Hi; thx for your comprehensive feedback!
Am Mittwoch, 8. September 2010, 13:20:51 schrieb TF !: > I thought I'd share what I could recall of having setup my LEAF router to > support tor routing. It's pretty easy to setup and works very well IMO. > > tor written by the kind folks at EFF and is discussed here: > - > https://secure.wikimedia.org/wikipedia/en/wiki/Tor_%28anonymity_network%29 > - https://www.torproject.org/overview.html.en > > Two preliminary notes: > a) contrary to what is listed as all the dependency LRP's for the tor.lrp > package, privoxy.lrp is NOT required. > b) the tor version *listed* on the Packages page didn't get updated > congruent with KP's June 2010 executable update - though it says > "Version: 0.2.0.33 Rev 2 uClibc 0.9.28" > it should actually read > "Version: 0.2.1.26 Rev 2 uClibc 0.9.28" > (the "tor.version" file in tor.lrp correctly identifies this) > > This version is, as of June 2010, the current version of the tor code. Both (minor) issues has been corrected with todays update of the "Packages 3.x" page. > (PS, should I put in a vote for 'tor working under BuC v4' going onto the > list? : ) The 2.1.26 version compiles without errors and at least starts in my qemu test environment, though it hasn't to do real work... kp > ==================================== > > Wow, am I the only person using tor on a LEAF router? Couldn't find any > discussion in this or -devel list about it?! > > Here's my experience: > - I'm installing the tor package onto my LEAF router which is BuC v3.1.1 > beta3 > - router is addy 192.168.0.254 on the internal, LAN interface > - I'll be wanting to control it (using tor's ControlPort) from a Windows XP > PC on my internal LAN > - I'll be wanting to browse the web via this tor daemon, from that Win box, > by way of a SOCKS proxy configured in Google's Chrome browser > - All done: it's pretty easy to setup and 'just works'. I'm tickled so far. > - I didn't use privoxy - it'll be easier for anyone to setup tor without > privoxy (at least at first, for isolating any problems) > > To users, here's a sort of walk-thru to get tor up and running... > ---- Aside: Using a windows-based config/monitoring client called Vidalia > (from the makers of tor) I can connect to the tor daemon and perform > rudimentary monitoring and control tasks (all features of Vidalia except > the 'map' work - I can 'ChangeMyIdentity' as well as monitor total > bandwidth in/out of the tor daemon) > ---- Aside: Note that in the config if there's no password set (by way of > parm 'HashedControlPassword') on the Control Port that no *remote* machine > can connect to the control port > > Let's setup now: > ---- so have a running LEAF router > ---- install the tor package via: apkg -i tor > ---- edit* [see below] the tor config file via the usual lrcfg proggie > ---- edit shorewall rules to permit LAN traffic on ports 9051 & 9100/9200 > (and internet-facing traffic on 9001 if acting as a MiddleMan or Exit > node). ---- "Save configuration" via lrcfg > ---- adjust leaf package list to include tor.lrp PLUS dependencies: > tor.lrp > libssl.lrp > libcrpto.lrp > lpthread.lrp > libz.lrp > libevent.lrp > privoxy.lrp (not actually required tho) > ---- now boot router to reload all packages incl tor > > I use Google Chrome to browse via tor and must tell it to use the proxy via > a command-line switch (I'm using the incognito mode too, as you can see): > "C:\Documents and Settings\Name\Local Settings\Application > Data\Google\Chrome\Application\chrome.exe" -incognito > --proxy-server="socks5://192.168.0.254:9200" > > If using IE then I think that these settings will work to setup the socks > proxy: > - in IE to configure SOCKS proxy use: > ---- under menu Tools/Options/tab=Connections/LANsettings > ---- place checkmark in "Use a proxy server for your LAN (These > settings..." ---- click Advanced button > ---- have all "Proxy address to use" settings blank EXCEPT for "Socks:" and > set that to "192.168.0.254" (or your LEAF router's hostname), and the "Port > " setting for SOCKS to be "9100" (or 9200). > ---- UNcheck the setting "Use the same proxy server for all protocols" > ---- Click ok to save settings. > > - At this point you should be able to use Chrome/IE on your Windows PC to > browse the web via the tor daemon on your LEAF box - try visiting > https://check.torproject.org/ since it'll tell you if you are connected via > tor or not. If so then you now have a tor 'server', running as a client > into the tor network. > > Though you're now running as a 'client', meaning your own TCP traffic > (socks proxied to port 9100/92000) is anonymized, you're not yet > contributing back to the tor community by being a "Middleman node" or even > an "Exit node". > > To get into that maybe start by reading at: > http://en.linuxreviews.org/HOWTO_setup_a_Tor-server > ======================================== > > About Vidalia to control your tor daemon: > - If you'd like to use the nifty Vidalia GUI in Windows (probably linux > too) to control/monitor your tor daemon here's how: > ---- one caveat - Vidalia re-writes the /etc/tor/torrc file on the router > and thus removes any comments & prettifying ... so BE WARNED > ---- In general, Vidalia is designed to be run on the same PC as a > Windows/Linux version of the tor daemon, which we're NOT doing, so we need > to kludge it to support a *remote* server > ---- install Vidalia; find it here: > http://www.torproject.org/vidalia/dist/vidalia-0.2.9.msi > ---- run it, go into its settings > ---- tab=general; section=tor; change the tor exe to be "cmd.exe" (no > quotes) > ---- remove checkmarks from both 'auto-run' options if so desired - no harm > in leaving them active though > ---- tab=advanced; section=ControlPort > -------- address=192.168.0.254 : 9051 > -------- Authentication=Password > -------- Remove checkmark from RandomlyGenerate > -------- enter the my_chosen_password you used in the "tor --hash-password" > command previously > ---- click ok to save settings > ---- now click on StartTor button > ---- Caution: if you use the 'Stop Tor' button on Vidalia you'll have to > manually restart tor on the LEAF router (e.g. via 'svi tor restart') > ---- Vidalia seems to work and be possibly useful - bandwidth graph & > counter works, UseANewIdentity too, though the map ("View the Network") > doesn't > > ======================================== > > *: edits needed in /etc/tor/torrc config file... > ---- my setup: change setting "SocksPort" to be "9200" to avoid conflict > with package p9100 using, yep, port 9100 (tor's default for non-local > clients) > "SocksListenAddress 192.168.0.254:9200" ... so use :9100 or :9200 as > required but definitely uncomment that line to gain remote access into > tor's Control Port > ---- uncomment line "Log notice syslog" to get safe, basic logging (use > "Log debug syslog" for verbose logging, INCL *secrets* used) > ---- VERY IMPORTANT: uncomment line: "RunAsDaemon 1" or the tor executable > will block the router's bootup sequence > ---- I changed & uncommented so as to have this line active: "DataDirectory > /tmp/tor" > -------- the default DataDirectory dir (if none is specified) is > /usr/var/lib/tor which is kinda icky > -------- whatever dir you use, I had? to PRE-create this dir to keep tor > happy > -------- tor will quickly place 3-4MB of data into that dir so be wary of > your freespace (I found no config option for tor to adjust this) > -------- if you want to adjust the size of tmp drive, etc, use vars > 'syst_size=16M log_size=4M tmp_size=8M' (e.g. for 32 MB box) in the > leaf.cfg file (or maybe syslinux.cfg?) > ---- activate tor's Control Port by uncommenting the line: "ControlPort > 9051" > ---- I want to connect into the tor daemon by way of 192.168.0.254 addy on > the LEAF router so we have tor listen on that addy via adding line: > "ControlListenAddress 192.168.0.254" > ---- I then MUST have a password when connecting to the Control Port (tor > won't let me connect in to the Control Port from a *remote* box if there's > no password set) > -------- I generate the needed 'hashed-password' by invoking this command > on the LEAF box: "tor --hash-password my_chosen_password" > -------- I create in the tor config file the line: "HashedControlPassword > 16:HASH_CODE" that was output from the command above > ---- that all in, gives this as a minimal setup tor setup... > HashedControlPassword 16:HASH_CODE > SocksPort 9200 # what port to open for > relaying > SocksListenAddress 127.0.0.1 # accept connections only > from localhost > SocksListenAddress 192.168.0.254:9200 # listen on a chosen > IP/port too > Log notice syslog > RunAsDaemon 1 > DataDirectory /tmp/tor > ControlPort 9051 > ControlListenAddress 192.168.0.254 > ======================================== > > Sorry about the chaos of this brain dump, hopefully this gets anyone past > any hurdles though. > > My browsing performance is fine to slow, depending on which tor MiddleMen > routers my packets are traversing. Google frequently has me do a captcha > for searches or youtube but they're surprisingly easy and only a small > nuisance. > > Myself I'm very pleased with my new tor setup (being that I'm happy to lose > some speed/convenience in exchange for some anonymity) and am happy to > contribute a little back to the tor community by way of being a "Middleman > node" ... soon to be an "Exit node". > > Thanks of course to all for your contributions to LEAF, and esp KP for > compiling the updated version of tor. > --------------------------------------------------------------------------- > --- This SF.net Dev2Dev email is sponsored by: > > Show off your parallel programming skills. > Enter the Intel(R) Threading Challenge 2010. > http://p.sf.net/sfu/intel-thread-sfd > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/