=== Warning: This page is severly outdated, please fix it up ===
### Warning: This page is severly outdated, please fix it up
[[TOC]]
The following are notes for varying methods of setup and modifications to the Torrouter installation on a [https://www.amazon.co.uk/Buffalo-AirStation-HighPower-Internet-Connections/dp/B0028ACYEK/ref=sr_1_1?ie=UTF8&qid=1291972032&sr=8-1 Buffalo WZR-HP-G300NH (UK)]. This setup differs in that we will use an existing wireless network as our upstream internet provider. The following diagram describes the network topology (network SSID's in grey):
[[Image(https://chart.googleapis.com/chart?cht=gv&chl=graph{bgcolor=transparent;BuffaloWifiRouter[shape=box3d];Internet[shape=ellipse%2Ccolor=%22grey%22%2Cfontcolor=%22gray%22%2Cstyle=dashed];node[shape=box%2Cstyle=filled%2Ccolor=lightgrey];OpenWrt--BuffaloWifiRouter[fontsize=10.0%2Clabel=%22192.168.1.0/24%22%2Cheadport=w]--Upstream--Internet[color=%22gray%22];BuffaloWifiRouter--Upstream[fontsize=10.0%2Clabel=%22address via DHCP%22]--Internet;TransparentTor--BuffaloWifiRouter[fontsize=10.0%2Clabel=%2210.192.0.0/10%22%2Cheadport=e];})]]
The following are notes for varying methods of setup and modifications to the Torrouter installation on a [Buffalo WZR-HP-G300NH (UK)](https://www.amazon.co.uk/Buffalo-AirStation-HighPower-Internet-Connections/dp/B0028ACYEK/ref=sr_1_1?ie=UTF8&qid=1291972032&sr=8-1). This setup differs in that we will use an existing wireless network as our upstream internet provider. The following diagram describes the network topology (network SSID's in grey):
![https://chart.googleapis.com/chart?cht=gv&chl=graph{bgcolor=transparent;BuffaloWifiRouter[shape=box3d];Internet[shape=ellipse%2Ccolor=%22grey%22%2Cfontcolor=%22gray%22%2Cstyle=dashed];node[shape=box%2Cstyle=filled%2Ccolor=lightgrey];OpenWrt--BuffaloWifiRouter[fontsize=10.0%2Clabel=%22192.168.1.0/24%22%2Cheadport=w]--Upstream--Internet[color=%22gray%22];BuffaloWifiRouter--Upstream[fontsize=10.0%2Clabel=%22address via DHCP%22]--Internet;TransparentTor--BuffaloWifiRouter[fontsize=10.0%2Clabel=%2210.192.0.0/10%22%2Cheadport=e];}](https://chart.googleapis.com/chart?cht=gv&chl=graph{bgcolor=transparent;BuffaloWifiRouter[shape=box3d];Internet[shape=ellipse%2Ccolor=%22grey%22%2Cfontcolor=%22gray%22%2Cstyle=dashed];node[shape=box%2Cstyle=filled%2Ccolor=lightgrey];OpenWrt--BuffaloWifiRouter[fontsize=10.0%2Clabel=%22192.168.1.0/24%22%2Cheadport=w]--Upstream--Internet[color=%22gray%22];BuffaloWifiRouter--Upstream[fontsize=10.0%2Clabel=%22address via DHCP%22]--Internet;TransparentTor--BuffaloWifiRouter[fontsize=10.0%2Clabel=%2210.192.0.0/10%22%2Cheadport=e];})
"Upstream" should be changed to the SSID of an existing wireless network. The "OpenWrt" network address range (192.168.1.0/10) and "Transparent Tor" network address range (10.192.0.0/10) are set with the assumption that they do not conflict with the "Upstream" network address.
== Installating the OpenWRT image ==
## Installating the OpenWRT image
To copy the openwrt image use SSH:
1. Enable a user/password for the factory DD-WRT image
...
...
@@ -23,11 +23,11 @@ To copy the openwrt image use SSH:
Wait for the device to reboot itself.
== Setup upstream wifi for internet connectivity ==
## Setup upstream wifi for internet connectivity
1. From http://192.168.1.1 go to the "Administration" / "Network" / "Radio0" page.
1. Click the "Enable" wireless checkbox.
1. Setup the first Interface to be a new wireless network that users connect to as they would any other network. Define the ESSID (example: "'''!OpenWrt'''") and password.
1. Add a new Interface to be used to connect to an upstream wireless provider for the routers internet access. Set the ESSID to that of the upstream wireless (example: "'''Upstream'''"). Define the "Mode" as "Client" and the "Network" as "wan".
1. Setup the first Interface to be a new wireless network that users connect to as they would any other network. Define the ESSID (example: "**OpenWrt**") and password.
1. Add a new Interface to be used to connect to an upstream wireless provider for the routers internet access. Set the ESSID to that of the upstream wireless (example: "**Upstream**"). Define the "Mode" as "Client" and the "Network" as "wan".
Important:
...
...
@@ -36,14 +36,16 @@ Important:
Test that the connection is working by attaching to the OpenWrt wireless network and connecting to the internet.
== Setup the transtor network interface ==
## Setup the transtor network interface
1. From the "Network" / "Interfaces" page put "transtor" in the text box and click "Add entry"
1. In the interface page change the "Interface" to custom and give it the name "wlan0"
1. Under "Create / Assign firewall-zone" select "transtor"
1. Set the the "Protocol" as static set the IP information as follows:[[BR]]
1. Set the the "Protocol" as static set the IP information as follows:
|| Zone || IPv4-Address || IPv4-Netmask ||
|| transtor || 10.192.0.1 || 255.192.0.0 ||
| Zone | IPv4-Address | IPv4-Netmask |
|------|--------------|--------------|
| transtor | 10.192.0.1 | 255.192.0.0 |
1. Click "Save & Apply"
...
...
@@ -51,46 +53,51 @@ Test that the connection is working by attaching to the OpenWrt wireless network
Setup dhcp for interface:
1. From the "Network" / "Dhcp" page click "Add entry" with the following values:[[BR]]
1. From the "Network" / "Dhcp" page click "Add entry" with the following values:
|| Interface || Start || Limit || Lease time ||
|| transtor || 10 || 100 || 12h ||
| Interface | Start | Limit | Lease time |
|-----------|-------|-------|------------|
| transtor | 10 | 100 | 12h |
1. Click "Save & Apply"
== Setup "transtor" firewall zone rules ==
## Setup "transtor" firewall zone rules
1. From the "Network" / "Firewall" / "Zones" page
1. Set the "transtor" zone to Incoming=Reject, Outgoing=Accept, Forward=Reject. Leave MASQ and MSS Clamping unchecked.
1. Click "Save & Apply"
1. From the console you will need to add the " conntrack '1' " option to the transtor zone as this option is not supported in the GUI:
{{{
```
config 'zone'
option 'name' 'transtor'
option 'input' 'REJECT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'conntrack' '1'
}}}
```
=== Setup port rules: ===
### Setup port rules:
1. From the "Network" / "Firewall" / "Traffic Control" page click "Add Entry"
1. Add entries with values matching each of the following. For each entry you will need to add the "Protocol" field::[[BR]]
1. Add entries with values matching each of the following. For each entry you will need to add the "Protocol" field::
|| Source || Destination || Protocol || Source Port || Destination Port || Action ||
Change the **ListenAddress to the address of the "OpenWrt"/lan interface
1. restart tor: # /etc/init.d/tor restart
1. depending on your version of tor you might need to edit the tor start script to handle late nameserver configuration (see below)
=== Unable to parse '/etc/resolv.conf' error ===
### Unable to parse '/etc/resolv.conf' error
For some network setups the namserver is not given until the upstream network is read and some older versions of tor do not handle this gracefully and will fail to start. Modify /etc/init.d/tor and place loop that delays the start of tor until the nameserver has been configured.
{{{
```
sed -i -e 's/$BIN $OPTIONS/while [ -z `grep "nameserver" \/etc\/resolv.conf` ] ; do sleep 10; done;\n\t$BIN $OPTIONS/' /etc/init.d/tor
}}}
```
## Setup "Transparent Tor" access point
1. From [http://192.168.1.1](http://192.168.1.1/) go to the "Administration" / "Network" / "Radio0" page.
1. Add a new Interface with the following values:
== Setup "Transparent Tor" access point ==
1. From [http://192.168.1.1/ http://192.168.1.1] go to the "Administration" / "Network" / "Radio0" page.
1. Add a new Interface with the following values:[[BR]]
|| ESSID || Network || Mode || Encryption ||
|| Transparent Tor || transtor || Access Point || No Encryption ||
| ESSID | Network | Mode | Encryption |
|-------|---------|------|------------|
| Transparent Tor | transtor | Access Point | No Encryption |
1. Click "Save & Apply"
== Miscellaneous Options ==
=== Remote control with Vidalia ===
## Miscellaneous Options
### Remote control with Vidalia
This is not recommended. The Control connection of Tor is not encrypted and opening it over unprotected wifi is not advised. However, to set this up we must:
1. Setup tor Control Port, Addr and Hash password
1. Setup wireless router firewall rule to pass through Control port and to NOT forward this connection through tor
1. Setup Vidalia client
==== Setup tor ====
1. Generate HashedControlPassword (example):[[BR]]# tor --hash-password examplepassword[[BR]]!16:6300B3DF2CDBCAD6605794581971326F4A03437A7502490A133B96966F
1. In the settings change the tor binary location to be nothing (or you might need to add a random binary such as cmd.exe or /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal)
1. Change the Control Port and Address to 10.192.0.1 and 9051
1. Restart Vidalia
=== Change Transparent Tor to password protected ===
### Change Transparent Tor to password protected
Does not seem to work. When enabling encryption on the Transparent Tor AP both the OpenWrt and Transparent Tor AP's fail to initialize. Perhaps the Buffalo router cannot handle more than two encrypted channels (The Upstream AP and OpenWrt AP)
...
...
@@ -219,12 +236,12 @@ It should also be noted that some device (the A0 A2) revision (it seems) cannot
(this may be a quirk in the uboot settings for the specific hardware I have though).
=== Building a custom Image ===
### Building a custom Image
{{{XXX: FIX THIS UP WITH ACTUAL VALID COMPLETE CONFIGS ETC.}}}
`XXX: FIX THIS UP WITH ACTUAL VALID COMPLETE CONFIGS ETC.`
As per http://wiki.openwrt.org/doc/howto/build
{{{
```
mkdir OpenWrt/
cd OpenWrt/
svn co svn://svn.openwrt.org/openwrt/branches/backfire
...
...
@@ -250,13 +267,13 @@ CONFIG_DEFAULT_opkg=y
CONFIG_DEFAULT_wpad-mini=y
...
CONFIG_PACKAGE_tor=y
}}}
```
== The following 'files' directory could be put into some kind of version control. (along with a working .config) ==
## The following 'files' directory could be put into some kind of version control. (along with a working .config)
Then you can put the pre-configured network settings into the image like this:
{{{
```
mkdir -p files/etc/config/
mkdir -p files/etc/tor
...
...
@@ -320,10 +337,10 @@ config 'dhcp' 'transtor'
EOF
}}}
```
Tor configuration:
{{{
```
cat << 'EOF' > files/etc/tor/torrc
# This is a configuration for a Tor bridge on the WAN interface
# and it also runs with a transport to allow for transparent proxying
