3ee2a087a3
Change from jan.pavlinec@nic.cz to jan.pavlinec1@gmail.com Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Tor Hidden service configurator
tor-hs packages tries to simplify creating of hidden services on OpenWrt routers.
Requirements
To run tor-hs, you need Tor package with uci config support (it was added with this commit ).
Instalation
To install package simple run
opkg update
opkg install tor-hs
Configuration
Uci configuration is located in /etc/config/tor-hs
Required section of configuration
There is one required section common
Example of this section
config tor-hs common
option GenConf "/etc/tor/torrc_hs"
option HSDir "/etc/tor/hidden_service"
option RestartTor "true"
option UpdateTorConf "true"
Table with options description
| Type | Name | Default | Description |
|---|---|---|---|
| option | GenConf | /etc/tor/torrc_generated | Generated config by tor-hs. |
| option | HSDir | /etc/tor/hidden_service | Directory with meta-data for hidden services (hostname,keys,etc). |
| option | RestartTor | true | It will restart tor after running /etc/init.d/tor-hs start. |
| option | UpdateTorConf | true | Update /etc/config/tor with config from GenConf option. |
Hidden service configuration
If you want to create a new hidden service, you have to add a hidden-service section. For every hidden service, there should be a new hidden-service section.
Example of hidden service section for ssh server:
config hidden-service
option Name 'sshd'
option Description "Hidden service for ssh"
option Enabled 'false'
option IPv4 '127.0.0.1'
#public port=2222, local port=22
list PublicLocalPort '2222;22'
Table with options description
| Type | Name | Example value | Description |
|---|---|---|---|
| option | Name | sshd | Name of hidden service. It is used as directory name in HSDir |
| option | Description | Hidden service for ssh | Description used in rpcd service |
| option | Enabled | false | Enable hidden service after running tor-hs init script |
| option | IPv4 | 127.0.0.1 | Local IPv4 address of service. Service could run on another device, in that case OpenWrt will redirect comunication. |
| list | PublicLocalPort | 2222;22 | Public port is port accesible via Tor network. Local port is normal port of service. |
| option | HookScript | '/etc/tor/nextcloud-update.php' | Path to script which is executed after starting tor-hs. Script is executed with paramters --update-onion hostname . Hostname is replaced with Onion v3 address for given hidden service. |
Running service
To enable tor-hs service run
/etc/init.d/tor-hs enable
/etc/init.d/tor-hs start
In case you enabled option RestartTor and UpdateTorConf hidden service should be running. Otherwise, you should also restart tor daemon.
/etc/init.d/tor restart
After that you should also restart rpcd daemon, so you can use tor-hs RPCD service.
/etc/init.d/rpcd restart
RPCD
RPCD servis helps users to access basic informations about hidden services on router. After running HS it contains onion url for given hidden service in hostname value.
root@turris:/# ubus call tor-hs-rpc list-hs '{}'
{
"hs-list": [
{
"name": "sshd",
"description": "Hidden service for ssh",
"enabled": "1",
"ipv4": "127.0.0.1",
"hostname": "****hidden-service-hostname****.onion",
"ports": [
"22;22"
]
}
]
}