VPN3 分钟 读完 (大约 377 个字)

Set Up a Tor Network on OpenWRT

Installation

Login to router’s console, and run the command to install Tor’s ipk. 

1
2
opkg update
opkg install tor tor-geoip

Configuration

Configuring tor

Copying lines below and paste it into router’s command line, then press “Enter” key. It will override the torrc configuration file /etc/tor/torrc. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
cat <<EOT > /etc/tor/torrc
RunAsDaemon 1
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
## Only run as a client, never a relay or exit
ClientOnly
PidFile /var/run/tor.pid
DataDirectory /var/lib/tor
User tor
SocksPort 9050
SocksPort 192.168.1.1:9050
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
VirtualAddrNetworkIPv4 10.192.0.0/10
TransPort 192.168.1.1:9040
DNSPort 192.168.1.1:9053
ControlPort 9051
EOT

Configuring firewall

Add lines below into /etc/config/firewall.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
config zone 'tor'
    option name 'tor'
    option network 'lan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option conntrack '1'
	
config rule
    option name 'Allow-Tor-DHCP'
    option src 'tor'
    option proto 'udp'
    option dest_port '67'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Tor-DNS'
    option src 'tor'
    option proto 'udp'
    option dest_port '9053'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Tor-Transparent'
    option src 'tor'
    option proto 'tcp'
    option dest_port '9040'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Tor-SOCKS'
    option src 'tor'
    option proto 'tcp'
    option dest_port '9050'
    option target 'ACCEPT'
    option family 'ipv4'

Add lines below to /etc/firewall.user.

1
2
3
4
5
6
7
8
9
10
11
12
13
enable_transparent_tor() {

	ifname=br-lan

	# Allow direct access to the Tor daemon
	iptables -t nat -A PREROUTING -i $ifname -p tcp --dport 9050 -j ACCEPT

	# provide transparent routing for TCP and DNS
	iptables -t nat -A PREROUTING -i $ifname -p udp --dport 53 -j REDIRECT --to-ports 9053
	iptables -t nat -A PREROUTING -i $ifname -p tcp --syn -j REDIRECT --to-ports 9040
}

enable_transparent_tor

Start Tor

We have to edit Tor’s init script /etc/init.d/tor, add those lines before procd_open_instance.

1
2
lan_ip=$(uci get network.lan.ipaddr)
[ -n "$lan_ip" ] && sed -i "s/192.168\..*\..*:/$lan_ip:/g" /etc/tor/torrc

All things done. Let’s start tor.

1
/etc/init.d/tor restart

Verify tor

Visti check.torproject.org to see if you are in tor network. Please note, when you are using tor, the router’s UI is not accessible as well. But you can ssh to the router.

#

评论

×