|
=== Warning: This page is severly outdated, please fix it up ===
|
|
### Warning: This page is severly outdated, please fix it up
|
|
|
|
|
|
[[TOC]]
|
|
|
|
|
|
|
|
The following are notes for varying methods of setup and modifications to the Torrouter installation on a [https://www.amazon.co.uk/Buffalo-AirStation-HighPower-Internet-Connections/dp/B0028ACYEK/ref=sr_1_1?ie=UTF8&qid=1291972032&sr=8-1 Buffalo WZR-HP-G300NH (UK)]. This setup differs in that we will use an existing wireless network as our upstream internet provider. The following diagram describes the network topology (network SSID's in grey):
|
|
|
|
|
|
|
|
[[Image(https://chart.googleapis.com/chart?cht=gv&chl=graph{bgcolor=transparent;BuffaloWifiRouter[shape=box3d];Internet[shape=ellipse%2Ccolor=%22grey%22%2Cfontcolor=%22gray%22%2Cstyle=dashed];node[shape=box%2Cstyle=filled%2Ccolor=lightgrey];OpenWrt--BuffaloWifiRouter[fontsize=10.0%2Clabel=%22192.168.1.0/24%22%2Cheadport=w]--Upstream--Internet[color=%22gray%22];BuffaloWifiRouter--Upstream[fontsize=10.0%2Clabel=%22address via DHCP%22]--Internet;TransparentTor--BuffaloWifiRouter[fontsize=10.0%2Clabel=%2210.192.0.0/10%22%2Cheadport=e];})]]
|
|
The following are notes for varying methods of setup and modifications to the Torrouter installation on a [Buffalo WZR-HP-G300NH (UK)](https://www.amazon.co.uk/Buffalo-AirStation-HighPower-Internet-Connections/dp/B0028ACYEK/ref=sr_1_1?ie=UTF8&qid=1291972032&sr=8-1). This setup differs in that we will use an existing wireless network as our upstream internet provider. The following diagram describes the network topology (network SSID's in grey):
|
|
|
|
|
|
|
|
![https://chart.googleapis.com/chart?cht=gv&chl=graph{bgcolor=transparent;BuffaloWifiRouter[shape=box3d];Internet[shape=ellipse%2Ccolor=%22grey%22%2Cfontcolor=%22gray%22%2Cstyle=dashed];node[shape=box%2Cstyle=filled%2Ccolor=lightgrey];OpenWrt--BuffaloWifiRouter[fontsize=10.0%2Clabel=%22192.168.1.0/24%22%2Cheadport=w]--Upstream--Internet[color=%22gray%22];BuffaloWifiRouter--Upstream[fontsize=10.0%2Clabel=%22address via DHCP%22]--Internet;TransparentTor--BuffaloWifiRouter[fontsize=10.0%2Clabel=%2210.192.0.0/10%22%2Cheadport=e];}](https://chart.googleapis.com/chart?cht=gv&chl=graph{bgcolor=transparent;BuffaloWifiRouter[shape=box3d];Internet[shape=ellipse%2Ccolor=%22grey%22%2Cfontcolor=%22gray%22%2Cstyle=dashed];node[shape=box%2Cstyle=filled%2Ccolor=lightgrey];OpenWrt--BuffaloWifiRouter[fontsize=10.0%2Clabel=%22192.168.1.0/24%22%2Cheadport=w]--Upstream--Internet[color=%22gray%22];BuffaloWifiRouter--Upstream[fontsize=10.0%2Clabel=%22address via DHCP%22]--Internet;TransparentTor--BuffaloWifiRouter[fontsize=10.0%2Clabel=%2210.192.0.0/10%22%2Cheadport=e];})
|
|
|
|
|
|
"Upstream" should be changed to the SSID of an existing wireless network. The "OpenWrt" network address range (192.168.1.0/10) and "Transparent Tor" network address range (10.192.0.0/10) are set with the assumption that they do not conflict with the "Upstream" network address.
|
|
"Upstream" should be changed to the SSID of an existing wireless network. The "OpenWrt" network address range (192.168.1.0/10) and "Transparent Tor" network address range (10.192.0.0/10) are set with the assumption that they do not conflict with the "Upstream" network address.
|
|
|
|
|
|
|
|
|
|
== Installating the OpenWRT image ==
|
|
## Installating the OpenWRT image
|
|
To copy the openwrt image use SSH:
|
|
To copy the openwrt image use SSH:
|
|
|
|
|
|
1. Enable a user/password for the factory DD-WRT image
|
|
1. Enable a user/password for the factory DD-WRT image
|
... | @@ -23,11 +23,11 @@ To copy the openwrt image use SSH: |
... | @@ -23,11 +23,11 @@ To copy the openwrt image use SSH: |
|
|
|
|
|
Wait for the device to reboot itself.
|
|
Wait for the device to reboot itself.
|
|
|
|
|
|
== Setup upstream wifi for internet connectivity ==
|
|
## Setup upstream wifi for internet connectivity
|
|
1. From http://192.168.1.1 go to the "Administration" / "Network" / "Radio0" page.
|
|
1. From http://192.168.1.1 go to the "Administration" / "Network" / "Radio0" page.
|
|
1. Click the "Enable" wireless checkbox.
|
|
1. Click the "Enable" wireless checkbox.
|
|
1. Setup the first Interface to be a new wireless network that users connect to as they would any other network. Define the ESSID (example: "'''!OpenWrt'''") and password.
|
|
1. Setup the first Interface to be a new wireless network that users connect to as they would any other network. Define the ESSID (example: "**OpenWrt**") and password.
|
|
1. Add a new Interface to be used to connect to an upstream wireless provider for the routers internet access. Set the ESSID to that of the upstream wireless (example: "'''Upstream'''"). Define the "Mode" as "Client" and the "Network" as "wan".
|
|
1. Add a new Interface to be used to connect to an upstream wireless provider for the routers internet access. Set the ESSID to that of the upstream wireless (example: "**Upstream**"). Define the "Mode" as "Client" and the "Network" as "wan".
|
|
|
|
|
|
Important:
|
|
Important:
|
|
|
|
|
... | @@ -36,14 +36,16 @@ Important: |
... | @@ -36,14 +36,16 @@ Important: |
|
|
|
|
|
Test that the connection is working by attaching to the OpenWrt wireless network and connecting to the internet.
|
|
Test that the connection is working by attaching to the OpenWrt wireless network and connecting to the internet.
|
|
|
|
|
|
== Setup the transtor network interface ==
|
|
## Setup the transtor network interface
|
|
1. From the "Network" / "Interfaces" page put "transtor" in the text box and click "Add entry"
|
|
1. From the "Network" / "Interfaces" page put "transtor" in the text box and click "Add entry"
|
|
1. In the interface page change the "Interface" to custom and give it the name "wlan0"
|
|
1. In the interface page change the "Interface" to custom and give it the name "wlan0"
|
|
1. Under "Create / Assign firewall-zone" select "transtor"
|
|
1. Under "Create / Assign firewall-zone" select "transtor"
|
|
1. Set the the "Protocol" as static set the IP information as follows:[[BR]]
|
|
1. Set the the "Protocol" as static set the IP information as follows:
|
|
|
|
|
|
|
|
|
|
|| Zone || IPv4-Address || IPv4-Netmask ||
|
|
| Zone | IPv4-Address | IPv4-Netmask |
|
|
|| transtor || 10.192.0.1 || 255.192.0.0 ||
|
|
|------|--------------|--------------|
|
|
|
|
| transtor | 10.192.0.1 | 255.192.0.0 |
|
|
|
|
|
|
1. Click "Save & Apply"
|
|
1. Click "Save & Apply"
|
|
|
|
|
... | @@ -51,46 +53,51 @@ Test that the connection is working by attaching to the OpenWrt wireless network |
... | @@ -51,46 +53,51 @@ Test that the connection is working by attaching to the OpenWrt wireless network |
|
|
|
|
|
Setup dhcp for interface:
|
|
Setup dhcp for interface:
|
|
|
|
|
|
1. From the "Network" / "Dhcp" page click "Add entry" with the following values:[[BR]]
|
|
1. From the "Network" / "Dhcp" page click "Add entry" with the following values:
|
|
|
|
|
|
|
|
|
|
|| Interface || Start || Limit || Lease time ||
|
|
| Interface | Start | Limit | Lease time |
|
|
|| transtor || 10 || 100 || 12h ||
|
|
|-----------|-------|-------|------------|
|
|
|
|
| transtor | 10 | 100 | 12h |
|
|
|
|
|
|
1. Click "Save & Apply"
|
|
1. Click "Save & Apply"
|
|
|
|
|
|
== Setup "transtor" firewall zone rules ==
|
|
## Setup "transtor" firewall zone rules
|
|
1. From the "Network" / "Firewall" / "Zones" page
|
|
1. From the "Network" / "Firewall" / "Zones" page
|
|
1. Set the "transtor" zone to Incoming=Reject, Outgoing=Accept, Forward=Reject. Leave MASQ and MSS Clamping unchecked.
|
|
1. Set the "transtor" zone to Incoming=Reject, Outgoing=Accept, Forward=Reject. Leave MASQ and MSS Clamping unchecked.
|
|
1. Click "Save & Apply"
|
|
1. Click "Save & Apply"
|
|
1. From the console you will need to add the " conntrack '1' " option to the transtor zone as this option is not supported in the GUI:
|
|
1. From the console you will need to add the " conntrack '1' " option to the transtor zone as this option is not supported in the GUI:
|
|
{{{
|
|
```
|
|
config 'zone'
|
|
config 'zone'
|
|
option 'name' 'transtor'
|
|
option 'name' 'transtor'
|
|
option 'input' 'REJECT'
|
|
option 'input' 'REJECT'
|
|
option 'output' 'ACCEPT'
|
|
option 'output' 'ACCEPT'
|
|
option 'forward' 'REJECT'
|
|
option 'forward' 'REJECT'
|
|
option 'conntrack' '1'
|
|
option 'conntrack' '1'
|
|
}}}
|
|
```
|
|
|
|
|
|
|
|
|
|
=== Setup port rules: ===
|
|
### Setup port rules:
|
|
1. From the "Network" / "Firewall" / "Traffic Control" page click "Add Entry"
|
|
1. From the "Network" / "Firewall" / "Traffic Control" page click "Add Entry"
|
|
1. Add entries with values matching each of the following. For each entry you will need to add the "Protocol" field::[[BR]]
|
|
1. Add entries with values matching each of the following. For each entry you will need to add the "Protocol" field::
|
|
|
|
|
|
|| Source || Destination || Protocol || Source Port || Destination Port || Action ||
|
|
|
|
|| wan || Device || tcp || || 443 || Accept ||
|
|
| Source | Destination | Protocol | Source Port | Destination Port | Action |
|
|
|| transtor || Device || udp || || 67 || Accept ||
|
|
|--------|-------------|----------|-------------|------------------|--------|
|
|
|| transtor || Device || tcp || || 9040 || Accept ||
|
|
| wan | Device | tcp | | 443 | Accept |
|
|
|| transtor || Device || udp || || 9053 || Accept ||
|
|
| transtor | Device | udp | | 67 | Accept |
|
|
|
|
| transtor | Device | tcp | | 9040 | Accept |
|
|
|
|
| transtor | Device | udp | | 9053 | Accept |
|
|
|
|
|
|
1. Click "Save & Apply"
|
|
1. Click "Save & Apply"
|
|
|
|
|
|
=== Setup traffic redirection: ===
|
|
### Setup traffic redirection:
|
|
1. From the console (no GUI support) telnet to the router and execute:[[BR]]
|
|
1. From the console (no GUI support) telnet to the router and execute:
|
|
{{{
|
|
|
|
|
|
```
|
|
opkg install iptables-mod-nat iptables-mod-nat-extra
|
|
opkg install iptables-mod-nat iptables-mod-nat-extra
|
|
}}}
|
|
```
|
|
{{{
|
|
```
|
|
cat << 'EOF' >> /etc/firewall.user
|
|
cat << 'EOF' >> /etc/firewall.user
|
|
|
|
|
|
# Redirection rules for Transparent Tor
|
|
# Redirection rules for Transparent Tor
|
... | @@ -100,10 +107,10 @@ iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040 |
... | @@ -100,10 +107,10 @@ iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040 |
|
|
|
|
|
EOF
|
|
EOF
|
|
|
|
|
|
}}}
|
|
```
|
|
Note: the 9053 port should match the DNSPort from torrc and 9040 the TransPort from torrc.
|
|
Note: the 9053 port should match the DNSPort from torrc and 9040 the TransPort from torrc.
|
|
|
|
|
|
== Setup Tor ==
|
|
## Setup Tor
|
|
1. From the "System" / "Software" page click the "Update package lists" link
|
|
1. From the "System" / "Software" page click the "Update package lists" link
|
|
1. In the "Download and install package" enter "tor" and press "OK"
|
|
1. In the "Download and install package" enter "tor" and press "OK"
|
|
1. From the "Services" / "Initscripts" enable the tor service
|
|
1. From the "Services" / "Initscripts" enable the tor service
|
... | @@ -111,8 +118,9 @@ EOF |
... | @@ -111,8 +118,9 @@ EOF |
|
At this point tor must be configured manually from the console.
|
|
At this point tor must be configured manually from the console.
|
|
|
|
|
|
1. telnet to the router
|
|
1. telnet to the router
|
|
1. edit /etc/tor/torrc values to match:[[BR]]
|
|
1. edit /etc/tor/torrc values to match:
|
|
{{{
|
|
|
|
|
|
```
|
|
User tor
|
|
User tor
|
|
RunAsDaemon 1
|
|
RunAsDaemon 1
|
|
PidFile /var/run/tor.pid
|
|
PidFile /var/run/tor.pid
|
... | @@ -144,69 +152,78 @@ RelayBandwidthBurst 200 KBytes |
... | @@ -144,69 +152,78 @@ RelayBandwidthBurst 200 KBytes |
|
# Log notice file /var/log/tor/notices.log
|
|
# Log notice file /var/log/tor/notices.log
|
|
# Log debug file /var/log/tor/debug.log
|
|
# Log debug file /var/log/tor/debug.log
|
|
|
|
|
|
}}}
|
|
```
|
|
Change the **ListenAddress to the address of the "OpenWrt"/lan interface
|
|
Change the **ListenAddress to the address of the "OpenWrt"/lan interface
|
|
1. restart tor: # /etc/init.d/tor restart
|
|
1. restart tor: # /etc/init.d/tor restart
|
|
1. depending on your version of tor you might need to edit the tor start script to handle late nameserver configuration (see below)
|
|
1. depending on your version of tor you might need to edit the tor start script to handle late nameserver configuration (see below)
|
|
|
|
|
|
=== Unable to parse '/etc/resolv.conf' error ===
|
|
### Unable to parse '/etc/resolv.conf' error
|
|
For some network setups the namserver is not given until the upstream network is read and some older versions of tor do not handle this gracefully and will fail to start. Modify /etc/init.d/tor and place loop that delays the start of tor until the nameserver has been configured.
|
|
For some network setups the namserver is not given until the upstream network is read and some older versions of tor do not handle this gracefully and will fail to start. Modify /etc/init.d/tor and place loop that delays the start of tor until the nameserver has been configured.
|
|
{{{
|
|
```
|
|
sed -i -e 's/$BIN $OPTIONS/while [ -z `grep "nameserver" \/etc\/resolv.conf` ] ; do sleep 10; done;\n\t$BIN $OPTIONS/' /etc/init.d/tor
|
|
sed -i -e 's/$BIN $OPTIONS/while [ -z `grep "nameserver" \/etc\/resolv.conf` ] ; do sleep 10; done;\n\t$BIN $OPTIONS/' /etc/init.d/tor
|
|
}}}
|
|
```
|
|
|
|
|
|
|
|
## Setup "Transparent Tor" access point
|
|
|
|
1. From [http://192.168.1.1](http://192.168.1.1/) go to the "Administration" / "Network" / "Radio0" page.
|
|
|
|
1. Add a new Interface with the following values:
|
|
|
|
|
|
== Setup "Transparent Tor" access point ==
|
|
|
|
1. From [http://192.168.1.1/ http://192.168.1.1] go to the "Administration" / "Network" / "Radio0" page.
|
|
|
|
1. Add a new Interface with the following values:[[BR]]
|
|
|
|
|
|
|
|
|| ESSID || Network || Mode || Encryption ||
|
|
| ESSID | Network | Mode | Encryption |
|
|
|| Transparent Tor || transtor || Access Point || No Encryption ||
|
|
|-------|---------|------|------------|
|
|
|
|
| Transparent Tor | transtor | Access Point | No Encryption |
|
|
|
|
|
|
1. Click "Save & Apply"
|
|
1. Click "Save & Apply"
|
|
|
|
|
|
== Miscellaneous Options ==
|
|
## Miscellaneous Options
|
|
=== Remote control with Vidalia ===
|
|
### Remote control with Vidalia
|
|
This is not recommended. The Control connection of Tor is not encrypted and opening it over unprotected wifi is not advised. However, to set this up we must:
|
|
This is not recommended. The Control connection of Tor is not encrypted and opening it over unprotected wifi is not advised. However, to set this up we must:
|
|
|
|
|
|
1. Setup tor Control Port, Addr and Hash password
|
|
1. Setup tor Control Port, Addr and Hash password
|
|
1. Setup wireless router firewall rule to pass through Control port and to NOT forward this connection through tor
|
|
1. Setup wireless router firewall rule to pass through Control port and to NOT forward this connection through tor
|
|
1. Setup Vidalia client
|
|
1. Setup Vidalia client
|
|
|
|
|
|
==== Setup tor ====
|
|
#### Setup tor
|
|
1. Generate HashedControlPassword (example):[[BR]]# tor --hash-password examplepassword[[BR]]!16:6300B3DF2CDBCAD6605794581971326F4A03437A7502490A133B96966F
|
|
1. Generate HashedControlPassword (example):
|
|
1. Add /etc/tor/rc:[[BR]]
|
|
# tor --hash-password examplepassword
|
|
{{{
|
|
!16:6300B3DF2CDBCAD6605794581971326F4A03437A7502490A133B96966F
|
|
|
|
1. Add /etc/tor/rc:
|
|
|
|
|
|
|
|
```
|
|
ControlPort 9051
|
|
ControlPort 9051
|
|
ControlListenAddress 10.192.0.1
|
|
ControlListenAddress 10.192.0.1
|
|
HashedControlPassword 16:6300B3DF2CDBCAD6605794581971326F4A03437A7502490A133B96966F
|
|
HashedControlPassword 16:6300B3DF2CDBCAD6605794581971326F4A03437A7502490A133B96966F
|
|
}}}
|
|
```
|
|
1. Restart tor:[[BR]]# /etc/init.d/tor restart
|
|
1. Restart tor:
|
|
|
|
# /etc/init.d/tor restart
|
|
|
|
|
|
==== Setup wireless router firewall ====
|
|
#### Setup wireless router firewall
|
|
1. Add to /etc/config/firewall:[[BR]]
|
|
1. Add to /etc/config/firewall:
|
|
{{{
|
|
|
|
|
|
```
|
|
config 'rule'
|
|
config 'rule'
|
|
option 'src' 'transtor'
|
|
option 'src' 'transtor'
|
|
option 'proto' 'tcp'
|
|
option 'proto' 'tcp'
|
|
option 'dest_port' '9051'
|
|
option 'dest_port' '9051'
|
|
option 'target' 'ACCEPT'
|
|
option 'target' 'ACCEPT'
|
|
}}}
|
|
```
|
|
1. Change /etc/firewall.user to:[[BR]]
|
|
1. Change /etc/firewall.user to:
|
|
{{{
|
|
|
|
|
|
```
|
|
# Redirection rules for Transparent Tor
|
|
# Redirection rules for Transparent Tor
|
|
iptables -t nat -A PREROUTING -i wlan1 -p udp --dport 53 -j REDIRECT --to-ports 9053
|
|
iptables -t nat -A PREROUTING -i wlan1 -p udp --dport 53 -j REDIRECT --to-ports 9053
|
|
# iptables -t nat -A PREROUTING -i wlan1 -p tcp --syn -j REDIRECT --to-ports 9040
|
|
# iptables -t nat -A PREROUTING -i wlan1 -p tcp --syn -j REDIRECT --to-ports 9040
|
|
# So that we can setup local control port
|
|
# So that we can setup local control port
|
|
iptables -t nat -A PREROUTING -i wlan1 -p tcp ! -d 10.192.0.1 --syn -j REDIRECT --to-ports 9040
|
|
iptables -t nat -A PREROUTING -i wlan1 -p tcp ! -d 10.192.0.1 --syn -j REDIRECT --to-ports 9040
|
|
}}}
|
|
```
|
|
1. Restart firewall:[[BR]]# /etc/init.d/firewall restart
|
|
1. Restart firewall:
|
|
|
|
# /etc/init.d/firewall restart
|
|
|
|
|
|
==== Setup Vidalia client ====
|
|
#### Setup Vidalia client
|
|
1. In the settings change the tor binary location to be nothing (or you might need to add a random binary such as cmd.exe or /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal)
|
|
1. In the settings change the tor binary location to be nothing (or you might need to add a random binary such as cmd.exe or /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal)
|
|
1. Change the Control Port and Address to 10.192.0.1 and 9051
|
|
1. Change the Control Port and Address to 10.192.0.1 and 9051
|
|
1. Restart Vidalia
|
|
1. Restart Vidalia
|
|
|
|
|
|
=== Change Transparent Tor to password protected ===
|
|
### Change Transparent Tor to password protected
|
|
Does not seem to work. When enabling encryption on the Transparent Tor AP both the OpenWrt and Transparent Tor AP's fail to initialize. Perhaps the Buffalo router cannot handle more than two encrypted channels (The Upstream AP and OpenWrt AP)
|
|
Does not seem to work. When enabling encryption on the Transparent Tor AP both the OpenWrt and Transparent Tor AP's fail to initialize. Perhaps the Buffalo router cannot handle more than two encrypted channels (The Upstream AP and OpenWrt AP)
|
|
|
|
|
|
|
|
|
... | @@ -219,12 +236,12 @@ It should also be noted that some device (the A0 A2) revision (it seems) cannot |
... | @@ -219,12 +236,12 @@ It should also be noted that some device (the A0 A2) revision (it seems) cannot |
|
(this may be a quirk in the uboot settings for the specific hardware I have though).
|
|
(this may be a quirk in the uboot settings for the specific hardware I have though).
|
|
|
|
|
|
|
|
|
|
=== Building a custom Image ===
|
|
### Building a custom Image
|
|
|
|
|
|
{{{XXX: FIX THIS UP WITH ACTUAL VALID COMPLETE CONFIGS ETC.}}}
|
|
`XXX: FIX THIS UP WITH ACTUAL VALID COMPLETE CONFIGS ETC.`
|
|
|
|
|
|
As per http://wiki.openwrt.org/doc/howto/build
|
|
As per http://wiki.openwrt.org/doc/howto/build
|
|
{{{
|
|
```
|
|
mkdir OpenWrt/
|
|
mkdir OpenWrt/
|
|
cd OpenWrt/
|
|
cd OpenWrt/
|
|
svn co svn://svn.openwrt.org/openwrt/branches/backfire
|
|
svn co svn://svn.openwrt.org/openwrt/branches/backfire
|
... | @@ -250,13 +267,13 @@ CONFIG_DEFAULT_opkg=y |
... | @@ -250,13 +267,13 @@ CONFIG_DEFAULT_opkg=y |
|
CONFIG_DEFAULT_wpad-mini=y
|
|
CONFIG_DEFAULT_wpad-mini=y
|
|
...
|
|
...
|
|
CONFIG_PACKAGE_tor=y
|
|
CONFIG_PACKAGE_tor=y
|
|
}}}
|
|
```
|
|
|
|
|
|
== The following 'files' directory could be put into some kind of version control. (along with a working .config) ==
|
|
## The following 'files' directory could be put into some kind of version control. (along with a working .config)
|
|
|
|
|
|
|
|
|
|
Then you can put the pre-configured network settings into the image like this:
|
|
Then you can put the pre-configured network settings into the image like this:
|
|
{{{
|
|
```
|
|
mkdir -p files/etc/config/
|
|
mkdir -p files/etc/config/
|
|
mkdir -p files/etc/tor
|
|
mkdir -p files/etc/tor
|
|
|
|
|
... | @@ -320,10 +337,10 @@ config 'dhcp' 'transtor' |
... | @@ -320,10 +337,10 @@ config 'dhcp' 'transtor' |
|
EOF
|
|
EOF
|
|
|
|
|
|
|
|
|
|
}}}
|
|
```
|
|
|
|
|
|
Tor configuration:
|
|
Tor configuration:
|
|
{{{
|
|
```
|
|
cat << 'EOF' > files/etc/tor/torrc
|
|
cat << 'EOF' > files/etc/tor/torrc
|
|
# This is a configuration for a Tor bridge on the WAN interface
|
|
# This is a configuration for a Tor bridge on the WAN interface
|
|
# and it also runs with a transport to allow for transparent proxying
|
|
# and it also runs with a transport to allow for transparent proxying
|
... | @@ -357,11 +374,11 @@ RelayBandwidthBurst 200 KBytes |
... | @@ -357,11 +374,11 @@ RelayBandwidthBurst 200 KBytes |
|
# DO NOT UNCOMMENT THIS LINE UNTIL GEOIP SUPPORT IS CONFIRMED
|
|
# DO NOT UNCOMMENT THIS LINE UNTIL GEOIP SUPPORT IS CONFIRMED
|
|
# GeoIPFile /etc/tor/geoip
|
|
# GeoIPFile /etc/tor/geoip
|
|
EOF
|
|
EOF
|
|
}}}
|
|
```
|
|
|
|
|
|
|
|
|
|
Firewall:
|
|
Firewall:
|
|
{{{
|
|
```
|
|
cat << 'EOF' >> files/etc/config/firewall
|
|
cat << 'EOF' >> files/etc/config/firewall
|
|
|
|
|
|
#Allow Tor Bridge incoming for censored users
|
|
#Allow Tor Bridge incoming for censored users
|
... | @@ -408,14 +425,14 @@ iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport ! 53 --syn -j REDIRECT --t |
... | @@ -408,14 +425,14 @@ iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport ! 53 --syn -j REDIRECT --t |
|
|
|
|
|
EOF
|
|
EOF
|
|
|
|
|
|
}}}
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Then enter:
|
|
Then enter:
|
|
{{{
|
|
```
|
|
make
|
|
make
|
|
}}}
|
|
```
|
|
|
|
|
|
After '''make''' finishes images can be found in the '''bin/''' folder. |
|
After **make** finishes images can be found in the **bin/** folder. |