corritor, a Tor traffic whitelisting OpenWRT network
"Force users to use Tor Browser".
So called "transparent proxies" suffer from significant issues that we want to address. Also, corritor does not run the Tor software. It looks at the Tor network from the outside. This is important because there is no need to upgrade the Router firmware in order to update Tor.
This should become an OpenWRT (wifi) network configuration that whitelists traffic to and from the Tor network.
Users cannot use Tor Bridges in this network! Bridges help when Tor is being blocked. Here, Tor is allowed - only Tor.
- advantages over transparent Tor proxies
- users don't have to trust the router's Tor software. They run Tor themselves
- never have old and vulnerable Tor versions on the router
- simple and lightweight
- users are more likely to use TorBrowser which is more secure than tunnel a normal Browsers' traffic through Tor
Make sure ipset and curl are avilable on the system.
ipset_tor.sh creates or updates an ipset (named torset by default). This
should be run regularly by cron:
15 * * * * </path/to/ipset_tor.sh>
corritor_start.sh sets up the forwarding filter using iptables, so this
should be run during startup.
- Reference hardware for prototyping: Netgear Nighthawk X4S
- What constraints do we really have? Flashsize? USB Stick?
- see openwrt's table of hardware