Am 2016-03-15 um 19:07 schrieb Rusty Bird: > Hi Martin, > >> I try to configure OpenWRT in a way that it will only allow outgoing >> connections if it is Tor. Basically it is the opposite of "blacklisting >> exit relays on servers": "whitelisting (guard) relays for clients". It >> should *not* run Tor itself. > > Maybe corridor would work for you: https://github.com/rustybird/corridor > > You could point it at a Tor control port somewhere in your network if > running tor on OpenWRT (just to fetch the networkstatus consensus > documents every 1-2 hours) is impossible. Thanks, I'll have a look at it! > >> What did *not* work, was starting Torbrowser. That's a hard requirement, >> and before bebugging it through I ask: Do I miss something when I just >> allow outgoing connections to >> >> * Guard, >> * Authority, > > But the authority IP addresses hardcoded in the Tor client source code > differ from the authority IP addresses published in the networkstatus > consensus... > > https://github.com/rustybird/corridor/commit/a56d751df399ab1c54f64b0d4dc59f732dc0adc3 > >> * and HSDir flagged relays (do I *need* them? that's a different >> question probably) > > AFAICT, regular clients only make connections to authorities and guards. > > Rusty >
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev