Results 1 to 14 of 14

Thread: [How-To] Tor - The Onion Router for wl500g

  1. #1

    [How-To] Tor - The Onion Router for wl500g

    HowTo surf anonymously with TOR:

    Tor, The Onion Router, is a network that helps to defend network surveillance. It hides the IP to avoid traffic analysis.

    Further information:
    https://www.torproject.org
    http://en.wikipedia.org/wiki/Tor_%28...ity_network%29

    !!Only use with activated swap!!

    installing packets:
    Code:
    ipkg install tor
    ipkg install polipo
    ipkg install nano
    ipkg install wget-ssl
    To install wget-ssl, you might have to
    Code:
    ipkg remove wget
    generate / configure config-files:

    tor config:
    Code:
    cp /opt/etc/tor/torrc.sample /opt/etc/tor/torrc
    nano /opt/etc/tor/torrc
    Code:
    ## The directory for keeping all the keys/etc. By default, we store
    ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
    #DataDirectory @LOCALSTATEDIR@/lib/tor
    has to be:

    Code:
    ## The directory for keeping all the keys/etc. By default, we store
    ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
    DataDirectory /opt/var/lib/tor
    Unfortunately, I havent found a way to reduce ram usage of tor, yet.

    polipo config:
    Code:
    mkdir /opt/etc/polipo
    cd /opt/etc/polipo/
    wget https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf --no-check-certificate
    nano polipo.conf
    Admin edit: svn repository has been moved to git
    new link for config: https://gitweb.torproject.org/torbro...ig/polipo.conf


    Following changes in polipo.conf:
    (Full polipo.conf is attached)

    Code:
    ### Basic configuration
    ### *******************
    
    proxyAddress = "0.0.0.0"
    # proxyAddress = "127.0.0.1"
    allowedClients = 127.0.0.1, 192.168.1.61
    
    ### Memory
    ### ******
    
    # Uncomment this if you want Polipo to use a ridiculously small amount
    # of memory (a hundred C-64 worth or so):
    
    #chunkHighMark = 819200 # 800kB Ram Usage in Bytes
    #objectHighMark = 128
    
    #chunkHighMark = 2097152 # 2M Ram Usage (=Ram x 1024 x 1024)
    #objectHighMark = 768  
    
    chunkHighMark = 4194304 # 4M Ram Usage
    objectHighMark = 1536 
    
    # Uncomment this if you've got plenty of memory:
    
    # chunkHighMark = 50331648 # 48M Ram
    # objectHighMark = 16384
    
    #chunkHighMark = 67108864
    
    ### On-disk data
    ### ************
    # diskCacheRoot = ""
    allowedClients has to be 127.0.0.1 and all clients, who should be able to surf anonymously.
    With 4 MB of Ram, polipo is much less CPU intensive than with only 800 kB.

    Start tor and polipo:

    Code:
    tor & polipo -c /opt/etc/polipo/polipo.conf &

    change the proxy settings of a browser on a connected PC to:
    IPOFTHEROUTER:8118
    and surfing is more anonym.

    If you use the Firefox-Profile of JAP:
    http://anonymous-proxy-servers.net/en/jondofox/download
    you surf really anonym.


    To help others to surf anonym, you can configure Tor as a Relay:

    That for, you have to open a port in your firewall:
    Code:
    iptables -A INPUT -p tcp --dport 9001 -j ACCEPT
    And activate the relay with the following changes in torrc:
    Code:
    ORPort 9001
    RelayBandwidthRate 20 KBytes
    RelayBandwidthBurst 30 KBytes
    Cheers!

    Copter
    Attached Files Attached Files
    Last edited by wpte; 15-03-2011 at 16:18.

  2. #2

  3. #3
    Thank you, I should have gone there by myself.

  4. #4
    I'd like to put the last post into the Tutorials-Section.

    Can a mod do this? Or should I just open another thread there?


    Cheers, Copter

  5. #5
    Join Date
    Dec 2007
    Location
    The Netherlands - Eindhoven
    Posts
    1,767
    Quote Originally Posted by Copter View Post
    I'd like to put the last post into the Tutorials-Section.

    Can a mod do this? Or should I just open another thread there?


    Cheers, Copter
    moved
    works quite fine, but I think you forgot to disable the cache in polipo!
    now it's writing cache to flash

  6. #6
    Quote Originally Posted by wpte View Post
    moved
    thanks.

    Quote Originally Posted by wpte View Post
    I think you forgot to disable the cache in polipo!
    now it's writing cache to flash
    standard cache location is /opt/var/cache/polipo

    but for anonymity reasons, disabling it makes sens.

  7. #7
    wget https://svn.torproject.org/svn/torbrowser/t

    https://svn.torproject.org/svn/torbrowser/t
    Resolving svn.torproject.org (svn.torproject.org)... 2620:0:6b0:b:250:56ff:fe99:60, 38.229.70.23
    Connecting to svn.torproject.org (svn.torproject.org)|2620:0:6b0:b:250:56ff:fe99:60 |:443... failed: Network is unreachable.
    Connecting to svn.torproject.org (svn.torproject.org)|38.229.70.23|:443... connected.
    ERROR: cannot verify svn.torproject.org's certificate, issued by `/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3':
    Unable to locally verify the issuer's authority.
    To connect to svn.torproject.org insecurely, use `--no-check-certificate'.

    The same with `--no-check-certificate'.

    DEAD links.

  8. #8
    Join Date
    Dec 2007
    Location
    The Netherlands - Eindhoven
    Posts
    1,767
    Quote Originally Posted by nemnemonik View Post
    DEAD links.
    The repo has moved to git, the new link is: https://gitweb.torproject.org/torbro...ig/polipo.conf

    Also the full configuration file IS attached to the first post

  9. #9
    Join Date
    Dec 2008
    Location
    Moscow
    Posts
    83

    any guidance to configure starting up and shutting down properly?

    It would be good to know how to setup the processes at /opt/etc/init.d/

    Or I can simply place "tor & polipo -c /opt/etc/polipo/polipo.conf >> /opt/etc/tor.log" in a script under that directory?
    wl-500gp v2 + tor + polipo + барахло всякое на python

  10. #10

    install scripts for tor&polipo

    If you'd like to automatically install tor & polipo just copy-paste as such the following script to your SSH terminal for the router:
    Code:
    #!/bin/sh
    #written by ecaddict, distributed (conveyed) under GPL version 3 or any later version
    
    START=/opt/etc/init.d/S99tor
    PFILE=/opt/var/run/polipo.pid
    LFILE=/opt/var/log/polipo.log
    PCONF=/opt/etc/polipo/polipo.conf
    #user editable part end
    
    ipkg update
    ipkg install tor polipo
    mkdir -p /opt/etc/polipo
    
    cat > /opt/etc/tor/torrc << __EOF__
    SocksPort 9050 # what port to open for local application connections
    SocksListenAddress 127.0.0.1 # accept connections only from localhost
    SocksListenAddress 192.168.1.1:9050 # listen on this IP:port also
    RunAsDaemon 1
    DataDirectory /opt/var/lib/tor
    #StrictExitNodes 1
    #ExitNodes {gb}
    __EOF__
    
    cat > ${PCONF} << __EOF__
    proxyAddress = "0.0.0.0"
    proxyPort = 8118
    allowedClients = 127.0.0.1, 192.168.1.0/24, 10.8.0.0/24
    allowedPorts = 1-65535
    proxyName = "localhost"
    cacheIsShared = false
    socksParentProxy = "localhost:9050"
    socksProxyType = socks5
    chunkHighMark = 4194304 # 4M Ram Usage
    objectHighMark = 1536
    localDocumentRoot = ""
    disableLocalInterface = true
    disableConfiguration = true
    dnsUseGethostbyname = yes
    disableVia = true
    censoredHeaders = from,accept-language,x-pad,link
    censorReferer = maybe
    maxConnectionAge = 5m
    maxConnectionRequests = 120
    serverMaxSlots = 8
    serverSlots = 2
    tunnelAllowedPorts = 1-65535
    daemonise = true
    pidFile = ${PFILE}
    logFile = ${LFILE}
    logLevel = 0x03
    __EOF__
    
    cat > ${START} << __EOF__
    #!/bin/sh
    #written by ecaddict, distributed (conveyed) under GPL version 3 or any later version
    
    TNAME=/opt/bin/tor
    PNAME=/opt/bin/polipo
    CONF=${PCONF}
    EXSD=/bin/sed
    EXPS=/bin/ps
    
    if [ -z "\$1" ] ; then
        case \${0##*/} in
            S??*) rc="start" ;;
            K??*) rc="stop" ;;
            *) rc="usage" ;;
        esac
    else
        rc="\$1"
    fi
    
    TBN="\${TNAME##*/}"
    PBN="\${PNAME##*/}"
    case "\$rc" in
        start)
            if [ ! -x "\$TNAME" ]; then
              echo -e "\033[1;31m\$TBN is missing, try ipkg install \$TBN\033[0m"
              exit 1
            fi
            if [ ! -x "\$PNAME" ];then
              echo -e "\033[1;31m\$PBN is missing, try ipkg install \$PBN\033[0m"
              exit 2
            fi
            TST="\$(echo \${TNAME} | \$EXSD 's#/#\\\\/#g')"
            PST="\$(echo \${PNAME} | \$EXSD 's#/#\\\\/#g')"
            echo "Starting \$TBN and \$PBN"
            if [ -n "\$(\$EXPS | \$EXSD -n '/.*'''\$TST'''/p')" ]; then
                 echo -e "\033[1;33m\$TBN runs already\033[0m"
            else
              \${TNAME}
              sleep 1
            fi
            if [ -n "\$(\$EXPS | \$EXSD -n '/.*'''\$PST'''/p')" ]; then
                 echo -e "\033[1;33m\$PBN runs already\033[0m"
            else
              rm -f ${PFILE}
              \${PNAME} -c "\$CONF"
            fi
            ;;
        stop)
            echo "Stopping \$TBN and \$PBN"
            killall \${TNAME##*/}; killall \${PNAME##*/}
            ;;
        restart)
            echo "Restarting \$TBN and \$PBN"
            "\$0" stop
            sleep 2
            "\$0" start
            ;;
        *)
            echo "Usage: \$0 (start|stop|restart|usage)"
            ;;
    esac
    __EOF__
    chmod u+x ${START}
    ${START} start
    It will create the following files (save them if you have some of them already):
    /opt/etc/tor/torrc
    /opt/etc/polipo/polipo.conf
    /opt/etc/init.d/S99tor


    install.tar.gz

    You'll need to edit /opt/etc/tor/torrc if you have preference for exiting via tor in some country or you wish to activate the relay (check the discussion).
    In /opt/etc/polipo/polipo.conf you may wish to reduce logLevel.
    For more polipo options please check http://www.pps.jussieu.fr/~jch/softw...po/polipo.html

    My usual single line install instead:
    Code:
    cd /tmp && wget -O install.tar.gz "http://wl500g.info/attachment.php?attachmentid=8479&d=1322142484" && tar xvzf install.tar.gz && ./install.sh
    In my experience tor/polipo can use quite some memory/CPU time so if you plan to run many other programs on the router as well you may want to consider using RT-N16 or 128MB memory upgraded WL-500gPv1/WL-500W.

    If you'd like to disable automatic startup just re-name /opt/etc/init.d/S99tor to e.g. /opt/etc/init.d/DS99tor

    Enjoy!
    Last edited by ecaddict; 24-11-2011 at 13:48. Reason: fixed polipo pidfile removal

  11. #11
    Join Date
    Dec 2008
    Location
    Moscow
    Posts
    83

    looks like you are simply a sh monster

    Thanks a lot
    I managed to configure autostart, but my way was less impressive of course

    I recognized that Polipo is able to run as a daemon so I extended the command line on the following way

    /opt/bin/polipo -c /opt/etc/polipo/polipo.conf daemonise=true pidFile=/opt/var/lock/polipo logFile=/opt/etc/polipo/polipo.log logLevel=0xFF

    So probably it is more natural way to do it instead of using nohup.
    I don't know actually, just guess. But it works for me.


    And one more thing... the message "Warning: Your system has very few filedescriptors available in total..."

    Do you handle that somehow specially via ulimit? Or you simply ignore it.
    I would like to know the expert opinion on that
    wl-500gp v2 + tor + polipo + барахло всякое на python

  12. #12
    Thank you for the tip, I've updated the scripts.
    I don't have any file descriptors related warning (RT-N16/reasonable size HDD/latest Oleg).

  13. #13
    Join Date
    Dec 2008
    Location
    Moscow
    Posts
    83

    [warn] You are running Tor as root. You don't need to, and you probably shouldn't.

    Should we also take care of that warning? Is it done by using "su" command in /opt/etc/init.d/S99tor


    And I know why you have file descriptors related warning - because you don't reuse original init script, which comes with ipkg installation.
    Meanwhile it contains the following check with no clear purpose for me:

    Code:
    # Let's try to figure our some sane defaults:
    if [ -r /proc/sys/fs/file-max ]; then
    	system_max=`cat /proc/sys/fs/file-max`
    	if [ "$system_max" -gt "80000" ] ; then
    		MAX_FILEDESCRIPTORS=32768
    	elif [ "$system_max" -gt "40000" ] ; then
    		MAX_FILEDESCRIPTORS=16384
    	elif [ "$system_max" -gt "10000" ] ; then
    		MAX_FILEDESCRIPTORS=8192
    	else
    		MAX_FILEDESCRIPTORS=1024
    		cat << EOF
    Warning: Your system has very few filedescriptors available in total.
    ...
    ... bla bla bla half of the screen
    ...
    EOF
    	fi
    else
    	MAX_FILEDESCRIPTORS=8192
    fi
    I just commented it out guessing it isn't important.
    wl-500gp v2 + tor + polipo + барахло всякое на python

  14. #14
    I could not find any init script coming with the installation (that's why I've created one) and in fact it does not seem necessary as after ipkg install it was ready to run.
    The reason why I like init scripts is that in this way all optware running from the USB can be stopped and USB storage unplugged without stopping the router.
    Just to check that I remember right I've downloaded the tor .ipkg file from the Oleg repo (http://ipkg.nslu2-linux.org/feeds/op.../cross/stable/) and renamed the .ipkg to .tar.gz (if someone does not know in this way any commander can look to it).
    After this I've listed the files with the following command:
    Code:
    tar -xvzf tor_0.2.2.32-1_mipsel.tar.gz && tar -ztvf control.tar.gz && tar -ztvf data.tar.gz
    It seem to contain the following files:
    Code:
    /opt/
    /opt/bin/
    /opt/bin/tor
    /opt/bin/tor-gencert
    /opt/bin/tor-resolve
    /opt/bin/torify
    /opt/etc/
    /opt/etc/tor/
    /opt/etc/tor/tor-tsocks.conf
    /opt/etc/tor/torrc.sample
    /opt/share/
    /opt/share/doc/
    /opt/share/doc/tor/
    /opt/share/doc/tor/tor-gencert.html
    /opt/share/doc/tor/tor-resolve.html
    /opt/share/doc/tor/tor.html
    /opt/share/doc/tor/torify.html
    /opt/share/man/
    /opt/share/man/man1/
    I did not want to make it more complex as absolutely necessary as I even though I have user management related programs on the router (heavily underutilized) most users don't, but everyone is encouraged to make such enhancements.

Similar Threads

  1. Новая прошивка 1.9.2.7-d/-rtn от энтузиастов и Олега
    By lly in forum Russian Discussion - РУССКИЙ (RU)
    Replies: 5901
    Last Post: 16-11-2020, 09:31
  2. [How to] rtorrent & ntorrent
    By mancub in forum WL-500gP Tutorials
    Replies: 101
    Last Post: 18-12-2008, 07:21
  3. [HOW TO] Bluetooth in wl500g
    By TIk in forum WL-500g/WL-500gx Tutorials
    Replies: 1
    Last Post: 17-09-2008, 21:38
  4. [How To] Upgrade your Oleg firmware
    By wirespot in forum WL-500gP Tutorials
    Replies: 7
    Last Post: 21-07-2008, 16:38
  5. Replies: 0
    Last Post: 24-01-2007, 02:54

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •