Make the entire Windows PC connect to the Internet through TOR

Make the entire Windows PC connect to the Internet through TOR

Introduction
The Onion Router is a famous anonymity network. On a Windows it comes with Tor Browser Bundle - the FireFox browser and the tor.exe which acts as SOCKS5 proxy, listening on 127.0.0.1:9050. Such configuration allows to torrify every application with SOCKS proxy support. But...
What about other applications without built-in SOCKS settings? Tor Browser Bundle will not torrify them. However, there are number of such programs someone would like to tunnel through TOR. For instance, it could be desktop bitcoin wallet Exodus. Or it could be Android emulator Memu.
Obviously, there is demand to hide the entire operating system behind TOR. Such situation is called Transparent Proxy, because applications don't see the proxy - instead they "think" they're connected to the Internet directly. This article explains how to create Linux Virtual Machine, acting as a Transparent Proxy for the whole Windows PC. Before continuing, I must notice there is a program Tallow with same functionality. Unfortunately, I can't get it working on my PC. If you experience otherwise, then it's just great. If not, then read on...
Prerequisites and Assumptions
1. You have Windows XP - Windows 10
2. You're connected to the Internet directly through the Network Adapter (Ethernet, RNDIS) and NOT through VPN (OpenVPN, PPTP, L2TP).
3. You have VMware Workstation or Oracle VirtualBox installed.
STEP 1: INSTALL UBUNTU VIRTUAL MACHINE
If you use VMware the following services must be enabled on host: VMware DHCP Service, VMware NAT Service.
Download ISO image of "Ubuntu 17.10 (Artful Aardvark) Server i386" from official website.
Inside VMware Workstation open Edit ➛Virtual Network Editor... and make sure VMnet0 is bridged to your Internet Network Adapter.

Click "Create a New Virtual Machine". When asked "What type of configuration do you want?" select "Custom (advanced)"

When prompted to choose location of ISO file, select "I will install the operating system later."

In the next dialog select Linux Ubuntu

When asked about Memory size, set 512 Mb. In the next dialogs leave default values. When creating disk, 15 Gb would be enough

After creating VM, click "Edit virtual machine settings". Remove Printer, Sound Card and USB Controller. HDD can be made "Persistent"

On the "CD/DVD (SATA)" tab select downloaded earlier ISO image

On the "Network Adapter" tab choose VMnet0

Click "Add..." button to add second Network Adapter and leave its type as "NAT".

Go to VM ➛Power➛ Power On to Firmware and change boot order, making CDROM first

Press F10 to save the changes and reboot. During installation, press "Enter" to select ens32 as the Primary Interface.

Afterwards, the interfaces should be configured automatically and assigned IP addresses by DHCP of your LAN. If not, then you must configure them manually. Give them different IPs. The IP of ens33 doesn't matter, since we'll change it later.
In the "Partition disks" dialog select "Guided - Use entire disk"

In the "Configure the package manager" dialog leave HTTP proxy blank.
In the "Software selection" dialog select only "OpenSSH server"

After completing installation, go to VM ➛Power➛ Power On to Firmware again and make "Hard Drive" be first boot device.
STEP 2: CONFIGURE UBUNTU VIRTUAL MACHINE
Now, I'd recommend to enable root user:
sudo passwd root
sudo passwd -u root

and enable root login over SSH:
sudo nano /etc/ssh/sshd_config
PermitRootLogin yes

Type ifconfig in terminal and take notice of inet address of ens32 interface. In my case it was 192.168.2.153 - it's IP of VM. After rebooting, it would be possible to connect to VM over SSH. Personally, I prefer KiTTY to send commands and WinSCP to modify files.
Disable swap file:
swapoff /swapfile

edit /etc/fstab, comment out /swapfile
#/swapfile   none    swap    sw     0       0
Remove swapfile:
rm -f /swapfile

Edit /etc/apt/sources.list:
###### Ubuntu Main Repos
deb http://nl.archive.ubuntu.com/ubuntu/ artful main restricted universe multiverse
deb-src http://nl.archive.ubuntu.com/ubuntu/ artful main restricted universe multiverse
###### Ubuntu Update Repos
deb http://nl.archive.ubuntu.com/ubuntu/ artful-updates main restricted universe multiverse
deb-src http://nl.archive.ubuntu.com/ubuntu/ artful-updates main restricted universe multiverse

apt-get update
apt-get dist-upgrade

Edit /etc/sysctl.conf - enable forwarding:
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.accept_source_route = 1

reboot

Install packages:
apt-get update
apt-get --no-install-recommends install ifupdown gcc automake cmake zip unzip libssl-dev pkg-config zlib1g-dev libevent-dev
apt-get install pptpd
apt-get clean

Compile TOR:
mkdir /programs
mkdir /programs/tor
chmod 777 -R /programs
wget -P /tmp https://www.torproject.org/dist/tor-0.3.1.9.tar.gz
tar -xvzf /tmp/tor-0.3.1.9.tar.gz -C /tmp
chmod 777 -R /tmp/tor-0.3.1.9
cd /tmp/tor-0.3.1.9
./configure --prefix=/programs/tor --exec-prefix=/programs/tor --disable-asciidoc
make
make install-strip
cd /
rm -f /tmp/tor-0.3.1.9.tar.gz
rm -f -r /tmp/tor-0.3.1.9
chmod 777 -R /programs/tor/bin
mkdir /programs/tor/etc/keys1

Create file /programs/tor/etc/torrc1 with content:
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit,.onion
DNSPort 192.168.7.1:5353
TransPort 192.168.7.1:9040
AvoidDiskWrites 1
UseEntryGuards 1
AllowNonRFC953Hostnames 1
ClientRejectInternalAddresses 0
WarnPlaintextPorts 65000
OptimisticData 1
PathsNeededToBuildCircuits 0.25
ClientOnly 1
SOCKSPort 127.0.0.1:9050
DataDirectory /programs/tor/etc/keys1
RunAsDaemon 1

Edit file /etc/network/interfaces:
auto ens33
iface ens33 inet static
address 192.168.7.1
netmask 255.255.255.255
mtu 1400

Enable ens33:
ifup ens33

Check if interface is enabled:
ifconfig


Try to start TOR:
/programs/tor/bin/tor -f /programs/tor/etc/torrc1

It should be working.
Configure PPTP server:
systemctl stop pptpd.service

Edit /etc/pptpd.conf:
option /etc/ppp/pptpd-options
logwtmp
connections 10
localip 192.168.7.1
remoteip 192.168.7.12-21

Edit /etc/ppp/pptpd-options:
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
#require-mppe-128
ms-dns 192.168.7.1
proxyarp
nodefaultroute
lock
nobsdcomp
novj
novjccomp
nologfd

Note, #require-mppe-128 is commented out, because encryption is not required on local network.
Edit /etc/ppp/chap-secrets:
user1 pptpd password1 *
user2 pptpd password2 *
user3 pptpd password3 *
user4 pptpd password4 *
user5 pptpd password5 *
user6 pptpd password6 *
user7 pptpd password7 *
user8 pptpd password8 *
user9 pptpd password9 *
user10 pptpd password10 *

Edit /etc/ppp/ip-up, add to the end:
iptables -t nat -A PREROUTING -i $PPP_IFACE -p udp --dport 53 -j REDIRECT --to-ports 5353
iptables -t nat -A PREROUTING -i $PPP_IFACE -p udp --dport 5353 -j REDIRECT --to-ports 5353
iptables -t nat -A PREROUTING -i $PPP_IFACE -p tcp --syn -j REDIRECT --to-ports 9040

Edit /etc/ppp/ip-down, add to the end:
iptables -t nat -D PREROUTING -i $PPP_IFACE -p udp --dport 53 -j REDIRECT --to-ports 5353
iptables -t nat -D PREROUTING -i $PPP_IFACE -p udp --dport 5353 -j REDIRECT --to-ports 5353
iptables -t nat -D PREROUTING -i $PPP_IFACE -p tcp --syn -j REDIRECT --to-ports 9040

Try to start PPTP server:
systemctl enable pptpd.service
systemctl start pptpd.service

It should be working.
Create file /etc/systemd/system/rc-local.service with content:
[Unit]
 Description=/etc/rc.local Compatibility
 ConditionPathExists=/etc/rc.local

[Service]
 Type=forking
 ExecStart=/etc/rc.local start
 TimeoutSec=0
 StandardOutput=tty
 RemainAfterExit=yes
 SysVStartPriority=99

[Install]
 WantedBy=multi-user.target

systemctl enable rc-local.service
systemctl start rc-local.service

Create file /etc/rc.local with content:
#!/bin/sh -e
/programs/tor/bin/tor --quiet -f /programs/tor/etc/torrc1 /dev/null 2>/dev/null &
exit 0

chmod 777 /etc/rc.local

Reboot VM:
reboot

Make sure tor and pptpd are running:
netstat -tulp

Turn off VM:
poweroff

STEP 3: CONFIGURE WINDOWS
Create new PPTP connection:
In Windows 10 open Settings ➛Network & Internet➛VPN➛Add a VPN connection

Here, the "Connection name" should be "pptpd"; "Server name" is the IP of Ubuntu Virtual Machine; "VPN type" is PPTP; Login and Password are taken from chap-secrets. Click "Save" button.
Open Control Panel ➛ Network and Sharing Center ➛Change adapter settings
In the properties of pptpd adapter, on the tab "Security" select "Allow these protocols" and check on "Microsoft CHAP version 2":

Open "Local Group Policy Editor" (Win+R, gpedit.msc) and navigate to Computer Configuration➛ Administrative Templates ➛Network➛DNS Client. Enable the following policies:
Turn off smart multi-homed name resolution
Turn off smart protocol reordering
Turn off multicast name resolution
Reboot Windows to apply changes.

STEP 4: USAGE
Create two *.BAT files SET_FAKE.bat and RESTORE_DHCP.bat
SET_FAKE.bat:
netsh interface ipv4 set dnsservers "Ethernet" static 127.0.0.2 primary
netsh interface ipv6 set dnsservers "Ethernet" static 0:0:0:0:0:ffff:7f00:2 primary
netsh interface ipv4 add dnsservers "Ethernet" 127.0.0.3 index=2
netsh interface ipv6 add dnsservers "Ethernet" 0:0:0:0:0:ffff:7f00:3 index=2

RESTORE_DHCP.bat:
netsh interface ipv4 set dnsservers "Ethernet" dhcp
netsh interface ipv6 set dnsservers "Ethernet" dhcp

Here, "Ethernet" is the name of Internet Network Adapter. 127.0.0.2, 127.0.0.3, 0:0:0:0:0:ffff:7f00:2, 0:0:0:0:0:ffff:7f00:3 are spoofed DNS.
Power On Ubuntu VM and run SET_FAKE.bat as Administrator.
Now, Windows should not be able to do the Name Resolution, but should connect to the IP addresses directly:

Establish PPTP connection to Ubuntu VM:

Open Browser and go to https://www.perfect-privacy.com/dns-leaktest to check if there are leaks.
Do whatever you intended to do in the TOR network.
Disconnect from PPTP and restore DNS Settings back - run RESTORE_DHCP.bat as Administrator.
Power Off Ubuntu VM.

STEP 5: HIDE THE FACT YOU'RE USING TOR
Some websites block TOR users. To overcome this obstacle, one might use usual SOCKS proxy. The free SOCKS4/5 proxy list is available at https://www.socks-proxy.net. This applies only to browsers/applications with built-in SOCKS functionality. Windows can't apply proxy settings globally while PPTP connection is active (PPTP is a sort of VPN).
Proxifier for Windows can proxify every application, even such, which don't have SOCKS settings. You can download 30-day trial version from official website. Proxifier also includes free tool ProxyChecker with ability to test Proxy Servers.

Comments