HowTo surf anonymously with TOR:

Tor, The Onion Router, is a network that helps to defend network surveillance. It hides the IP to avoid traffic analysis.

Further information:
https://www.torproject.org
http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29

!!Only use with activated swap!!

installing packets:

ipkg install tor
ipkg install polipo
ipkg install nano
ipkg install wget-ssl

To install wget-ssl, you might have to

ipkg remove wget

generate / configure config-files:

tor config:

cp /opt/etc/tor/torrc.sample /opt/etc/tor/torrc
nano /opt/etc/tor/torrc


## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
#DataDirectory @LOCALSTATEDIR@/lib/tor

has to be:


## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
DataDirectory /opt/var/lib/tor
Unfortunately, I havent found a way to reduce ram usage of tor, yet.

polipo config:

mkdir /opt/etc/polipo
cd /opt/etc/polipo/
wget https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf --no-check-certificate
nano polipo.conf

Admin edit: svn repository has been moved to git
new link for config: https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf

Following changes in polipo.conf:
(Full polipo.conf is attached)


### Basic configuration
### *******************

proxyAddress = "0.0.0.0"
# proxyAddress = "127.0.0.1"
allowedClients = 127.0.0.1, 192.168.1.61

### Memory
### ******

# Uncomment this if you want Polipo to use a ridiculously small amount
# of memory (a hundred C-64 worth or so):

#chunkHighMark = 819200 # 800kB Ram Usage in Bytes
#objectHighMark = 128

#chunkHighMark = 2097152 # 2M Ram Usage (=Ram x 1024 x 1024)
#objectHighMark = 768

chunkHighMark = 4194304 # 4M Ram Usage
objectHighMark = 1536

# Uncomment this if you've got plenty of memory:

# chunkHighMark = 50331648 # 48M Ram
# objectHighMark = 16384

#chunkHighMark = 67108864

### On-disk data
### ************
# diskCacheRoot = ""

allowedClients has to be 127.0.0.1 and all clients, who should be able to surf anonymously.
With 4 MB of Ram, polipo is much less CPU intensive than with only 800 kB.

Start tor and polipo:


tor & polipo -c /opt/etc/polipo/polipo.conf &


change the proxy settings of a browser on a connected PC to:
IPOFTHEROUTER:8118
and surfing is more anonym.

If you use the Firefox-Profile of JAP:
http://anonymous-proxy-servers.net/en/jondofox/download
you surf really anonym.


To help others to surf anonym, you can configure Tor as a Relay:

That for, you have to open a port in your firewall:

iptables -A INPUT -p tcp --dport 9001 -j ACCEPT

And activate the relay with the following changes in torrc:

ORPort 9001
RelayBandwidthRate 20 KBytes
RelayBandwidthBurst 30 KBytes

Cheers!

Copter

http://www.torproject.org/tor-manual.html

Thank you, I should have gone there by myself.

I'd like to put the last post into the Tutorials-Section.

Can a mod do this? Or should I just open another thread there?


Cheers, Copter

I'd like to put the last post into the Tutorials-Section.

Can a mod do this? Or should I just open another thread there?


Cheers, Copter

moved:)
works quite fine, but I think you forgot to disable the cache in polipo!
now it's writing cache to flash:p

moved:)

thanks.


I think you forgot to disable the cache in polipo!
now it's writing cache to flash:p

standard cache location is /opt/var/cache/polipo

but for anonymity reasons, disabling it makes sens.

wget https://svn.torproject.org/svn/torbrowser/t

https://svn.torproject.org/svn/torbrowser/t
Resolving svn.torproject.org (svn.torproject.org)... 2620:0:6b0:b:250:56ff:fe99:60, 38.229.70.23
Connecting to svn.torproject.org (svn.torproject.org)|2620:0:6b0:b:250:56ff:fe99:60 |:443... failed: Network is unreachable.
Connecting to svn.torproject.org (svn.torproject.org)|38.229.70.23|:443... connected.
ERROR: cannot verify svn.torproject.org's certificate, issued by `/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3':
Unable to locally verify the issuer's authority.
To connect to svn.torproject.org insecurely, use `--no-check-certificate'.

The same with `--no-check-certificate'.

DEAD links.

DEAD links.

The repo has moved to git, the new link is: https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf

Also the full configuration file IS attached to the first post;)

It would be good to know how to setup the processes at /opt/etc/init.d/

Or I can simply place "tor & polipo -c /opt/etc/polipo/polipo.conf >> /opt/etc/tor.log" in a script under that directory?

If you'd like to automatically install tor & polipo just copy-paste as such the following script to your SSH terminal for the router:

#!/bin/sh
#written by ecaddict, distributed (conveyed) under GPL version 3 or any later version

START=/opt/etc/init.d/S99tor
PFILE=/opt/var/run/polipo.pid
LFILE=/opt/var/log/polipo.log
PCONF=/opt/etc/polipo/polipo.conf
#user editable part end

ipkg update
ipkg install tor polipo
mkdir -p /opt/etc/polipo

cat > /opt/etc/tor/torrc << __EOF__
SocksPort 9050 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost
SocksListenAddress 192.168.1.1:9050 # listen on this IP:port also
RunAsDaemon 1
DataDirectory /opt/var/lib/tor
#StrictExitNodes 1
#ExitNodes {gb}
__EOF__

cat > ${PCONF} << __EOF__
proxyAddress = "0.0.0.0"
proxyPort = 8118
allowedClients = 127.0.0.1, 192.168.1.0/24, 10.8.0.0/24
allowedPorts = 1-65535
proxyName = "localhost"
cacheIsShared = false
socksParentProxy = "localhost:9050"
socksProxyType = socks5
chunkHighMark = 4194304 # 4M Ram Usage
objectHighMark = 1536
localDocumentRoot = ""
disableLocalInterface = true
disableConfiguration = true
dnsUseGethostbyname = yes
disableVia = true
censoredHeaders = from,accept-language,x-pad,link
censorReferer = maybe
maxConnectionAge = 5m
maxConnectionRequests = 120
serverMaxSlots = 8
serverSlots = 2
tunnelAllowedPorts = 1-65535
daemonise = true
pidFile = ${PFILE}
logFile = ${LFILE}
logLevel = 0x03
__EOF__

cat > ${START} << __EOF__
#!/bin/sh
#written by ecaddict, distributed (conveyed) under GPL version 3 or any later version

TNAME=/opt/bin/tor
PNAME=/opt/bin/polipo
CONF=${PCONF}
EXSD=/bin/sed
EXPS=/bin/ps

if [ -z "\$1" ] ; then
case \${0##*/} in
S??*) rc="start" ;;
K??*) rc="stop" ;;
*) rc="usage" ;;
esac
else
rc="\$1"
fi

TBN="\${TNAME##*/}"
PBN="\${PNAME##*/}"
case "\$rc" in
start)
if [ ! -x "\$TNAME" ]; then
echo -e "\033[1;31m\$TBN is missing, try ipkg install \$TBN\033[0m"
exit 1
fi
if [ ! -x "\$PNAME" ];then
echo -e "\033[1;31m\$PBN is missing, try ipkg install \$PBN\033[0m"
exit 2
fi
TST="\$(echo \${TNAME} | \$EXSD 's#/#\\\\/#g')"
PST="\$(echo \${PNAME} | \$EXSD 's#/#\\\\/#g')"
echo "Starting \$TBN and \$PBN"
if [ -n "\$(\$EXPS | \$EXSD -n '/.*'''\$TST'''/p')" ]; then
echo -e "\033[1;33m\$TBN runs already\033[0m"
else
\${TNAME}
sleep 1
fi
if [ -n "\$(\$EXPS | \$EXSD -n '/.*'''\$PST'''/p')" ]; then
echo -e "\033[1;33m\$PBN runs already\033[0m"
else
rm -f ${PFILE}
\${PNAME} -c "\$CONF"
fi
;;
stop)
echo "Stopping \$TBN and \$PBN"
killall \${TNAME##*/}; killall \${PNAME##*/}
;;
restart)
echo "Restarting \$TBN and \$PBN"
"\$0" stop
sleep 2
"\$0" start
;;
*)
echo "Usage: \$0 (start|stop|restart|usage)"
;;
esac
__EOF__
chmod u+x ${START}
${START} start

It will create the following files (save them if you have some of them already):
/opt/etc/tor/torrc
/opt/etc/polipo/polipo.conf
/opt/etc/init.d/S99tor

8479

You'll need to edit /opt/etc/tor/torrc if you have preference for exiting via tor in some country or you wish to activate the relay (check the discussion).
In /opt/etc/polipo/polipo.conf you may wish to reduce logLevel.
For more polipo options please check http://www.pps.jussieu.fr/~jch/software/polipo/polipo.html

My usual single line install instead:

cd /tmp && wget -O install.tar.gz "http://wl500g.info/attachment.php?attachmentid=8479&d=1322142484" && tar xvzf install.tar.gz && ./install.sh


In my experience tor/polipo can use quite some memory/CPU time so if you plan to run many other programs on the router as well you may want to consider using RT-N16 or 128MB memory upgraded WL-500gPv1/WL-500W.

If you'd like to disable automatic startup just re-name /opt/etc/init.d/S99tor to e.g. /opt/etc/init.d/DS99tor

Enjoy!

Thanks a lot
I managed to configure autostart, but my way was less impressive of course

I recognized that Polipo is able to run as a daemon so I extended the command line on the following way

/opt/bin/polipo -c /opt/etc/polipo/polipo.conf daemonise=true pidFile=/opt/var/lock/polipo logFile=/opt/etc/polipo/polipo.log logLevel=0xFF

So probably it is more natural way to do it instead of using nohup.
I don't know actually, just guess. But it works for me.


And one more thing... the message "Warning: Your system has very few filedescriptors available in total..."

Do you handle that somehow specially via ulimit? Or you simply ignore it.
I would like to know the expert opinion on that

Thank you for the tip, I've updated the scripts.
I don't have any file descriptors related warning (RT-N16/reasonable size HDD/latest Oleg).

Should we also take care of that warning? Is it done by using "su" command in /opt/etc/init.d/S99tor


And I know why you have file descriptors related warning - because you don't reuse original init script, which comes with ipkg installation.
Meanwhile it contains the following check with no clear purpose for me:


# Let's try to figure our some sane defaults:
if [ -r /proc/sys/fs/file-max ]; then
system_max=`cat /proc/sys/fs/file-max`
if [ "$system_max" -gt "80000" ] ; then
MAX_FILEDESCRIPTORS=32768
elif [ "$system_max" -gt "40000" ] ; then
MAX_FILEDESCRIPTORS=16384
elif [ "$system_max" -gt "10000" ] ; then
MAX_FILEDESCRIPTORS=8192
else
MAX_FILEDESCRIPTORS=1024
cat << EOF
Warning: Your system has very few filedescriptors available in total.
...
... bla bla bla half of the screen
...
EOF
fi
else
MAX_FILEDESCRIPTORS=8192
fi


I just commented it out guessing it isn't important.

I could not find any init script coming with the installation (that's why I've created one) and in fact it does not seem necessary as after ipkg install it was ready to run.
The reason why I like init scripts is that in this way all optware running from the USB can be stopped and USB storage unplugged without stopping the router.
Just to check that I remember right I've downloaded the tor .ipkg file from the Oleg repo (http://ipkg.nslu2-linux.org/feeds/optware/oleg/cross/stable/) and renamed the .ipkg to .tar.gz (if someone does not know in this way any commander can look to it).
After this I've listed the files with the following command:

tar -xvzf tor_0.2.2.32-1_mipsel.tar.gz && tar -ztvf control.tar.gz && tar -ztvf data.tar.gz

It seem to contain the following files:

/opt/
/opt/bin/
/opt/bin/tor
/opt/bin/tor-gencert
/opt/bin/tor-resolve
/opt/bin/torify
/opt/etc/
/opt/etc/tor/
/opt/etc/tor/tor-tsocks.conf
/opt/etc/tor/torrc.sample
/opt/share/
/opt/share/doc/
/opt/share/doc/tor/
/opt/share/doc/tor/tor-gencert.html
/opt/share/doc/tor/tor-resolve.html
/opt/share/doc/tor/tor.html
/opt/share/doc/tor/torify.html
/opt/share/man/
/opt/share/man/man1/


I did not want to make it more complex as absolutely necessary as I even though I have user management related programs on the router (heavily underutilized) most users don't, but everyone is encouraged to make such enhancements.