GL-AR150 with Tor-Firmware 1.2 .. just half tor


#21

It is not a problem of NAT. As you can see that in all A, B and C, you cannot connect to the .onion websites. I have my AR150-Tor working after firewall and it has no problem to access .onion sites.

You can only access .onion via Tor browser. Of course! Tor browser is customized to do such work and it works. This has nothing to do with AR150. Tor browser works without any problem in all networks (except in China).

I want to know when you upgrade the firmware, did you keep settings? If yes or not sure, can you reset your firmware to factory status to have another try? Press the reset button for more than 8 seconds, release it and the leds will flash. Wait for it to reboot.


#22

good morning everyone :slight_smile:

i just used the tor-browser (without AR150) to see if i am actually trying valid .onion sites…

and about the firmware upgrades on the AR150:

first upgrade was to tor 1.2 DO NOT keep settings: did not work properly…
second upgrade was to tor 1.2 DO NOT keep settings: successfull upgrade, set root-login password and changed SSID for tor wifi-network
thrid upgrade was to tor 1.3 keep settings: successfull upgrade, except i cannot access onion pages

i will do e reset tonight and then write again.

cheers


#23

For me a .onion site would be nice.

@ alzhao: If I ever get the rotary encoder working, then I would like to be able to write the value of the encoder position to a website. That webite can then be read by another device and that one then can use the value to set a servo, or dim a LED.

The beauty of using tor hidden service .onion is this: 2 devices can communicate together as they know eachother without the need of any other server. Even half way around the world as long as they are able to connect to tor. Nicely encrypted.

This description is a bit vague, but there are many different usecases for this.

Lets say to monitor domotica stuff, connect an arduino with sensors to a AR150 host the values on a .onion and it is ready to use. Connect with a tor browser fully encrypted to your AR150. From wherever you are. A more modern decentralised version of dynDNS, so in my opinion also better then VPN

 

 


#24

I understand now. I am not sure if host an .onion website on the router and be accessible to the world is easy. But the idea is nice.

For your usage, if not required to be encrypted by Tor and you don’t mind a server, we are developing another project:

All the devices is having an XMPP client and can communicate with each other via our xmpp server. So you can control your devices connected to it anywhere in the world using your mobile or website. What do you think about this?

 


#25

did not get a chance last night to reset the AR150… will try this weekend :slight_smile:

 


#26

so, i did the reset

  • i pressed the reset button for 10secs
  • after reboot i connected to SSID openwrt
  • set a new password
  • saved and let the device reboot
  • connected to openwrt to check the connection: ok
  • connected to tor to check normal internet:
    • google: ok
    • check.torproject.org: Congratulations. This browser is configured to use Tor.
    • http://xmh57jrzrnw6insl.onion/ WORKS!! :D
  • connceted to openwrt to change SSID tor to Gate
  • check google on openwrt: ok
  • connected to tor to check normal internet:
    • google: ok
    • check.torproject.org: Congratulations. This browser is configured to use Tor.
    • http://xmh57jrzrnw6insl.onion/ WORKS!! :D
so a reset did the trick :D

#27
For your usage, if not required to be encrypted by Tor and you don’t mind a server, we are developing another project: All the devices is having an XMPP client and can communicate with each other via our xmpp server. So you can control your devices connected to it anywhere in the world using your mobile or website. What do you think about this?

XMPP is indeed a cute solution as well. Though for Domotica stuff encryption will be more or less essential. I don’t want a stranger to be able to turn of my light when i’m reading a book. :slight_smile:

though i’m curious to that XMPP solution.


#28

This may need its own topic, but since someone brought the idea up here, I’m going to post it here…

The idea of a Tor Hidden Service (.onion page) on the AR-150 has crossed my mind before, but I’d never really thought of how useful it may be until now. One of the main benefits that I can think of, is that TOR handles all of the tricky & difficult network tasks, no need to set up an IP-forward, no need to change any firewall, routing, or port configurations, no need to expose any of your ports to the public and as long as the TOR client is successfully configured. All you have to do is host an otherwise local website on 127.0.0.1.

If you travel with your tor-router this would allow you to have a private, secure website for yourself, or anyone that has the address, that follows you wherever you go (as long as you can access a tor connection). You could have a webcam for your hotel room when you’re away. You could share a flash drive that you don’t want to carry on your person. You could setup a secure “dropbox” that’s not on the public internet. Those are just website examples, you can use Tor Hidden Services for any internet protocol. I can’t even think of all the applications that this would open up, but I bet someone will come up with many “killer apps”.

I’m not certain how recent the tor package is on the AR-150, but it needs to be pointed out that for tor to be considered reasonably secure, tor needs to be kept up to date and properly configured. This goes for both web browsing and hidden services.

Some of the main benefits of Tor Hidden Services over a standard webpage are:

Secure if configured correctly and tor is up to date

Your IP is not revealed

Encrypted end to end without the need for SSL (https)

It guarantee’s that you are connecting to the correct server with no risk of a man-in-the-middle (MITM) attack

 

Directions for setting up a Tor Hidden Service are here:

https://www.torproject.org/docs/tor-hidden-service.html.en

 

 


#29

Exactly!

Ideal for tiny projects, it supports the tor network if it also does relay jobs.

So tor gives us convenience AND privacy, and in return we give relay functionality to help the entire tor network.

a win-win situation. The more tiny services. IoT stuff etc. the more tiny relays there are.
So TOR eventually could become a IoT backbone??? But do we want that? Does TOR want that? To me it sounds great, though i wonder about eventual implications aswell.
IoT (Internet of Tor?) :-DDD

A worldwide network of environmental sensors all on TOR. Rain, Wind, Sunshine, quake, SMOG, radiation, carbon monoxide, fart detector for offices. Everything to keep us safe and heathy.
Tools for natural disaster support? that can all be rolled out with MESH + TOR

What else would you add???

 

 

 

 

 

 


#30

From the link I provided earlier:

Tor allows clients and relays to offer hidden services.
So you don't have to be a relay to offer a hidden service, but you can if you want.

As far as whether or not they want relays like this, of if it’s good for the network, I’d say that they probably wouldn’t want relays that are constantly being turned on and off. That being said, I don’t think it would be difficult to add relay support as a separate feature, and as long as it’s a connection that has good uptime and bandwidth, it will be good for the network. Though, as I mentioned before, the tor software needs to be kept up to date to maintain security and overall health of the network.

I came across a conference video from January where the tor developers speak at length about the current state of Tor and Hidden Services. It’s long, but definitely worth watching if you are interested in the subject. (there are also many, many other good videos from the same conference available) https://media.ccc.de/v/32c3-7322-tor_onion_services_more_useful_than_you_think

(edited to fix the link)


#31

I did it, it works!

Disclaimer: Do not do this at home, it’s not good practice to make your router configuration website available to be accessed via the internet, even if it is secured behind tor. To be secure, you really should install a separate web server from the one that luci uses and be sure to configure it properly so that your tiny web server doesn’t get hacked.

As a proof of concept, I followed the instructions and created a hidden service for the router front-end.

All I did was ssh into the router, create a new directory, and edit the torrc file located at /etc/tor/torrc to include the two lines mentioned in the instructions. I rebooted, checked the new directory, and found the “hostname” file that contained the .onion address. About 5 minutes later, the .onion address was available via Tor Browser with the familiar “domino” front page waiting.

Editing a config file is about the limit of my coding skills. However, I don’t think it would be difficult at all to add a front-end page for someone who knows their way around luci.


#32

Hi,

I’ve opened this thread:

I saw in Download page you could just find 1.2 version of TOR Firmware, the new version is available on directory here.

Please align the two pages.


#33

@ibrew

thanks for the info i’m going to give it a try


#34

@ibrew

Very good information about make a tor hidden service! I want to ask a question please.

When you do tor hidden service it is necessary that you are using tor for the routing also? I want no tor for routing, maybe use openvpn routing, but coming INTO router have tor access for go through firewalls. This is possible? Thank you.


#35

It doesn’t enable forward to LAN from TOR, so it can’t access your LAN device. If you don’t want someone can access the router, you can change the input to drop.

config zone
        option name 'tor'
        option forward 'REJECT'
        option output 'ACCEPT'
        option network 'tor'
        option input 'DROP'
        option syn_flood '1'
        option conntrack '1'

#36

@kyson-lok

I don’t understand what you say “forward LAN from TOR” please explain?

. If you don’t want someone can access the router, you can change the input to drop.

No I am say that I DO want access tor hidden service on router. But DON’T want all computers who are connected to LAN being on tor, because maybe want to use OpenVPN feature for OUT. But want to access tor hidden service IN.

config zone

What is this? Where is this file?


#37

If you see the /etc/config/firewall, you might see those lines:

config forwarding
	option dest 'lan'
	option src 'tor'

It meas that it enables data traffic from TOR forward to LAN.


#38

@kyson-lok But this is not what I want. Please how can I explain so you will understand? I want for router has tor hidden service (maybe SSH) and I may reach this at onion address. I DO NOT WANT access LAN.

But I DO NOT WANT use tor routing for DHCP client on LAN. You can understand now what I ask?


#39

Ok, I got it now. You only want to use TOR on the router itself, just use it to hide your real IP address when you run a OpenVPN client. Right?

It may a bit more complicated.


#40

@kyson-lok

No this is not what I say. I do NOT want use tor routing. I want using regular IP address (or maybe OpenVPN) for all browsing.

I want tor SERVICE on router because want to access SSH using tor.