Tutorial [SOLUTION] Asuswrt-Merlin Tor via Bridge, Device, Browser, Entry (Guard)/Middle (Non-Exit) Relay, and Device/Browser/Relay Hybrid Implementations

[garycnew]

I've incorrectly run it - I needed to provide a 'torrc' file as an $1 input.
Anyway, now I have 2 'torrc' files (/tmp/torrc & /tmp/tor/torrc), both are the same, attaching them as well.

Asuswrt-Merlin uses /tmp/torrc by default.

Now, I've run 'service restart_tor' command, but I can't find the tor process when I run 'ps | grep tor', nor I can see any files under /tmp/tor/torrc.d/ and there is no download/upload traffic, so I would guess tor doesn't work.

Asuswrt-Merlin uses Tor (capital T) by default.

What seems to be the problem?
original files available at: https://filebin.net/94x2kajxz2yx4e5o

I've found that running Tor manually without the -quiet option helps to validate the torrc. I would also recommend reviewing the /tmp/torlog for errors.

BTW... Common issues are Nickname cannot be longer than 18 characters and ensure your DataDirectory is pointing to the correct location.

 

[SoFluffy]

I was having issues with Option #3 - Browser option - I couldn't get the Socks5 proxy listening on port 9050. After reading thru this, looked to be a similar issue of not having the input file, and then also just missing the standard "#!/bin/sh". I needed to add two lines at the top to get it working, then the rest is the same.

# vi /jffs/scripts/torrc.postconf
#!/bin/sh
CONFIG=$1
HOSTIPADDR=$(hostname -i)
source /usr/sbin/helper.sh

if [ "$HOSTIPADDR" != "" ]; then HOSTIPADDR="${HOSTIPADDR}:"; fi

pc_insert "SocksPort 9050" "SocksPort ${HOSTIPADDR}9050" $CONFIG

 

[garycnew]

I was having issues with Option #3 - Browser option - I couldn't get the Socks5 proxy listening on port 9050. After reading thru this, looked to be a similar issue of not having the input file, and then also just missing the standard "#!/bin/sh". I needed to add two lines at the top to get it working, then the rest is the same.

# vi /jffs/scripts/torrc.postconf
#!/bin/sh
CONFIG=$1
HOSTIPADDR=$(hostname -i)
source /usr/sbin/helper.sh

if [ "$HOSTIPADDR" != "" ]; then HOSTIPADDR="${HOSTIPADDR}:"; fi

pc_insert "SocksPort 9050" "SocksPort ${HOSTIPADDR}9050" $CONFIG

@SoFluffy

I've updated the original post.

Thank you for the correction.

Respectfully,


Gary

 

[Weblee2407]

Is this configuration/script files still current??

 

[garycnew]

Is this configuration/script files still current??

For the most part. I have it running on GT-AXE11000_3004_388.8_4 and RT-AC68U_386.14_2.

 

[Weblee2407]

Thanks....I will post if I have any problems with the minor part

 

[Weblee2407]

#vi /jffs/scripts/init-start #!/bin/sh # Note: Tor DataDirectory requires a lot of disk space, so we symlinked to our USB 3.0 Interface Device if [ ! -d "/tmp/tor" ]; then ln -s /tmp/mnt/SanDiskSDHC/tmp/tor /tmp/tor fi

I have a /tmp/tor directory so it never uses the path to the USB storage. Can I delete the tor files and/or directories under /tmp ??

 

[garycnew]

I have a /tmp/tor directory so it never uses the path to the USB storage. Can I delete the tor files and/or directories under /tmp ??

@Weblee2407

The /tmp/tor directory is the default tor directory used by Asuswrt-Merlin. The /tmp directory is destroyed and rebuilt each time the router is rebooted. At startup, the init-start script replaces the /tmp/tor directory with a symlink to a long-term storage location that allows your torrc to survive reboots.

 

[Weblee2407]

Well today I think I have it working....I do have data under /tmp/.tordb but the log said my circuit timed out so I restarted and bootstrapped to 100%. I have a list of guards/nicknames in the state file too.

I still don't understand the symlink, is there anyway to check if it was done properly and is working?

I will wait and see how my stats look in a couple of days and stop poking around for now.

Thanks

 

[garycnew]

Well today I think I have it working....I do have data under /tmp/.tordb but the log said my circuit timed out so I restarted and bootstrapped to 100%. I have a list of guards/nicknames in the state file too.

I still don't understand the symlink, is there anyway to check if it was done properly and is working?

I will wait and see how my stats look in a couple of days and stop poking around for now.

Thanks

@Weblee2407

Having Tor Bootstrapped to 100% is a Good Sign. The question is whether the .tordb will survive a reboot?

Think of the symlink as a referring link in one location to an actual file or directory in another location.

To check your symlink... Run the following command and provide the output: ls -la /tmp | grep -i tor

You should have /tmp/tor, /tmp/torrc, and /tmp/torlog files and directory. The .tordb directory should be somewhere under /tmp/tor like /tmp/tor/.tordb

It sounds like you're getting there. Good Work!

 

[Weblee2407]

I am trying to use the tor browser and connect via the proxy port 9050.
The connection is refused. I have removed Skynet and disabled Windows firewall without result

Netstat shows listening at localhost.localdomain:9050 but not IP:9050

if I open ssh to the router and telnet localhost.localdomain 9050 I get a connection...but if I try IP I get connect refused

Maybe an OpenSSL issue? I'm at a loss..

tcp 0 0 0.0.0.0:3702 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:55000 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:953 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:9050 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:5916 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:445 0.0.0.0:* LISTEN
tcp 0 0 router.mine.local:445 0.0.0.0:* LISTEN
tcp 0 0 router.mine.local:20222 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:53535 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:8448 0.0.0.0:* LISTEN
tcp 0 0 router.mine.local:8848 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5152 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:18017 0.0.0.0:* LISTEN

 

[Weblee2407]

Ok...not a browser, firewall or name resolution issue. Seems to be an authentication issue with the proxy - even though I tried the admin credentials in the Tor Browser proxy config, it didn't work. Tried Firefox and Iron too - connection refused. I guess my next stop is maybe vanilla ASUS factory firmware? I'm not even sure it has a tor function. I was never found in the relay list either. I have never seen anything run so quiet, there are no log entries to be found.

 

[garycnew]

I am trying to use the tor browser and connect via the proxy port 9050.
The connection is refused. I have removed Skynet and disabled Windows firewall without result

Netstat shows listening at localhost.localdomain:9050 but not IP:9050

if I open ssh to the router and telnet localhost.localdomain 9050 I get a connection...but if I try IP I get connect refused

Maybe an OpenSSL issue? I'm at a loss..

tcp 0 0 0.0.0.0:3702 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:55000 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:953 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:9050 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:5916 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:445 0.0.0.0:* LISTEN
tcp 0 0 router.mine.local:445 0.0.0.0:* LISTEN
tcp 0 0 router.mine.local:20222 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:53535 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:8448 0.0.0.0:* LISTEN
tcp 0 0 router.mine.local:8848 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5152 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:18017 0.0.0.0:* LISTEN

@Weblee Run the netstat command with the -n option to confirm whether your using the ipv4 loopback address (127.0.01:9050) or the ipv6 loopback address. You can use that specific address for configuration in your browser.

 

[garycnew]

Ok...not a browser, firewall or name resolution issue. Seems to be an authentication issue with the proxy - even though I tried the admin credentials in the Tor Browser proxy config, it didn't work. Tried Firefox and Iron too - connection refused. I guess my next stop is maybe vanilla ASUS factory firmware? I'm not even sure it has a tor function. I was never found in the relay list either. I have never seen anything run so quiet, there are no log entries to be found.

Strange... I've never run into authentication issues with Tor using its HTTP Proxy function.

Are you trying 127.0.0.1:9080 or 127.0.0.1:9050? They are two very different Tor services.

What's the output of netstat -anp | grep :90

 

[Weblee2407]

Thanks Gary

All browsers fail with the same message - proxy refused the connection. I'm researching how to authenticate until I have a chance to go into minimal fresh install mode.

 

[garycnew]

Thanks Gary
View attachment 65425

All browsers fail with the same message - proxy refused the connection. I'm researching how to authenticate until I have a chance to go into minimal fresh install mode.

What's the output of your torrc file? That will show your run-time configuration of Tor and might hint to why you're running into this auth issue.

 

[Weblee2407]

With a minimal install, port 9050 maps to the router IP and loop back address. I can use the proxy in Firefox by directing to the router IP, but Tor Browser still does not work with anything other than auto connect (no big deal IMO). Restored my normal config from backup and commented out the symbolic link as one way or another I kept losing the line "socksport <IP of router:9050>" from the
/tmp/torrc . So now Firefox works via the Tor proxy by using the router IP in the proxy settings. I will take up getting the relay working at another time.
Thanks for your help and patience.

 

[Weblee2407]

Attempts to connect via the loop back address generates these log entries; need some sort of username/password I guess.

 

[garycnew]

With a minimal install, port 9050 maps to the router IP and loop back address. I can use the proxy in Firefox by directing to the router IP, but Tor Browser still does not work with anything other than auto connect (no big deal IMO). Restored my normal config from backup and commented out the symbolic link as one way or another I kept losing the line "socksport <IP of router:9050>" from the
/tmp/torrc . So now Firefox works via the Tor proxy by using the router IP in the proxy settings. I will take up getting the relay working at another time.
Thanks for your help and patience.

View attachment 65427

Do the browsers work using 192.168.50.1:9050? The Tor Service is running on the router, so the loopback address won't work as it's referring to the local machine. So... You need to either use the router's Public Address or the Class-C Address (192.168.50.1).

 

[Weblee2407]

Do the browsers work using 192.168.50.1:9050? The Tor Service is running on the router, so the loopback address won't work as it's referring to the local machine. So... You need to either use the router's Public Address or the Class-C Address (192.168.50.1).

Do the browsers work using 192.168.50.1:9050?
Yes... Microsoft Edge and Firefox work using the proxy. The Tor browser will not. I cannot get the proxy to work IF I am also trying to relay. I never get a listening port at 192.168.50.1:9050.

I will try the relay configuration leaving the socks port statement commented out and see if the relay lists by the end of the week. My ISP is a "new" fiber provider established under the US "internet everywhere" policy that extends internet access into rural areas. There are some quirky things I have noticed that has given me the impression they may not be implementing best practices like upload speed greater than download speed, and it has never reported symmetrical stats (download = upload).