Good Evening.
Generate encryption keys with OpenSSL.
OpenVPN server openvpn.conf configuration file:
OpenVPN clients client.conf configuration file:
Tor Hidden Service torrc configuration file:
Tor clients torrc configuration file:
Asterisk sip.conf configuration file:
Asterisk extensions.conf configuration file:
My main conception of this tutorial was to proof that VoIP can work in Tor.
This is chrooted configuration but if someone really need to start that kind of network, please isolate servers in virtual machines.
I prefer FreeBSD bhyve.
Also update CPU microcode against Spectre and Meltdown vulnerabilities.
I illustrate simply setup:
172.16.0.2/10.8.0.1 OpenVPN Server – bhyve VM on server.
172.16.0.3/10.8.0.10 OpenVPN Client with Apache – bhyve VM on server.
172.16.0.4/10.8.0.20 OpenVPN Client with Asterisk – bhyve VM on server.
172.16.0.5/10.8.0.30 OpenVPN Client with UnrealIRCd – bhyve VM on server.
…
172.31.0.9/10.8.10.10 OpenVPN Client with Apache – bhyve VM on client.
192.168.38.37/10.8.10.20 OpenVPN Client with UnrealIRCd – bhyve VM on client.
… and so on.
Setup static IP addresses in ccd directory for these servers.
Not tested but you can also start BIND DNS Server for hostnames against IP addresses.
That’s all!
It’s working with 1 s delay.
Enjoy!
There are also Quantum Resistant OpenVPN Project:
OPEN QUANTUM SAFE - Software for prototyping quantum-resistant cryptography
https://openquantumsafe.org
https://github.com/open-quantum-safe
https://github.com/open-quantum-safe/liboqs
https://github.com/open-quantum-safe/openssl
I am not providing any security warranty, just sharing information.
Any security improvements are welcome.
Also on Whonix Wiki:
www.whonix.org
Also published on:
forums.whonix.org
askubuntu.com
tor.stackexchange.com
szczybelski.wordpress.com
Norbert.
Generate encryption keys with OpenSSL.
OpenVPN server openvpn.conf configuration file:
Code:
mode server
tls-server
dev tun
proto tcp-server
port 1194
server 10.8.0.0 255.255.0.0
ca /vpn/ca.crt
cert /vpn/server.crt
key /vpn/server.key
dh /vpn/dh2048.pem
tls-crypt /vpn/ta.key
cipher AES-256-CBC
auth SHA3-512
log /var/log/openvpn.log
status /var/log/openvpn-status.log
user nobody
group nobody
persist-key
persist-tun
chroot /usr/local/etc/openvpn/jail
auth-nocache
# If you want to allow clients to communicate between themselves e.g. start own services like UnrealIRCd Servers.
client-to-client
client-config-dir /ccdOpenVPN clients client.conf configuration file:
Code:
client
remote-cert-tls server
dev tun
<connection>
remote youroniondomain.onion 1194 tcp-client
socks-proxy 127.0.0.1 9050
</connection>
cipher AES-256-CBC
auth SHA3-512
user nobody
group nogroup
persist-key
persist-tun
chroot /etc/openvpn/jail
auth-nocache
log /var/log/openvpn/openvpn.log
status /var/log/openvpn/openvpn-status.log
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-crypt>
</tls-crypt>Tor Hidden Service torrc configuration file:
Code:
HiddenServiceDir /usr/local/torhs/szczybelski/
HiddenServicePort 1194 127.0.0.1:1194Tor clients torrc configuration file:
Code:
SOCKSPort 9050Asterisk sip.conf configuration file:
Code:
[general]
transport=udp
port=5060
bindaddr=10.8.0.1
disallow=all
allow=ulaw
allow=alaw
allow=gsm
directmedia=no
nat=yes
localnet=10.8.0.0/255.255.255.0
[friends_internal](!)
type=friend
host=dynamic
context=from-internal
disallow=all
allow=ulaw
allow=alaw
allow=gsm
[demo-alice](friends_internal)
secret=password
[demo-bob](friends_internal)
secret=password
[demo-norbert](friends_internal)
secret=passwordAsterisk extensions.conf configuration file:
Code:
[from-internal]
exten=>6001,1,Dial(SIP/demo-alice,20)
exten=>6002,1,Dial(SIP/demo-bob,20)
exten=>6003,1,Dial(SIP/demo-norbert,20)My main conception of this tutorial was to proof that VoIP can work in Tor.
This is chrooted configuration but if someone really need to start that kind of network, please isolate servers in virtual machines.
I prefer FreeBSD bhyve.
Also update CPU microcode against Spectre and Meltdown vulnerabilities.
I illustrate simply setup:
172.16.0.2/10.8.0.1 OpenVPN Server – bhyve VM on server.
172.16.0.3/10.8.0.10 OpenVPN Client with Apache – bhyve VM on server.
172.16.0.4/10.8.0.20 OpenVPN Client with Asterisk – bhyve VM on server.
172.16.0.5/10.8.0.30 OpenVPN Client with UnrealIRCd – bhyve VM on server.
…
172.31.0.9/10.8.10.10 OpenVPN Client with Apache – bhyve VM on client.
192.168.38.37/10.8.10.20 OpenVPN Client with UnrealIRCd – bhyve VM on client.
… and so on.
Setup static IP addresses in ccd directory for these servers.
Not tested but you can also start BIND DNS Server for hostnames against IP addresses.
That’s all!
It’s working with 1 s delay.
Enjoy!
There are also Quantum Resistant OpenVPN Project:
OPEN QUANTUM SAFE - Software for prototyping quantum-resistant cryptography
https://openquantumsafe.org
https://github.com/open-quantum-safe
https://github.com/open-quantum-safe/liboqs
https://github.com/open-quantum-safe/openssl
I am not providing any security warranty, just sharing information.
Any security improvements are welcome.
Also on Whonix Wiki:
Voice over IP (VoIP)
Anonymous Voice over IP (VoIP). Encrypted, anonymous phone calls using the Tor Anonymity Network.
www.whonix.org
Also published on:
How To setup Asterisk VoIP server over OpenVPN in Tor hidden service.
First create OpenSSL CA with easy-rsa or OpenSSL for OpenVPN. This is OpenVPN server configuration file: tls-server port 1194 proto tcp dev tun ca /etc/ssl/ca.crt cert /etc/ssl/server.crt key /etc/ssl/server.key dh /etc/ssl/dh2048.pem topology subnet server 10.0.0.0 255.255.0.0...
forums.whonix.org
Asterisk VoIP Server over OpenVPN in Tor Hidden Service
Generate encryption keys with OpenSSL. OpenVPN server openvpn.conf configuration file: mode server tls-server dev tun proto tcp-server port 1194 server 10.8.0.0 255.255.0.0 ca /vpn/ca.crt cert /...
askubuntu.com
Asterisk VoIP Server over OpenVPN in Tor Hidden Service
Evening. Generate encryption keys with OpenSSL. OpenVPN server openvpn.conf configuration file: mode server tls-server dev tun proto tcp-server port 1194 server 10.8.0.0 255.255.0.0 ca /vpn/ca.crt
tor.stackexchange.com
Asterisk VoIP Server over OpenVPN in Tor Hidden Service
Generate encryption keys with OpenSSL. OpenVPN Server openvpn.conf configuration file: mode server tls-server dev tun proto tcp-server port 1194 server 10.8.0.0 255.255.0.0 ca /vpn/ca.crt cert /vpn…
szczybelski.wordpress.com
Norbert.
Last edited: