Gnoppixctl is free, open-source software for enabling anonymous communication. It directs traffic through a worldwide, volunteer overlay network consisting of thousands of relays.
You don’t need other tools if you route all your traffic with gnoppixctl through the tor network. This ensures every connection you make is anonymized, concealing your location and usage from surveillance and traffic analysis.
We are thrilled to announce the release of gnoppixctl v0.5.0 (IPv6-aware) + VPN exclusion , a powerful update to the essential tool designed to redirect all your system’s traffic, including DNS queries, through the Tor network for complete anonymization.
This new version introduces major enhancements to address modern networking environments, focusing on comprehensive IPv6 support and crucial VPN integration. Gnoppixctl v0.5.0 ensures your system remains anonymous and secure, regardless of your network setup.
Core Features and Enhanced Anonymity
Gnoppixctl is a command-line script engineered to be the single point of control for your system’s security and privacy.
-
Total Traffic Redirection: The primary function, start, automatically configures your firewall rules (iptables and ip6tables) to force all outgoing TCP, UDP, and ICMP (for IPv4) traffic through the Tor network’s transparent proxy port, TOR_PORT (9040).
-
DNS Leak Prevention: DNS queries (UDP and TCP on port 53) are redirected to Tor’s DNS port, TOR_DNS (9053), ensuring that your destination address lookups remain private and are resolved over Tor.
-
Automatic Startup/Shutdown Management: The start command backs up your original firewall, Tor configuration (TORRC), nameservers, and sysctl rules before applying the new, restrictive rules. The stop command safely restores all original configurations to return your system to clearnet, guaranteeing a clean switch.
-
Identity Control: Instantly change your Tor identity with the chngid command, which stops and restarts the Tor service.
-
Forensic Hygiene: The wipe command aggressively clears system memory and caches, and runs the smem-secure-delete utility , while the autowipe command allows for memory wiping at system shutdown.
-
Hardware Privacy: Use chngmac to randomize the MAC addresses of all network interfaces (excluding ‘lo’) and rvmac to revert them to their permanent addresses.
Next-Generation Networking: IPv6 and VPN Awareness
Version 0.5.0 introduces two critical updates to maintain anonymity in complex network environments:
1. Comprehensive IPv6 Support (IPv6-aware)
- Gnoppixctl now automatically detects if a global IPv6 address is present on your system.
Dynamic Configuration: If IPv6 is detected, the script now:
-
Adds IPv6 loopback listeners to the Tor configuration file (TORRC), including TransPort, SocksPort, and DNSPort.
-
Conditionally adds the IPv6 loopback nameserver (::1) to /etc/resolv.conf.
-
Applies a separate set of ip6tables rules to enforce Tor redirection for all IPv6 traffic.
-
It deliberately excludes critical IPv6 protocols like ICMPv6 (Router/Neighbor Solicitation/Advertisement) from redirection to prevent network stack breakage, while still redirecting TCP/UDP traffic.
-
Conditionally enables or disables IPv6 system-wide using sysctl based on the detection result.
-
Robust Backup/Restore: The backup and restore functions now explicitly handle ip6tables rules if IPv6 is active, ensuring proper system restoration upon stopping the service.
2. Exclusive VPN Handling (+ VPN exclusion)
Recognizing that many users run the Gnoppix distribution with a VPN for an extra layer of protection, this version introduces VPN detection and exclusion.
-
Automatic VPN Detection: The check_vpn_capabilities function looks for an IP address in the $VPN_EXCLUDE range (defaulting to 10.8.0.0/8) or an interface with an MTU of 1420.
-
Traffic Exclusion: If the Gnoppix VPN is detected, the script adds specific rules to the iptables NAT table to ensure traffic destined for the VPN network bypasses Tor redirection. This is essential for preventing the Tor network from interfering with the secure VPN connection itself.
Warning: Gnoppixctl is designed to run on Gnoppix Linux. Other Linux distributions may not work
gnoppixctl comes with gnoppix-welcome_25.1032 or the upcoming Gnoppix 26.1 KDE -stable-
Here is a link howto to update your Gnoppix (if installed):