In questo breve articolo spiego brevemente come trasformare un vecchio modem Telecom, l’Alicegate AGPF in un TOR router per navigare in modalità anonima sfruttando la rete TOR.

Per prima cosa bisogna prepararlo per installare una versione di OPENWRT, vi mando direttamente sul sito http://latanadelgurzo.blogspot.it/2012/11/installare-openwrt-su-agpf-da-windows-xp.html
Vi ricordo che occorre saldare 3 fili sulla piastra madre e collegarli ad un USB -> RS232
Personalmente uso questo http://www.amazon.it/CP2102-convertitore-seriale-uart-modulo/dp/B00AFRXKFU/ref=sr_1_1?ie=UTF8&qid=1423316510&sr=8-1&keywords=cp2102

Come immagine OPENWRT io ho usato l’ultima alpha https://downloads.openwrt.org/snapshots/trunk/brcm63xx/generic/openwrt-AGV2%2bW-squashfs-cfe.bin

Potete usare anche la versione stabile https://downloads.openwrt.org/barrier_breaker/14.07/brcm63xx/generic/openwrt-AGV2%2bW-cfe-squashfs-cfe.bin

Una volta flashato entriamo subito nella configurazione.

Bisogna editare il file

[email protected]:/# vi /etc/config/network

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’

config globals ‘globals’
option ula_prefix ‘fdfe:1c9b:f6f4::/48’

config interface ‘lan’
option ifname ‘eth0’
option force_link ‘1’
option type ‘bridge’
option proto ‘static’
option ipaddr ‘192.168.2.1’
option netmask ‘255.255.255.0’
option ip6assign ’60’
option _orig_ifname ‘eth0 radio0.network1’
option _orig_bridge ‘true’
option disable_ipv6 ‘1’

config interface ‘wan’
option ifname ‘eth1’
option proto ‘dhcp’
option disable_ipv6 ‘1’

config interface ‘tor’
option proto ‘static’
option ipaddr ‘172.16.1.1’
option netmask ‘255.255.255.0’
option disable_ipv6 ‘1’

Così useremo la porta ETH4 come WAN, collegata direttamente al router internet, mentre le altre porte sono dedicate alla configurazione sull’IP 192.168.2.1

Ora installiamo TOR con il comando:
[email protected]:~# opkg install tor tor-fw-helper tor-geoip


Configuriamo l’interfaccia WIFI per usarlo come AP con sid Openwrt

Edit /etc/config/wireless

config wifi-device ‘radio0’
config wifi-device radio0
option type mac80211
option channel 11
option hwmode 11g
option path ‘pci0000:00/0000:00:01.0/ssb0:0’
option htmode

config wifi-iface
option device radio0
option network tor
option mode ap
option ssid OpenWrt
option encryption none

Impostiamo il DHCP
Edit /etc/config/dhcp aggiungendo

config dhcp tor
option interface tor
option start 100
option limit 150
option leasetime 1h

Configuriamo le regole del firewall
Edit /etc/config/firewall

config defaults
option syn_flood ‘1’
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘REJECT’

config zone
option name ‘lan’
list network ‘lan’
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘ACCEPT’

config zone
option name ‘wan’
list network ‘wan’
list network ‘wan6’
option input ‘REJECT’
option output ‘ACCEPT’
option forward ‘REJECT’
option masq ‘1’
option mtu_fix ‘1’

config zone
option name ‘tor’
option network ‘tor’
option input ‘REJECT’
option output ‘ACCEPT’
option forward ‘REJECT’
option conntrack ‘1’

config rule
option name ‘Allow-Tor-DHCP’
option src ‘tor’
option proto ‘udp’
option dest_port ’67’
option target ‘ACCEPT’
option family ‘ipv4’

config rule
option name ‘Allow-Tor-DNS’
option src ‘tor’
option proto ‘udp’
option dest_port ‘9053’
option target ‘ACCEPT’
option family ‘ipv4’

config rule
option name ‘Allow-Tor-Transparent’
option src ‘tor’
option proto ‘tcp’
option dest_port ‘9040’
option target ‘ACCEPT’
option family ‘ipv4’

config rule
option name ‘Allow-Tor-SOCKS’
option src ‘tor’
option proto ‘tcp’
option dest_port ‘9050’
option target ‘ACCEPT’
option family ‘ipv4’

config rule
option name ‘Allow-DHCP-Renew’
option src ‘wan’
option proto ‘udp’
option dest_port ’68’
option target ‘ACCEPT’
option family ‘ipv4’

config rule
option name ‘Allow-Ping’
option src ‘wan’
option proto ‘icmp’
option icmp_type ‘echo-request’
option family ‘ipv4’
option target ‘ACCEPT’

config forwarding
option src ‘lan’
option dest ‘wan’

config include
option path ‘/etc/firewall.user’

Nel file /etc/firewall.user scriviamo

enable_transparent_tor() {
iptables -t nat -A PREROUTING -i wlan0 -p udp –dport 53 -j REDIRECT –to-ports 9053
iptables -t nat -A PREROUTING -i wlan0 -p tcp –syn -j REDIRECT –to-ports 9040
}
enable_transparent_tor

In /etc/sysctl.conf controlliamo che i valori siamo impostati su 0

net.ipv4.ip_forward=0
net.ipv6.conf.default.forwarding=0
net.ipv6.conf.all.forwarding=0

Ora come ultimo passo configuriamo TOR editando semplicemente il file /etc/tor/torrc

AllowUnverifiedNodes middle,rendezvous
AutomapHostsOnResolve 1
SocksPort 9050
SocksBindAddress 172.16.1.1:9050
VirtualAddrNetwork 10.192.0.0/10
TransPort 9040
TransListenAddress 172.16.1.1
DNSPort 9053
DNSListenAddress 172.16.1.1

Abbiamo finito riavviate il router o i servizi con il comando
/etc/init.d/tor enable
/etc/init.d/tor start
/etc/init.d/firewall stop
/etc/init.d/firewall start

Ora avete un access point che si collega direttamente alla rete TOR in modalità anonima trasparente, questa configurazione permette anche di accedere su tutti i siti .onion
Controllate se tutto ok andando su https://check.torproject.org/?lang=it_IT

In aggiunta se volete sistemare i LED del modem basta editare /etc/config/system

config led ‘led_power_blue’
option name ‘Power Status’
option sysfs ‘AGPF-S0:green:power’
option default ‘1’

config led ‘led_wifi_green’
option name ‘WIFI – RXTX’
option sysfs ‘AGPF-S0:green:wifi’
option trigger ‘netdev’
option dev ‘wlan0’
option mode ‘link tx rx’

config led ‘led_wan_green’
option name ‘WAN – RXTX’
option sysfs ‘AGPF-S0:green:internet’
option trigger ‘netdev’
option dev ‘eth1’
option mode ‘link tx rx’

config led ‘led_usb’
option name ‘USB – Status’
option sysfs ‘AGPF-S0:green:service’
option trigger ‘usbdev’
option dev ‘1-1′
option interval ’50’

Leave a Comment

Your message.

Who are you?