[tor-dev] The Torouter and the DreamPlug

Jacob Appelbaum jacob at appelbaum.net
Thu Jun 9 20:31:31 UTC 2011

> > I think it's fine to ship one web interface for us now and later find a
> good
> > integration point with the Freedom Box later...
> Yep, I agree.
Great. I'm sure that if the web UI is free software and it works well, we
can see if the FB will be interested in using it.

> > What's the rational there? While we certainly need more bridges, I'd like
> to
> > see an increase in relays and encourage more Friend of Friend bridge
> > sharing. We should include a bunch of common configs and make it easy to
> > setup. Also, a public relay will be much easier to help with in terms of
> > setup, I suspect.
> Well, bridge by default is what they B3's are set up with. I also
> figure that a bridge sees less traffic than a relay, and so it might
> be more "friendly" for new users. But I like the idea of having a
> bunch of common configs, and we can also suggest bandwidth limits.
Hrm. The B3 is certainly able to handle traffic. Also in both cases, we'll
want to configure them to limit bandwidth. There is no promise that a relay
or a bridge will see a certain amount of traffic if they're not configured
to hibernate/rate limit/etc.

I'd like a device that I can plug into a wall and it will automatically join
a network, probe for upnp/natpmp and become a relay. I'd also like a hidden
service so that I can connect and administrate it from anywhere in the
world; though this is clearly a nice to have and not a requirement. :-)

> >> >> > I suggest we ship the excito with the web ui as the easy to use
> >> >> > option.
> >> >>
> >> >> Yep, the Tor web ui for the Excito B3 should be ready at the end of
> the
> >> >> month.
> >> >>
> >> >
> >> > Is it Free Software? Can we use it on the DreamPlug until we have
> >> > something
> >> > else?
> >>
> >> Yes, it's free software and will be available in the Excito GitHub
> >> repository when it's released (not sure if it's there already, I don't
> >> think so). The web interface is probably a bit too "heavy" (and
> >> includes a good mix of php and perl) for the dreamplug, so we should
> >> probably look for something else.
> >>
> >
> > Can we rip out everything except the basics? If so, I think their web
> front
> > end is perfect and it already has a Tor UI thanks to you... :-)
> Maaaaybe. I haven't tried, but it can't be that hard. I'll look into it.
It seems like it may be modular from what you've said and if so, I mean,
we've got the work put into the web UI already... :-)

> >> >> > In either case, we need to start testing, not keep thinking about
> >> >> > what
> >> >> > we could do.  We're going to get a flood of feedback from actual
> >> >> > people
> >> >> > testing the excito or dreamplug.
> >> >>
> >> >> Valid point.
> >> >>
> >> >
> >> > I think we need to talk about what we need for the OS. I suspect we
> need
> >> > OpenSSH + Tor (tor-fw-helper, etc) + a few stock configuration files +
> >> > time
> >> > syncing (clockskew for example) + a randomly generated password that
> we
> >> > uniquely key for each router in some non-silly way.
> >> > Is there a trac ticket for the OS part of the Torouter?
> >>
> >> There is now: https://trac.torproject.org/projects/tor/ticket/3374
> >>
> >> We can move the discussion to #3374 if you want.
> >>
> >
> > I'm happy to keep hammering stuff out here and the we can dump the
> results
> > into the bug report.
> Works for me. It's great to get feedback that will help get me started.
I plan on hacking on it with you. In theory my DreamPlug arrives next week.

> > What do you think about a DreamPlug with Debian or Ubuntu? Do we have a
> > preference?
> Good question. I love Debian, but I'm sure Ubuntu would be great to
> use as well. I'll do some research and see if there is a good reason
> we should pick one over the other.
The main reason is security and possibly support on the Ubuntu front. The
main reason for Debian is quite frankly, weasel. Without him, we'd be lost.

> > What other software do we need beyond ntp, ssh, tor and a web UI?
> > Do we want to support a transparent Tor wifi network by default?
> Maybe this is something we can add later, and focus on bridge/relay
> support first?
Sure, I think it's pretty much done though - I've got lots of transparent
configs, etc. If we're using Debian or Ubuntu, it's dead simple and these
boxes have enough memory to just run a second Tor for that purpose.

> > I think Ubuntu's latest release is the best in terms of security and in
> > theory support. It is however not as beloved as Debian for a number of
> solid
> > reasons. I think NTP, OpenSSH with key auth (and perhaps fail2ban or
> > something similar) and password auth, a very minimal web UI but still
> > functional for real Tor configuration and that's about all we'll need.
> Yeah, I agree.

Ok. Great.

> > I also like the idea of a Tor wifi network by default for laptops like
> the
> > CR-48 that I'm using right now. I'd kill to have a way to Torify the
> laptop
> > because my main concern isn't privacy from my local network, it's data
> > retention from the remote hosts... :-/
> I'm sure it would be useful for a number of users. I wouldn't be too
> difficult to include, and maybe the web interface can have an on/off
> button so that they can choose whether or not to enable the Tor wifi
> network.
Sure - I can see the on/off button as just bringing up and down a network
interface, basically. That network interface might also need ttdnsd/Tor's
DNSPort/dhcpd and a custom MAC adddress... Seems straight forward, am I
missing anything?

All the best,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20110609/51ac6c2a/attachment-0001.htm>

More information about the tor-dev mailing list