Tor extras

Circumvent ISP restrictions with bridges.

# Install packages
opkg update
opkg install obfs4proxy
 
# Configure bridges
cat << EOF >> /etc/tor/custom
UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Bridge obfs4 154.35.22.10:443 8FB9F4319E89E5C6223052AA525A192AFBC85D55 \
cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0
Bridge obfs4 154.35.22.12:80 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB \
cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0
EOF
/etc/init.d/tor restart

Exclude dubious exit nodes by their country code.

# Install packages
opkg update
opkg install tor-geoip
 
# Exclude exit nodes
cat << EOF >> /etc/tor/custom
ExcludeExitNodes {??}, {by}, {kz}, {ru}, {ua}
EOF
/etc/init.d/tor restart

Enable Tor socks proxy.

# Enable Tor socks proxy
cat << EOF >> /etc/tor/custom
SOCKSPort 0.0.0.0:9050
SOCKSPort [::]:9050
EOF
/etc/init.d/tor restart

Route only specific domains to Tor network. Configure IP sets for Tor destinations. Allow forwarding for non-Tor destinations. Selectively resolve domains with DNS over Tor.

# Configure IP sets
for IPV in 4 6
do
uci -q delete firewall.tor${IPV%4}
uci set firewall.tor${IPV%4}="ipset"
uci set firewall.tor${IPV%4}.name="tor${IPV%4}"
uci set firewall.tor${IPV%4}.family="ipv${IPV}"
uci set firewall.tor${IPV%4}.match="net"
done
uci add_list firewall.tor.entry="172.16.0.0/12"
uci add_list firewall.tor6.entry="fc00::/7"
uci set firewall.tcp_int.ipset="tor dest"
 
# Allow forwarding for non-Tor destinations
for IPV in 4 6
do
uci -q delete firewall.lan${IPV%4}_fwd
uci set firewall.lan${IPV%4}_fwd="rule"
uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
uci set firewall.lan${IPV%4}_fwd.src="lan"
uci set firewall.lan${IPV%4}_fwd.dest="wan"
uci set firewall.lan${IPV%4}_fwd.proto="all"
uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
done
uci commit firewall
/etc/init.d/firewall restart
 
# Configure Tor-routed domains
uci -q delete dhcp.@dnsmasq[0].noresolv
uci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server="/onion/127.0.0.1#9053"
uci add_list dhcp.@dnsmasq[0].server="/example.com/127.0.0.1#9053"
uci add_list dhcp.@dnsmasq[0].server="/example.net/127.0.0.1#9053"
uci commit dhcp
/etc/init.d/dnsmasq restart

Automated Tor client installation.

URL="https://openwrt.org/_export/code/docs/guide-user/services/tor"
cat << EOF > tor-client.sh
$(uclient-fetch -O - "${URL}/client?codeblock=0")
$(uclient-fetch -O - "${URL}/client?codeblock=1")
$(uclient-fetch -O - "${URL}/client?codeblock=2")
$(uclient-fetch -O - "${URL}/client?codeblock=3")
$(uclient-fetch -O - "${URL}/client?codeblock=4")
EOF
sh tor-client.sh
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2022/11/03 04:31
  • by vgaetera