Show pagesourceOld revisionsBacklinksBack to top × Table of Contents Tor extras Introduction Extras References Pluggable transports Exit nodes Socks proxy Selective routing Automated Tor extras This article relies on the following: Accessing OpenWrt CLI Managing configurations Managing packages Managing services Introduction This how-to describes the most common Tor tuning scenarios adapted for OpenWrt. Follow Tor client for client setup and Tor hidden service for Onion service setup. Follow Random generator to overcome low entropy issues. Extras References Tor Manual Tor community documentation Tor frequently asked questions Pluggable transports Circumvent ISP restrictions with bridges. # Install packages opkg update opkg install obfs4proxy # Configure bridges cat << EOF >> /etc/tor/custom UseBridges 1 ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy Bridge obfs4 154.35.22.10:443 8FB9F4319E89E5C6223052AA525A192AFBC85D55 \ cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0 Bridge obfs4 154.35.22.12:80 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB \ cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0 EOF /etc/init.d/tor restart Exit nodes Exclude dubious exit nodes by their country code. # Install packages opkg update opkg install tor-geoip # Exclude exit nodes cat << EOF >> /etc/tor/custom ExcludeExitNodes {??}, {by}, {kz}, {ru}, {ua} EOF /etc/init.d/tor restart Socks proxy Enable Tor socks proxy. # Enable Tor socks proxy cat << EOF >> /etc/tor/custom SOCKSPort 0.0.0.0:9050 SOCKSPort [::]:9050 EOF /etc/init.d/tor restart Selective routing Route only specific domains to Tor network. Configure IP sets for Tor destinations. Allow forwarding for non-Tor destinations. Selectively resolve domains with DNS over Tor. # Configure IP sets for IPV in 4 6 do uci -q delete firewall.tor${IPV%4} uci set firewall.tor${IPV%4}="ipset" uci set firewall.tor${IPV%4}.name="tor${IPV%4}" uci set firewall.tor${IPV%4}.family="ipv${IPV}" uci set firewall.tor${IPV%4}.match="net" done uci add_list firewall.tor.entry="172.16.0.0/12" uci add_list firewall.tor6.entry="fc00::/7" uci set firewall.tcp_int.ipset="tor dest" # Allow forwarding for non-Tor destinations for IPV in 4 6 do uci -q delete firewall.lan${IPV%4}_fwd uci set firewall.lan${IPV%4}_fwd="rule" uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward" uci set firewall.lan${IPV%4}_fwd.src="lan" uci set firewall.lan${IPV%4}_fwd.dest="wan" uci set firewall.lan${IPV%4}_fwd.proto="all" uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}" uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest" uci set firewall.lan${IPV%4}_fwd.target="ACCEPT" done uci commit firewall /etc/init.d/firewall restart # Configure Tor-routed domains uci -q delete dhcp.@dnsmasq[0].noresolv uci -q delete dhcp.@dnsmasq[0].server uci add_list dhcp.@dnsmasq[0].server="/onion/127.0.0.1#9053" uci add_list dhcp.@dnsmasq[0].server="/example.com/127.0.0.1#9053" uci add_list dhcp.@dnsmasq[0].server="/example.net/127.0.0.1#9053" uci commit dhcp /etc/init.d/dnsmasq restart Automated Automated Tor client installation. URL="https://openwrt.org/_export/code/docs/guide-user/services/tor" cat << EOF > tor-client.sh $(uclient-fetch -O - "${URL}/client?codeblock=0") $(uclient-fetch -O - "${URL}/client?codeblock=1") $(uclient-fetch -O - "${URL}/client?codeblock=2") $(uclient-fetch -O - "${URL}/client?codeblock=3") $(uclient-fetch -O - "${URL}/client?codeblock=4") EOF sh tor-client.sh This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2022/11/03 04:31by vgaetera