Hi Martin, > I try to configure OpenWRT in a way that it will only allow outgoing > connections if it is Tor. Basically it is the opposite of "blacklisting > exit relays on servers": "whitelisting (guard) relays for clients". It > should *not* run Tor itself. Maybe corridor would work for you: https://github.com/rustybird/corridor You could point it at a Tor control port somewhere in your network if running tor on OpenWRT (just to fetch the networkstatus consensus documents every 1-2 hours) is impossible. > What did *not* work, was starting Torbrowser. That's a hard requirement, > and before bebugging it through I ask: Do I miss something when I just > allow outgoing connections to > > * Guard, > * Authority, But the authority IP addresses hardcoded in the Tor client source code differ from the authority IP addresses published in the networkstatus consensus... https://github.com/rustybird/corridor/commit/a56d751df399ab1c54f64b0d4dc59f732dc0adc3 > * and HSDir flagged relays (do I *need* them? that's a different > question probably) AFAICT, regular clients only make connections to authorities and guards. Rusty
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev