Think && Act
  • Welcome
  • OpenWRT系统
    • Remote Command Execution on GL.iNet's mini-routers
    • 配置DTS支持USB存储
    • OpenWRT procd启动过程
    • udhcpc如何绑定网络接口
    • 提交新平台补丁到OpenWRT社区
  • 无线WiFi技术
    • WiFi 四次握手分析
    • mac80211框架基础
    • How to get wirelss assoclist on MT7628
    • WPS on GL.iNet's OpenWRT
  • 密码学与安全
    • Feistel Cipher
    • 数据加密标准(DES)
    • Data Encryption Standard(DES)
    • Advanced Encryption Standard(AES)
  • 数据结构与算法
  • VPN技术
    • Using Tor on GL.iNet's mini-routers
    • Using Softether VPN on GL.iNet's mini-routers
    • Using ZeroTier on GL.iNet's mini-routers
  • Go语言
    • A Quick Guide for Go Modules
  • Shell脚本
    • Parameter Expansion ${}
    • User's Guide for Awk
  • Python语言
    • Python in Visual Studio Code
  • 投资理财
    • 【入门】股票入门基础
    • 【股初】找准股票入场时机
    • 【股初】合理规避风险
    • 【股初】“好公司”投资法
    • 【股初】财务三表分析
    • 【股初】“捡烟蒂”投资法
    • 【股初】构建白马组合
    • 【股进】选择好生意
    • 【股进】好公司——商业逻辑
  • 工具箱
    • A Guide of Visual Studio Code
    • hexo搭建博客
Powered by GitBook
On this page
  • Installation
  • Configuration
  • Configuring tor
  • Configuring firewall
  • Start Tor
  • Verify tor

Was this helpful?

  1. VPN技术

Using Tor on GL.iNet's mini-routers

Installation

opkg update
opkg install tor tor-geoip

Configuration

Configuring tor

Copying those lines below and paste in the router's command line, then press "Enter" key. That will override the torrc configuration file with it.

cat <<EOT > /etc/tor/torrc
RunAsDaemon 1
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
## Only run as a client, never a relay or exit
ClientOnly
PidFile /var/run/tor.pid
DataDirectory /var/lib/tor
User tor
SocksPort 9050
SocksPort 192.168.1.1:9050
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
VirtualAddrNetworkIPv4 10.192.0.0/10
TransPort 192.168.1.1:9040
DNSPort 192.168.1.1:9053
ControlPort 9051
EOT

Configuring firewall

Append those lines to /etc/config/firewall.

config zone 'tor'
    option name 'tor'
    option network 'lan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option conntrack '1'

config rule
    option name 'Allow-Tor-DHCP'
    option src 'tor'
    option proto 'udp'
    option dest_port '67'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Tor-DNS'
    option src 'tor'
    option proto 'udp'
    option dest_port '9053'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Tor-Transparent'
    option src 'tor'
    option proto 'tcp'
    option dest_port '9040'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Tor-SOCKS'
    option src 'tor'
    option proto 'tcp'
    option dest_port '9050'
    option target 'ACCEPT'
    option family 'ipv4'

Append those lines to /etc/firewall.user.

enable_transparent_tor() {

    ifname=br-lan

    # Allow direct access to the Tor daemon
    iptables -t nat -A PREROUTING -i $ifname -p tcp --dport 9050 -j ACCEPT

    # provide transparent routing for TCP and DNS
    iptables -t nat -A PREROUTING -i $ifname -p udp --dport 53 -j REDIRECT --to-ports 9053
    iptables -t nat -A PREROUTING -i $ifname -p tcp --syn -j REDIRECT --to-ports 9040
}

enable_transparent_tor

Start Tor

We have to edit Tor init script, /etc/init.d/tor to successfully start tor at every boot. Add those lines before procd_open_instance.

lan_ip=$(uci get network.lan.ipaddr)
[ -n "$lan_ip" ] && sed -i "s/192.168\..*\..*:/$lan_ip:/g" /etc/tor/torrc

All things done. Let’s start tor.

/etc/init.d/tor restart

Verify tor

PreviousVPN技术NextUsing Softether VPN on GL.iNet's mini-routers

Last updated 5 years ago

Was this helpful?

Visti to see if you are in tor network. Please note, when you are using tor, the router’s UI is not accessible as well. But you can ssh to the router.

check.torproject.org