Using an RT-AC87U running Asuswrt-Merlin 378.55 and I wanted to create a dedicated SSID for Tor access that could be applied at router boot, which I have managed to create however there is a slight issue with getting it to be applied at boot...
Step 1 - I enabled and configured the 1st 2.4Ghz Guest SSID (disabling Intranet access for all clients)
Step 2 - Disabled Tor (as the two configurations that are available br0 or MAC are not required) and ensured /tmp/torrc and any /tmp/nat_rules for Tor are removed
Step 3 - added the following into /etc/dnsmasq.conf and restart dnsmasq
Step 4 - Configure the interface
Step 5 - write the Tor configuration file and load Tor (as we have disabled Tor from within the webui so at boot it will not generate)
Step 6 - setup NAT rules on interface to send all traffic through Tor
Now if I apply all of the below through terminal post boot it works fine, I can join the SSID and get a 192.168.2.* IP address and all traffic is routed through Tor, however if I try and add it into various scripts in /jffs/scripts (or even just add it all into services-start which I believe is the last one to run) any device that tried to connect to the SSID post router boot cannot get an IP address and it just hangs on "Obtaining IP address..."
I know the script works as it works correctly if entered manually so there must be something being applied at boot which is creating a problem. When do the virtual wlans get created? Maybe this is overwriting one of the settings above? If anyone has any ideas on where the above (and in what order) should be placed in /jffs/scripts I would be extremely grateful.
Step 1 - I enabled and configured the 1st 2.4Ghz Guest SSID (disabling Intranet access for all clients)
Step 2 - Disabled Tor (as the two configurations that are available br0 or MAC are not required) and ensured /tmp/torrc and any /tmp/nat_rules for Tor are removed
Step 3 - added the following into /etc/dnsmasq.conf and restart dnsmasq
Code:
interface=wl0.1
dhcp-range=wl0.1,192.168.2.1,192.168.2.254,255.255.255.0,86400s
dhcp-option=wl0.1,3,192.168.2.1
Code:
ifconfig wl0.1 192.168.2.1 netmask 255.255.255.0
ebtables -t broute -I BROUTING -p ipv4 -i wl0.1 -j DROP
ebtables -t broute -I BROUTING -p arp -i wl0.1 -j DROP
iptables -I INPUT -i wl0.1 -j ACCEPT
iptables -I FORWARD -i wl0.1 -j ACCEPT
Code:
echo "SocksPort 9050" >> /tmp/torrc
echo "Log notice file /tmp/torlog" >> /tmp/torrc
echo "VirtualAddrNetwork 10.192.0.0/10" >> /tmp/torrc
echo "AutomapHostsOnResolve 1" >> /tmp/torrc
echo "TransPort 9040" >> /tmp/torrc
echo "TransListenAddress 192.168.2.1" >> /tmp/torrc
echo "DNSPort 9053" >> /tmp/torrc
echo "DNSListenAddress 192.168.2.1" >> /tmp/torrc
echo "RunAsDaemon 1" >> /tmp/torrc
echo "DataDirectory /tmp/.tordb" >> /tmp/torrc
echo "AvoidDiskWrites 1" >> /tmp/torrc
Tor -f /tmp/torrc --quiet
Code:
iptables -t nat -A PREROUTING -i wl0.1 -p udp --dport 53 -j REDIRECT --to-ports 9053
iptables -t nat -A PREROUTING -i wl0.1 -p tcp --syn -j REDIRECT --to-ports 9040Now if I apply all of the below through terminal post boot it works fine, I can join the SSID and get a 192.168.2.* IP address and all traffic is routed through Tor, however if I try and add it into various scripts in /jffs/scripts (or even just add it all into services-start which I believe is the last one to run) any device that tried to connect to the SSID post router boot cannot get an IP address and it just hangs on "Obtaining IP address..."
I know the script works as it works correctly if entered manually so there must be something being applied at boot which is creating a problem. When do the virtual wlans get created? Maybe this is overwriting one of the settings above? If anyone has any ideas on where the above (and in what order) should be placed in /jffs/scripts I would be extremely grateful.
