> Besides some extra torrc entries, only a few simple firewall rules are > needed. Not so simple firewall rules. You must avoid Tor inside Tor (worse privacy than Tor only), so if one of the user already use Tor (Tor browser or native client), you donât want to re- torify his traffic. Only feasible with 2 access points (1 for naked client, 1 for already Tor user), or better (avoid explanation/rtfm for the users) with ipset rules to discriminate traffic. And if ipset, need some smart script (python + stem) to regenerate rules regularly from Tor consensus. AFAIK, small router (as Olimex) donât have RTC, so your clock is borked at boot time and must be set manually if you want your Tor client be able to connect (donât support clock drift more than few hours). And then, for a fully automated not-savy user targeted device, and more difficult if you want no no-Tor traffic at all (NTP forbidden because of UDP), you need some others tricks like htpdate or inotify, requiring perl and python. > I can also assure you that Tor works quite well on the router hardware > mentioned above. I'm only playing with the hardware but I have not > encountered any problems yet. Performance is OK too. Problem is not to have working Tor client with transparent proxying, but **correct** working Tor client with **correct** transparent proxying. Or youâre just doing a yet-another-anonabox-craps. With few MB of memory and MHz of CPU, you just have enough to run a standalone Tor client, all others things (ipset, python, stem, perl, ca-certificates, web server for webUI configâ) canât fit inside. And you have problem for Tor upgrade too (not possible on OpenWRT without tech skills and reflash). Regards, -- Aeris Individual crypto-terrorist group self-radicalized on the digital Internet https://imirhil.fr/ Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://cafÃ-vie-privÃe.fr/
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk