any choice). But i want to add more security and privacy to this router. For example i have a VPN membership but i can not use it because it is heavily blocked. I want to do something but i couldn't find how can i make. Let me explain.
My Onion AP is working for now good and when i connect as a client from a computer, i can access https://check.torproject.org website and everything is OK.
My VPN membership supports TCP and UDP OpenVPN. It has TCP and UDP .ovpn files with a lots of country. I installed Open VPN on Raspberry and configured it for auto-connect at boot. It is working, when i reboot Raspberry, it connects automatically. But i have a problem.
This VPN firm is heavily blocked and i can't use it. I tried ikev2, L2TP, Obfuscated Servers, Onion Servers, Double Servers and Standalone Servers of this VPN but there is no luck. Then i tried something. I connected Tor Router from computer and tried to connect this VPN firm. I could connect, it worked. Because i connected first Tor router and then VPN.
My current schema is this:
RPI ---> Internet comes from eth0 ---> Tor ----> Share Tor Connection by wlan0
RPI ---> Internet comes from eth0 ---> First Connection Tor (I don't want to share Tor connection immediately because i need to connect VPN with Tor, if i share immediately by iptables, there is no Tor connection and i can't connect VPN) ---> Then connect VPN ---> Share Tor/VPN internet by wlan0
I searched on forums, blogs and websites lots of. OpenVPN is using tun0 interface. I have three (3) questions. I am stucked here.
1) How can RPI connect VPN with Tor without forward Tor connection? (Connect VPN with Tor and then share Tor/VPN. 2) When i achieved these steps how can i test Tor/VPN connection from a computer (client)? I mean how can i seperate them? 3) Should i add these commands to iptables-ipv4.nat script?
-A POSTROUTING -o tun0 -j MASQUERADE -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o tun0 -j ACCEPT
If i achieve this i will be so happy and restful.
Could you please help me about these issues?
P.S: Sorry for my bad English.
Thanks in advance.
Best Regards, Enes