# Using Tor on GL.iNet's mini-routers ## Installation ``` opkg update opkg install tor tor-geoip ``` ## Configuration ### Configuring tor Copying those lines below and paste in the router's command line, then press "Enter" key. That will override the torrc configuration file with it. ``` cat < /etc/tor/torrc RunAsDaemon 1 AllowUnverifiedNodes middle,rendezvous Log notice syslog ## Only run as a client, never a relay or exit ClientOnly PidFile /var/run/tor.pid DataDirectory /var/lib/tor User tor SocksPort 9050 SocksPort 192.168.1.1:9050 AutomapHostsSuffixes .onion,.exit AutomapHostsOnResolve 1 VirtualAddrNetworkIPv4 10.192.0.0/10 TransPort 192.168.1.1:9040 DNSPort 192.168.1.1:9053 ControlPort 9051 EOT ``` ### Configuring firewall Append those lines to */etc/config/firewall*. ``` config zone 'tor' option name 'tor' option network 'lan' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option conntrack '1' config rule option name 'Allow-Tor-DHCP' option src 'tor' option proto 'udp' option dest_port '67' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Tor-DNS' option src 'tor' option proto 'udp' option dest_port '9053' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Tor-Transparent' option src 'tor' option proto 'tcp' option dest_port '9040' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Tor-SOCKS' option src 'tor' option proto 'tcp' option dest_port '9050' option target 'ACCEPT' option family 'ipv4' ``` Append those lines to */etc/firewall.user*. ``` enable_transparent_tor() { ifname=br-lan # Allow direct access to the Tor daemon iptables -t nat -A PREROUTING -i $ifname -p tcp --dport 9050 -j ACCEPT # provide transparent routing for TCP and DNS iptables -t nat -A PREROUTING -i $ifname -p udp --dport 53 -j REDIRECT --to-ports 9053 iptables -t nat -A PREROUTING -i $ifname -p tcp --syn -j REDIRECT --to-ports 9040 } enable_transparent_tor ``` ## Start Tor We have to edit Tor init script, */etc/init.d/tor* to successfully start tor at every boot. Add those lines before **procd\_open\_instance**. ``` lan_ip=$(uci get network.lan.ipaddr) [ -n "$lan_ip" ] && sed -i "s/192.168\..*\..*:/$lan_ip:/g" /etc/tor/torrc ``` All things done. Let’s start tor. ``` /etc/init.d/tor restart ``` ## Verify tor Visti [check.torproject.org](http://check.torproject.org/) to see if you are in tor network. Please note, when you are using tor, the router’s UI is not accessible as well. But you can ssh to the router. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://gl-inet.gitbook.io/op-docs/vpn/tor.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.