What exactly do you mean with a VPN onion router? You can set up OpenVPN on your system so you can use it as a VPN-server, and I suppose you could also install tor on it so it fulfil various roles in the Tor network.

What is your goal with this setup? What do you want to protect yourself from, are you looking for a secure connection over a trusted network (something a VPN is good for) or are you looking for a limited form of privacy (something you can use Tor for).

Our goal is: with raspberry pie - Tor hardware, electricity automatically connect the Tor node, all traffic is forced through all Tor nodes leads to reach the target address. Break even infinite. Whether it is a mobile phone, or tablet, or PC, as long as the connection to the raspberry pie, all Tor nodes to achieve full flow, achieve scientific internet.

0 x 01: preparation
1.1: prepare hardware:

[img]http://image.3001.net/images/20160413/14605265462833.png[img]

1.2: installation system

Download kali-2.1.2-rpi.img, and use win32diskimager to write SD card.

[img]http://image.3001.net/images/20160413/14605265462833.png[img]
The power supply power line + + B + Raspberry pie plate wireless card +SD card connected, energized, connected to the home router, here is the common position, can not be wrong, so not on the map. Raspberry pie four lights are lit, into the home gateway router, find the raspberry pie IP address, using the software of Putty SSH to Kali SSHD raspberry pie, is enabled by default, the account is root, the password is toor. The connection will pop up whether or not to accept the SSH key, select “yes” to accept. Correct posture is such a successful connection:

1.3: add source & update

If you don’t update, a lot of software cannot be automated installation. Vi open /etc/apt/sources.list, add the following content in the source, and then update, apt-get update and apt-get upgrade. According to the speed may take several hours, because even the European server, so the speed is very finicky. After the completion of the manual reboot restart.

Deb http://mirrors.ustc.edu.cn/kali Kali main non-free contrib
deb-src http://mirrors.ustc.edu.cn/kali Kali main non-free contrib
deb http://mirrors.ustc.edu.cn/kali-security kali/updates main contrib non-free
deb http://mirrors.aliyun.com/kali Kali main non-free contrib
deb-src http://mirrors.aliyun.com/kali Kali main non-free contrib
deb http://mirrors.aliyun.com/kali-security kali/updates main contrib non-free
1.4: optional

Only the official Wheezy image was restored with raspi-config function: install the original system all know, the original function is very convenient. (below the file may be updated according to the needs to install the latest version)

WGet Http://archive.raspberrypi.org/debian/pool/main/r/raspi-config/raspi-config_20150131-1_all.deb
WGet Http://http.us.debian.org/debian/pool/main/t/triggerhappy/triggerhappy_0.3.4-2_armel.deb
WGet Http://http.us.debian.org/debian/pool/main/l/lua5.1/lua5.1_5.1.5-7.1_armel.deb Above is the main # download installation package and dependencies
Dpkg -i triggerhappy_0.3.4-2_armel.deb
Dpkg -i lua5.1_5.1.5-7.1_armel.deb
Dpkg -i raspi-config_20150131-1_all.deb
The above is the installation dependencies and main package note should be strictly in accordance with the installation sequence
Omit the configuration process of raspi-config, the Internet is everywhere, the end of the above preparations.

[img]http://image.3001.net/images/20160413/14605266181721.jpg[img]

0 x 02: network configuration

2.1 introduction

Here is the use of wireless LAN (wlan0) wireless Internet connection family gateway, network port (eth0) as the hdcpd server to connect AP to distribute IP address as the gateway to collect client information. This has several advantages:

1.wlan0 can later change to have a wireless network card sold on the market, as net exports, or can be connected to mobile phone hot, mobile phone as the mobile gateway to achieve exports. These are charging treasure power supply.

2, eth0 connection AP, can expand the range of signal collection, enhanced strength, Wireshark intercept all requests set on PI, the middle reaches of the goal, or install XAMPP self phishing sites cheat the user account and password.

3, any terminal can be connected to the AP, to obtain an IP address automatically on raspberry pie configuration, more convenient. Can be a computer, tablet or mobile phone in public, and the operation is very convenient, do not have been carrying computer. (the default password, get rid of raspberry pie on the SSH or anyone can connect to your raspberry pie.)

4, if all the requirements can be moved, it can increase a wlan1 as dhcpd server IP, the disadvantage is that the signal is weak.
Now began to build:

2.2:

The wireless network card set DHCP mode, connect to the wireless network: modify /etc/network/interfaces, add:

Allow-hotplug wlan0 this is wlan0
iface wlan0 INET # NIC DHCP # set wlan0 to DHCP mode, in order to obtain an IP address automatically
wpa-ssid ChinaNGB-WF # this is your ssid
wpa-psk my123456 # this is SSID WiFi password

wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf # to a

iface default INET DHCP # comment out the default DHCP mode
Then reboot, then the wireless card lights began to twinkle flash, that starts to work. Then go to find E8 at the beginning of the MAC address on the router (EPUB card), SSH.

[img]http://image.3001.net/images/20160413/14605271844152.jpg[img]

Input: ifconfig command will appear to have access to the IP address and so on, that has been successfully connected to the wireless. You can put the cable broken, the eth0 port vacated.
(PS: when outdoors, but we have no home network, mobile phone, wireless hotspots can be shared out, we can share the wireless hotspot, and connected with raspberry pie to set and monitor, “at the same time to work”. It is time to set up WLAN hot even on our mobile phone share out).

[img]http://image.3001.net/images/20160413/14605266707373.jpg[img]

Two point three

To make the eth0 set to modify the /etc/network/interfaces static address:

2.4: installation and configuration

Install the DHCP server into hot IP distribution equipment:

Apt-get install isc-dhcp-server
Modify /etc/dhcp/dhcpd.conf: all items # out, add:

Ddns-update-style none; default-lease-time 600;
max-lease-time 7200; authoritative; log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 192.168.10.2
option domain-name-servers {range 192.168.10.254; 8.8.8.8
option; domain-name “raspberry”;
option routers 192.168.10.1; option broadcast-address 192.168.10.255;
Flashball flashball} /etc/default/isc-dhcp-server: to modify all the content # similarly out, add:

DHCPD_CONF= “/etc/dhcp/dhcpd.conf” INTERFACES= “eth0”
Flashball flashball isc-dhcp-server, this software has a little defect, need to build a leases file:

Touch /var/lib/dhcp/dhcp.leases
Flashball flashball to start isc-dhcp-server:

Service isc-dhcp-server start
Add isc-dhcp-server to boot from the start:

Update-rc.d isc-dhcp-server enable0x02.4:
Add iptables to guide the flow: open traffic forwarding: A. modified /etc/sysctl.conf:net.ipv4.ip_forward=1 B. modified /proc/sys/net/ipv4/ip_forward 1:

Modify the proc file under a special VI is not available, but with the echo command #echo 1 > /proc/sys/net/ipv4/ip_forward: add forwarding rules and then use the iptables -t NAT -S and iptables -S to check whether the added NAT:

Sudo iptables -t NAT -A POSTROUTING -o wlan0 -j MASQUERADE WLAN eth sudo in all, the iptables -A FORWARD -i wlan0 for -o eth0 -m state - state RELATED, ESTABLISHED -j ACCEPTeth all WLAN, all accept Iptables -A FORWARD -i # sudo eth0 -o wlan0 -j ACCEPT sh -c # rules add boot from “iptables-save > /etc/iptables.ipv4.nat” #reboot now can be connected to the eth0 implementation of internet. Open the mercury AP, set SSID to i-Shanghai, the password is empty, set the process slightly. Eth0 connected to the AP port LAN, start AP, any client connected to the AP is automatically connected to the eth0 port.

0 x 03

Install monitoring software, the real-time dynamic monitoring raspberry pie to netdata, if you need to exchange date week total dynamic, can choose Monitorix (pro test, can be installed.). Reference document: Https://github.com/firehol/netdata/wiki/Installation

3.1: netdata installation: install all dependencies #apt-get install zlib1g-dev GCC make configuration git Autoconf Autogen automake pkg-config

3.2: the first line from the GitHub file to download the compiler, then the CD folder, and then run the compiler:

Git clone https://github.com/firehol/netdata.git –depth=1
CD netdata#./netdata-installer.sh
3.3: add boot, add /usr/sbin/netdata in rc.local, and then restart reboot.

3.4: and then open the raspberry pie IP address in any browser: 19999, don’t forget the port number, the default is 19999, then the correct posture:
[img]http://image.3001.net/images/20160413/14605266992972.png[img]

Properly configured and connected after the topology is as follows:

[img]http://image.3001.net/images/20160413/14605273363686.jpg[img]
0 x 04

Well, these are foreplay, foreplay, now entered. Our goal is: (no cavities!) With the implementation of “Tor” raspberry pie hardware, electricity automatically connected to the Tor node, all traffic is forced through all Tor nodes leads to reach the target address. Break even infinite. Whether it is a mobile phone, or tablet, or PC, as long as the connection to the i-Shaghai, all the Tor nodes to achieve full flow, achieve scientific internet.

What is 4.1:Tor Tor is encrypted internet router, you can flow encrypted on the Tor node at least three layer springboard springboard irregular random coupling, arrive at the site, with your IP address, because of the transmission of encrypted key word filtering and probe escape political and house - and in abroad is applied to the dark net entrance. After the “Tor” hardware, can enter the dark network whenever and wherever possible. This paper describes how to enter the dark net.

A copy of initpintu_.Jpg

4.2: what is the bridge: more than so many benefits in the country is full, ban is also behoove things. So in China, the first step is to connect the Tor node before the need to build a bridge to connect the server node. This bridge is called bridge. The first generation of the bridge is simply the IP address, now the third generation anti jamming confuse bridge (obfsproxy) about the way is this: can break the blockade of foreign direct. (the bridge does not guarantee timeliness)

Obfs3 37.187.65.72:35304 E47EC8C02C116B77D04738FA2E7B427F241A0164
Obfs3 194.132.209.8:57356 B43A8BDE049073CA7AA7D3D46A7F97A93042DF35
Obfs3 23.252.105.31:3443 CDAE9FD7710761D1914182F62B1B47F2FBF1FDE1
4.3: the bridge is so valuable, how to get the bridge, the recommended way is to go directly to the official website for the bridge. Address (need to log on to Internet Science) is: Https://bridges.torproject.org/bridges transport=obfs3?
4.4: the next step is to highlight the installation and configuration of Tor (hereinafter: the need for an environment in VPN wireless card to connect to the VPN in the internal) update source /etc/apt/sources.list add the following two items: deb Http://deb.torproject.org/torproject.org Wheezy maindeb-src Http://deb.torproject.org/torproject.org Wheezy main update and export the first bread and secret key: #gpg - KeyServer keys.gnupg.net - recv 886DDD89#gpg - export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 sudo apt-key add: | - and then update the source and install the latest version of Tor:apt-get updateapt-get install tor deb.torproject.org-keyring the latest version of Tor is installed, as of press time, version: 0.2.7.6-1

Screenshot _041316_124606_PM.jpg

4.5: installing obfsproxy:

#apt-get install obfsproxy after the completion of the latest version of the following diagram:

Screenshot _041316_010726_PM.jpg

4.6: the next step is to configure the Tor (near to success, joy!) Modify the /etc/tor/torrc:

SocksPort 9050
SocksListenAddress 192.168.10.1:9050 # raspberry pie IP
ClientOnly 1
VirtualAddrNetwork 10.192.0.0/10
DNSPort 53
DNSListenAddress 192.168.10.1
AutomapHostsOnResolve 1
AutomapHostsSuffixes.Onion,.Exit
TransPort 9040
TransListenAddress 192.168.10.1
Log notice file /var/log/tor/notices.log log # log path
RunAsDaemon 1
ClientTransportPlugin obfs3 exec /usr/local/bin/obfsproxy managed obfsproxy # path
UseBridges 1
Bridge obfs3 37.187.65.72:35304 E47EC8C02C116B77D04738FA2E7B427F241A0164 # bridge just to get
Bridge obfs3 194.132.209.8:57356 B43A8BDE049073CA7AA7D3D46A7F97A93042DF35
Bridge obfs3 23.252.105.31:3443 CDAE9FD7710761D1914182F62B1B47F2FBF1FDE1
4.7: add iptables rules

Sudo iptables -t NAT -A PREROUTING -i eth0 -p TCP –dport REDIRECT –to-ports 22
sudo iptables 22 -j -t NAT -A PREROUTING -i eth0 -p TCP –dport REDIRECT –to-ports 19999
sudo iptables 19999 -j -t NAT -A PREROUTING -i eth0 -p UDP –dport REDIRECT –to-ports 53
sudo iptables 53 -j -t NAT -A PREROUTING -i eth0 -p TCP –syn -j REDIRECT –to-ports 9040
In order to make the above rules automatically added at the beginning of execution:
# sh -c “iptables-save > /etc/iptables.ipv4.nat”
The first command is a special case of the 22 port open, so that SSH can connect the raspberry pie.
Second orders for the 19999 port open a special case, so that netdata can connect the raspberry pie.
The third command all DNS (Port 53) forwards the request to the configuration file in torrc DNSPort
The fourth command will be forwarded to all TCP traffic in the configuration file torrc TransPort

4.8: start the tor client process:
# service tor start
See the tor start in /var/log/tor/notices.log, is normal:

Apr 13 13:32:46.000 [notice] Bootstrapped Connecting to directory server: 5%
Apr 13 13:32:46.000 [warn] We were supposed to connect to bridge 162.217.177.95:18869 ‘using pluggable’ ‘transport obfs4’, but we can t find a pluggable transport proxy ‘supporting’ obfs4 ‘This can happen if you haven. “T provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
Apr 13 13:32:47.000 [notice] Bootstrapped Finishing handshake with directory server: 10%
Apr 13 13:32:57.000 [notice] Bootstrapped Establishing an encrypted directory connection: 15%
Apr 13 13:32:58.000 [notice] Bootstrapped Asking for networkstatus consensus: 20%
Apr 13 13:32:58.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Apr 13 13:33:22.000 [notice] Bootstrapped Connecting to the Tor network: 80%
Apr 13 13:33:23.000 [notice] Bootstrapped Establishing a Tor circuit: 90%
Apr 13 13:33:28.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Apr 13 13:33:28.000 [notice] Bootstrapped 100%: Done
Screenshot _041316_013613_PM.jpg

Then reboot any time, raspberry pie will start automatically, and start connecting node, eth0 port waiting for your terminal connections, our aim has been achieved. The network will automatically exit interval beating a few minutes, performance will continue to change for the export of IP, hide your true identity. At this time, you can enjoy the military so far could not crack the encryption service.

well that answered that… well done..