[tor-dev] How to build a Router that will only allow Tor users
Martin Kepplinger
martink at posteo.de
Wed Mar 16 07:05:37 UTC 2016
Am 2016-03-15 um 19:07 schrieb Rusty Bird:
> Hi Martin,
>
>> I try to configure OpenWRT in a way that it will only allow outgoing
>> connections if it is Tor. Basically it is the opposite of "blacklisting
>> exit relays on servers": "whitelisting (guard) relays for clients". It
>> should *not* run Tor itself.
>
> Maybe corridor would work for you: https://github.com/rustybird/corridor
>
> You could point it at a Tor control port somewhere in your network if
> running tor on OpenWRT (just to fetch the networkstatus consensus
> documents every 1-2 hours) is impossible.
Thanks, I'll have a look at it!
>
>> What did *not* work, was starting Torbrowser. That's a hard requirement,
>> and before bebugging it through I ask: Do I miss something when I just
>> allow outgoing connections to
>>
>> * Guard,
>> * Authority,
>
> But the authority IP addresses hardcoded in the Tor client source code
> differ from the authority IP addresses published in the networkstatus
> consensus...
>
> https://github.com/rustybird/corridor/commit/a56d751df399ab1c54f64b0d4dc59f732dc0adc3
>
>> * and HSDir flagged relays (do I *need* them? that's a different
>> question probably)
>
> AFAICT, regular clients only make connections to authorities and guards.
>
> Rusty
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160316/322bcdc0/attachment.sig>
More information about the tor-dev
mailing list