Running a TOR bridge / relay / exit node?


#1

Hey!

Is anyone planning to run TOR (relay or exit node) on the router? I thought about the 2 GB upgrade to have enough free resources to do such a think. Would be the first time, some assistance would be very welcome!

Max


#2

There no issues with Tor on OWRT, see https://trac.torproject.org/projects/tor/wiki/doc/OpenWRT. I dont think that you will need 2Gb for that, but of course more memory is always better :slightly_smiling:

Just keep in mind that exit node in some countries could make you responsible for the outgoing traffic coming from your router, so this could be a serious legal issues.


#3

Thanks for your response! I looked into this and people are running TOR successfully on other (less powerful) hardware. I got the 2GB Upgrade because I’m although planning to let the router handle some other things :relaxed:

Regarding the exit node: Since I’m going to use the Turris Omnia as my home router, a TOR relay would be the best solution. If I’m going to run an exit node (maybe some day in the future), I would do that on an VPS (hosted somewhere) and not from my private address. It’s not recommended to mix the traffic of an exit node with the personal private traffic to avoid legal trouble.

M4x

edit:
Legal FAQ for Tor Relay Operators: https://www.torproject.org/eff/tor-legal-faq.html.en
Lifecycle of a new relay: https://blog.torproject.org/blog/lifecycle-of-a-new-relay


#4

I’ve successfully set up a Tor relay node on my Omnia without any problems in about 10 minutes (after the initial reading).

Just do opkg update and opkg install tor, configure (my torrc: https://gist.github.com/peci1/a3639d715594698b7c125a4842ba4008), open port 9001 to the world in firewall, and enable and run the tor service.

However, I also tried making transparent translation of all .onion addresses for machines on local network (so that they can access .onion pages as normal URLs without noticing a change).

I basically followed https://www.grepular.com/Transparent_Access_to_Tor_Hidden_Services with http://wiki.wladik.net/turris/dns-forward-knot for setting up zone forwarding in Knot DNS.

This is the filesystem diff after doing as much as I could: https://gist.github.com/peci1/352a597c07a6432490058f0213cc9bd0 . What works is DNS resolution, which correctly and transparently resolves the .onion addresses to the virtual IPs.

However, I could not get the setup of the TransPort to really route me inside the Tor network. I think the problem should be in my iptables rules, but I’m not very good at creating/debugging them. So now when I start pinging an .onion address, the pings time out, and netstat shows no established connection to port 9040 where the routing inside Tor should happen.

Does anybody know how to proceed?

The routes should ideally redirect all traffic to 10.192.0.0/10 to port 9040 on the Omnia. Best, if it would work both from the router itself and the LAN-side machines.