Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:tor:client [2023/09/16 12:15] – [2. Firewall] vgaeteradocs:guide-user:services:tor:client [2023/10/14 13:39] – [Introduction] vgaetera
Line 5: Line 5:
   * This how-to describes the method for setting up [[wp>Tor_(anonymity_network)|Tor]] client on OpenWrt.   * This how-to describes the method for setting up [[wp>Tor_(anonymity_network)|Tor]] client on OpenWrt.
   * Tor is limited to DNS and TCP traffic, use [[docs:guide-user:services:vpn:start|VPN]] to protect all traffic.   * Tor is limited to DNS and TCP traffic, use [[docs:guide-user:services:vpn:start|VPN]] to protect all traffic.
-  * Follow [[docs:guide-user:services:tor:extras|Tor extras]] for additional tuning.+  * Follow [[docs:guide-user:services:tor:extras|Tor extras]] for automated setup and additional tuning.
  
 ===== Goals ===== ===== Goals =====
Line 42: Line 42:
 uci add_list tor.conf.tail_include="/etc/tor/custom" uci add_list tor.conf.tail_include="/etc/tor/custom"
 uci commit tor uci commit tor
-/etc/init.d/tor restart+service tor restart
 </code> </code>
  
Line 54: Line 54:
 # Intercept TCP traffic # Intercept TCP traffic
 cat << "EOF" > /etc/nftables.d/tor.sh cat << "EOF" > /etc/nftables.d/tor.sh
-TOR_ZONE="$(uci -q get firewall.tcp_int.src)"+TOR_CHAIN="dstnat_$(uci -q get firewall.tcp_int.src)"
 TOR_RULE="$(nft -a list chain inet fw4 ${TOR_CHAIN} \ TOR_RULE="$(nft -a list chain inet fw4 ${TOR_CHAIN} \
 | sed -n -e "/Intercept-TCP/p")" | sed -n -e "/Intercept-TCP/p")"
-nft replace rule inet fw4 dstnat_${TOR_ZONE} \+nft replace rule inet fw4 ${TOR_CHAIN} \
 handle ${TOR_RULE##* } \ handle ${TOR_RULE##* } \
 fib daddr type != { local, broadcast } ${TOR_RULE} fib daddr type != { local, broadcast } ${TOR_RULE}
Line 77: Line 77:
 uci -q delete firewall.@forwarding[0] uci -q delete firewall.@forwarding[0]
 uci commit firewall uci commit firewall
-/etc/init.d/firewall restart+service firewall restart
 </code> </code>
  
Line 87: Line 87:
 <code bash> <code bash>
 # Enable DNS over Tor # Enable DNS over Tor
-/etc/init.d/dnsmasq stop+service dnsmasq stop
 uci set dhcp.@dnsmasq[0].boguspriv="0" uci set dhcp.@dnsmasq[0].boguspriv="0"
 uci set dhcp.@dnsmasq[0].rebind_protection="0" uci set dhcp.@dnsmasq[0].rebind_protection="0"
Line 95: Line 95:
 uci add_list dhcp.@dnsmasq[0].server="::1#9053" uci add_list dhcp.@dnsmasq[0].server="::1#9053"
 uci commit dhcp uci commit dhcp
-/etc/init.d/dnsmasq start+service dnsmasq start
 </code> </code>
- 
-==== Automated ==== 
-Automated Tor client installation. 
- 
-<code bash> 
-URL="https://openwrt.org/_export/code/docs/guide-user/services/tor" 
-cat << EOF > tor-client.sh 
-$(wget -U "" -O - "${URL}/client?codeblock=0") 
-$(wget -U "" -O - "${URL}/client?codeblock=1") 
-$(wget -U "" -O - "${URL}/client?codeblock=2") 
-$(wget -U "" -O - "${URL}/client?codeblock=3") 
-$(wget -U "" -O - "${URL}/client?codeblock=4") 
-EOF 
-sh tor-client.sh 
-</code> 
- 
  
 ===== Testing ===== ===== Testing =====
Line 127: Line 111:
 <code bash> <code bash>
 # Restart services # Restart services
-/etc/init.d/log restart; /etc/init.d/firewall restart; /etc/init.d/tor restart+service log restart; service firewall restart; service tor restart
  
 # Log and status # Log and status
  • Last modified: 2023/10/18 07:17
  • by vgaetera