[tor-talk] transparent tor routers

lee colleton lee at colleton.net
Fri Oct 7 10:27:08 UTC 2016


To resurrect this thread, it appears that BoingBoing is now selling the
Anonabox through their store:
https://store.boingboing.net/sales/anonabox-pro

Does the Tor Project have an official position on this device?

--Lee

On Mon, Jan 18, 2016 at 2:11 PM, Aeris <aeris+tor at imirhil.fr> wrote:

> > Besides some extra torrc entries, only a few simple firewall rules are
> > needed.
>
> Not so simple firewall rules.
>
> You must avoid Tor inside Tor (worse privacy than Tor only), so if one of
> the
> user already use Tor (Tor browser or native client), you don’t want to re-
> torify his traffic.
> Only feasible with 2 access points (1 for naked client, 1 for already Tor
> user), or better (avoid explanation/rtfm for the users) with ipset rules to
> discriminate traffic.
> And if ipset, need some smart script (python + stem) to regenerate rules
> regularly from Tor consensus.
>
> AFAIK, small router (as Olimex) don’t have RTC, so your clock is borked at
> boot time and must be set manually if you want your Tor client be able to
> connect (don’t support clock drift more than few hours).
> And then, for a fully automated not-savy user targeted device, and more
> difficult if you want no no-Tor traffic at all (NTP forbidden because of
> UDP),
> you need some others tricks like htpdate or inotify, requiring perl and
> python.
>
> > I can also assure you that Tor works quite well on the router hardware
> > mentioned above. I'm only playing with the hardware but I have not
> > encountered any problems yet. Performance is OK too.
>
> Problem is not to have working Tor client with transparent proxying, but
> **correct** working Tor client with **correct** transparent proxying.
> Or you’re just doing a yet-another-anonabox-craps.
>
> With few MB of memory and MHz of CPU, you just have enough to run a
> standalone
> Tor client, all others things (ipset, python, stem, perl, ca-certificates,
> web
> server for webUI config…) can’t fit inside.
>
> And you have problem for Tor upgrade too (not possible on OpenWRT without
> tech
> skills and reflash).
>
> Regards,
> --
> Aeris
> Individual crypto-terrorist group self-radicalized on the digital Internet
> https://imirhil.fr/
>
> Protect your privacy, encrypt your communications
> GPG : EFB74277 ECE4E222
> OTR : 5769616D 2D3DAC72
> https://café-vie-privée.fr/ <https://xn--caf-vie-prive-dhbj.fr/>
>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>


More information about the tor-talk mailing list