Tor support is experimental, and unlikely to get any further work done on it. The only reason it's there is because the code was already present in Asuswrt, and it didn't take too much work to finalize and make it work.
People more expert in Tor have already mentionned that having Tor implemented at a router's level isn't a good idea, because of the false sense of anonymity it might provide - browsers or torrent clients will still leak personal identification through the Tor network. Ideally, Tor support has to be embedded directly in the application itself.
I started doing a little research on TOR in the router since you mentioned it. There isn't a lot out there, thankfully. It seems that you provided a feature that people were asking about for years. Congratulations!
If I can summarize what I believe the arguments for and against TOR in the router (and in general) are, I'd appreciate your feedback on this.
TOR Pros:
1. It is free.
2. The more people who use TOR, and, more importantly host a TOR server, there are, the more anonymous each individual using the service is.
3. It is very good at allowing people to mask their IP location within certain limits. It is not perfect.
4. It isn't that slow for speed with normal web browsing and communications.
5. I did some testing with speedtest.net which indicated that I was not seeing a upload or download rate hit from using the TOR implementation. This may not be really true according to articles on the TOR website which indicate that you can't use that bench-marking tool to determine real world performance.
TOR Cons:
1. The bandwidth through the TOR network is limited by the TOR server hosts bandwidth. That can be inconsistent. There are only approximately 4000 volunteer TOR host servers which can be saturated.
2. There are a lot of people who want to do Torrent downloading through the TOR network which reduces bandwidth for people who are deemed to be more "worthy" of using the bandwidth like rebels, political activists, NGO's, journalists, etc.. (This is a satirical commentary - I do not view journalists, NGO's, or political activists as being any more "worthy" than other people)
3. People are hesitant about being a TOR host because some countries have prosecuted the TOR host for illegal acts committed by a TOR user. This is restricting the size and growth of the TOR Host network and hence the bandwith growth available.
TOR is and always will be TCP only. UDP and ICMP traffic get dropped.
4. As ASAT stated, TOR uses TCP which hinders or prevents certain traffic types from going through the TOR network.
5. Because TOR uses TCP, users who want to transfer bittorrent files unmask their real IP address and that can cause other security issues if they send other traffic with the torrent files because those other files have an unmasked IP address. The user may not know this. If you are not transferring torrent files, chances are that you are not unmasking your real IP.
6. Because the TOR Host servers are finite and known, Governments, and ISP's can track traffic going and coming from the TOR Host Server network and derive user identities from traffic patterns. They can even penetrate the Tor Host Servers to intercept the traffic and monitor everything that is not encrypted.
My response to this is to question how other proxy server providers are any different than the TOR network in terms of the security flaws? The most popular proxy server provider (according to Tom's Hardware Guide users) is PIA which only has 40 proxy servers. Hide My butt touts 1000's of proxy servers, but not 4000 of them. Why is it any harder for the Chinese, USA, USSR, or any other government with the resources to monitor and penetrate those proxy server networks? I contend it is even easier because the number of proxy server in those "for profit" companies is fewer. Maybe their security is better - maybe. I doubt it. They have to do business and make money. Hence they are subject to government pressures to comply. The Chinese government has complete access to every proxy server network in their country (according to a New York Times article). In the USA, the NSA, and other Government agencies, has direct access to all traffic through all ISP's (according to a documentary that I saw on the subject). They have direct monitoring of all the cable trunks into and leaving the USA which gives them direct access to all international traffic. They probably have direct monitoring of USA based proxy server companies and have agreements with most other countries to monitor those proxy servers outside the USA. (I don't know this for a fact but some of the documents disclosed by Snowden would indicate that). No one in the USA is anonymous from the government regarding, phone, cellular, internet, VOIP, or even plain old letter communications.
I agree that, if you do not encrypt your traffic, TOR is vulnerable to interception by organizations with the resources or talented individuals with the desire to do so. I believe it is the same with TOR, PPTP, L2PT, or Open VPN. If I remember correctly, the lack of powerful encryption was the argument about the vulnerability of PPTP and L2PT. I am not an expert in this field so I will gladly accept clarification on this from someone who has more knowledge about it than I.
My conclusion from my research was that the TOR network was no more vulnerable to interception than any other of these proxy server services. What makes a VPN, a PN is the encryption level that is used for both sides of the traffic flow. OpenVPN supposedly incorporates a high level encryption key in the process of starting it up (I have tried a few times and can never get OpenVPN to work for me). If you are just trying to mask your traffic patterns of internet searches for whatever reason (I personally do not want anyone to monitor my habits with the intent of selling that information to anyone who wants to market things to me), you are not going to be sending and receiving the information with encryption. Again, I am a neophyte about this and if there is a way to implement it fairly easily, please let me know.
My research did explain why I can't do teleconferencing through Skype for business. The information stream is already encrypted and in a VPN so the TOR network rejects it. Similarly, MS Outlook does not like any type of proxy server and rejects all attempts to connect to a user account through a proxy server. Craigslist.org also rejects any attempts to access an account through a proxy server (probably in attempt to prevent illegal acts and items from being transacted on their site). Interestingly, none of the banks (4 major USA banks) I tried, had any problems with accessing accounts and making transactions through a proxy server.
In conclusion, I still like the Tor implementation on the router. No it isn't perfect but it is "Better than Nothing". As with most things, an informed use of the TOR service with knowledge what it can and cannot do allows the user to make an informed decision. I understand that some people will not be happy with having to go into the router FW to turn the TOR feature on and off. It isn't very convenient in that respect. I solve that problem by having two separate routers on separate networks. One has the TOR feature enabled, the other does not. If I encounter a situation where I cannot use the TOR implementation, I switch network connections. That is easy to do when using client devices connected by WiFi. This solution probably doesn't work for most people.
Anyway RMerlin, thanks for putting this feature in. It was fun to play with and gave me more incentive to research proxy servers and VPN's.
