Skip to content

Instantly share code, notes, and snippets.

@kotborealis

kotborealis/openvpn_server.conf

Last active June 1, 2025 11:56
Show Gist options
  • Save kotborealis/fc7fe6c9ba18d1e3fdee739aa5d9ab62 to your computer and use it in GitHub Desktop.
Save kotborealis/fc7fe6c9ba18d1e3fdee739aa5d9ab62 to your computer and use it in GitHub Desktop.
Download ZIP
Tor, i2p, OpenVPN
Raw
readme.md

Part of tor-i2p-openvpn configuration.

  • .onion domains uses tor as proxy
  • .i2p domains uses i2p as proxy
  • Everything else uses vpn ip adress

For some reason, push dhcp-option dns not working, neither in Network Manager nor in openvpn cli. Workaround is to manually set nameserver 10.8.0.1 (where 10.8.0.1 is the openvpn's server tunnel adress) in /etc/resolv.conf

How it works?

DNS server on 10.8.0.1 (vpn server) redirects .onion and .i2p domains to 10.8.0.1.

Following iptables rule on server routes all traffic from tunnel to tinyproxy on 8888:

iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-ports 8888

When client requests specific domain, it goes to TinyProxy, and then tinyproxy decides, what to do: send it to tor, i2p, or to use internet.

Raw
openvpn_server.conf
# Why the hell its not working?
# Maybe you'll have to change dns manually in /etc/resolv.conf
push "dhcp-option DNS 10.8.0.1"
Raw
polipo_config
# We need polipo to proxy tor's proxy ._.
proxyPort = 8124
# Tor's socks5 proxy running on 9050
socksParentProxy = "localhost:9050"
socksProxyType = socks5
Raw
tinyproxy_conf
# I use tinyproxy to route .onion domain traffic to polipo
# and to route .i2p domain traffic right to the i2p
Port 8888
# Polipo running on :8124
upstream 127.0.0.1:8124 ".onion"
# i2p running on :4444
upstream 127.0.0.1:4444 ".i2p"
Raw
unbound.conf
interface-automatic: yes
interface: 10.8.0.1
# Allow connections
access-control: 10.0.0.0/8 allow
access-control: 10.0.0.0/16 allow
access-control: 127.0.0.0/8 allow
# Redirect .onion and .tor to openvpn server
local-zone: "onion" redirect
local-data: "onion A 10.8.0.1"
local-zone: "i2p" redirect
local-data: "i2p A 10.8.0.1"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment