Search the Community
Showing results for tags 'howto'.
Found 2 results
19807409 posted a topic in Member TutorialsRequirements openwrt (or any openwrt based firmware like LEDE openwrt) tor libevent2-openssl libevent2 libminiupnpc libnatpmp tor-geoip (optional) tor-fw-helper (optional) Description In this guide I will install and create tor on my openwrt router. My Wireless is isolated. You can change these setting as you wish, take only care that nobody from outside can reach your LAN's. At the end of this post is a script doing everything for you. You need only to adapt the script for your settings. For this guide, my router's lan ip is 192.168.1.3 This setup works for those who do use only proxy/socks product, vpn products or mix of them. It is very high grade of anonimity if all this works in some VPN, like TorGuard's which does work perfectly! What will we have at the end of this setup tor socks5 server on router's lan IP:9050 (in this example 192.168.1.3:9050) (you can set your system, browser or anything else to use socks5 which goes always over tor) Simple usage by joining WLAN (no need to setup anything on any device) set specific LAN port to go always through Tor, (especially usefull for those who use C-Lines for Card Sharing) Isolated Wireless Network (which is secured and can't communicate with LAN devices) Traffic is sent through TorGuard's proxy/socks5 (all tor's traffic sent through socks ot https proxy, Torguard Proxy port: 6060, TorGuard socks5 ports: 1080/1085/1090) (in this guide, we set only .onion and .exit urls to go over tor, all other pages will go over TorGuard's socks/proxy used by tor) (We also restrict usage on port 80 and 443 for the case that you need to hide from your ISP/VPN provder, TorGuard does not block) (if you are not using VPN, then you do hide the traffic from your ISP in using socks and from your socks provider by using only ports 80/443) (even if this setup is higly secure, consider using as addition obfsproxy which I will not cover in this guide) (socks5/proxy acts also as a fallback if your VPN stops working) This setup works if you are connected to a VPN (like TorGuard and openvpn, my router is currently in TorGuard's VPN) Installation of required packages: opkg update opkg install libevent2-openssl libevent2 libminiupnpc libnatpmp tor tor-fw-helper tor-geoip Create Tor interface with static IP 172.x.x.x Create DHCP server for tor interface Create 5Ghz and 2,4Ghz isolated wireless interfaces Add firewall zone and configure firewall for tor Configure tor with TorGuard services Download geoip and geoipv6 Reboot your router Script installing tor requirements, creating interface, configuring firewall If you are connected with TorGuards VPN and everything runs over VPN, then your tor might be inactive if it starts before openvpn during the boot because openvpn changes routes and tor needs to be restarted. In this case you can edit openvpn's start scripts, or tor's startscripts or simply adding this command under System->Startup section "Local Startup" # Put your custom commands here that should be executed once # the system init finished. By default this file does nothing. sleep 10 /etc/init.d/tor reload /etc/init.d/tor restart exit 0 How to get geoip and geoipv6 files TorGuard works blazing fast with Tor Network (!!!TORGUARD TEAM IS AMAZING, THANKS FOR GREAT SERVICES!!!) Thats it, enjoy tor network.
I have posted already how to prevent hijacking of your DNS by your IP. There are some ISP's like Verizon, T-Mobile, ... which do send all traffic over port 53 (yes, they hijack your DNS), regardless of which DNS servers you use. Here is how to get rid of that and redirect it to some another address with help of iptables instead editing dnsmasq in WebIF (which is still my preferable solution for most tasks), in this example I'll redirect all dns requests to my custom dns server, to lan1 in this case, which is my local DNS Server Openwrt (I think ddwrt should work too, but I did not test it on ddwrt but basicly it should be the same, just check the names of devices) iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1 On openwrt and other releases, switch on masquerading, it is required. Now a question to TorGuard, do you/can you offer alternative ports for those who maybe can't use first method described, neither this second solution. To find out what is going on through your DNS port, read here.