How do I have multiple DNSPort and TransPort?

hack3rcon · July 23, 2023, 1:25pm

Hello,
I configured Tor and OpenVPN on a Linux server like the below:

Client ---> OpenVPN Server ---> Tor Network ---> Internet

My Tor config file is:

VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
DNSPort 10.8.0.1:53530
TransPort 10.8.0.1:9040

The 10.8.0.1 IP is the IP address my OpenVPN virtual NIC:

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.255  destination 10.8.0.2
        inet6 fe80::d54:8cd:b0c9:f4b0  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 135  bytes 15804 (15.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 164  bytes 90203 (88.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I want to run another OpenVPN server with 10.9.0.1 IP. Can I define multiple DNSPort and TransPort IP addresses? For example:

VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
DNSPort 10.8.0.1:53530
DNSPort 10.9.0.1:53530
TransPort 10.8.0.1:9040
TransPort 10.9.0.1:9040

Thank you.

hack3rcon · July 28, 2023, 6:05am

Hello,
Is it not possible to use multiple IPs for the DNSPort and TransPort options?

Thank you.

hack3rcon · August 7, 2023, 11:53am

Hello,
Has anyone ever done this?
Any idea welcomed.

Thank you.

trinity-1686a · August 12, 2023, 9:40am

You can configure as many DNSPort and TransPort as you wish.

From tor man page:

DNSPort [address:]port|auto [isolation flags]:
[…]
This directive can be specified multiple times to bind to multiple addresses/ports.

TransPort [address:]port|auto [isolation flags]:
[…]
This directive can be specified multiple times to bind to multiple addresses/ports.

hack3rcon · August 19, 2023, 7:58pm

Hello,
Thank you so much for your reply.
What are the roles of the auto and [isolation flags] ?
Is the below configuration correct?

DNSPort 10.8.0.1:53530
DNSPort 10.9.0.1:53530
TransPort 10.8.0.1:9040
TransPort 10.9.0.1:9040

trinity-1686a · August 21, 2023, 2:24pm

auto makes tor use a random port.
[isolation flags] are flags described in SOCKSPort. They control how tor isolate connections (which connections are allowed to use the same circuit, and which are not). You generally don’t need to change those.

The configuration looks correct. tor will tell you if it doesn’t like it.

hack3rcon · August 26, 2023, 3:54pm

Hello,
Thank you so much for your reply.
Yes, it worked.
Can you show me an example of auto and [isolation flags] statements in the configuration file?

hack3rcon · January 7, 2024, 12:03am

Hello,
I have two questions:
1- Do I need to define a VirtualAddrNetwork for each DNSPort and TransPort?

2- Should DNSPort and TransPort IP address ranges be the same? I changed the configuration as follows:

VirtualAddrNetwork 20.192.0.0/10
AutomapHostsOnResolve 1
DNSPort 20.20.0.1:53530
TransPort 20.20.0.1:9040

DNSPort 10.10.0.1:53530
TransPort 10.10.0.1:9040

But, I got the following error message:

Jan 07 10:02:01.741 [notice] Opening Socks listener on 127.0.0.1:9050
Jan 07 10:02:01.741 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9050
Jan 07 10:02:01.741 [notice] Opening DNS listener on 20.20.0.1:53530
Jan 07 10:02:01.741 [notice] Opened DNS listener connection (ready) on 20.20.0.1:53530
Jan 07 10:02:01.741 [notice] Opening DNS listener on 10.10.0.1:53530
Jan 07 10:02:01.741 [warn] Could not bind to 10.10.0.1:53530: Cannot assign requested address
Jan 07 10:02:01.741 [notice] Opening Transparent pf/netfilter listener on 20.20.0.1:9040
Jan 07 10:02:01.741 [notice] Opened Transparent pf/netfilter listener connection (ready) on 20.20.0.1:9040
Jan 07 10:02:01.741 [notice] Opening Transparent pf/netfilter listener on 10.10.0.1:9040
Jan 07 10:02:01.741 [warn] Could not bind to 10.10.0.1:9040: Cannot assign requested address
Jan 07 10:02:01.741 [notice] Closing partially-constructed Socks listener connection (ready) on 127.0.0.1:9050
Jan 07 10:02:01.741 [notice] Closing partially-constructed DNS listener connection (ready) on 20.20.0.1:53530
Jan 07 10:02:01.742 [notice] Closing partially-constructed Transparent pf/netfilter listener connection (ready) on 20.20.0.1:9040
Jan 07 10:02:01.742 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
Jan 07 10:02:01.742 [err] Reading config failed--see warnings above.

hack3rcon · January 7, 2024, 2:02pm

Hello,
I solved problem #2. There should be a NIC (something like OpenVPN) in the IP address range of 10.10.0.1.
How about the following question?

Do I need to define a VirtualAddrNetwork for each DNSPort and TransPort ?