1 Attachment(s)
[How-To] Tor - The Onion Router for wl500g
HowTo surf anonymously with TOR:
Tor, The Onion Router, is a network that helps to defend network surveillance. It hides the IP to avoid traffic analysis.
Further information:
https://www.torproject.org
http://en.wikipedia.org/wiki/Tor_%28...ity_network%29
!!Only use with activated swap!!
installing packets:
Code:
ipkg install tor
ipkg install polipo
ipkg install nano
ipkg install wget-ssl
To install wget-ssl, you might have to
generate / configure config-files:
tor config:
Code:
cp /opt/etc/tor/torrc.sample /opt/etc/tor/torrc
nano /opt/etc/tor/torrc
Code:
## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
#DataDirectory @LOCALSTATEDIR@/lib/tor
has to be:
Code:
## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
DataDirectory /opt/var/lib/tor
Unfortunately, I havent found a way to reduce ram usage of tor, yet.
polipo config:
Code:
mkdir /opt/etc/polipo
cd /opt/etc/polipo/
wget https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf --no-check-certificate
nano polipo.conf
Admin edit: svn repository has been moved to git
new link for config: https://gitweb.torproject.org/torbro...ig/polipo.conf
Following changes in polipo.conf:
(Full polipo.conf is attached)
Code:
### Basic configuration
### *******************
proxyAddress = "0.0.0.0"
# proxyAddress = "127.0.0.1"
allowedClients = 127.0.0.1, 192.168.1.61
### Memory
### ******
# Uncomment this if you want Polipo to use a ridiculously small amount
# of memory (a hundred C-64 worth or so):
#chunkHighMark = 819200 # 800kB Ram Usage in Bytes
#objectHighMark = 128
#chunkHighMark = 2097152 # 2M Ram Usage (=Ram x 1024 x 1024)
#objectHighMark = 768
chunkHighMark = 4194304 # 4M Ram Usage
objectHighMark = 1536
# Uncomment this if you've got plenty of memory:
# chunkHighMark = 50331648 # 48M Ram
# objectHighMark = 16384
#chunkHighMark = 67108864
### On-disk data
### ************
# diskCacheRoot = ""
allowedClients has to be 127.0.0.1 and all clients, who should be able to surf anonymously.
With 4 MB of Ram, polipo is much less CPU intensive than with only 800 kB.
Start tor and polipo:
Code:
tor & polipo -c /opt/etc/polipo/polipo.conf &
change the proxy settings of a browser on a connected PC to:
IPOFTHEROUTER:8118
and surfing is more anonym.
If you use the Firefox-Profile of JAP:
http://anonymous-proxy-servers.net/en/jondofox/download
you surf really anonym.
To help others to surf anonym, you can configure Tor as a Relay:
That for, you have to open a port in your firewall:
Code:
iptables -A INPUT -p tcp --dport 9001 -j ACCEPT
And activate the relay with the following changes in torrc:
Code:
ORPort 9001
RelayBandwidthRate 20 KBytes
RelayBandwidthBurst 30 KBytes
Cheers!
Copter
any guidance to configure starting up and shutting down properly?
It would be good to know how to setup the processes at /opt/etc/init.d/
Or I can simply place "tor & polipo -c /opt/etc/polipo/polipo.conf >> /opt/etc/tor.log" in a script under that directory?
1 Attachment(s)
install scripts for tor&polipo
If you'd like to automatically install tor & polipo just copy-paste as such the following script to your SSH terminal for the router:
Code:
#!/bin/sh
#written by ecaddict, distributed (conveyed) under GPL version 3 or any later version
START=/opt/etc/init.d/S99tor
PFILE=/opt/var/run/polipo.pid
LFILE=/opt/var/log/polipo.log
PCONF=/opt/etc/polipo/polipo.conf
#user editable part end
ipkg update
ipkg install tor polipo
mkdir -p /opt/etc/polipo
cat > /opt/etc/tor/torrc << __EOF__
SocksPort 9050 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost
SocksListenAddress 192.168.1.1:9050 # listen on this IP:port also
RunAsDaemon 1
DataDirectory /opt/var/lib/tor
#StrictExitNodes 1
#ExitNodes {gb}
__EOF__
cat > ${PCONF} << __EOF__
proxyAddress = "0.0.0.0"
proxyPort = 8118
allowedClients = 127.0.0.1, 192.168.1.0/24, 10.8.0.0/24
allowedPorts = 1-65535
proxyName = "localhost"
cacheIsShared = false
socksParentProxy = "localhost:9050"
socksProxyType = socks5
chunkHighMark = 4194304 # 4M Ram Usage
objectHighMark = 1536
localDocumentRoot = ""
disableLocalInterface = true
disableConfiguration = true
dnsUseGethostbyname = yes
disableVia = true
censoredHeaders = from,accept-language,x-pad,link
censorReferer = maybe
maxConnectionAge = 5m
maxConnectionRequests = 120
serverMaxSlots = 8
serverSlots = 2
tunnelAllowedPorts = 1-65535
daemonise = true
pidFile = ${PFILE}
logFile = ${LFILE}
logLevel = 0x03
__EOF__
cat > ${START} << __EOF__
#!/bin/sh
#written by ecaddict, distributed (conveyed) under GPL version 3 or any later version
TNAME=/opt/bin/tor
PNAME=/opt/bin/polipo
CONF=${PCONF}
EXSD=/bin/sed
EXPS=/bin/ps
if [ -z "\$1" ] ; then
case \${0##*/} in
S??*) rc="start" ;;
K??*) rc="stop" ;;
*) rc="usage" ;;
esac
else
rc="\$1"
fi
TBN="\${TNAME##*/}"
PBN="\${PNAME##*/}"
case "\$rc" in
start)
if [ ! -x "\$TNAME" ]; then
echo -e "\033[1;31m\$TBN is missing, try ipkg install \$TBN\033[0m"
exit 1
fi
if [ ! -x "\$PNAME" ];then
echo -e "\033[1;31m\$PBN is missing, try ipkg install \$PBN\033[0m"
exit 2
fi
TST="\$(echo \${TNAME} | \$EXSD 's#/#\\\\/#g')"
PST="\$(echo \${PNAME} | \$EXSD 's#/#\\\\/#g')"
echo "Starting \$TBN and \$PBN"
if [ -n "\$(\$EXPS | \$EXSD -n '/.*'''\$TST'''/p')" ]; then
echo -e "\033[1;33m\$TBN runs already\033[0m"
else
\${TNAME}
sleep 1
fi
if [ -n "\$(\$EXPS | \$EXSD -n '/.*'''\$PST'''/p')" ]; then
echo -e "\033[1;33m\$PBN runs already\033[0m"
else
rm -f ${PFILE}
\${PNAME} -c "\$CONF"
fi
;;
stop)
echo "Stopping \$TBN and \$PBN"
killall \${TNAME##*/}; killall \${PNAME##*/}
;;
restart)
echo "Restarting \$TBN and \$PBN"
"\$0" stop
sleep 2
"\$0" start
;;
*)
echo "Usage: \$0 (start|stop|restart|usage)"
;;
esac
__EOF__
chmod u+x ${START}
${START} start
It will create the following files (save them if you have some of them already):
/opt/etc/tor/torrc
/opt/etc/polipo/polipo.conf
/opt/etc/init.d/S99tor
Attachment 8479
You'll need to edit /opt/etc/tor/torrc if you have preference for exiting via tor in some country or you wish to activate the relay (check the discussion).
In /opt/etc/polipo/polipo.conf you may wish to reduce logLevel.
For more polipo options please check http://www.pps.jussieu.fr/~jch/softw...po/polipo.html
My usual single line install instead:
Code:
cd /tmp && wget -O install.tar.gz "http://wl500g.info/attachment.php?attachmentid=8479&d=1322142484" && tar xvzf install.tar.gz && ./install.sh
In my experience tor/polipo can use quite some memory/CPU time so if you plan to run many other programs on the router as well you may want to consider using RT-N16 or 128MB memory upgraded WL-500gPv1/WL-500W.
If you'd like to disable automatic startup just re-name /opt/etc/init.d/S99tor to e.g. /opt/etc/init.d/DS99tor
Enjoy!
looks like you are simply a sh monster
Thanks a lot
I managed to configure autostart, but my way was less impressive of course
I recognized that Polipo is able to run as a daemon so I extended the command line on the following way
/opt/bin/polipo -c /opt/etc/polipo/polipo.conf daemonise=true pidFile=/opt/var/lock/polipo logFile=/opt/etc/polipo/polipo.log logLevel=0xFF
So probably it is more natural way to do it instead of using nohup.
I don't know actually, just guess. But it works for me.
And one more thing... the message "Warning: Your system has very few filedescriptors available in total..."
Do you handle that somehow specially via ulimit? Or you simply ignore it.
I would like to know the expert opinion on that
[warn] You are running Tor as root. You don't need to, and you probably shouldn't.
Should we also take care of that warning? Is it done by using "su" command in /opt/etc/init.d/S99tor
And I know why you have file descriptors related warning - because you don't reuse original init script, which comes with ipkg installation.
Meanwhile it contains the following check with no clear purpose for me:
Code:
# Let's try to figure our some sane defaults:
if [ -r /proc/sys/fs/file-max ]; then
system_max=`cat /proc/sys/fs/file-max`
if [ "$system_max" -gt "80000" ] ; then
MAX_FILEDESCRIPTORS=32768
elif [ "$system_max" -gt "40000" ] ; then
MAX_FILEDESCRIPTORS=16384
elif [ "$system_max" -gt "10000" ] ; then
MAX_FILEDESCRIPTORS=8192
else
MAX_FILEDESCRIPTORS=1024
cat << EOF
Warning: Your system has very few filedescriptors available in total.
...
... bla bla bla half of the screen
...
EOF
fi
else
MAX_FILEDESCRIPTORS=8192
fi
I just commented it out guessing it isn't important.