I want to have WiFi for any device, traffic from which would be wrapped in a VPN and if desired also in TOR and vice versa, since in our country they block VPNs, but TOR with obfuscation works.
I have MT-300n v2, which works well with VPN, but it seems to be not the best option for VPN+TOR scheme.
I ask for your help in selecting such a device. I need it to be hardware based so that I can distribute to different devices. Is it possible to organize it on MT-300n v2 or do I need another device? What can you recommend?
Here is a similar thread:
And here is another thread related to your issue:
Thanks for the reply. I see that this cool router has a Tor setting, but how does it work? Does it run inside the VPN or does it work only separately?
If it runs inside the VPN, that’s good, but if the country blocks VPN, then work will be impossible or will turn into a permanent search for working VPNs.
If Tor runs separately from the VPN, it is not bad, but I see that in the interface there is no option to enter bridges for traffic obfuscation. This means that the feature won’t work in countries where Tor is blocked and the VPN inside Tor won’t be possible.
Maybe I should think about a combination of two devices to realize Tor<-> VPN solutions? There are a lot of VPN devices, but how to realize a layer with Tor? Maybe someone can give me an idea?
Here is a thread about WireGuard and Tor:
I see this as a hardware question rather than software. Regardless of the device, OP, you’re going to want vanilla OpenWrt to have full access to the OWRT ecosystem rather than waiting on GL to update GL repos for the ‘latest & greatest’. I say this because you’re going to be getting into far more advanced configuration than the GL GUI/repos allow & some of the GL functions conflict w/ more advanced OWRT packages.
A quick overview:
- The Flint v2 (GL-MT6000) is slowly getting mainline OWRT 23.05 support.
- The Slate Plus (GL-A1300) seems to have mainline OWRT 23.05 support.
- Vanilla OWRT 23.05 builds are being developed for the Slate AX (GL-AXT1800), Flint v1 (GL-AX1800) @solidus1983 .
You’ll want the best device for WireGuard performance before worrying about tunnelling TOR thru it. The Flint v2 dominates here if physical size doesn’t constrain you.
Related:
Thank you so much for your help in selecting the equipment. Yes, they are very good devices. Then there is a question whether OpenWRT can give out wifi with Tor inside the VPN and vice versa. A quick search didn’t yield any results, only guesses that this is possible, I didn’t find the exact settings.
I had another idea, what if I use two devices for this. For example, one inexpensive GL-MT300N-V2 can distribute VPN. It can be connected to another router that torifies traffic. Thus, if you plug into the main router first a VPN router and then a Tor router, there will be Tor inside the VPN. And if it is the other way around, then the traffic like VPN inside Tor.
Is this scheme working? If using two GL-MT300N-V2s, it would be cheaper than buying an expensive flagship. However, I tried to enable Tor on my GL-MT300N-V2 yesterday. Since the appropriate packages didn’t fit on it, I decided to install the new 25.02 OpenWRT image from your link above on it to be able to configure Tor. This attempt seems to have bricked my GL-MT300N-V2.
I will try to repair it, but would ask for advice on choosing a router model where Tor will definitely work. It’s important to be able to manually specify bridges to obfuscate traffic otherwise Tor won’t work here.
The interfaces I’ve seen don’t allow this. It is very important to be able to enter bridges. What hardware will definitely give this capability?
Thank you all for your help.
Wi-Fi is on the LAN side. VPN & Tor would be WAN side. VPN policies/ Stangri’s ‘Policy Based Routing’ can handle excluding/including specific LAN clients if the default ‘all or nothing’ approach is found to be too restrictive. It requires OWRT 23.05 for full capabilities.
A Mango is only going to give you a best case scenario of 45 Mbps over WireGuard. Real world usage would be less. For example my Certa is advertised as 50 Mbps max. WG but in reality only hits 38.5. The Certa has a faster CPU/SOC than the Mango/Shadow so do take into consideration what your bandwidth requirements are going to be. You won’t be watching 10 streams of 4K content using them for a bit of an absurd example.
It would also be wasteful when they finally go EOL & there’s no upgrade path to vanilla OWRT. Tor eventually gets package updates like most other security-related software stacks.
I provided no such link for the Mango. Use U-boot.
TOR is a software stack… though it seems it can benefit fr hardware enabled crypto acceleration. This tells me it going to be a CPU/SOC intensive process regardless of the device. Bridges are dependant on what’s available in the repos/feeds which is why you want full access to the OWRT 23.05 ecosystem. I don’t know enough about specific bridges but obfs4proxy is available.
Vanilla OWRT can be run in VirtualBox if you want to model/prototype a TOR-over-VPN setup. I’m sure I can find the link if you’d like it.
1 Like
Thanks for your help, I was able to restore the device and put a new version of OpenWRT on it. I was also able to install the necessary Tor packages and configure it using these instructions [OpenWrt Wiki] Tor client.
However, these instructions do not contain information on how to configure Tor bridges. I used AI, but its advice seems somewhat contradictory with the first instruction and lacks credibility.
So if anyone has seen an instruction as clear as this one [OpenWrt Wiki] Tor client with obfs4 tor-bridges configuration covered, that would be great for the whole community.
PS. The thing is that tor is blocked in my country and it is impossible to check if the router works with tor if obfs4 bridges are not configured.
I can’t help you there. The closest thing I saw on YT was for obfs3 bridges but if TOR is blocked in your region there’s no way I’d consider setting version 3 up:
(be sure to mute the obnoxious music.)
You may have better luck posting on the OpenWrt Forums &/or using CroxyProxy to get at web sites you need to research related to TOR until you can get obfs4 up & online.