[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] transparent tor routers



> Besides some extra torrc entries, only a few simple firewall rules are
> needed.

Not so simple firewall rules.

You must avoid Tor inside Tor (worse privacy than Tor only), so if one of the 
user already use Tor (Tor browser or native client), you donât want to re-
torify his traffic.
Only feasible with 2 access points (1 for naked client, 1 for already Tor 
user), or better (avoid explanation/rtfm for the users) with ipset rules to 
discriminate traffic.
And if ipset, need some smart script (python + stem) to regenerate rules 
regularly from Tor consensus.

AFAIK, small router (as Olimex) donât have RTC, so your clock is borked at 
boot time and must be set manually if you want your Tor client be able to 
connect (donât support clock drift more than few hours).
And then, for a fully automated not-savy user targeted device, and more 
difficult if you want no no-Tor traffic at all (NTP forbidden because of UDP), 
you need some others tricks like htpdate or inotify, requiring perl and 
python.

> I can also assure you that Tor works quite well on the router hardware
> mentioned above. I'm only playing with the hardware but I have not
> encountered any problems yet. Performance is OK too.

Problem is not to have working Tor client with transparent proxying, but 
**correct** working Tor client with **correct** transparent proxying.
Or youâre just doing a yet-another-anonabox-craps.

With few MB of memory and MHz of CPU, you just have enough to run a standalone 
Tor client, all others things (ipset, python, stem, perl, ca-certificates, web 
server for webUI configâ) canât fit inside.

And you have problem for Tor upgrade too (not possible on OpenWRT without tech 
skills and reflash).

Regards,
-- 
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://cafÃ-vie-privÃe.fr/

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk