1 Temat przez safe0101 (edytowany przez safe0101 2022-03-12 18:41:13)

  • Skąd: Kraków
  • Zarejestrowany: 2011-07-28
  • Posty: 528

Temat: ArcherC7 - sieć TOR

Cześć, staram się skonfigurować sieć TOR w routerze ArcherC7v5
Pomijając, że zablokowałem go znowu, aktualizując oprogramowanie, jestem obecnie na najnowszej stabilnej wersji OpenWRT.

W logach widzę

Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: We compiled with OpenSSL 101010df: OpenSSL 1.1.1m  14 Dec 2021 and we are running with OpenSSL 101010df: 1.1.1m. These two versions should be binary compatible.
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Tor 0.4.5.10 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1m, Zlib 1.2.11, Liblzma N/A, Libzstd N/A and Unknown N/A as libc.
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Read configuration file "/tmp/torrc".
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Processing configuration path "/etc/tor/torrc" at recursion level 1.
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Including configuration file "/etc/tor/torrc".
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: You configured a non-loopback address '192.168.3.1:9053' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: You configured a non-loopback address '192.168.3.1:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: You configured a non-loopback address '192.168.3.1:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: You configured a non-loopback address '192.168.3.1:9053' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: You configured a non-loopback address '192.168.3.1:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Opening Socks listener on 192.168.3.1:9050
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Opened Socks listener connection (ready) on 192.168.3.1:9050
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Opening DNS listener on 192.168.3.1:9053
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Opened DNS listener connection (ready) on 192.168.3.1:9053
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Opening Transparent pf/netfilter listener on 192.168.3.1:9040
Sat Mar 12 18:23:37 2022 daemon.notice Tor[1788]: Opened Transparent pf/netfilter listener connection (ready) on 192.168.3.1:9040
Sat Mar 12 18:23:38 2022 daemon.notice Tor[1788]: Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Sat Mar 12 18:24:20 2022 daemon.notice Tor[1788]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Sat Mar 12 18:24:25 2022 daemon.notice Tor[1788]: Bootstrapped 0% (starting): Starting
Sat Mar 12 18:24:25 2022 daemon.notice Tor[1788]: Starting with guard context "default"
Sat Mar 12 18:24:26 2022 daemon.notice Tor[1788]: Bootstrapped 5% (conn): Connecting to a relay
Sat Mar 12 18:24:27 2022 daemon.notice Tor[1788]: Bootstrapped 10% (conn_done): Connected to a relay
Sat Mar 12 18:24:27 2022 daemon.notice Tor[1788]: Bootstrapped 14% (handshake): Handshaking with a relay
Sat Mar 12 18:24:28 2022 daemon.notice Tor[1788]: Bootstrapped 15% (handshake_done): Handshake with a relay done
Sat Mar 12 18:24:28 2022 daemon.notice Tor[1788]: Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Sat Mar 12 18:24:28 2022 daemon.notice Tor[1788]: Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Sat Mar 12 18:24:28 2022 daemon.notice Tor[1788]: Bootstrapped 30% (loading_status): Loading networkstatus consensus
Sat Mar 12 18:24:32 2022 daemon.notice Tor[1788]: I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Sat Mar 12 18:24:32 2022 daemon.notice Tor[1788]: Bootstrapped 40% (loading_keys): Loading authority key certs
Sat Mar 12 18:24:36 2022 daemon.notice Tor[1788]: The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services.
Sat Mar 12 18:24:36 2022 daemon.notice Tor[1788]: Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
Sat Mar 12 18:24:36 2022 daemon.notice Tor[1788]: I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/7198, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.)
Sat Mar 12 18:24:36 2022 daemon.notice Tor[1788]: I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/7198, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.)
Sat Mar 12 18:24:37 2022 daemon.notice Tor[1788]: Bootstrapped 50% (loading_descriptors): Loading relay descriptors
Sat Mar 12 18:24:41 2022 daemon.notice Tor[1788]: The current consensus contains exit nodes. Tor can build exit and internal paths.
Sat Mar 12 18:24:49 2022 daemon.notice Tor[1788]: Bootstrapped 55% (loading_descriptors): Loading relay descriptors
Sat Mar 12 18:24:51 2022 daemon.notice Tor[1788]: Bootstrapped 62% (loading_descriptors): Loading relay descriptors
Sat Mar 12 18:24:53 2022 daemon.notice Tor[1788]: Bootstrapped 70% (loading_descriptors): Loading relay descriptors
Sat Mar 12 18:24:56 2022 daemon.notice Tor[1788]: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Sat Mar 12 18:24:57 2022 daemon.notice Tor[1788]: Bootstrapped 80% (ap_conn): Connecting to a relay to build circuits
Sat Mar 12 18:24:57 2022 daemon.notice Tor[1788]: Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits
Sat Mar 12 18:24:57 2022 daemon.notice Tor[1788]: Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
Sat Mar 12 18:24:57 2022 daemon.notice Tor[1788]: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Sat Mar 12 18:24:57 2022 daemon.notice Tor[1788]: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Sat Mar 12 18:24:58 2022 daemon.notice Tor[1788]: Bootstrapped 100% (done): Done

Więc chyba się poprawnie inicjuje.
Mój /etc/config/network:

config interface 'loopback'
    option device 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd00:a0c0:0a70::/48'

config device
    option name 'br-lan'
    option type 'bridge'
    list ports 'eth0.1'

config interface 'lan'
    option device 'br-lan'
    option proto 'static'
    option ipaddr '192.168.3.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config device
    option name 'eth0.2'
    option macaddr 'cc:32:e5:20:20:20'

config interface 'wan'
    option device 'eth0.2'
    option proto 'dhcp'

config interface 'wan6'
    option device 'eth0.2'
    option proto 'dhcpv6'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '2 3 4 5 0t'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '1 0t'

Wireless wyłączone, chciałbym jedynie, żeby cały ruch LAN leciał przez TOR'a ..

Wchodząc na stronę https://check.torproject.org dostaje w odpowiedzi, że nie jestem połączony z siecią TOR ..

Nie używam sieci gościnnej, coś pewnie źle skonfigurowałem, orientujecie się gdzie może leżeć problem ?

Hitron CGNv4 // Cisco Meraki-MR18
TL-WR1043NDv2, Mikrotik RB2011UiAS-2HnD-IN Pracują na LEDE
https://wiki.openwrt.org/toh/mikrotik/r … ll_openwrt

safe0101's Strona

2 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,055

Odp: ArcherC7 - sieć TOR

Zrobiłeś przekierowania na firewallu?

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

3 Odpowiedź przez safe0101

  • Skąd: Kraków
  • Zarejestrowany: 2011-07-28
  • Posty: 528

Odp: ArcherC7 - sieć TOR

Cześć Cezary, tak, jest .. 

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
. /lib/functions/network.sh
network_get_physdev IFNAME guest

iptables -t nat -I PREROUTING -i $IFNAME -p tcp --dport 22 -j REDIRECT --to-ports 22
iptables -t nat -I PREROUTING -i $IFNAME -p tcp --dport 9050 -j REDIRECT --to-ports 9050
iptables -t nat -I PREROUTING -i $IFNAME -p udp --dport 53 -j REDIRECT --to-ports 9053
iptables -t nat -I PREROUTING -i $IFNAME -p tcp --syn -j REDIRECT --to-ports 9040
Hitron CGNv4 // Cisco Meraki-MR18
TL-WR1043NDv2, Mikrotik RB2011UiAS-2HnD-IN Pracują na LEDE
https://wiki.openwrt.org/toh/mikrotik/r … ll_openwrt

safe0101's Strona

4 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,055

Odp: ArcherC7 - sieć TOR

Nie, nie zrobiłeś. Sam napisałeś że nie używasz sieci gościnnej, więc nie wiem dlaczego tu jej używałeś (network_get_physdev IFNAME guest) jak powinieneś użyć lanu. Czytaj: https://openwrt.org/docs/guide-user/services/tor/client

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

5 Odpowiedź przez safe0101

  • Skąd: Kraków
  • Zarejestrowany: 2011-07-28
  • Posty: 528

Odp: ArcherC7 - sieć TOR

Cezary napisał/a:

Nie, nie zrobiłeś. Sam napisałeś że nie używasz sieci gościnnej, więc nie wiem dlaczego tu jej używałeś (network_get_physdev IFNAME guest) jak powinieneś użyć lanu. Czytaj: https://openwrt.org/docs/guide-user/services/tor/client

Faktycznie ctrl+v poszło .. Dzięki ..

Hitron CGNv4 // Cisco Meraki-MR18
TL-WR1043NDv2, Mikrotik RB2011UiAS-2HnD-IN Pracują na LEDE
https://wiki.openwrt.org/toh/mikrotik/r … ll_openwrt

safe0101's Strona

6 Odpowiedź przez safe0101

  • Skąd: Kraków
  • Zarejestrowany: 2011-07-28
  • Posty: 528

Odp: ArcherC7 - sieć TOR

Działa wszystko .. Dziękuję smile

Hitron CGNv4 // Cisco Meraki-MR18
TL-WR1043NDv2, Mikrotik RB2011UiAS-2HnD-IN Pracują na LEDE
https://wiki.openwrt.org/toh/mikrotik/r … ll_openwrt

safe0101's Strona