Tutorial [SOLUTION] Asuswrt-Merlin Tor via Bridge, Device, Browser, Entry (Guard)/Middle (Non-Exit) Relay, and Device/Browser/Relay Hybrid Implementations

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

garycnew

Regular Contributor
What is Advanced Settings > VPN > Tor on Asuswrt-Merlin?

1. Although obscurely placed in the VPN section... Tor is NOT a Virtual Private Network (VPN)
2. Tor is an Anonymizing SOCKS Proxy Network developed & maintained by the Tor Project
3. Isn't Tor EVIL? Tor is a tool and like any tool it can be used for Good and Evil. We'll focus on using Tor for Good (RE: Tor Overview)

Requirements/Assumptions:

1. An Asuswrt-Merlin Compatible Router (i.e., Asus RT-AC66U)
2. Asuswrt-Merlin Compatible Firmware (i.e., 384.19)
3. Formated JFFS Partition and Enabled JFFS Custom Scripts and Configs
4. Entware installed on USB 3.0 Interface Device via Asuswrt-Merlin Terminal Menu (AMTM) with Swap File created
5. Capable of Editing the following User Scripts:
/jffs/scripts/torrc.postconf
/jffs/configs/init-start
/jffs/scripts/nat-start (Optional)

Asuswrt-Merlin Tor Options:

1. Tor via Bridge - Route all client traffic for a given network through the Tor network (Best Security - Low Performance: Not Recommended for most networks)
2. Tor via Device - Route all client traffic for a given device (MAC Address) through the Tor network (Better Security - Low Performance: Better than the Bridge option)
3. Tor via Browser - Route all client traffic for a given browser through the Tor network (Good Security - Good Performance: Recommend Tor Browser with SOCKS Proxy Settings)
4. Tor via an Entry (Guard)/Middle (Non-Exit) Relay - Route all server traffic as a Tor relay through the Tor network (Good Security - Good Performance: Congratulations! You're a Tor Contributor)
5. Tor via a Device/Browser/Relay Hybrid - Route device, browser, and relay traffic through the Tor network (Good Security - Good Performance: This is How We Do It!)

Implementing Tor Options:

1. Tor via Bridge option: Under Advanced Settings > VPN > Tor - Enable "TOR" and select "LAN(br0)" for "Redirect all user from." Click "Apply." That's it! All client traffic for a given network is routing through the Tor network.

2. Tor via Device option: Under Advanced Settings > VPN > Tor - Enable "TOR" and select "Only Specified MAC's" for "Redirect all user from." Select a device from the list of "MAC" addresses. Click "Add." Click "Apply." That's it! All client traffic for a given device (MAC address) is routing through the Tor network.

3. Tor via Browser option: Under Advanced Settings > VPN > Tor - Enable "TOR" and select "Only Specified MAC's" for "Redirect all user from." Add the placeholder MAC address "00:00:00:00:00:00" to the list of "MAC" addresses. Click "Add." Click "Apply." Now, create the following torrc.postconf file:
Code:
# vi /jffs/scripts/torrc.postconf
HOSTIPADDR=$(hostname -i)
source /usr/sbin/helper.sh

if [ "$HOSTIPADDR" != "" ]; then HOSTIPADDR="${HOSTIPADDR}:"; fi

pc_insert "SocksPort 9050" "SocksPort ${HOSTIPADDR}9050" $CONFIG
Code:
# chmod 755 /jffs/scripts/torrc.postconf
# service restart_tor
Done.
# hostname -i
192.168.0.1
Lastly, configure the Proxy Settings of a Browser, on your LAN, with the SOCKS Host: 192.168.0.1 and Port: 9050. When necessary, this configuration provides an additional level of anonymity for regular browsers. However, when available, we still recommend using Tor Browser as it provides a greater level of anonymity.

That's it! All client traffic for a given Browser is routing through the Tor network.

4. Tor via an Entry (Guard)/Middle (Non-Exit) Relay option: Under Advanced Settings > VPN > Tor - Enable "TOR" and select "Only Specified MAC's" for "Redirect all user from." Add the placeholder MAC address "11:11:11:11:11:11" to the list of "MAC" addresses. Click "Add." Click "Apply." Now, create the following torrc.postconf file:
Code:
# vi /jffs/scripts/torrc.postconf
#!/bin/sh
CONFIG=$1
#DYNIPADDR=$(ip addr show vlan2 | grep -ioE "inet\s(.+)\/[0-9]{1,2}" | sed -E "s/inet\s//g; s/\/[0-9]{1,2}//g;")
DYNIPADDR=$(/opt/bin/dig +short myip.opendns.com @resolver1.opendns.com)
HOSTIPADDR=$(hostname -i)
PORT="443"
source /usr/sbin/helper.sh

# Tor: A non-exit relay should be able to handle 7000 concurrent connections
ulimit -n 7168

#if [ "$DYNIPADDR" = "xxx.xxx.xxx.xxx" ]; then DYNIPADDR="192.168.2.254"; PORT="9001"; fi
if [ "$DYNIPADDR" != "" ]; then DYNIPADDR="${DYNIPADDR}:"; fi
if [ "$HOSTIPADDR" != "" ]; then HOSTIPADDR="${HOSTIPADDR}:"; fi

# Note: The default ORPort 9001 is blocked by our ISP, so we opted to use ORPort 443
pc_insert "SocksPort 9050" "Nickname ASUSWRTMerlinRelay" $CONFIG
pc_insert "Nickname ASUSWRTMerlinRelay" "ORPort ${DYNIPADDR}${PORT}" $CONFIG
pc_delete "SocksPort 9050" $CONFIG
pc_insert "ORPort ${DYNIPADDR}${PORT}" "SocksPort 9050" $CONFIG
pc_insert "SocksPort 9050" "ExitRelay 0" $CONFIG
pc_insert "ExitRelay 0" "DirCache 0" $CONFIG
pc_insert "DirCache 0" "GeoIPFile /opt/share/tor/geoip" $CONFIG
pc_replace "DataDirectory /tmp/.tordb" "DataDirectory /tmp/tor/torrc.d/.tordb" $CONFIG
pc_append "ContactInfo [email protected]" $CONFIG

# Note: By default, Tor will try to pick a reasonable MaxMemInQueues based on your system's physical memory
# Uncomment the following line to limit the MaxMemInQueues that Tor can use based on your physical memory
#pc_insert "DirCache 0" "MaxMemInQueues 192 MB" $CONFIG
# Start by setting your MaxMemInQueues to 3/4 (i.e., 192MB) your system's total physical memory (i.e., 256MB)

# Uncomment the following line to include the Tor via Browser option
#pc_insert "SocksPort 9050" "SocksPort ${HOSTIPADDR}9050" $CONFIG
Code:
#vi /jffs/scripts/init-start
#!/bin/sh

# Note: Tor DataDirectory requires a lot of disk space, so we symlinked to our USB 3.0 Interface Device
if [ ! -d "/tmp/tor" ]; then
   ln -s /tmp/mnt/SanDiskSDHC/tmp/tor /tmp/tor
fi
Code:
# opkg update
# opkg install bind-dig
# opkg install tor-geoip
# echo $(/opt/bin/dig +short myip.opendns.com @resolver1.opendns.com)
xxx.xxx.xxx.xxx
# chmod 755 /jffs/scripts/torrc.postconf
# chmod 755 /jffs/scripts/init-start
# mkdir -p /tmp/mnt/SanDiskSDHC/tmp/tor/torrc.d
# /jffs/scripts/init-start
# service restart_tor
Done.
Code:
# cat /tmp/torrc
Nickname ASUSWRTMerlinRelay
ORPort xxx.xxx.xxx.xxx:443
SocksPort 9050
SocksPort 192.168.0.1:9050
ExitRelay 0
DirCache 0
GeoIPFile /opt/share/tor/geoip
Log notice file /tmp/torlog
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 192.168.0.1:9040
DNSPort 192.168.0.1:9053
RunAsDaemon 1
DataDirectory /tmp/tor/torrc.d/.tordb
AvoidDiskWrites 1
User tor
Congratulations! You're a Tor Contributor!

4a. [Optional] Asuswrt-Merlin Tor with Dual WAN: Force Asuswrt-Merlin Tor (upper-case T) to Reload/Start Modified Config Anytime the nat-start Script is Executed
Code:
# vi /jffs/scripts/nat-start
...
# Force Asuswrt-Merlin Tor (upper-case T) to Reload Modified Config
. /jffs/scripts/torrc.postconf
Code:
# vi /jffs/scripts/torrc.postconf
...
# Force Asuswrt-Merlin Tor (upper-case T) to Reload/Start Modified Config
if ! /usr/bin/killall -HUP Tor; then
   Tor -f /tmp/torrc --quiet
fi
4b. [Optional] Install/Use Entware tor: Force Asuswrt-Merlin to use Entware installation of tor (lower-case T)
Code:
# opkg update
# opkg install tor
Code:
# vi /jffs/scripts/torrc.postconf
...
# Force Asuswrt-Merlin Tor (upper-case T) to Reload/Start Modified Config
#if ! /usr/bin/killall -HUP Tor; then
#   Tor -f /tmp/torrc --quiet
#fi

# Force Asuswrt-Merlin Tor (upper-case T) to Exit Cleanly to use Entware tor
/usr/bin/killall Tor
4c. [Optional] Entware tor with Dual WAN: Force Entware tor (lower-case T) to Reload/Start Modified Config Anytime the nat-start Script is Executed
Code:
# vi /jffs/scripts/nat-start
...
# Force Entware tor (lower-case T) to Reload Modified Config
. /jffs/scripts/torrc.postconf
Code:
# vi /jffs/scripts/torrc.postconf
...
# Force Asuswrt-Merlin Tor (upper-case T) to Reload/Start Modified Config
#if ! /usr/bin/killall -HUP Tor; then
#   Tor -f /tmp/torrc --quiet
#fi

# Force Asuswrt-Merlin Tor (upper-case T) to Exit Cleanly to use Entware tor
/usr/bin/killall Tor

# Force Entware tor (lower-case T) to Reload/Start Modified Config
if ! /usr/bin/killall -HUP tor; then
   /opt/sbin/tor -f /tmp/torrc --quiet
fi

5. Tor via a Device/Browser/Relay Hybrid option: Is Tor via Device (Tor Option #2), Tor via Browser (Tor Option #3), and Tor via an Entry (Guard)/Middle (Non-Exit) Relay (Tor Option #4) steps all combined. Simply select a device from the list of "MAC" addresses and/or uncomment the Tor via Browser option within the torrc.postconf file:
Code:
# vi /jffs/scripts/torrc.postconf
...
# Uncomment the following line to include the Tor via Browser option
pc_insert "SocksPort 9050" "SocksPort ${HOSTIPADDR}9050" $CONFIG
That's it! All client traffic for a given device (MAC address) and/or Browser is routing through the Tor network and You're a Tor Contributor!

Within 48 hours of successful implementation, using a 100Mb/s fiber Internet link and Asus RT-AC66U (256MB) model router, our Tor via an Entry (Guard)/Middle (Non-Exit) Relay is showing up in the Tor Metrics - Relay Search database (search for your Tor "Nickname" or "Fingerprint") as having potential for a Fast-Middle Relay. We'll see where we end up after the 90-day lifecycle.

Enjoy this Tutorial? Checkout some of my other Tutorials:
Tutorial: [SOLUTION] OpenVPN Client Split Tunnel for BitTorrent Traffic
Tutorial: [SOLUTION] OpenVPN Client Split Tunnel Reverse Proxy Web Traffic using Nginx, DNSMasq, and IPTables
 
Last edited:

joe scian

Very Senior Member
What is Advanced Settings > VPN > Tor on Asuswrt-Merlin?

1. Although obscurely placed in the VPN section... Tor is NOT a Virtual Private Network (VPN)
2. Tor is an Anonymizing SOCKS Proxy Network developed & maintained by the Tor Project
3. Isn't Tor EVIL? Tor is a tool and like any tool it can be used for Good and Evil. We'll focus on using Tor for Good (RE: Tor Overview)

Requirements/Assumptions:

1. An Asuswrt-Merlin Compatible Router (i.e., Asus RT-AC66U)
2. Asuswrt-Merlin Compatible Firmware (i.e., 384.19)
3. Formated JFFS Partition and Enabled JFFS Custom Scripts and Configs
4. Entware installed on USB 3.0 Interface Device via Asuswrt-Merlin Terminal Menu (AMTM) with Swap File created
5. Capable of Editing the following User Scripts:
/jffs/scripts/torrc.postconf
/jffs/configs/init-start
/jffs/scripts/nat-start (Optional)

Asuswrt-Merlin Tor Options:

1. Tor via Bridge - Route all client traffic for a given network through the Tor network (Best Security - Low Performance: Not Recommended for most networks)
2. Tor via Device - Route all client traffic for a given device (MAC Address) through the Tor network (Better Security - Low Performance: Better than the Bridge option)
3. Tor via Browser - Route all client traffic for a given browser through the Tor network (Good Security - Good Performance: Recommend Tor Browser with SOCKS Proxy Settings)
4. Tor via an Entry (Guard)/Middle (Non-Exit) Relay - Route all server traffic as a Tor relay through the Tor network (Good Security - Good Performance: Congratulations! You're a Tor Contributor)
5. Tor via a Device/Browser/Relay Hybrid - Route device, browser, and relay traffic through the Tor network (Good Security - Good Performance: This is How We Do It!)

Implementing Tor Options:

1. Tor via Bridge option: Under Advanced Settings > VPN > Tor - Enable "TOR" and select "LAN(br0)" for "Redirect all user from." Click "Apply." That's it! All client traffic for a given network is routing through the Tor network.

2. Tor via Device option: Under Advanced Settings > VPN > Tor - Enable "TOR" and select "Only Specified MAC's" for "Redirect all user from." Select a device from the list of "MAC" addresses. Click "Add." Click "Apply." That's it! All client traffic for a given device (MAC address) is routing through the Tor network.

3. Tor via Browser option: Under Advanced Settings > VPN > Tor - Enable "TOR" and select "Only Specified MAC's" for "Redirect all user from." Add the placeholder MAC address "00:00:00:00:00:00" to the list of "MAC" addresses. Click "Add." Click "Apply." Now, create the following torrc.postconf file:
Code:
# vi /jffs/scripts/torrc.postconf
HOSTIPADDR=$(hostname -i)
source /usr/sbin/helper.sh

if [ "$HOSTIPADDR" != "" ]; then HOSTIPADDR="${HOSTIPADDR}:"; fi

pc_insert "SocksPort 9050" "SocksPort ${HOSTIPADDR}9050" $CONFIG
Code:
# chmod 755 /jffs/scripts/torrc.postconf
# service restart_tor
Done.
# hostname -i
192.168.0.1
Lastly, configure the Proxy Settings of a Browser, on your LAN, with the SOCKS Host: 192.168.0.1 and Port: 9050. When necessary, this configuration provides an additional level of anonymity for regular browsers. However, when available, we still recommend using Tor Browser as it provides a greater level of anonymity.

That's it! All client traffic for a given Browser is routing through the Tor network.

4. Tor via an Entry (Guard)/Middle (Non-Exit) Relay option: Under Advanced Settings > VPN > Tor - Enable "TOR" and select "Only Specified MAC's" for "Redirect all user from." Add the placeholder MAC address "11:11:11:11:11:11" to the list of "MAC" addresses. Click "Add." Click "Apply." Now, create the following torrc.postconf file:
Code:
# vi /jffs/scripts/torrc.postconf
#!/bin/sh
CONFIG=$1
#DYNIPADDR=$(ip addr show vlan2 | grep -ioE "inet\s(.+)\/[0-9]{1,2}" | sed -E "s/inet\s//g; s/\/[0-9]{1,2}//g;")
DYNIPADDR=$(/opt/bin/dig +short myip.opendns.com @resolver1.opendns.com)
HOSTIPADDR=$(hostname -i)
PORT="443"
source /usr/sbin/helper.sh

# Tor: A non-exit relay should be able to handle 7000 concurrent connections
ulimit -n 7168

#if [ "$DYNIPADDR" = "xxx.xxx.xxx.xxx" ]; then DYNIPADDR="192.168.2.254"; PORT="9001"; fi
if [ "$DYNIPADDR" != "" ]; then DYNIPADDR="${DYNIPADDR}:"; fi
if [ "$HOSTIPADDR" != "" ]; then HOSTIPADDR="${HOSTIPADDR}:"; fi

# Note: The default ORPort 9001 is blocked by our ISP, so we opted to use ORPort 443
pc_insert "SocksPort 9050" "Nickname ASUSWRTMerlinRelay" $CONFIG
pc_insert "Nickname ASUSWRTMerlinRelay" "ORPort ${DYNIPADDR}${PORT}" $CONFIG
pc_delete "SocksPort 9050" $CONFIG
pc_insert "ORPort ${DYNIPADDR}${PORT}" "SocksPort 9050" $CONFIG
pc_insert "SocksPort 9050" "ExitRelay 0" $CONFIG
pc_insert "ExitRelay 0" "DirCache 0" $CONFIG
pc_insert "DirCache 0" "GeoIPFile /opt/share/tor/geoip" $CONFIG
pc_replace "DataDirectory /tmp/.tordb" "DataDirectory /tmp/tor/torrc.d/.tordb" $CONFIG
pc_append "ContactInfo [email protected]" $CONFIG

# Uncomment the following line to include the Tor via Browser option
#pc_insert "SocksPort 9050" "SocksPort ${HOSTIPADDR}9050" $CONFIG
Code:
#vi /jffs/scripts/init-start
#!/bin/sh

# Note: Tor DataDirectory requires a lot of disk space, so we symlinked to our USB 3.0 Interface Device
if [ ! -d "/tmp/tor" ]; then
   ln -s /tmp/mnt/SanDiskSDHC/tmp/tor /tmp/tor
fi
Code:
# opkg update
# opkg install bind-dig
# opkg install tor-geoip
# echo $(/opt/bin/dig +short myip.opendns.com @resolver1.opendns.com)
xxx.xxx.xxx.xxx
# chmod 755 /jffs/scripts/torrc.postconf
# chmod 755 /jffs/scripts/init-start
# mkdir -p /tmp/mnt/SanDiskSDHC/tmp/tor/torrc.d
# /jffs/scripts/init-start
# service restart_tor
Done.
Code:
# cat /tmp/torrc
Nickname ASUSWRTMerlinRelay
ORPort xxx.xxx.xxx.xxx:443
SocksPort 9050
SocksPort 192.168.0.1:9050
ExitRelay 0
DirCache 0
GeoIPFile /opt/share/tor/geoip
Log notice file /tmp/torlog
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 192.168.0.1:9040
DNSPort 192.168.0.1:9053
RunAsDaemon 1
DataDirectory /tmp/tor/torrc.d/.tordb
AvoidDiskWrites 1
User tor
Congratulations! You're a Tor Contributor!

4a. [Optional] Asuswrt-Merlin Tor with Dual WAN: Force Asuswrt-Merlin Tor (upper-case T) to Reload/Start Modified Config Anytime the nat-start Script is Executed
Code:
# vi /jffs/scripts/nat-start
...
# Force Asuswrt-Merlin Tor (upper-case T) to Reload Modified Config
. /jffs/scripts/torrc.postconf
Code:
# vi /jffs/scripts/torrc.postconf
...
# Force Asuswrt-Merlin Tor (upper-case T) to Reload/Start Modified Config
if ! /usr/bin/killall -HUP Tor; then
   Tor -f /tmp/torrc --quiet
fi
4b. [Optional] Install/Use Entware tor: Force Asuswrt-Merlin to use Entware installation of tor (lower-case T)
Code:
# opkg update
# opkg install tor
Code:
# vi /jffs/scripts/torrc.postconf
...
# Force Asuswrt-Merlin Tor (upper-case T) to Reload/Start Modified Config
#if ! /usr/bin/killall -HUP Tor; then
#   Tor -f /tmp/torrc --quiet
#fi

# Force Asuswrt-Merlin Tor (upper-case T) to Exit Cleanly to use Entware tor
/usr/bin/killall Tor
4c. [Optional] Entware tor with Dual WAN: Force Entware tor (lower-case T) to Reload/Start Modified Config Anytime the nat-start Script is Executed
Code:
# vi /jffs/scripts/nat-start
...
# Force Entware tor (lower-case T) to Reload Modified Config
. /jffs/scripts/torrc.postconf
Code:
# vi /jffs/scripts/torrc.postconf
...
# Force Asuswrt-Merlin Tor (upper-case T) to Reload/Start Modified Config
#if ! /usr/bin/killall -HUP Tor; then
#   Tor -f /tmp/torrc --quiet
#fi

# Force Asuswrt-Merlin Tor (upper-case T) to Exit Cleanly to use Entware tor
/usr/bin/killall Tor

# Force Entware tor (lower-case T) to Reload/Start Modified Config
if ! /usr/bin/killall -HUP tor; then
   /opt/sbin/tor -f /tmp/torrc --quiet
fi

5. Tor via a Device/Browser/Relay Hybrid option: Is Tor via Device (Tor Option #2), Tor via Browser (Tor Option #3), and Tor via an Entry (Guard)/Middle (Non-Exit) Relay (Tor Option #4) steps all combined. Simply select a device from the list of "MAC" addresses and/or uncomment the Tor via Browser option within the torrc.postconf file:
Code:
# vi /jffs/scripts/torrc.postconf
...
# Uncomment the following line to include the Tor via Browser option
pc_insert "SocksPort 9050" "SocksPort ${HOSTIPADDR}9050" $CONFIG
That's it! All client traffic for a given device (MAC address) and/or Browser is routing through the Tor network and You're a Tor Contributor!

Within 48 hours of successful implementation, using a 100Mb/s fiber Internet link and Asus RT-AC66U (256MB) model router, our Tor via an Entry (Guard)/Middle (Non-Exit) Relay is showing up in the Tor Metrics database as having potential for a Fast-Middle Relay. We'll see where we end up after the 90-day lifecycle.

Enjoy this Tutorial? Checkout some of my other Tutorials:
Tutorial: [SOLUTION] OpenVPN Client Split Tunnel for BitTorrent Traffic
Tutorial: [SOLUTION] OpenVPN Client Split Tunnel Reverse Proxy Web Traffic using Nginx, DNSMasq, and IPTables

Within 48 hours of successful implementation, using a 100Mb/s fiber Internet link and Asus RT-AC66U (256MB) model router, our Tor via an Entry (Guard)/Middle (Non-Exit) Relay is showing up in the Tor Metrics database as having potential for a Fast-Middle Relay. We'll see where we end up after the 90-day lifecycle.


Hi which tab do you use in Tor Metrics to verify your comments above please. Thanks
 

garycnew

Regular Contributor
Within 48 hours of successful implementation, using a 100Mb/s fiber Internet link and Asus RT-AC66U (256MB) model router, our Tor via an Entry (Guard)/Middle (Non-Exit) Relay is showing up in the Tor Metrics database as having potential for a Fast-Middle Relay. We'll see where we end up after the 90-day lifecycle.


Hi which tab do you use in Tor Metrics to verify your comments above please. Thanks

@joe scian Search for your Tor "Nickname" or "Fingerprint" using the Tor Metrics - Relay Search

Please let me know your experience with this tutorial; especially, whether I've missed any steps, aren't clear in certain parts, etc.

Thanks!
 
Last edited:

heysoundude

Very Senior Member
@garycnew I've been pondering setting this up on my router because I use Brave as my desktop browser which includes Tor functionality (in fact, all 3 "desktops" (and 2 iPhones) here use Brave, but other users don't have the patience I do), and having the browser default to using Tor.
do you have any experience with this, and if so, can you advise about what to be mindful of in setting it up? ROFLMAO - clicking the link in your first post opens a new Tor instance of Brave, and the YouTube video there won't play.
(wondering about my kodi machine as well...)
can I assume that the machine I make into a Tor "Terminal" won't use my unbound DNS or diversion adblocking? Does Tor work over IPv6? can I use DDNS for my router with Tor set up on it?
I think I need to ponder more carefully here...
 
Last edited:

garycnew

Regular Contributor
@garycnew I've been pondering setting this up on my router because I use Brave as my desktop browser which includes Tor functionality (in fact, all 3 "desktops" (and 2 iPhones) here use Brave, but other users don't have the patience I do), and having the browser default to using Tor.
do you have any experience with this, and if so, can you advise about what to be mindful of in setting it up? ROFLMAO - clicking the link in your first post opens a new Tor instance of Brave, and the YouTube video there won't play.
(wondering about my kodi machine as well...)
can I assume that the machine I make into a Tor "Terminal" won't use my unbound DNS or diversion adblocking? Does Tor work over IPv6? can I use DDNS for my router with Tor set up on it?
I think I need to ponder more carefully here...

@heysoundude Great to hear another "Very Senior Member" of this forum is interested in this tutorial. As for experience and advice as what to be mindful of, it really depends on what Tor option(s) you're interested in implementing. I don't have any experience with Brave Browser, but a cursory search shows that it is built to provide a private browsing experience (integrating Tor Browser in 2018). I assume it provides a similar browsing experience as Tor Browser, which comes with its own Tor Client Service (i.e., 127.0.0.1:9050). I'm sure you could configure Brave Browser's Proxy Settings per the #3 Tor via Browser option (i.e., 192.168.0.1:9050). You then have the opportunity to further configure your router with the #4 Tor via Entry (Guard)/Middle (Non-Exit) Relay or #5 Tor via Hybrid options, which I highly recommend. As for DNS, I configure my router with my VPN Service's no-logging DNS Servers just in case something slips through the cracks. This tutorial is meant to be configured with DYNIP/DDNS, which is how my router is currently configured. Finally, Tor does work with IPv6; though, this tutorial is based on an IPv4 implementation.

I hope that helps answer some of your questions. Your best bet is to set it up and find out first hand what it is or isn't capable of.

Enjoy!


Gary
 
Last edited:

heysoundude

Very Senior Member
@heysoundude Great to hear another "Very Senior Member" of this forum is interested in this tutorial. As for experience and advice as what to be mindful of, it really depends on what Tor option(s) you're interested in implementing. I don't have any experience with Brave Browser, but a cursory search shows that it is built to provide a private browsing expressive (integrating Tor Browser in 2018). I assume it provides a similar browsing experience as Tor Browser, which comes with its own Tor Client Service (i.e., 127.0.0.1:9050). I'm sure you could configure Brave Browser's Proxy Settings per the #3 Tor via Browser option. You then have the opportunity to further configure your router with the #4 Tor via Entry (Guard)/Middle (Non-Exit) Relay or #5 Tor via Hybrid options, which I highly recommend. As for DNS, I configure my router with my VPN Service's no logging DNS Servers just in case something slipped through the cracks. This trial is meant to be configured with DDNS (my system is using DDNS). Finally, Tor does work with IPv6; although, the tutorial is based on a IPv4 configuration.

I hope that helps answer some of your questions. You're best bet is to set it up and find out first hand what it is or isn't capable of.

Enjoy!


Gary
first, I'm NOT of the fist-shaking, get-off-my-lawn-you-pesky-kids variety of "Very Senior Member" lol.
Yes, I'm guessing I'd need the whole stack of options for my proposed setup.
What I'm not sure about is whether the AC86 I use is up to the task of it all, especially since I'm also getting close to setting up a WireGuard server on it for me to connect to when I'm away from home...
This would be a weekend project when I have the network to myself.

Stay tuned
 

garycnew

Regular Contributor
first, I'm NOT of the fist-shaking, get-off-my-lawn-you-pesky-kids variety of "Very Senior Member" lol.
Yes, I'm guessing I'd need the whole stack of options for my proposed setup.
What I'm not sure about is whether the AC86 I use is up to the task of it all, especially since I'm also getting close to setting up a WireGuard server on it for me to connect to when I'm away from home...
This would be a weekend project when I have the network to myself.

Stay tuned

@heysoundude I'm glad to hear you're more of the wave-hi, come-check-out-my-swimming-pool type of 'Very Senior Member.' I'd like to consider myself a Senior Member of the Networking Community, but I'm relatively new to the Asuswrt-Merlin platform. However, Linux is Linux and Networking is Networking, so it makes it amenable in implementing some of my preferred industry leading networking practices at home for a fraction of the cost. I just have to figure out the nuances of Asuswrt-Merlin, which is hands-down the best alternative wireless router firmware that I've used (and I've used most of the notable flavors available).

As for performance, I'm using an Asus RT-AC66U_B1 with 256MB RAM and I've been able to maintain around 800 concurrent Tor circuits, so far. Moreover, I'm running multiple Split-Tunnel VPN's that send/receive between 40-80GB/day, a Reverse Proxy Server, Time Machine, and a BotFarm that makes use of the heavily underutilized resources of my AiMesh Nodes (25GB/day). Eventually, I'd like to implement something like onionbalance to offload Tor circuits to my AiMesh Nodes as TorNodes and build a TorFarm. I have to figure out packaging my own Entware packages prior to that, though, which is where I'm currently stalled. I want a clean way to bring up a new TorNode without having to compile from source all the time.

Well... There's my wave-hi, come-check-out-my-swimming-pool invitation. I hope it provides some clarity, prospective as to where I'd like to take my Asuswrt-Merlin adventures.

Respectfully,


Gary

P.S. If you have the patience to run Brave Browser as your default browser, you should consider working as a *nix Administrator or Network Engineer (if you aren't already).
 
Last edited:

heysoundude

Very Senior Member
@heysoundude I'm glad to hear you're more of the wave-hi, come-check-out-my-swimming-pool type of 'Very Senior Member.' I'd like to consider myself a Senior Member of the Networking Community, but I'm relatively new to the Asuswrt-Merlin platform. However, Linux is Linux and Networking is Networking, so it makes it amenable in implementing some of my preferred industry leading networking practices at home for a fraction of the cost. I just have to figure out the nuances of Asuswrt-Merlin, which is hands-down the best alternative wireless router firmware that I've used (and I've used most of the notable flavors available).

As for performance, I'm using an Asus RT-AC66U_B1 with 256MB RAM and I've been able to maintain around 800 concurrent Tor circuits, so far. Moreover, I'm running multiple Split-Tunnel VPN's that send/receive between 40-80GB/day, a Reverse Proxy Server, Time Machine, and a BotFarm that makes use of the heavily underutilized resources of my AiMesh Nodes (25GB/day). Eventually, I'd like to implement something like onionbalance to offload Tor circuits to my AiMesh Nodes as TorNodes and build a TorFarm. I have to figure out packaging my own Entware packages prior to that, though, which is where I'm currently stalled. I want a clean way to bring up a new TorNode without having to compile from source all the time.

Well... There's my wave-hi, come-check-out-my-swimming-pool invitation. I hope it provides some clarity, prospective as to where I'd like to take my Asuswrt-Merlin adventures.

Respectfully,


Gary

P.S. If you have the patience to run Brave Browser as your default browser, you should consider working as a *nix Administrator or Network Engineer (if you aren't already).
You're much more deserving of the title "Very Senior" than I am, then...and no, I'm not an admin or engineer in any formal way; I've garnered just enough knowledge/understanding to be dangerous to myself and anyone who thinks I know what I'm doing. You'll be a valuable contributor around here. (I want to hear about your botfarm and using AiMesh node resources - but that may be more appropriately one for DMs - )
For Entware, you'll want to follow (if theyre still active here) @ryzhov_al - I believe they're the lead or go-to. maybe easier to communicate with them on their Telegram group (https://t.me/entware)...actually, just check out the GitHub and that will take you closer to the places/people you seem to want/need to go
 

garycnew

Regular Contributor
@heysoundude Patient and modest. You've obviously earned the "Very Senior Member" title for good reason. Your forum posts seem very logical, well thought-out, and well written. I don't know that @RMerlin would bestow such accolades to someone who was dangerous. As for me, I have very specific goals with Asuswrt-Merlin; thus, only an "Occasional Visitor." However, I will try to contribute to the Asuswrt-Merlin Community within those specific goals.

The BotFarm is a collection of bot-scripts written in shell (for portability), distributed across a number of AiMesh Nodes, using an executable NFS mount, built to scale inexpensively ($20 per RT-AC66U_B1), that monitor availability, pricing, etc of essentially anything of interest (Think... Bruce Wayne's NOC in Batman vs Superman). The BotFarm itself isn't necessarily clandestine more than its subversion techniques, which is more appropriately a DM discussion. Perhaps, now, you can better understand my specific goal of going down the Tor-hole?

As for Entware, I've noticed that @ryzhov_al seems to be the resident Entware guru and tried tagging them in a relavent post, but haven't received a response, yet. I tried submitting an Entware bug report on GitHub, but it was quickly dismissed as being not the kind of support they provide (RE: Building Entware Tools Fails Dependancy python 2.7). No worries... Like you, I have an inordinate amount of patience and will ultimately prevail. Patience, persistence, and an eye for detail are key attributes for the makings of a quality *nix Administrator, Network Engineer, or Architect, and the reason I suggest you might pursue one of those directions.

Let me know what you decide about your Tor implementation and if/how it goes.

Respectfully,


Gary

P.S. What kind of sound dude are you? I'm more of a lighting guy myself. ;-)
 
Last edited:

heysoundude

Very Senior Member
@heysoundude Patient and modest. You've obviously earned the "Very Senior Member" title for good reason. Your forum posts seem very logical, well thought-out, and well written. I don't know that @RMerlin would bestow such accolades to someone who was dangerous. As for me, I have very specific goals with Asuswrt-Merlin; thus, only an "Occasional Visitor." However, I will try to contribute to the Asuswrt-Merlin Community within those specific goals.

The BotFarm is a collection of bot-scripts written in shell (for portability), distributed across a number of AiMesh Nodes, using an executable NFS mount, built to scale inexpensively ($20 per RT-AC66U_B1), that monitor availability, pricing, etc of essentially anything of interest (Think... Bruce Wayne's NOC in Batman vs Superman). The BotFarm itself isn't necessarily clandestine more than its subversion techniques, which is more appropriately a DM discussion. Perhaps, now, you can better understand my specific goal of going down the Tor-hole?

As for Entware, I've noticed that @ryzhov_al seems to be the resident Entware guru and tried tagging them in a relavent post, but haven't received a response, yet. I tried submitting an Entware bug report on GitHub, but it was quickly dismissed as being not the kind of support they provide (RE: Building Entware Tools Fails Dependancy python 2.7). No worries... Like you, I have an inordinate amount of patience and will ultimately prevail. Patience, persistence, and an eye for detail are key attributes for the makings of a quality *nix Administrator, Network Engineer, or Architect, and the reason I suggest you might pursue one of those directions.

Let me know what you decide about your Tor implementation and if/how it goes.

Respectfully,


Gary

P.S. What kind of sound dude are you? I'm more of a lighting guy myself. ;-)
I'm in audio post production...tv/film work, some advertising/webstuff, but occasionally I still get called to drive big PA systems in performance venues/festivals, and I have mixed on a broadcast truck. (if you've seen me cross swords with people in the ntpMerlin threads, it's because I am fairly well versed in clocking as it pertains to systems and sync/throughput...making 24Hz video and 48kHz audio match up correctly require particular attention to this detail)
You're very kind in your estimations of me. Titles are bestowed here by the server/software based on post activity. @RMerlin probably doesn't have much to do with that...and I'm trying to keep my post count down - being part of the furniture is fine, but I don't want to be imagined as smelly or lumpy.
My thinking as far as getting a convo with entware people - try the Telegram chat group. I'd bet that it's much more direct/immediate. I suspect I understand what you're doing with your bots, and I applaud your desire to be both disruptive and clandestine.

I'll try to make an attempt at Tor-ing up my self this weekend...I think I'll have the place to myself for a few hours, or maybe I can burn some midnight oil like the old days.
 

garycnew

Regular Contributor
I'm in audio post production...tv/film work, some advertising/webstuff, but occasionally I still get called to drive big PA systems in performance venues/festivals, and I have mixed on a broadcast truck. (if you've seen me cross swords with people in the ntpMerlin threads, it's because I am fairly well versed in clocking as it pertains to systems and sync/throughput...making 24Hz video and 48kHz audio match up correctly require particular attention to this detail)
You're very kind in your estimations of me. Titles are bestowed here by the server/software based on post activity. @RMerlin probably doesn't have much to do with that...and I'm trying to keep my post count down - being part of the furniture is fine, but I don't want to be imagined as smelly or lumpy.
My thinking as far as getting a convo with entware people - try the Telegram chat group. I'd bet that it's much more direct/immediate. I suspect I understand what you're doing with your bots, and I applaud your desire to be both disruptive and clandestine.

I'll try to make an attempt at Tor-ing up my self this weekend...I think I'll have the place to myself for a few hours, or maybe I can burn some midnight oil like the old days.

@heysoundude It sounds like you and I majored and minored in the opposite fields of study. I knew there was a reason you and I have gotten on so well. I can see clearer where you've developed your patience and how you've applied it, too. Mad Respect! As a hobby, I've done some post-production a/v work of my own. You can check out some samples at... https://www.gymclubdjs.com

As for the Matrix bestowing titles, since you put it that way, I am a bit concerned for the future of this forum.

I've made some progress with the Entware tools build. I've cleared all the library (except the python2 check that I commented out) and development header dependencies, but, now, I'm stuck at a bzcat | tar change mode issue that I think requires some busybox love. If worse comes to worse I'll checkout the Telegram chat group.

As for the BotFarm, another analogy might be having a Virtual Alfred Pennyworth keeping tabs on and notify Bruce Wayne first of anything that Bruce Wayne deems important 24/7/365. However, it can come at a cost (i.e., getting permanently suspended from a well known auction site, etc). Good times.

Look for an update to this Asuswrt-Merlin Tor Tutorial, as I've encountered some issues with router system resources becoming taxed with Tor ramping-up load in week two and competing with other, existing router services. Spoiler: It's a stable, happy ending.

Respectfully,

Gary
 
Last edited:

garycnew

Regular Contributor
UPDATE: During Week 2, of the New Relay Lifecycle, Tor has continued to ramp-up load to our ASUSWRTMerlinRelay that is starting to cause router degradation as it competes with existing network services and stresses the router.

Fortunately, Tor has provided a directive to tune and limit the MaxMemInQueues. Should you encounter similar issues, we recommend setting your MaxMemInQueues to 3/4 (i.e., 192MB) your system's total physical memory (i.e., 256MB) and increase/decrease based on router performance. Some routers will have more/less load based on existing network services.

Code:
# vi /jffs/scripts/torrc.postconf
...
# Note: By default, Tor will try to pick a reasonable MaxMemInQueues based on your system's physical memory
# Uncomment the following line to limit the MaxMemInQueues that Tor can use based on your physical memory
pc_insert "DirCache 0" "MaxMemInQueues 192 MB" $CONFIG
# Start by setting your MaxMemInQueues to 3/4 (i.e., 192MB) your system's total physical memory (i.e., 256MB)

This tuning option has effectively remedied the router degradation issues that we were experiencing and regained stability.

@joe scian @joegreat @CaptnDanLKW @heysoundude @L&LD
 
Last edited:

garycnew

Regular Contributor

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top