[tor-talk] transparent tor routers
Rob van der Hoeven
robvanderhoeven at ziggo.nl
Mon Jan 18 21:01:43 UTC 2016
On Mon, 2016-01-18 at 15:46 +0100, Aeris wrote:
> > Hardware offering Tor routing is becoming very cheap and I think it's
> > time to reexamine what we can do with it.
> >
> > If you want to play, here is some hardware I recently bought that can
> > run Tor firmware:
> >
> > http://www.amazon.com/GL-AR150-router-150Mbps-OpenWrt-Pre-installed/dp/B015C
> > YDVG8/
>
> Not so simple.
>
> As explain in private, you *need* to avoid Tor inside Tor.
> So you need some smart firewall, based on ipset generated from the consensus,
> to route Tor connection directly and proxify everything else, or multiple
> access point and ESSID to discriminate usage.
>
> And in this case, cheap routers with OpenWRT have nor enough memory nor CPU to
> manage properly those corner cases.
> For example, Tor ipset loading already takes few minutes on a Olimex A20 Lime
> (512MB DDR3 + dual core 1GHz), I can’t imagine decent/usable perf on a AR150
> (64MB DDR + 400MHz).
>
> You also need some basic Tor configuration web UI (bridge, firewalled port…)
> adapted for not-savy users.
> No enough place on tiny router…
>
Sorry, I do not understand why things are difficult. The Tor daemon has
support for transparent proxying. See:
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
Besides some extra torrc entries, only a few simple firewall rules are
needed.
I can also assure you that Tor works quite well on the router hardware
mentioned above. I'm only playing with the hardware but I have not
encountered any problems yet. Performance is OK too.
regards,
Rob.
https://hoevenstein.nl
More information about the tor-talk
mailing list