Tor on the OLPC: Working as a server!
I purchased an OLPC from the buy one get one program last year. After waiting nearly 5 months, FedEX brought it! I used the terminal program and ran `su -` before running the commands below. Anyone attempting this could also use ssh to login to the machine. Set a password for the olpc user first. I highly suggest firewalling the olpc, it runs many things as root! It's just waiting for all the world to contact it. -bash-3.2# cat /etc/redhat-release Fedora release 7 (Moonshine) -bash-3.2# uname -a Linux xo-10-DA-61.localdomain 2.6.22-20071121.7.olpc.af3dd731d18bc39 #1 PREEMPT Wed Nov 21 00:39:06 EST 2007 i586 i586 i386 GNU/Linux -bash-3.2# cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 5 model : 10 model name : Geode(TM) Integrated Processor by AMD PCS stepping: 2 cpu MHz : 430.936 cache size : 128 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu de pse tsc msr cx8 sep pge cmov clflush mmx mmxext 3dnowext 3dnow bogomips: 862.97 clflush size: 32 -bash-3.2# free total used free sharedbuffers cached Mem:237848 184084 53764 0 0 58268 -/+ buffers/cache: 125816 112032 Swap:0 0 0 I would install a few utilities on the OLPC before moving forward: -bash-3.2# yum install gnupg lsof You'll need to find the proper libevent rpm to make Tor install. Search here: http://rpmfind.net/linux/rpm2html/search.php?query=libevent I choose to use libevent-1.3b-1.fc7.i386.rpm You can read about that version of the RPM here: http://rpmfind.net//linux/RPM/fedora/8/i386/libevent-1.3b-1.fc7.i386.html When you've decided that it the one for you, download the libevent RPM: -bash-3.2# wget ftp://rpmfind.net/linux/fedora/releases/8/Everything/i386/os/Packages/libevent-1.3b-1.fc7.i386.rpm Then you'll want to download Tor and verify the signature of the Tor RPM: -bash-3.2# wget https://www.torproject.org/dist/rpm/tor-0.1.2.19-tor.0.fc7.i386.rpm -bash-3.2# wget https://www.torproject.org/dist/rpm/tor-0.1.2.19-tor.0.fc7.i386.rpm.asc You'll need the key for the package signature: -bash-3.2# gpg --keyserver subkeys.pgp.net --search-keys 0x31B0974B -bash-3.2# gpg --fingerprint 0x31B0974B You should see the following (If you do not see the right fingerprint, stop!): pub 1024D/31B0974B 2003-07-17 Key fingerprint = 0295 9AA7 190A B9E9 027E 0736 3B9D 093F 31B0 974Bo Now verify the RPM: -bash-3.2# gpg --verify tor-0.1.2.19-tor.0.fc7.i386.rpm.asc gpg: Signature made Fri Jan 18 22:35:11 2008 EST using DSA key ID 31B0974B gpg: Good signature from Andrew Lewman (phobos) [EMAIL PROTECTED] If the above doesn't make sense, please read this wiki page about signatures: https://wiki.torproject.org/noreply/TheOnionRouter/VerifyingSignatures Now you'll want to install the two RPMS: -bash-3.2# rpm -i libevent-1.3b-1.fc7.i386.rpm -bash-3.2# rpm -i tor-0.1.2.19-tor.0.fc7.i386.rpm Now you'll want to make up for the fact that the RPM doesn't create two directories: -bash-3.2# mkdir /var/log/tor/ -bash-3.2# mkdir /var/lib/tor/ You'll want to make a very basic config: cat 'EOF' /etc/tor/torrc SocksPort 9050 # what port to open for local application connections SocksListenAddress 127.0.0.1 # accept connections only from localhost Log notice file /var/log/tor/notices.log Nickname olpc ORPort 443 ORListenAddress 0.0.0.0:9001 DirPort 80 # what port to advertise for directory connections DirListenAddress 0.0.0.0:9030 ExitPolicy reject *:* # no exits allowed EOF I also suggest the firewall advice from the wiki before starting Tor: cat 'EOF' tor-redirect.sh #!/bin/bash -x IP=YOURIPGOESHERE iptables -t nat -A PREROUTING -p tcp -d $IP --dport 443 \ -j DNAT --to-destination $IP:9001; iptables -t nat -A PREROUTING -p tcp -d $IP --dport 80 \ -j DNAT --to-destination $IP:9030; EOF Now insert those rules into the firewall: -bash-3.2# chmod +x tor-redirect.sh -bash-3.2# ./tor-redirect.sh Now you can start Tor like so: -bash-3.2# /etc/init.d/tor start You should see some nice messages in /var/log/tor/tor.log that look like the following: Mar 14 00:54:53.205 [notice] Tor 0.1.2.19 opening log file. Mar 14 00:54:55.640 [notice] Your Tor server's identity key fingerprint is 'olpc B286 353F 0BE3 8D25 CB50 00BE A2D5 B006 A8E4 DEB4' Mar 14 00:55:24.368 [notice] We now have enough directory information to build circuits. Mar 14 00:55:30.571 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Mar 14 00:55:30.571 [notice] Now checking whether ORPort 1.2.3.4:443 and DirPort 1.2.3.4:80 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) Mar 14 00:55:39.899 [notice] Self-testing indicates your DirPort is reachable from the
Re: Tor on the OLPC: Working as a server!
confirmed dec 2007 unit with Jan (*91) update with the following errors: also need to configure for school server and tunneling, the olpcs are excessively vulnerable and should use tor to offoad school networks rather than risk mim isps. Also the MESH capability needs to be optimized, the dual head radios are not used correctly with the offloading chip and may not need to buffer content through cpu, just headers. su * disallowed in new terminal (null pw doesn't work) but in the graphical term the new icon top right is Become root rest of sequence is fine, mkdir not needed, rpm succeed, not using fwall, please confirm StickFigure operational appears tor blocked by 802.11 ap .. advise On 3/14/08, Jacob Appelbaum [EMAIL PROTECTED] wrote: I purchased an OLPC from the buy one get one program last year. After waiting nearly 5 months, FedEX brought it! I used the terminal program and ran `su -` before running the commands below. Anyone attempting this could also use ssh to login to the machine. Set a password for the olpc user first. I highly suggest firewalling the olpc, it runs many things as root! It's just waiting for all the world to contact it. -bash-3.2# cat /etc/redhat-release Fedora release 7 (Moonshine) -bash-3.2# uname -a Linux xo-10-DA-61.localdomain 2.6.22-20071121.7.olpc.af3dd731d18bc39 #1 PREEMPT Wed Nov 21 00:39:06 EST 2007 i586 i586 i386 GNU/Linux -bash-3.2# cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 5 model : 10 model name : Geode(TM) Integrated Processor by AMD PCS stepping: 2 cpu MHz : 430.936 cache size : 128 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu de pse tsc msr cx8 sep pge cmov clflush mmx mmxext 3dnowext 3dnow bogomips: 862.97 clflush size: 32 -bash-3.2# free total used free sharedbuffers cached Mem:237848 184084 53764 0 0 58268 -/+ buffers/cache: 125816 112032 Swap:0 0 0 I would install a few utilities on the OLPC before moving forward: -bash-3.2# yum install gnupg lsof You'll need to find the proper libevent rpm to make Tor install. Search here: http://rpmfind.net/linux/rpm2html/search.php?query=libevent I choose to use libevent-1.3b-1.fc7.i386.rpm You can read about that version of the RPM here: http://rpmfind.net//linux/RPM/fedora/8/i386/libevent-1.3b-1.fc7.i386.html When you've decided that it the one for you, download the libevent RPM: -bash-3.2# wget ftp://rpmfind.net/linux/fedora/releases/8/Everything/i386/os/Packages/libevent-1.3b-1.fc7.i386.rpm Then you'll want to download Tor and verify the signature of the Tor RPM: -bash-3.2# wget https://www.torproject.org/dist/rpm/tor-0.1.2.19-tor.0.fc7.i386.rpm -bash-3.2# wget https://www.torproject.org/dist/rpm/tor-0.1.2.19-tor.0.fc7.i386.rpm.asc You'll need the key for the package signature: -bash-3.2# gpg --keyserver subkeys.pgp.net --search-keys 0x31B0974B -bash-3.2# gpg --fingerprint 0x31B0974B You should see the following (If you do not see the right fingerprint, stop!): pub 1024D/31B0974B 2003-07-17 Key fingerprint = 0295 9AA7 190A B9E9 027E 0736 3B9D 093F 31B0 974Bo Now verify the RPM: -bash-3.2# gpg --verify tor-0.1.2.19-tor.0.fc7.i386.rpm.asc gpg: Signature made Fri Jan 18 22:35:11 2008 EST using DSA key ID 31B0974B gpg: Good signature from Andrew Lewman (phobos) [EMAIL PROTECTED] If the above doesn't make sense, please read this wiki page about signatures: https://wiki.torproject.org/noreply/TheOnionRouter/VerifyingSignatures Now you'll want to install the two RPMS: -bash-3.2# rpm -i libevent-1.3b-1.fc7.i386.rpm -bash-3.2# rpm -i tor-0.1.2.19-tor.0.fc7.i386.rpm Now you'll want to make up for the fact that the RPM doesn't create two directories: -bash-3.2# mkdir /var/log/tor/ -bash-3.2# mkdir /var/lib/tor/ You'll want to make a very basic config: cat 'EOF' /etc/tor/torrc SocksPort 9050 # what port to open for local application connections SocksListenAddress 127.0.0.1 # accept connections only from localhost Log notice file /var/log/tor/notices.log Nickname olpc ORPort 443 ORListenAddress 0.0.0.0:9001 DirPort 80 # what port to advertise for directory connections DirListenAddress 0.0.0.0:9030 ExitPolicy reject *:* # no exits allowed EOF I also suggest the firewall advice from the wiki before starting Tor: cat 'EOF' tor-redirect.sh #!/bin/bash -x IP=YOURIPGOESHERE iptables -t nat -A PREROUTING -p tcp -d $IP --dport 443 \ -j DNAT --to-destination $IP:9001; iptables -t nat -A PREROUTING -p tcp -d $IP --dport 80 \ -j DNAT --to-destination $IP:9030; EOF Now insert those rules into the firewall: -bash-3.2# chmod +x tor-redirect.sh
Re: Tor on the OLPC: Working as a server!
Wilfred L. Guerin wrote: confirmed dec 2007 unit with Jan (*91) update with the following errors: also need to configure for school server and tunneling, the olpcs are excessively vulnerable and should use tor to offoad school networks rather than risk mim isps. Also the MESH capability needs to be optimized, the dual head radios are not used correctly with the offloading chip and may not need to buffer content through cpu, just headers. Can you explain that? What school server? Can you walk through what you've done? su * disallowed in new terminal (null pw doesn't work) but in the graphical term the new icon top right is Become root Good to know. rest of sequence is fine, mkdir not needed, rpm succeed, not using fwall, please confirm StickFigure operational StickFigure operational? What do you mean by this? appears tor blocked by 802.11 ap .. advise Tor blocked how? You're able to install Tor but you're unable to make circuits? You're behind a NAT and only being a client works? Best, Jacob Appelbaum
