You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

104 lines
3.4 KiB

  1. # Tor Hidden service configurator
  2. **tor-hs** packages tries to simplify creating of hidden services on OpenWrt routers.
  3. ## Requirements
  4. To run **tor-hs**, you need Tor package with uci config support (it was added
  5. with [this commit](https://github.com/openwrt/packages/commit/ca6528f002d74445e3d0a336aeb9074fc337307a) ).
  6. ## Instalation
  7. To install package simple run
  8. ```
  9. opkg update
  10. opkg install tor-hs
  11. ```
  12. ## Configuration
  13. Uci configuration is located in **/etc/config/tor-hs**
  14. ### Required section of configuration
  15. There is one required section **common**
  16. Example of this section
  17. ```
  18. config tor-hs common
  19. option GenConf "/etc/tor/torrc_hs"
  20. option HSDir "/etc/tor/hidden_service"
  21. option RestartTor "true"
  22. option UpdateTorConf "true"
  23. ```
  24. #### Table with options description
  25. | Type | Name | Default | Description |
  26. | ------ | ------ | ------ | ------ |
  27. | option |GenConf | /etc/tor/torrc_generated|Generated config by tor-hs.|
  28. | option | HSDir |/etc/tor/hidden_service|Directory with meta-data for hidden services (hostname,keys,etc).|
  29. | option | RestartTor | true| It will restart tor after running **/etc/init.d/tor-hs start**.|
  30. | option | UpdateTorConf | true|Update /etc/config/tor with config from **GenConf** option.|
  31. ### Hidden service configuration
  32. If you want to create a new hidden service, you have to add a hidden-service section. For every hidden service, there should be a new **hidden-service** section.
  33. Example of hidden service section for ssh server:
  34. ```
  35. config hidden-service
  36. option Name 'sshd'
  37. option Description "Hidden service for ssh"
  38. option Enabled 'false'
  39. option IPv4 '127.0.0.1'
  40. #public port=2222, local port=22
  41. list PublicLocalPort '2222;22'
  42. ```
  43. #### Table with options description
  44. | Type | Name | Example value | Description |
  45. | ------ | ------ | ------ | ------ |
  46. | option | Name | sshd| Name of hidden service. It is used as directory name in **HSDir**|
  47. | option | Description| Hidden service for ssh| Description used in **rpcd** service|
  48. | option | Enabled |false| Enable hidden service after running **tor-hs** init script|
  49. | option |IPv4 |127.0.0.1|Local IPv4 address of service. Service could run on another device, in that case OpenWrt will redirect comunication. |
  50. | list | PublicLocalPort| 2222;22| Public port is port accesible via Tor network. Local port is normal port of service.|
  51. |option| HookScript |'/etc/tor/nextcloud-update.php'| Path to script which is executed after starting tor-hs. Script is executed with paramters **--update-onion** **hostname** . Hostname is replaced with Onion v3 address for given hidden service.
  52. ## Running service
  53. To enable tor-hs service run
  54. ```
  55. /etc/init.d/tor-hs enable
  56. /etc/init.d/tor-hs start
  57. ```
  58. In case you enabled option *RestartTor* and *UpdateTorConf* hidden service should be running.
  59. Otherwise, you should also restart tor daemon.
  60. ```
  61. /etc/init.d/tor restart
  62. ```
  63. After that you should also restart rpcd daemon, so you can use tor-hs RPCD service.
  64. ```
  65. /etc/init.d/rpcd restart
  66. ```
  67. ### RPCD
  68. RPCD servis helps users to access basic informations about hidden services on router. After running HS it contains onion url for given hidden service in hostname value.
  69. ```
  70. root@turris:/# ubus call tor_rpcd.sh list-hs '{}'
  71. {
  72. "hs-list": [
  73. {
  74. "name": "sshd",
  75. "description": "Hidden service for ssh",
  76. "enabled": "1",
  77. "ipv4": "127.0.0.1",
  78. "hostname": "****hidden-service-hostname****.onion",
  79. "ports": [
  80. "22;22"
  81. ]
  82. }
  83. ]
  84. }
  85. ```