Get Instant VPN Using Tor and OpenVPN for Computers Behind Firewalls

direct_vpn.md

Get Instant VPN Using Tor and OpenVPN for Computers Behind Firewalls

Scenario

Both computers are behind firewall and NAT, and both has direct access to the Internet.

Steps

Step 1: Computer A

1. Install curl, Tor, OpenSSH and OpenVPN.
2. Setup Tor, a Hidden Service, and SSH server. That is, having these lines in your Tor configuration file (usually /etc/tor/torrc):

   HiddenServiceDir <TOR_DIR> # In Arch Linux, this is /var/lib/tor/hidden_service
   HiddenServicePort 22 127.0.0.1:22
   

   The Onion Address will be available in <TOR_DIR> (the Onion Address is hereafter <A_ONION_ADDR>).
3. Use torify ssh <A_ONION_ADDR> to make sure service availibility.

Step 2: Computer B

1. Install Tor, OpenVPN.
2. Setup Tor.
3. Connect to computer A by torify ssh <A_ONION_ADDR>.
4. On remote session of computer A, use curl ifconfig.co to identify its Internet address (hereafter <A_IP>).
5. Also use curl ifconfig.co to identify the Internet address of computer B (hereafter <B_IP>).
6. Execute openvpn --genkey --secret /tmp/openvpn.key to generate a shared key file.
7. Copy /tmp/openvpn.key to computer A, that is, torify scp /tmp/openvpn.key <A_ONION_ADDR>:/tmp.
8. On remote session of computer A, execute sudo openvpn --dev tap --secret /tmp/openvpn.key --cipher AES-256-CBC --remote <B_IP> --ifconfig 192.168.0.1 255.255.255.0.
9. Execute sudo openvpn --dev tap --secret /tmp/openvpn.key --cipher AES-256-CBC --remote <A_IP> --ifconfig 192.168.0.2 255.255.255.0.

After these steps, computer A and B should be direct connection to each other through the address 192.168.0.1 and 192.168.0.2. You can thereafter re-run the openvpn by appending the command-line with --daemon to make the process run in the background.