Difference between revisions of "Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Tor"

From bering-uClibc
Jump to: navigation, search
m (create skeleton)
 
m (Configure Privoxy)
 
(20 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{| summary="Navigation header" width="100%"
 
{| summary="Navigation header" width="100%"
! colspan="3" align="center" | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Remote Monitoring|Advanced Topics - Setting Up Tor]]
+
! colspan="3" align="center" | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Tor|Advanced Topics - Setting Up Tor]]
 
|-
 
|-
 
| width="20%" align="left"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Universal Plug and Play|Prev]]
 
| width="20%" align="left"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Universal Plug and Play|Prev]]
 
! width="60%" align="center" | [[Bering-uClibc 4.x - User Guide]]
 
! width="60%" align="center" | [[Bering-uClibc 4.x - User Guide]]
| width="20%" align="right"  |  
+
| width="20%" align="right"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Remote Monitoring|Next]]
 
|}
 
|}
 
----
 
----
 +
 +
=== What is Tor? ===
 +
 +
Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.
 +
 +
You can configure Tor to run either as a [http://en.wikipedia.org/wiki/SOCKS SOCKS] proxy or, together with the privoxy Package, as HTTP/S proxy.
 +
Both methods are described below.
 +
 +
=== Load the necessary package to run Tor ===
 +
 +
To run <code class="filename">tor</code> on your router you need to load the following Packages in <code class="filename">leaf.cfg</code>:
 +
 +
* <code class="filename">tor.lrp</code>
 +
* <code class="filename">libssl.lrp</code>
 +
* <code class="filename">libcrpto.lrp</code>
 +
* <code class="filename">lpthread.lrp</code>
 +
* <code class="filename">libz.lrp</code>
 +
* <code class="filename">libevent.lrp</code>
 +
* <code class="filename">privoxy.lrp</code> (only required, if you want to run tor with a http/s proxy instead of a SOCKS proxy)
 +
 +
=== Using Tor as SOCKS proxy ===
 +
This section is based on a mail to leaf-user mailinglist by  "TF !" <torfeedback@googlemail.com>.
 +
==== Configure Tor ====
 +
The tor configuration assumes that you want a control port on 9051 and use port 9200 as proxy port. The standard port for tor socks support is 9100, which interferes with the p910nd Package that uses the same port. It is also assumed that you don't want to run an tor exit node.
 +
 +
For a usable tor configuration you only need to edit <code class="filename">/etc/tor/torrc</code> and copy the following content (adjust the IP addresses and ports to fit your needs):
 +
 +
HashedControlPassword  hash code          # see below
 +
SocksPort              9200              # what port to open for relaying
 +
SocksListenAddress      127.0.0.1          # accept connections only from l
 +
SocksListenAddress      192.168.1.254:9200 # listen on a chosen IP/port to
 +
Log notice syslog                          # write log entries to /var/log/dameon.log                               
 +
RunAsDaemon 1                              # run daemonized - IMPORTANT- otherwise it may block your boot sequence!
 +
DataDirectory /tmp/tor                                                 
 +
ControlPort            9051              # the control port                                             
 +
ControlListenAddress    192.168.1.254      # listen only on lan interface
 +
 +
The HashedControlPassword can be generated from the command line with tor.
 +
# tor --hash-password yourpassword
 +
16:2907033A19AA3D2060D0C1C0D8C5AB6942E23F393B612BC8B547DBA19B
 +
 +
Copy the result and replace "hash code" in <code class="filename">/etc/tor/torrc</code> with it.
 +
 +
==== Configure your web browser ====
 +
To access the Internet via tor, enable the proxy configuration using socks for your preferred browser and point it to your routers LAN address at port 9200.
 +
 +
==== Configure shorewall ====
 +
Edit <code class="filename">/etc/shorewall/rules</code> to open the necessary ports.
 +
# tor outgoing connections
 +
ACCEPT        fw        net          tcp      443
 +
ACCEPT        fw        net          tcp      9090
 +
ACCEPT        fw        net          tcp      9001
 +
# tor socks ports
 +
ACCEPT        loc      fw          tcp      9051
 +
ACCEPT        loc      fw          tcp      9200
 +
 +
Save your configuration and restart shorewall and tor.
 +
 +
==== Check if it works ====
 +
Navigate your browser to [https://check.torproject.org check.torproject.org].
 +
With a proper setup you'll get a page announcing:
 +
 +
''Congratulations. Your browser is configured to use Tor''
 +
plus some additional information.
 +
 +
If it doesn't work, you'll see:
 +
 +
''Sorry. You are not using Tor.''
 +
 +
=== Using Tor as HTTP/S proxy ===
 +
==== Configure Tor ====
 +
Use the configuration as provided with the <code class="filename">tor</code> Package.
 +
==== Configure Privoxy ====
 +
Change the configuration directive ''listen-address'' in <code class="filename">/etc/privoxy/config</code> to enable <code class="filename">privoxy</code> listening on routers LAN interface at port 8118:
 +
 +
# Your local interface
 +
listen-address  192.168.10.254:8118
 +
 +
Also add the following line to <code class="filename">/etc/privoxy/config</code>:
 +
# Tor listens as a SOCKS4a proxy here:
 +
forward-socks4a / 127.0.0.1:9050 .  <-- note the dot at the end!
 +
 +
==== Configure your web browser ====
 +
To access the Internet via tor, enable the proxy configuration for your preferred browser and point it to your routers LAN address at port 8118.
 +
==== Configure shorewall ====
 +
 +
Edit the shorewall rules (<code class="filename">/etc/shorewall/rules</code>) and open the port 8118 on your firewall for access from the LAN to your proxy server. Additionally open the firewall to allow traffic from the router to the net zone for the usual <code class="filename">tor</code> ports (9001-9033).
 +
 +
# access privoxy proxy from LAN
 +
ACCEPT        loc      fw            tcp      8118
 +
# tor ports fw to net zone                                                               
 +
ACCEPT        fw        net          tcp      9001:9033
 +
 +
==== Check if it works ====
 +
Navigate your browser to [https://check.torproject.org check.torproject.org].
 +
With a proper setup you'll get a page announcing:
 +
 +
''Congratulations. Your browser is configured to use Tor''
 +
plus some additional information.
 +
 +
If it doesn't work, you'll see:
 +
 +
''Sorry. You are not using Tor.''
 +
 +
=== Additional reading ===
 +
* [https://www.torproject.org/about/overview.html.en Tor overview]
 +
* [http://www.wired.com/politics/security/news/2007/09/embassy_hacks?currentPage=1 The embassy hack]
 +
----
 +
{| summary="Navigation footer" width="100%"
 +
| width="40%" align="left"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Universal Plug and Play|Prev]]
 +
| width="20%" align="center" | [[Bering-uClibc 4.x - User Guide - Advanced Topics|Up]]
 +
| width="40%" align="right"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Remote Monitoring|Next]]
 +
|}
 +
 +
[[Category:Bering-uClibc_4.x]]
 +
[[Category:User_Guide]]

Latest revision as of 15:44, 15 March 2012

Advanced Topics - Setting Up Tor
Prev Bering-uClibc 4.x - User Guide Next

What is Tor?

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

You can configure Tor to run either as a SOCKS proxy or, together with the privoxy Package, as HTTP/S proxy. Both methods are described below.

Load the necessary package to run Tor

To run tor on your router you need to load the following Packages in leaf.cfg:

  • tor.lrp
  • libssl.lrp
  • libcrpto.lrp
  • lpthread.lrp
  • libz.lrp
  • libevent.lrp
  • privoxy.lrp (only required, if you want to run tor with a http/s proxy instead of a SOCKS proxy)

Using Tor as SOCKS proxy

This section is based on a mail to leaf-user mailinglist by "TF !" <torfeedback@googlemail.com>.

Configure Tor

The tor configuration assumes that you want a control port on 9051 and use port 9200 as proxy port. The standard port for tor socks support is 9100, which interferes with the p910nd Package that uses the same port. It is also assumed that you don't want to run an tor exit node.

For a usable tor configuration you only need to edit /etc/tor/torrc and copy the following content (adjust the IP addresses and ports to fit your needs):

HashedControlPassword   hash code          # see below
SocksPort               9200               # what port to open for relaying
SocksListenAddress      127.0.0.1          # accept connections only from l
SocksListenAddress      192.168.1.254:9200 # listen on a chosen IP/port to
Log notice syslog                          # write log entries to /var/log/dameon.log                                
RunAsDaemon 1                              # run daemonized - IMPORTANT- otherwise it may block your boot sequence!
DataDirectory /tmp/tor                                                   
ControlPort             9051               # the control port                                               
ControlListenAddress    192.168.1.254      # listen only on lan interface

The HashedControlPassword can be generated from the command line with tor.

# tor --hash-password yourpassword
16:2907033A19AA3D2060D0C1C0D8C5AB6942E23F393B612BC8B547DBA19B

Copy the result and replace "hash code" in /etc/tor/torrc with it.

Configure your web browser

To access the Internet via tor, enable the proxy configuration using socks for your preferred browser and point it to your routers LAN address at port 9200.

Configure shorewall

Edit /etc/shorewall/rules to open the necessary ports.

# tor outgoing connections 
ACCEPT        fw        net           tcp      443
ACCEPT        fw        net           tcp      9090
ACCEPT        fw        net           tcp      9001
# tor socks ports
ACCEPT        loc       fw           tcp       9051
ACCEPT        loc       fw           tcp       9200

Save your configuration and restart shorewall and tor.

Check if it works

Navigate your browser to check.torproject.org. With a proper setup you'll get a page announcing:

Congratulations. Your browser is configured to use Tor plus some additional information.

If it doesn't work, you'll see:

Sorry. You are not using Tor.

Using Tor as HTTP/S proxy

Configure Tor

Use the configuration as provided with the tor Package.

Configure Privoxy

Change the configuration directive listen-address in /etc/privoxy/config to enable privoxy listening on routers LAN interface at port 8118:

# Your local interface
listen-address  192.168.10.254:8118 

Also add the following line to /etc/privoxy/config:

# Tor listens as a SOCKS4a proxy here:
forward-socks4a / 127.0.0.1:9050 .  <-- note the dot at the end!

Configure your web browser

To access the Internet via tor, enable the proxy configuration for your preferred browser and point it to your routers LAN address at port 8118.

Configure shorewall

Edit the shorewall rules (/etc/shorewall/rules) and open the port 8118 on your firewall for access from the LAN to your proxy server. Additionally open the firewall to allow traffic from the router to the net zone for the usual tor ports (9001-9033).

# access privoxy proxy from LAN
ACCEPT        loc       fw            tcp      8118
# tor ports fw to net zone                                                                 
ACCEPT        fw        net           tcp      9001:9033 

Check if it works

Navigate your browser to check.torproject.org. With a proper setup you'll get a page announcing:

Congratulations. Your browser is configured to use Tor plus some additional information.

If it doesn't work, you'll see:

Sorry. You are not using Tor.

Additional reading


Prev Up Next