Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:tor:client [2022/10/28 00:58] – [2. Firewall] update vgaetera | docs:guide-user:services:tor:client [2023/10/14 13:39] – [Introduction] vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Tor client ====== | ====== Tor client ====== | ||
| - | {{section> | + | {{section> |
| ===== Introduction ===== | ===== Introduction ===== | ||
| * This how-to describes the method for setting up [[wp> | * This how-to describes the method for setting up [[wp> | ||
| * Tor is limited to DNS and TCP traffic, use [[docs: | * Tor is limited to DNS and TCP traffic, use [[docs: | ||
| - | * Follow [[docs: | + | * Follow [[docs: |
| ===== Goals ===== | ===== Goals ===== | ||
| Line 11: | Line 11: | ||
| * Access the dark net and Tor hidden services. | * Access the dark net and Tor hidden services. | ||
| * Encrypt your internet connection to enforce security and privacy. | * Encrypt your internet connection to enforce security and privacy. | ||
| - | * Prevent | + | * Prevent traffic |
| * Bypass regional restrictions using public relay providers. | * Bypass regional restrictions using public relay providers. | ||
| * Escape client side content filters and internet censorship. | * Escape client side content filters and internet censorship. | ||
| Line 23: | Line 23: | ||
| # Install packages | # Install packages | ||
| opkg update | opkg update | ||
| - | opkg install tor iptables-mod-extra | + | opkg install tor |
| # Configure Tor client | # Configure Tor client | ||
| Line 30: | Line 30: | ||
| AutomapHostsSuffixes . | AutomapHostsSuffixes . | ||
| VirtualAddrNetworkIPv4 172.16.0.0/ | VirtualAddrNetworkIPv4 172.16.0.0/ | ||
| - | VirtualAddrNetworkIPv6 fc00::/7 | + | VirtualAddrNetworkIPv6 |
| DNSPort 0.0.0.0: | DNSPort 0.0.0.0: | ||
| DNSPort [::]:9053 | DNSPort [::]:9053 | ||
| Line 42: | Line 42: | ||
| uci add_list tor.conf.tail_include="/ | uci add_list tor.conf.tail_include="/ | ||
| uci commit tor | uci commit tor | ||
| - | / | + | service |
| </ | </ | ||
| - | Enable | + | Prefer |
| ==== 2. Firewall ==== | ==== 2. Firewall ==== | ||
| Configure firewall to intercept LAN traffic. | Configure firewall to intercept LAN traffic. | ||
| - | Disable LAN to WAN forwarding to avoid traffic | + | Disable LAN to WAN forwarding to prevent |
| <code bash> | <code bash> | ||
| # Intercept TCP traffic | # Intercept TCP traffic | ||
| + | cat << " | ||
| + | TOR_CHAIN=" | ||
| + | TOR_RULE=" | ||
| + | | sed -n -e "/ | ||
| + | nft replace rule inet fw4 ${TOR_CHAIN} \ | ||
| + | handle ${TOR_RULE## | ||
| + | fib daddr type != { local, broadcast } ${TOR_RULE} | ||
| + | EOF | ||
| + | uci -q delete firewall.tor_nft | ||
| + | uci set firewall.tor_nft=" | ||
| + | uci set firewall.tor_nft.path="/ | ||
| uci -q delete firewall.tcp_int | uci -q delete firewall.tcp_int | ||
| uci set firewall.tcp_int=" | uci set firewall.tcp_int=" | ||
| Line 66: | Line 77: | ||
| uci -q delete firewall.@forwarding[0] | uci -q delete firewall.@forwarding[0] | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| ==== 3. DNS over Tor ==== | ==== 3. DNS over Tor ==== | ||
| {{section> | {{section> | ||
| - | {{section> | ||
| - | Redirect DNS traffic to Tor. | + | Redirect DNS traffic to Tor and prevent DNS leaks. |
| <code bash> | <code bash> | ||
| # Enable DNS over Tor | # Enable DNS over Tor | ||
| - | / | + | service |
| uci set dhcp.@dnsmasq[0].boguspriv=" | uci set dhcp.@dnsmasq[0].boguspriv=" | ||
| uci set dhcp.@dnsmasq[0].rebind_protection=" | uci set dhcp.@dnsmasq[0].rebind_protection=" | ||
| Line 85: | Line 95: | ||
| uci add_list dhcp.@dnsmasq[0].server=":: | uci add_list dhcp.@dnsmasq[0].server=":: | ||
| uci commit dhcp | uci commit dhcp | ||
| - | / | + | service |
| </ | </ | ||
| ===== Testing ===== | ===== Testing ===== | ||
| Verify that you are using Tor. | Verify that you are using Tor. | ||
| - | * [[https:// | + | * [[https:// |
| - | Check your client public | + | |
| - | * [[https:// | + | Check your IP and DNS provider. |
| - | Make sure there is no DNS leak on the client side. | + | * [[https:// |
| - | * [[https:// | + | * [[https://www.dnsleaktest.com/ |
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| Line 101: | Line 111: | ||
| <code bash> | <code bash> | ||
| # Restart services | # Restart services | ||
| - | / | + | service |
| # Log and status | # Log and status | ||