TOR *only on specific* Guest SSID

[spalife]

Hello,

I am on RT-N66U.

I looked at the TOR configuration in the administration page and it currently
allows TOR traffic for the ENTIRE LAN or for a specific MAC (which works well).

I want to create a specific TOR only Guest SSID on 2.4 Ghz (w10.2) and other SSID's existing will be non TOR.

When users want to browse anonymously they can connect to the Guest 2 SSID
for anynymous browsing and switch back to the other SSID's for normal activities.

Is there anyway I can achieve this ? i.e., through routing ?


Regards

 

[System Error Message]

Never use TOR on your network hardware. I have said this many times as they are actually very insecure. Please read my other posts on this.

 

[spalife]

thanks for the update.

I am planning to use TOR feature available in Merlin for sporadic anonymous non critical/non transactional web browsing.

I usually turn the feature ON when needed and turn OFF after use for a specific period of time usually less than an hr of use and visit only sites of specific interest to me taking precautions, so that i don't get lost anonymously.

 

[kvic]

If you really want to try, can read the thread on selective vpn routing only for a guest ssid. The required amount of work will be roughly similar.

 

[spalife]

The below rules gets added when TOR is turned on for a specific MAC address

-A PREROUTING -i br0 -p udp --dport 53 -m mac --mac-source XX:XX:XX:XX:XX:XX -j REDIRECT --to-ports 9053

-A PREROUTING -i br0 -p tcp --syn ! -d 192.168.1.0/24 -m mac --mac-source XX:XX:XX:XX:XX:XX --match multiport --dports 80,443 -j REDIRECT --to-ports 9040

-----contemplating below changes-----
Since I am noob when it comes to iptable rules,
would appreciate feedback whether the below rules....a slight change to above rules would work?

iptables -t nat -A PREROUTING -i wl0.2 -p udp --dport 53 -j REDIRECT --to-ports 9053

iptables -t nat -A PREROUTING -i wl0.2 -p tcp --match multiport --dports 80,443 -j REDIRECT --to-ports 9040


NOTE:
Assume that TOR is turned on for a specific MAC still through the GUI

 

[spalife]

thanks kvic.

I did go through
https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN

It has lot of activity for creation of a SSID through scripts and for a tunnel.

I am planning to create a specific Guest SSID and want to route all the traffic from that SSID to the TOR running ports 9050 / 9040 / 9053.

I might have to as you suggested, take few snippets from the HOW-TO and iptable rules when TOR is enabled.

((head-scratching)) ;-)

 

[kvic]

This thread also contains useful material.
http://www.snbforums.com/threads/selective-routing-with-asuswrt-merlin.9311/

The discussion is inspirational. Towards the end of the thread, someone suggested a less patchy way. I couldn't recall if anyone on the thread got a functional setup without a glitch.

I tried it last year. Got it to work. My setup didn't have any glitches. But still the user experience is not so good actually. It ended up collecting dust on my AC56U.

The process of getting it to work is fun. Good luck on your adventure