HowTo surf anonymously with TOR:
Tor, The Onion Router, is a network that helps to defend network surveillance. It hides the IP to avoid traffic analysis.
Further information:
https://www.torproject.org
http://en.wikipedia.org/wiki/Tor_%28...ity_network%29
!!Only use with activated swap!!
installing packets:
To install wget-ssl, you might have toCode:ipkg install tor ipkg install polipo ipkg install nano ipkg install wget-ssl
generate / configure config-files:Code:ipkg remove wget
tor config:
Code:cp /opt/etc/tor/torrc.sample /opt/etc/tor/torrc nano /opt/etc/tor/torrchas to be:Code:## The directory for keeping all the keys/etc. By default, we store ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. #DataDirectory @LOCALSTATEDIR@/lib/tor
Unfortunately, I havent found a way to reduce ram usage of tor, yet.Code:## The directory for keeping all the keys/etc. By default, we store ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. DataDirectory /opt/var/lib/tor
polipo config:
Admin edit: svn repository has been moved to gitCode:mkdir /opt/etc/polipo cd /opt/etc/polipo/ wget https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf --no-check-certificate nano polipo.conf
new link for config: https://gitweb.torproject.org/torbro...ig/polipo.conf
Following changes in polipo.conf:
(Full polipo.conf is attached)
allowedClients has to be 127.0.0.1 and all clients, who should be able to surf anonymously.Code:### Basic configuration ### ******************* proxyAddress = "0.0.0.0" # proxyAddress = "127.0.0.1" allowedClients = 127.0.0.1, 192.168.1.61 ### Memory ### ****** # Uncomment this if you want Polipo to use a ridiculously small amount # of memory (a hundred C-64 worth or so): #chunkHighMark = 819200 # 800kB Ram Usage in Bytes #objectHighMark = 128 #chunkHighMark = 2097152 # 2M Ram Usage (=Ram x 1024 x 1024) #objectHighMark = 768 chunkHighMark = 4194304 # 4M Ram Usage objectHighMark = 1536 # Uncomment this if you've got plenty of memory: # chunkHighMark = 50331648 # 48M Ram # objectHighMark = 16384 #chunkHighMark = 67108864 ### On-disk data ### ************ # diskCacheRoot = ""
With 4 MB of Ram, polipo is much less CPU intensive than with only 800 kB.
Start tor and polipo:
Code:tor & polipo -c /opt/etc/polipo/polipo.conf &
change the proxy settings of a browser on a connected PC to:
IPOFTHEROUTER:8118
and surfing is more anonym.
If you use the Firefox-Profile of JAP:
http://anonymous-proxy-servers.net/en/jondofox/download
you surf really anonym.
To help others to surf anonym, you can configure Tor as a Relay:
That for, you have to open a port in your firewall:
And activate the relay with the following changes in torrc:Code:iptables -A INPUT -p tcp --dport 9001 -j ACCEPT
Cheers!Code:ORPort 9001 RelayBandwidthRate 20 KBytes RelayBandwidthBurst 30 KBytes
Copter
Last edited by wpte; 15-03-2011 at 16:18.
Thank you, I should have gone there by myself.
I'd like to put the last post into the Tutorials-Section.
Can a mod do this? Or should I just open another thread there?
Cheers, Copter
wget https://svn.torproject.org/svn/torbrowser/t
https://svn.torproject.org/svn/torbrowser/t
Resolving svn.torproject.org (svn.torproject.org)... 2620:0:6b0:b:250:56ff:fe99:60, 38.229.70.23
Connecting to svn.torproject.org (svn.torproject.org)|2620:0:6b0:b:250:56ff:fe99:60 |:443... failed: Network is unreachable.
Connecting to svn.torproject.org (svn.torproject.org)|38.229.70.23|:443... connected.
ERROR: cannot verify svn.torproject.org's certificate, issued by `/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3':
Unable to locally verify the issuer's authority.
To connect to svn.torproject.org insecurely, use `--no-check-certificate'.
The same with `--no-check-certificate'.
DEAD links.
The repo has moved to git, the new link is: https://gitweb.torproject.org/torbro...ig/polipo.conf
Also the full configuration file IS attached to the first post
It would be good to know how to setup the processes at /opt/etc/init.d/
Or I can simply place "tor & polipo -c /opt/etc/polipo/polipo.conf >> /opt/etc/tor.log" in a script under that directory?
wl-500gp v2 + tor + polipo + барахло всякое на python
If you'd like to automatically install tor & polipo just copy-paste as such the following script to your SSH terminal for the router:
It will create the following files (save them if you have some of them already):Code:#!/bin/sh #written by ecaddict, distributed (conveyed) under GPL version 3 or any later version START=/opt/etc/init.d/S99tor PFILE=/opt/var/run/polipo.pid LFILE=/opt/var/log/polipo.log PCONF=/opt/etc/polipo/polipo.conf #user editable part end ipkg update ipkg install tor polipo mkdir -p /opt/etc/polipo cat > /opt/etc/tor/torrc << __EOF__ SocksPort 9050 # what port to open for local application connections SocksListenAddress 127.0.0.1 # accept connections only from localhost SocksListenAddress 192.168.1.1:9050 # listen on this IP:port also RunAsDaemon 1 DataDirectory /opt/var/lib/tor #StrictExitNodes 1 #ExitNodes {gb} __EOF__ cat > ${PCONF} << __EOF__ proxyAddress = "0.0.0.0" proxyPort = 8118 allowedClients = 127.0.0.1, 192.168.1.0/24, 10.8.0.0/24 allowedPorts = 1-65535 proxyName = "localhost" cacheIsShared = false socksParentProxy = "localhost:9050" socksProxyType = socks5 chunkHighMark = 4194304 # 4M Ram Usage objectHighMark = 1536 localDocumentRoot = "" disableLocalInterface = true disableConfiguration = true dnsUseGethostbyname = yes disableVia = true censoredHeaders = from,accept-language,x-pad,link censorReferer = maybe maxConnectionAge = 5m maxConnectionRequests = 120 serverMaxSlots = 8 serverSlots = 2 tunnelAllowedPorts = 1-65535 daemonise = true pidFile = ${PFILE} logFile = ${LFILE} logLevel = 0x03 __EOF__ cat > ${START} << __EOF__ #!/bin/sh #written by ecaddict, distributed (conveyed) under GPL version 3 or any later version TNAME=/opt/bin/tor PNAME=/opt/bin/polipo CONF=${PCONF} EXSD=/bin/sed EXPS=/bin/ps if [ -z "\$1" ] ; then case \${0##*/} in S??*) rc="start" ;; K??*) rc="stop" ;; *) rc="usage" ;; esac else rc="\$1" fi TBN="\${TNAME##*/}" PBN="\${PNAME##*/}" case "\$rc" in start) if [ ! -x "\$TNAME" ]; then echo -e "\033[1;31m\$TBN is missing, try ipkg install \$TBN\033[0m" exit 1 fi if [ ! -x "\$PNAME" ];then echo -e "\033[1;31m\$PBN is missing, try ipkg install \$PBN\033[0m" exit 2 fi TST="\$(echo \${TNAME} | \$EXSD 's#/#\\\\/#g')" PST="\$(echo \${PNAME} | \$EXSD 's#/#\\\\/#g')" echo "Starting \$TBN and \$PBN" if [ -n "\$(\$EXPS | \$EXSD -n '/.*'''\$TST'''/p')" ]; then echo -e "\033[1;33m\$TBN runs already\033[0m" else \${TNAME} sleep 1 fi if [ -n "\$(\$EXPS | \$EXSD -n '/.*'''\$PST'''/p')" ]; then echo -e "\033[1;33m\$PBN runs already\033[0m" else rm -f ${PFILE} \${PNAME} -c "\$CONF" fi ;; stop) echo "Stopping \$TBN and \$PBN" killall \${TNAME##*/}; killall \${PNAME##*/} ;; restart) echo "Restarting \$TBN and \$PBN" "\$0" stop sleep 2 "\$0" start ;; *) echo "Usage: \$0 (start|stop|restart|usage)" ;; esac __EOF__ chmod u+x ${START} ${START} start
/opt/etc/tor/torrc
/opt/etc/polipo/polipo.conf
/opt/etc/init.d/S99tor
install.tar.gz
You'll need to edit /opt/etc/tor/torrc if you have preference for exiting via tor in some country or you wish to activate the relay (check the discussion).
In /opt/etc/polipo/polipo.conf you may wish to reduce logLevel.
For more polipo options please check http://www.pps.jussieu.fr/~jch/softw...po/polipo.html
My usual single line install instead:
In my experience tor/polipo can use quite some memory/CPU time so if you plan to run many other programs on the router as well you may want to consider using RT-N16 or 128MB memory upgraded WL-500gPv1/WL-500W.Code:cd /tmp && wget -O install.tar.gz "http://wl500g.info/attachment.php?attachmentid=8479&d=1322142484" && tar xvzf install.tar.gz && ./install.sh
If you'd like to disable automatic startup just re-name /opt/etc/init.d/S99tor to e.g. /opt/etc/init.d/DS99tor
Enjoy!
Last edited by ecaddict; 24-11-2011 at 13:48. Reason: fixed polipo pidfile removal
Thanks a lot
I managed to configure autostart, but my way was less impressive of course
I recognized that Polipo is able to run as a daemon so I extended the command line on the following way
/opt/bin/polipo -c /opt/etc/polipo/polipo.conf daemonise=true pidFile=/opt/var/lock/polipo logFile=/opt/etc/polipo/polipo.log logLevel=0xFF
So probably it is more natural way to do it instead of using nohup.
I don't know actually, just guess. But it works for me.
And one more thing... the message "Warning: Your system has very few filedescriptors available in total..."
Do you handle that somehow specially via ulimit? Or you simply ignore it.
I would like to know the expert opinion on that
wl-500gp v2 + tor + polipo + барахло всякое на python
Thank you for the tip, I've updated the scripts.
I don't have any file descriptors related warning (RT-N16/reasonable size HDD/latest Oleg).
Should we also take care of that warning? Is it done by using "su" command in /opt/etc/init.d/S99tor
And I know why you have file descriptors related warning - because you don't reuse original init script, which comes with ipkg installation.
Meanwhile it contains the following check with no clear purpose for me:
I just commented it out guessing it isn't important.Code:# Let's try to figure our some sane defaults: if [ -r /proc/sys/fs/file-max ]; then system_max=`cat /proc/sys/fs/file-max` if [ "$system_max" -gt "80000" ] ; then MAX_FILEDESCRIPTORS=32768 elif [ "$system_max" -gt "40000" ] ; then MAX_FILEDESCRIPTORS=16384 elif [ "$system_max" -gt "10000" ] ; then MAX_FILEDESCRIPTORS=8192 else MAX_FILEDESCRIPTORS=1024 cat << EOF Warning: Your system has very few filedescriptors available in total. ... ... bla bla bla half of the screen ... EOF fi else MAX_FILEDESCRIPTORS=8192 fi
wl-500gp v2 + tor + polipo + барахло всякое на python
I could not find any init script coming with the installation (that's why I've created one) and in fact it does not seem necessary as after ipkg install it was ready to run.
The reason why I like init scripts is that in this way all optware running from the USB can be stopped and USB storage unplugged without stopping the router.
Just to check that I remember right I've downloaded the tor .ipkg file from the Oleg repo (http://ipkg.nslu2-linux.org/feeds/op.../cross/stable/) and renamed the .ipkg to .tar.gz (if someone does not know in this way any commander can look to it).
After this I've listed the files with the following command:
It seem to contain the following files:Code:tar -xvzf tor_0.2.2.32-1_mipsel.tar.gz && tar -ztvf control.tar.gz && tar -ztvf data.tar.gz
I did not want to make it more complex as absolutely necessary as I even though I have user management related programs on the router (heavily underutilized) most users don't, but everyone is encouraged to make such enhancements.Code:/opt/ /opt/bin/ /opt/bin/tor /opt/bin/tor-gencert /opt/bin/tor-resolve /opt/bin/torify /opt/etc/ /opt/etc/tor/ /opt/etc/tor/tor-tsocks.conf /opt/etc/tor/torrc.sample /opt/share/ /opt/share/doc/ /opt/share/doc/tor/ /opt/share/doc/tor/tor-gencert.html /opt/share/doc/tor/tor-resolve.html /opt/share/doc/tor/tor.html /opt/share/doc/tor/torify.html /opt/share/man/ /opt/share/man/man1/