{"id":22674756,"url":"https://github.com/bitnom/vpn-chain","last_synced_at":"2025-04-12T13:35:06.674Z","repository":{"id":56050156,"uuid":"106020312","full_name":"bitnom/VPN-Chain","owner":"bitnom","description":"Bash script for making chained OpenVPN connections.","archived":false,"fork":false,"pushed_at":"2020-11-28T17:48:11.000Z","size":18,"stargazers_count":88,"open_issues_count":6,"forks_count":29,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-03-26T08:11:08.930Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bitnom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-10-06T15:26:54.000Z","updated_at":"2025-03-14T01:18:39.000Z","dependencies_parsed_at":"2022-08-15T12:10:45.676Z","dependency_job_id":null,"html_url":"https://github.com/bitnom/VPN-Chain","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitnom%2FVPN-Chain","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitnom%2FVPN-Chain/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitnom%2FVPN-Chain/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitnom%2FVPN-Chain/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bitnom","download_url":"https://codeload.github.com/bitnom/VPN-Chain/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248573805,"owners_count":21126906,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-09T17:18:03.419Z","updated_at":"2025-04-12T13:35:06.650Z","avatar_url":"https://github.com/bitnom.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# VPN-Chain\nBash script which makes chained OpenVPN connections.\n\n\nWARNING: This is beta release and is VERY experimental right now, so use at your own risk. \nWARNING: Please read HOW TO USE VPN CHAIN section, because it contains important security information\n\n\n#### ABOUT VPN CHAIN ####\nVPN Chain is a fork of the original VPNCHAIN bash script. I will be reworking this in either Go or Nim. For now, I will maintain this script and continue to add features and fix bugs.\n\nVPN Chain is bash script which makes chained openvpn connections. You don't need to use virtual machine for this anymore. \nAfter chain is completed you can use internet in more secure and private way with all openvpn benefits. \n\nCompleted chain looks like this:\n\tPC \u003c-\u003e OPENVPN1 \u003c-\u003e OPENVPN2 \u003c-\u003e OPENVPN# \u003c-\u003e INTERNET\n\nAnd yes, you can use TOR on top of chain:\n\tPC \u003c-\u003e OPENVPN1 \u003c-\u003e OPENVPN2 \u003c-\u003e OPENVPN# \u003c-\u003e TOR \u003c-\u003e INTERNET\n\nThere should be no limits on how many hops in chain can be (fix me if i'm wrong). I tested with 3 OpenVPNs in chain, \nbut i think it should work with 5 or 10 configs. Ofcourse, there can be some practical limits like speed and stability \nof whole chain.  \n\n\n#### REQUIREMENTS ####\n\n- Linux (tested on Ubuntu 12.04, but should work on most distributions)\n- Config files from your OpenVPN providers\n- BASH shell\n- OpenVPN client\n- iptables\n- resolvconf\n- awk\n\n\n#### HOW TO USE VPN CHAIN ####\n\n0. Extract files:\n\tbash$ unzip vpnchain-XX.zip\n\tbash$ cd vpnchain\n\n1. Edit vpnchain.sh config section. \n\n\tVPN CHAIN should work with most OpenVPN providers default configs (i tested 3 different ones and all worked \n\twithout major changes). If you get 'file not found' errors, try to change keys and certificate paths from relative to absolute in config files.\n\n2. Use sudo to run it:\n\t\tbash$ sudo ./vpnchain.sh \n\n3. To exit press CTRL+C keys\n\n4. If you enabled firewall blocking then run this command to flush rules:\n\tbash$ sudo ./vpnchain.sh flush\n\t\n\nSECURITY WARNING:\n\tYour IP address doesn't change UNTIL WHOLE CHAIN IS CONNECTED. If you connect to first openvpn server then to second but LAST ONE doesn't connect, your IP IS NOT changed. For IP to change you need wait for WHOLE CHAIN to be connected (wait for green text saying 'Connected'). \n\tTo avoid leaks you can disable all OUTPUT traffic in firewall and allow only remote openvpn servers IPs and tun devices. Or you should wait until chain is completed and check your ip before doing any online activity (your ip should be  from your last OpenVPN provider's). \n\nNOTICE: Automatic firewall blocking option is added in 0.2 version\n\nAfter connect you can run wireshark and look for traffic:\n- eth0 device should see traffic only to Client0 remote server ip (and other local LAN traffic)\n- tun0 device should see traffic only from tun0 ip and Client1 remote server ip\n- tun1 device should see traffic only from tun1 ip and Client2 remote server ip and so on.\n- last tun device should see internet traffic from it's tunX device and all other request to internet (because it's exit node).\n\n\n#### HOW VPN CHAIN WORKS ####\n\nThe main idea is taken from http://forums.openvpn.net/topic7483.html.\nYou change default routing pushed from OpenVPN server and manualy add your own custom routing:\n\nIn ClientA config file add lines:\n\troute-nopull # disable default routing pushed from server\n\troute \u003cClientA_Remote_IP\u003e 255.255.255.255 \u003cDefault_Gateway\u003e\n\troute \u003cClientB_Remote_IP\u003e 255.255.255.255 \u003cClientA_Tun_IP\u003e\n\nIn ClientB config file add those lines:\n\troute-nopull # disable default routing pushed from server\n\troute 0.0.0.0 128.0.0.0 \u003cClientB_Tun_IP\u003e\n\troute 128.0.0.0 128.0.0.0 \u003cClientB_Tun_IP\u003e\n\tdhcp-option DNS \u003cClientB_Dns_IP\u003e\n\tup /etc/openvpn/update-resolv-conf\n\tdown /etc/openvpn/update-resolv-conf\n\nBut this can be applied for more than two OpenVPN instances:\n\nClient_First:\n\troute-nopull # disable default routing pushed from server\n\troute \u003cClient_First_Remote_IP\u003e 255.255.255.255 \u003cDefault_Gateway\u003e\n\troute \u003cNext_Client_Remote_IP\u003e 255.255.255.255 \u003cClient_First_Tun_IP\u003e\n\nClient#:\n\troute-nopull # disable default routing pushed from server\n\troute \u003cNext_Client_Remote_IP\u003e 255.255.255.255 \u003cPrevious_Client_Tun_IP\u003e\n\nClient_Last:\n\troute-nopull # disable default routing pushed from server\n\troute 0.0.0.0 128.0.0.0 \u003cCient_Last_Tun_IP\u003e\n\troute 128.0.0.0 128.0.0.0 \u003cClient_Last_Tun_IP\u003e\n\tdhcp-option DNS \u003cClient_Last_Dns_IP\u003e\n\tup /etc/openvpn/update-resolv-conf\n\tdown /etc/openvpn/update-resolv-conf\n\nBasicaly, completed chain looks like this:\n\tPC \u003c-\u003e OPENVPN1 \u003c-\u003e OPENVPN2 \u003c-\u003e OPENVPN# \u003c-\u003e INTERNET\n\nIn theory there is no limits on how many hops in chain can be (fix me if i'm wrong), but there can be some practical limitations like whole chain speed, stability etc. \nI tested with 3 clients and it worked fine. It would be nice to get feedback (see CONTACTS section) on how much clients \nit worked for you and what issues did you have (if any).\n\n\n#### TODO LIST ####\n- Do heavier testing; get feedbacks (please send them to br41n \u003cat\u003e safe-mail.net)\n- Add support for remote-random option\n- Add sock-proxy support to use with services like TOR\n\n\n#### CHANGELOG ###\n0.21:\n- Added IPv6 block \u0026 restore option.\n- Changed default verbosity to 1.\n\n0.2:\n- Added firewall block option\n- Moved functions to separate file\n- Code cleanup\n\n0.1:\n- Initial submit\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitnom%2Fvpn-chain","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbitnom%2Fvpn-chain","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitnom%2Fvpn-chain/lists"}