Subj : transparent proxy for .onion connections
To   : All
From : Oli
Date : Wed Nov 20 2019 11:35 am

I found this basic recipe for Linux:
https://gist.github.com/DrWhax/7871636

I believe it's possible to do the same with opnsense.


How does it work?

- binkp client asks your own local nameserver (:53) to resolve the .onion
address
- nameserver forwards the request to your local Tor daemon (:9053)
- client gets a locally mapped IP address (like 127.192.24.32)
- client opens a connection to that IP
- firewall redirects the connection to the Tor daemon (:9040)
- Tor daemon establishes a connection to the remote binkp server (hidden
service)



If you use BinkD there is a much simpler solution:
- BinkD client uses the Tor socks5 proxy for .onion addresses (:9050)
- Tor daemon establishes a connection to the remote binkp server (hidden
service)


--- GoldED+/LNX 1.1.5-b20180707
 * Origin: 🌈 (21:1/151)

.