I thought I'd share what I could recall of having setup my LEAF router to support tor routing. It's pretty easy to setup and works very well IMO.
tor written by the kind folks at EFF and is discussed here: - https://secure.wikimedia.org/wikipedia/en/wiki/Tor_%28anonymity_network%29 - https://www.torproject.org/overview.html.en Two preliminary notes: a) contrary to what is listed as all the dependency LRP's for the tor.lrp package, privoxy.lrp is NOT required. b) the tor version *listed* on the Packages page didn't get updated congruent with KP's June 2010 executable update - though it says "Version: 0.2.0.33 Rev 2 uClibc 0.9.28" it should actually read "Version: 0.2.1.26 Rev 2 uClibc 0.9.28" (the "tor.version" file in tor.lrp correctly identifies this) This version is, as of June 2010, the current version of the tor code. (PS, should I put in a vote for 'tor working under BuC v4' going onto the list? : ) ==================================== Wow, am I the only person using tor on a LEAF router? Couldn't find any discussion in this or -devel list about it?! Here's my experience: - I'm installing the tor package onto my LEAF router which is BuC v3.1.1 beta3 - router is addy 192.168.0.254 on the internal, LAN interface - I'll be wanting to control it (using tor's ControlPort) from a Windows XP PC on my internal LAN - I'll be wanting to browse the web via this tor daemon, from that Win box, by way of a SOCKS proxy configured in Google's Chrome browser - All done: it's pretty easy to setup and 'just works'. I'm tickled so far. - I didn't use privoxy - it'll be easier for anyone to setup tor without privoxy (at least at first, for isolating any problems) To users, here's a sort of walk-thru to get tor up and running... ---- Aside: Using a windows-based config/monitoring client called Vidalia (from the makers of tor) I can connect to the tor daemon and perform rudimentary monitoring and control tasks (all features of Vidalia except the 'map' work - I can 'ChangeMyIdentity' as well as monitor total bandwidth in/out of the tor daemon) ---- Aside: Note that in the config if there's no password set (by way of parm 'HashedControlPassword') on the Control Port that no *remote* machine can connect to the control port Let's setup now: ---- so have a running LEAF router ---- install the tor package via: apkg -i tor ---- edit* [see below] the tor config file via the usual lrcfg proggie ---- edit shorewall rules to permit LAN traffic on ports 9051 & 9100/9200 (and internet-facing traffic on 9001 if acting as a MiddleMan or Exit node). ---- "Save configuration" via lrcfg ---- adjust leaf package list to include tor.lrp PLUS dependencies: tor.lrp libssl.lrp libcrpto.lrp lpthread.lrp libz.lrp libevent.lrp privoxy.lrp (not actually required tho) ---- now boot router to reload all packages incl tor I use Google Chrome to browse via tor and must tell it to use the proxy via a command-line switch (I'm using the incognito mode too, as you can see): "C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -incognito --proxy-server="socks5://192.168.0.254:9200" If using IE then I think that these settings will work to setup the socks proxy: - in IE to configure SOCKS proxy use: ---- under menu Tools/Options/tab=Connections/LANsettings ---- place checkmark in "Use a proxy server for your LAN (These settings..." ---- click Advanced button ---- have all "Proxy address to use" settings blank EXCEPT for "Socks:" and set that to "192.168.0.254" (or your LEAF router's hostname), and the "Port " setting for SOCKS to be "9100" (or 9200). ---- UNcheck the setting "Use the same proxy server for all protocols" ---- Click ok to save settings. - At this point you should be able to use Chrome/IE on your Windows PC to browse the web via the tor daemon on your LEAF box - try visiting https://check.torproject.org/ since it'll tell you if you are connected via tor or not. If so then you now have a tor 'server', running as a client into the tor network. Though you're now running as a 'client', meaning your own TCP traffic (socks proxied to port 9100/92000) is anonymized, you're not yet contributing back to the tor community by being a "Middleman node" or even an "Exit node". To get into that maybe start by reading at: http://en.linuxreviews.org/HOWTO_setup_a_Tor-server ======================================== About Vidalia to control your tor daemon: - If you'd like to use the nifty Vidalia GUI in Windows (probably linux too) to control/monitor your tor daemon here's how: ---- one caveat - Vidalia re-writes the /etc/tor/torrc file on the router and thus removes any comments & prettifying ... so BE WARNED ---- In general, Vidalia is designed to be run on the same PC as a Windows/Linux version of the tor daemon, which we're NOT doing, so we need to kludge it to support a *remote* server ---- install Vidalia; find it here: http://www.torproject.org/vidalia/dist/vidalia-0.2.9.msi ---- run it, go into its settings ---- tab=general; section=tor; change the tor exe to be "cmd.exe" (no quotes) ---- remove checkmarks from both 'auto-run' options if so desired - no harm in leaving them active though ---- tab=advanced; section=ControlPort -------- address=192.168.0.254 : 9051 -------- Authentication=Password -------- Remove checkmark from RandomlyGenerate -------- enter the my_chosen_password you used in the "tor --hash-password" command previously ---- click ok to save settings ---- now click on StartTor button ---- Caution: if you use the 'Stop Tor' button on Vidalia you'll have to manually restart tor on the LEAF router (e.g. via 'svi tor restart') ---- Vidalia seems to work and be possibly useful - bandwidth graph & counter works, UseANewIdentity too, though the map ("View the Network") doesn't ======================================== *: edits needed in /etc/tor/torrc config file... ---- my setup: change setting "SocksPort" to be "9200" to avoid conflict with package p9100 using, yep, port 9100 (tor's default for non-local clients) "SocksListenAddress 192.168.0.254:9200" ... so use :9100 or :9200 as required but definitely uncomment that line to gain remote access into tor's Control Port ---- uncomment line "Log notice syslog" to get safe, basic logging (use "Log debug syslog" for verbose logging, INCL *secrets* used) ---- VERY IMPORTANT: uncomment line: "RunAsDaemon 1" or the tor executable will block the router's bootup sequence ---- I changed & uncommented so as to have this line active: "DataDirectory /tmp/tor" -------- the default DataDirectory dir (if none is specified) is /usr/var/lib/tor which is kinda icky -------- whatever dir you use, I had? to PRE-create this dir to keep tor happy -------- tor will quickly place 3-4MB of data into that dir so be wary of your freespace (I found no config option for tor to adjust this) -------- if you want to adjust the size of tmp drive, etc, use vars 'syst_size=16M log_size=4M tmp_size=8M' (e.g. for 32 MB box) in the leaf.cfg file (or maybe syslinux.cfg?) ---- activate tor's Control Port by uncommenting the line: "ControlPort 9051" ---- I want to connect into the tor daemon by way of 192.168.0.254 addy on the LEAF router so we have tor listen on that addy via adding line: "ControlListenAddress 192.168.0.254" ---- I then MUST have a password when connecting to the Control Port (tor won't let me connect in to the Control Port from a *remote* box if there's no password set) -------- I generate the needed 'hashed-password' by invoking this command on the LEAF box: "tor --hash-password my_chosen_password" -------- I create in the tor config file the line: "HashedControlPassword 16:HASH_CODE" that was output from the command above ---- that all in, gives this as a minimal setup tor setup... HashedControlPassword 16:HASH_CODE SocksPort 9200 # what port to open for relaying SocksListenAddress 127.0.0.1 # accept connections only from localhost SocksListenAddress 192.168.0.254:9200 # listen on a chosen IP/port too Log notice syslog RunAsDaemon 1 DataDirectory /tmp/tor ControlPort 9051 ControlListenAddress 192.168.0.254 ======================================== Sorry about the chaos of this brain dump, hopefully this gets anyone past any hurdles though. My browsing performance is fine to slow, depending on which tor MiddleMen routers my packets are traversing. Google frequently has me do a captcha for searches or youtube but they're surprisingly easy and only a small nuisance. Myself I'm very pleased with my new tor setup (being that I'm happy to lose some speed/convenience in exchange for some anonymity) and am happy to contribute a little back to the tor community by way of being a "Middleman node" ... soon to be an "Exit node". Thanks of course to all for your contributions to LEAF, and esp KP for compiling the updated version of tor. ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
