Here is what you can do to use Tor in AR750. This guide is generally and can be used in other devices. but you may need to modify the script a little bit to suit the Interfaces.
Basic skills:
Please refer to SSH to the router - GL.iNet Docs for how to edit the files in the router using ssh or winscp.
Step 1: install Tor
opkg update
opkg install tor
Step 2: configure Tor
You need to change two files.
/etc/init.d/tor
In this files, the script check if wlan0 and eth1 is up, which means network ready. These lines may need to change if you use in other devices
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org
START=50
STOP=50
SERVICE_USE_PID=1
start() {
while [ -z "$(ifconfig wlan0)" -a -z "$(ifconfig eth1)" ]; do
sleep 5
done
user_exists tor 52 || user_add tor 52 52 /var/lib/tor
group_exists tor 52 || group_add tor 52
[ -f /var/run/tor.pid ] || {
touch /var/run/tor.pid
chown tor:tor /var/run/tor.pid
}
[ -d /var/lib/tor ] || {
mkdir -m 0755 -p /var/lib/tor
chmod 0700 /var/lib/tor
chown tor:tor /var/lib/tor
}
[ -d /var/log/tor ] || {
mkdir -m 0755 -p /var/log/tor
chown tor:tor /var/log/tor
}
service_start /usr/sbin/tor --PidFile /var/run/tor.pid
}
stop() {
service_stop /usr/sbin/tor
}
/etc/tor/torrc
Please note: 192.168.8.1
is the IP address of the router. If you changed your router’s IP, please change the values as well.
RunAsDaemon 1
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
## Only run as a client, never a relay or exit
ClientOnly
DataDirectory /var/lib/tor
User tor
SocksPort 9050
SocksPort 192.168.8.1:9050
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
VirtualAddrNetworkIPv4 10.192.0.0/10
TransPort 192.168.8.1:9040
DNSPort 192.168.8.1:9053
Step 3: Add firewall rules
You can add the following code to /etc/firewall.user
enable_transparent_tor() {
ifname=br-lan
# Allow direct access to the Tor daemon
iptables -t nat -A PREROUTING -i $ifname -p tcp --dport 9050 -j ACCEPT
# provide transparent routing for TCP and DNS
iptables -t nat -A PREROUTING -i $ifname -p udp --dport 53 -j REDIRECT --to-ports 9053
iptables -t nat -A PREROUTING -i $ifname -p tcp --syn -j REDIRECT --to-ports 9040
}
disabled=$(uci get glconfig.tor.disabled)
if [ "$disabled" != "1" ]; then
enable_transparent_tor
fi
Step 4: Enable/disable, Start Tor
Tor will auto start when router start.
But if you want to start tor manually, please use the following
/etc/init.d/tor restart
To check the status of Tor, check log. When you see 100%, it means Tor is up.
logread|grep Tor
Wed Jul 4 04:06:07 2018 daemon.notice Tor[2445]: Bootstrapped 0%: Starting
Wed Jul 4 04:06:13 2018 daemon.notice Tor[2445]: Bootstrapped 80%: Connecting to the Tor network
Wed Jul 4 04:06:15 2018 daemon.notice Tor[2445]: Bootstrapped 85%: Finishing handshake with first hop
Wed Jul 4 04:06:16 2018 daemon.notice Tor[2445]: Bootstrapped 90%: Establishing a Tor circuit
Wed Jul 4 04:06:17 2018 daemon.notice Tor[2445]: Tor has successfully opened a circuit. Looks like client functionality is working.
Wed Jul 4 04:06:17 2018 daemon.notice Tor[2445]: Bootstrapped 100%: Done
Let also add a uci config to enable/disable Tor.
uci set glconfig.tor=service
uci set glconfig.tor.disabled=0
uci commit glconfig
When you want to use Tor
uci set glconfig.tor.disabled=0
uci commit glconfig
when you want to use Normal Internet
uci set glconfig.tor.disabled=1
uci commit glconfig
Finally, restart firewall or reboot the router to use Tor.
/etc/init.d/firewall restart
Step 6: Verify tor
Visti http://check.torproject.org/ to see if you are in Tor network. Please not, when you are using tor, the router’s UI is not accessible as well. But you can ssh to the router.
Step 7: Using the switch button to control if you need Tor
I tried but the switch button configuration is getting a little complicated and I haven’t do this.
Here is the files I attached, please upload to the correct path as the guide.
tor-ar750.zip (1.7 KB)