How to make Internet connections with specific domain zones go to a proxy?

How to make Internet connections with specific domain zones go to a proxy?
Как сделать чтоб интернет соединения имеющие конкретные доменные зоны уходили на прокси?

1 Like

I am familiar with this and have even used it successfully in Windows but the question is how exactly in OpenWRT can I get it to work?

For:

  • the router; or
  • clients connected to the router?
2 Likes

Router [OpenWRT].
Example: I install Ruantiblock script designed for OpenWRT and specify blocked sites in my country, then all blocked sites are opened via Tor proxy and unblocking of blocked sites happens on the router itself and then I don't need to configure computers and different devices to bypass blocking.

I'm thinking of making access to .i2p and .onion domain zones additionally.

Set up Tor client with selective routing:

Note that the first link is a prerequisite for the second.

As I understand it, these are the codes for Putty. When I command uci set firewall.tcp_int.ipset="tor dest" I got the response uci: Invalid argument. When I commanded service dnsmasq restart I got the response

udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing

. After executing the commands access to onion domains did not appear

login as: root
root@192.168.1.1's password:


BusyBox v1.35.0 (2023-04-27 20:28:15 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.5, r20134-5f15225c1e
 -----------------------------------------------------
root@OpenWrt:~# for IPV in 4
> do
> uci -q delete firewall.tor${IPV%4}
> uci set firewall.tor${IPV%4}="ipset"
> uci set firewall.tor${IPV%4}.name="tor${IPV%4}"
> uci set firewall.tor${IPV%4}.family="ipv${IPV}"
> uci set firewall.tor${IPV%4}.match="net"
> done
root@OpenWrt:~# uci add_list firewall.tor.entry="172.16.0.0/12"
root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest"
uci: Invalid argument
root@OpenWrt:~# uci -q delete firewall.tor${IPV%4}
root@OpenWrt:~#
root@OpenWrt:~# uci set firewall.tor${IPV%4}="ipset"
root@OpenWrt:~# uci set firewall.tor${IPV%4}.name="tor${IPV%4}"
root@OpenWrt:~# uci set firewall.tor${IPV%4}.family="ipv${IPV}"
root@OpenWrt:~# uci set firewall.tor${IPV%4}.match="net"
root@OpenWrt:~# uci add_list firewall.tor.entry="172.16.0.0/12"
root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest"
uci: Invalid argument
root@OpenWrt:~# for IPV in 4
> do
> uci -q delete firewall.lan${IPV%4}_fwd
> uci set firewall.lan${IPV%4}_fwd="rule"
> uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
> uci set firewall.lan${IPV%4}_fwd.src="lan"
> uci set firewall.lan${IPV%4}_fwd.dest="wan"
> uci set firewall.lan${IPV%4}_fwd.proto="all"
> uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
> uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
> uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
> done
root@OpenWrt:~# uci -q delete firewall.lan${IPV%4}_fwd
root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd="rule"
root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.src="lan"
root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.dest="wan"
root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.proto="all"
root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest"
uci: Invalid argument
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# service firewall restart
root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].noresolv
root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].server
root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="/onion/127.0.0.1#9053"
root@OpenWrt:~# uci commit dhcp
root@OpenWrt:~# service dnsmasq restart
udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing
root@OpenWrt:~# ^C
root@OpenWrt:~# ^C
root@OpenWrt:~# ^C
root@OpenWrt:~# ^C
root@OpenWrt:~# ^C
root@OpenWrt:~#
Using username "root".
root@192.168.1.1's password:
Send automatic password


BusyBox v1.35.0 (2023-04-27 20:28:15 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.5, r20134-5f15225c1e
 -----------------------------------------------------
root@OpenWrt:~# cat << EOF > /etc/tor/custom
> AutomapHostsOnResolve 1
> AutomapHostsSuffixes .
> VirtualAddrNetworkIPv4 172.16.0.0/12
> VirtualAddrNetworkIPv6 [fc00::]/8
> DNSPort 0.0.0.0:9053
> DNSPort [::]:9053
> TransPort 0.0.0.0:9040
> TransPort [::]:9040
> EOF
root@OpenWrt:~# cat << EOF >> /etc/sysupgrade.conf
> /etc/tor
> EOF
root@OpenWrt:~# uci del_list tor.conf.tail_include="/etc/tor/custom"
root@OpenWrt:~# uci add_list tor.conf.tail_include="/etc/tor/custom"
root@OpenWrt:~# uci commit tor
root@OpenWrt:~# service tor restart
root@OpenWrt:~# cat << "EOF" > /etc/nftables.d/tor.sh
> TOR_CHAIN="dstnat_$(uci -q get firewall.tcp_int.src)"
> TOR_RULE="$(nft -a list chain inet fw4 ${TOR_CHAIN}
> | sed -n -e "/Intercept-TCP/p")"
> nft replace rule inet fw4 ${TOR_CHAIN} \
> handle ${TOR_RULE##* } \
> fib daddr type != { local, broadcast } ${TOR_RULE}
> EOF
root@OpenWrt:~# uci -q delete firewall.tor_nft
root@OpenWrt:~# uci set firewall.tor_nft="include"
root@OpenWrt:~# uci set firewall.tor_nft.path="/etc/nftables.d/tor.sh"
root@OpenWrt:~# uci -q delete firewall.tcp_int
root@OpenWrt:~# uci set firewall.tcp_int="redirect"
root@OpenWrt:~# uci set firewall.tcp_int.name="Intercept-TCP"
root@OpenWrt:~# uci set firewall.tcp_int.src="lan"
root@OpenWrt:~# uci set firewall.tcp_int.src="lan"
root@OpenWrt:~# uci set firewall.tcp_int.src_dport="0-65535"
root@OpenWrt:~# uci set firewall.tcp_int.dest_port="9040"
root@OpenWrt:~# uci set firewall.tcp_int.proto="tcp"
root@OpenWrt:~# uci set firewall.tcp_int.family="any"
root@OpenWrt:~# uci set firewall.tcp_int.target="DNAT"
root@OpenWrt:~# uci -q delete firewall.@forwarding[0]
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# service firewall restart
sh: /etc/nftables.d/tor.sh: line 3: syntax error: unexpected "|"
Include '/etc/nftables.d/tor.sh' failed with exit code 2
root@OpenWrt:~# uci -q delete firewall.dns_int
root@OpenWrt:~# uci set firewall.dns_int="redirect"
root@OpenWrt:~# uci set firewall.dns_int.name="Intercept-DNS"
root@OpenWrt:~# uci set firewall.dns_int.src="lan"
root@OpenWrt:~# uci set firewall.dns_int.src_dport="53"
root@OpenWrt:~# uci set firewall.dns_int.proto="tcp udp"
root@OpenWrt:~# uci set firewall.dns_int.family="any"
root@OpenWrt:~# uci set firewall.dns_int.target="DNAT"
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# service firewall restart
sh: /etc/nftables.d/tor.sh: line 3: syntax error: unexpected "|"
Include '/etc/nftables.d/tor.sh' failed with exit code 2
root@OpenWrt:~# service dnsmasq stop
root@OpenWrt:~# uci set dhcp.@dnsmasq[0].boguspriv="0"
root@OpenWrt:~# uci set dhcp.@dnsmasq[0].rebind_protection="0"
root@OpenWrt:~# uci set dhcp.@dnsmasq[0].noresolv="1"
root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].server
root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#9053"
root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="::1#9053"
root@OpenWrt:~# uci commit dhcp
root@OpenWrt:~# service dnsmasq start
udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing
root@OpenWrt:~# for IPV in 4 6
> do
> uci -q delete firewall.tor${IPV%4}
> uci set firewall.tor${IPV%4}="ipset"
> uci set firewall.tor${IPV%4}.name="tor${IPV%4}"
> uci set firewall.tor${IPV%4}.family="ipv${IPV}"
> uci set firewall.tor${IPV%4}.match="net"
> done
root@OpenWrt:~# uci add_list firewall.tor.entry="172.16.0.0/12"
root@OpenWrt:~# uci add_list firewall.tor6.entry="fc00::/8"
root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest
> for IPV in 4 6
> do
> uci -q delete firewall.lan${IPV%4}_fwd
> uci set firewall.lan${IPV%4}_fwd="rule"
> uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
> uci set firewall.lan${IPV%4}_fwd.src="lan"
> uci set firewall.lan${IPV%4}_fwd.dest="wan"
> uci set firewall.lan${IPV%4}_fwd.proto="all"
> uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
> uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
> uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
> done
> uci commit firewall
> service firewall restart
> uci -q delete dhcp.@dnsmasq[0].noresolv
> uci -q delete dhcp.@dnsmasq[0].server
> uci add_list dhcp.@dnsmasq[0].server="/onion/127.0.0.1#9053"
> uci add_list dhcp.@dnsmasq[0].server="/example.com/127.0.0.1#9053"
> uci add_list dhcp.@dnsmasq[0].server="/example.net/127.0.0.1#9053"
> uci commit dhcp
> service dnsmasq restart
> login as: root
root@OpenWrt:~# for IPV in 4
> root@192.168.1.1's password:
> uci set firewall.lan${IPV%4}_fwd="rule"
>
> uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
>
> BusyBox v1.35.0 (2023-04-27 20:28:15 UTC) built-in shell (ash)
>
>   _______                     ________        __
>  |       |.-----.-----.-----.|  |  |  |.----.|  |_
>  |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|

>  |_______||   __|_____|__|__||________||__|  |____|
 -----------------------------------------------------
>           |__| W I R E L E S S   F R E E D O M
>  -----------------------------------------------------
> TOR_CHAIN="dstnat_$(uci -q get firewall.tcp_int.src)"
>  OpenWrt 22.03.5, r20134-5f15225c1e
root@OpenWrt:~# uci set firewall.tor_nft="include"
>  -----------------------------------------------------
> root@OpenWrt:~# for IPV in 4
 > > do
> > uci -q delete firewall.tor${IPV%4}
> > uci set firewall.tor${IPV%4}="ipset"
> > uci set firewall.tor${IPV%4}.name="tor${IPV%4}"
> > uci set firewall.tor${IPV%4}.family="ipv${IPV}"
> > uci set firewall.tor${IPV%4}.match="net"
> > done
> root@OpenWrt:~# uci add_list firewall.tor.entry="172.16.0.0/12"
> root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest"
> uci: Invalid argument
> root@OpenWrt:~# uci -q delete firewall.tor${IPV%4}
> root@OpenWrt:~#
> root@OpenWrt:~# uci set firewall.tor${IPV%4}="ipset"
> root@OpenWrt:~# uci set firewall.tor${IPV%4}.name="tor${IPV%4}"
w> root@OpenWrt:~# uci set firewall.tor${IPV%4}.family="ipv${IPV}"
> root@OpenWrt:~# uci set firewall.tor${IPV%4}.match="net"
s> root@OpenWrt:~# uci add_list firewall.tor.entry="172.16.0.0/12"
> root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest"
> uci: Invalid argument
> root@OpenWrt:~# for IPV in 4
> > do
d> > uci -q delete firewall.lan${IPV%4}_fwd
> > uci set firewall.lan${IPV%4}_fwd="rule"
> > uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
> > uci set firewall.lan${IPV%4}_fwd.src="lan"
> > uci set firewall.lan${IPV%4}_fwd.dest="wan"
c> > uci set firewall.lan${IPV%4}_fwd.proto="all"
> > uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
> > uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
> > uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
> > done
> root@OpenWrt:~# uci -q delete firewall.lan${IPV%4}_fwd
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd="rule"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.src="lan"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.dest="wan"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.proto="all"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
> root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest"
> uci: Invalid argument
> root@OpenWrt:~# uci commit firewall
> root@OpenWrt:~# service firewall restart
> root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].noresolv
> root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].server
> root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="/onion/127.0.0.1#9053"
> root@OpenWrt:~# uci commit dhcp
> root@OpenWrt:~# service dnsmasq restart
> udhcpc: started, v1.35.0
nWrt:~# uci add_list firewall.tor6.entry> udhcpc: broadcasting discover
> udhcpc: no lease, failing
> root@OpenWrt:~# ^C
> root@OpenWrt:~# ^C
> root@OpenWrt:~# ^C
a> root@OpenWrt:~# ^C
> root@OpenWrt:~# ^C
> root@OpenWrt:~#
> Using username "root".
> root@192.168.1.1's password:
> Send automatic password
rward"
> uci >
>
e> BusyBox v1.35.0 (2023-04-27 20:28:15 UTC) built-in shell (ash)
>
>   _______                     ________        __
>  |       |.-----.-----.-----.|  |  |  |.----.|  |_
>  |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
>  |_______||   __|_____|__|__||________||__|  |____|
$>           |__| W I R E L E S S   F R E E D O M
>  -----------------------------------------------------
>  OpenWrt 22.03.5, r20134-5f15225c1e
>  -----------------------------------------------------
p.@dnsmas> root@OpenWrt:~# cat << EOF > /etc/tor/custom
> > AutomapHostsOnResolve 1
@dnsmasq[0].ser> > AutomapHostsSuffixes .
> > VirtualAddrNetworkIPv4 172.16.0.0/12
> > VirtualAddrNetworkIPv6 [fc00::]/8
> > DNSPort 0.0.0.0:9053
> > DNSPort [::]:9053
q rest> > TransPort 0.0.0.0:9040
> > TransPort [::]:9040
> > EOF
> root@OpenWrt:~# cat << EOF >> /etc/sysupgrade.conf
> > /etc/tor
> > EOF
> root@OpenWrt:~# uci del_list tor.conf.tail_include="/etc/tor/custom"
> root@OpenWrt:~# uci add_list tor.conf.tail_include="/etc/tor/custom"
> root@OpenWrt:~# uci commit tor
> root@OpenWrt:~# service tor restart
> root@OpenWrt:~# cat << "EOF" > /etc/nftables.d/tor.sh
> > TOR_CHAIN="dstnat_$(uci -q get firewall.tcp_int.src)"
> > TOR_RULE="$(nft -a list chain inet fw4 ${TOR_CHAIN}
> > | sed -n -e "/Intercept-TCP/p")"
-ash: syntax error: unexpected "|"
root@OpenWrt:~# > nft replace rule inet fw4 ${TOR_CHAIN} \
> > handle ${TOR_RULE##* } \
> > fib daddr type != { local, broadcast } ${TOR_RULE}
-ash: replace: not found
root@OpenWrt:~# > EOF
root@OpenWrt:~# root@OpenWrt:~# uci -q delete firewall.tor_nft
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tor_nft="include"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tor_nft.path="/etc/nftables.d/t
or.sh"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci -q delete firewall.tcp_int
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int="redirect"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.name="Intercept-TCP"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.src="lan"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.src="lan"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.src_dport="0-65535"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.dest_port="9040"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.proto="tcp"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.family="any"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.target="DNAT"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci -q delete firewall.@forwarding[0]
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci commit firewall
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# service firewall restart
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# sh: /etc/nftables.d/tor.sh: line 3: syntax error: unexpected "|"
-ash: sh:: not found
root@OpenWrt:~# Include '/etc/nftables.d/tor.sh' failed with exit code 2
-ash: Include: not found
root@OpenWrt:~# root@OpenWrt:~# uci -q delete firewall.dns_int
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int="redirect"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.name="Intercept-DNS"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.src="lan"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.src_dport="53"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.proto="tcp udp"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.family="any"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.target="DNAT"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci commit firewall
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# service firewall restart
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# sh: /etc/nftables.d/tor.sh: line 3: syntax error: unexpected "|"
-ash: sh:: not found
root@OpenWrt:~# Include '/etc/nftables.d/tor.sh' failed with exit code 2
-ash: Include: not found
root@OpenWrt:~# root@OpenWrt:~# service dnsmasq stop
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set dhcp.@dnsmasq[0].boguspriv="0"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set dhcp.@dnsmasq[0].rebind_protection="0"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set dhcp.@dnsmasq[0].noresolv="1"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].server
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#
9053"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="::1#9053"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci commit dhcp
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# service dnsmasq start
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# udhcpc: started, v1.35.0
-ash: udhcpc:: not found
root@OpenWrt:~# udhcpc: broadcasting discover
-ash: udhcpc:: not found
root@OpenWrt:~# udhcpc: no lease, failing
-ash: udhcpc:: not found
root@OpenWrt:~# root@OpenWrt:~# for IPV in 4 6
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# > do
root@OpenWrt:~# > uci -q delete firewall.tor${IPV%4}
-ash: -q: not found
root@OpenWrt:~# > uci set firewall.tor${IPV%4}="ipset"
root@OpenWrt:~# > uci set firewall.tor${IPV%4}.name="tor${IPV%4}"
root@OpenWrt:~# > uci set firewall.tor${IPV%4}.family="ipv${IPV}"
root@OpenWrt:~# > uci set firewall.tor${IPV%4}.match="net"
root@OpenWrt:~# > done
root@OpenWrt:~# root@OpenWrt:~# uci add_list firewall.tor.entry="172.16.0.0/12"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci add_list firewall.tor6.entry="fc00::/8"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest
> > for IPV in 4 6
> > do
> > uci -q delete firewall.lan${IPV%4}_fwd
> > uci set firewall.lan${IPV%4}_fwd="rule"
> > uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
> > uci set firewall.lan${IPV%4}_fwd.src="lan"
> > uci set firewall.lan${IPV%4}_fwd.dest="wan"
> > uci set firewall.lan${IPV%4}_fwd.proto="all"
> > uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
> > uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
> > uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
> > done
> > uci commit firewall
> > service firewall restart
> > uci -q delete dhcp.@dnsmasq[0].noresolv
> > uci -q delete dhcp.@dnsmasq[0].server
> > uci add_list dhcp.@dnsmasq[0].server="/onion/127.0.0.1#9053"
> > uci add_list dhcp.@dnsmasq[0].server="/example.com/127.0.0.1#9053"
> > uci add_list dhcp.@dnsmasq[0].server="/example.net/127.0.0.1#9053"
> > uci commit dhcp
> > service dnsmasq restart
> >
> login as: root
> root@192.168.1.1's password:
>
>
> BusyBox v1.35.0 (2023-04-27 20:28:15 UTC) built-in shell (ash)
> uci set firewall.tor${IPV%4}="ipset"
>
>   _______                     ________        __
>  |       |.-----.-----.-----.|  |  |  |.----.|  |_
>  |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
>  |_______||   __|_____|__|__||________||__|  |____|
>           |__| W I R E L E S S   F R E E D O M
>  -----------------------------------------------------
>  OpenWrt 22.03.5, r20134-5f15225c1e
>  -----------------------------------------------------
> root@OpenWrt:~# for IPV in 4
> > do
> > uci -q delete firewall.tor${IPV%4}
> > uci set firewall.tor${IPV%4}="ipset"
> > uci set firewall.tor${IPV%4}.name="tor${IPV%4}"

> > uci set firewall.tor${IPV%4}.family="ipv${IPV}"
> > uci set firewall.tor${IPV%4}.match="net"
> > done
> root@OpenWrt:~# uci add_list firewall.tor.entry="172.16.0.0/12"
> root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest"
root@OpenWrt:~# service tor restart
> uci: Invalid argument
> TOR_RULE="$(nft -a list chain inet fw4 ${TOR_CHAIN}
> root@OpenWrt:~# uci -q delete firewall.tor${IPV%4}
root@OpenWrt:~# uci -q delete firewall.tor_nft
> root@OpenWrt:~#
root@OpenWrt:~# uci -q delete firewall.tcp_int
> root@OpenWrt:~# uci set firewall.tor${IPV%4}="ipset"
> root@OpenWrt:~# uci set firewall.tor${IPV%4}.name="tor${IPV%4}"
> root@OpenWrt:~# uci set firewall.tor${IPV%4}.family="ipv${IPV}"
> root@OpenWrt:~# uci set firewall.tor${IPV%4}.match="net"
> root@OpenWrt:~# uci add_list firewall.tor.entry="172.16.0.0/12"
> root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest"
> uci: Invalid argument
> root@OpenWrt:~# for IPV in 4
> > do
> > uci -q delete firewall.lan${IPV%4}_fwd
> > uci set firewall.lan${IPV%4}_fwd="rule"
> > uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
> > uci set firewall.lan${IPV%4}_fwd.src="lan"
> > uci set firewall.lan${IPV%4}_fwd.dest="wan"
> > uci set firewall.lan${IPV%4}_fwd.proto="all"
> > uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
> > uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
> > uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
> > done
> root@OpenWrt:~# uci -q delete firewall.lan${IPV%4}_fwd
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd="rule"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.src="lan"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.dest="wan"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.proto="all"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
> root@OpenWrt:~# uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
> root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest"
> uci: Invalid argument
> root@OpenWrt:~# uci commit firewall
> root@OpenWrt:~# service firewall restart
> root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].noresolv
> root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].server
> root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="/onion/127.0.0.1#9053"
> root@OpenWrt:~# uci commit dhcp
> root@OpenWrt:~# service dnsmasq restart
> udhcpc: started, v1.35.0
> udhcpc: broadcasting discover
> udhcpc: no lease, failing
> root@OpenWrt:~# ^C
> root@OpenWrt:~# ^C
> root@OpenWrt:~# ^C
> root@OpenWrt:~# ^C
> root@OpenWrt:~# ^C
> root@OpenWrt:~#
> Using username "root".
> root@192.168.1.1's password:
> Send automatic password
>
>
> BusyBox v1.35.0 (2023-04-27 20:28:15 UTC) built-in shell (ash)
>
>   _______                     ________        __
>  |       |.-----.-----.-----.|  |  |  |.----.|  |_
>  |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
>  |_______||   __|_____|__|__||________||__|  |____|
>           |__| W I R E L E S S   F R E E D O M
>  -----------------------------------------------------
>  OpenWrt 22.03.5, r20134-5f15225c1e
>  -----------------------------------------------------
> root@OpenWrt:~# cat << EOF > /etc/tor/custom
> > AutomapHostsOnResolve 1
> > AutomapHostsSuffixes .
> > VirtualAddrNetworkIPv4 172.16.0.0/12
> > VirtualAddrNetworkIPv6 [fc00::]/8
> > DNSPort 0.0.0.0:9053
> > DNSPort [::]:9053
> > TransPort 0.0.0.0:9040
> > TransPort [::]:9040
> > EOF
> root@OpenWrt:~# cat << EOF >> /etc/sysupgrade.conf
> > /etc/tor
> > EOF
> root@OpenWrt:~# uci del_list tor.conf.tail_include="/etc/tor/custom"
> root@OpenWrt:~# uci add_list tor.conf.tail_include="/etc/tor/custom"
> root@OpenWrt:~# uci commit tor
> root@OpenWrt:~# service tor restart
> root@OpenWrt:~# cat << "EOF" > /etc/nftables.d/tor.sh
> > TOR_CHAIN="dstnat_$(uci -q get firewall.tcp_int.src)"
> > TOR_RULE="$(nft -a list chain inet fw4 ${TOR_CHAIN}
> > | sed -n -e "/Intercept-TCP/p")"
-ash: syntax error: unexpected "|"
root@OpenWrt:~# > nft replace rule inet fw4 ${TOR_CHAIN} \
> > handle ${TOR_RULE##* } \
> > fib daddr type != { local, broadcast } ${TOR_RULE}
-ash: replace: not found
root@OpenWrt:~# > EOF
root@OpenWrt:~# root@OpenWrt:~# uci -q delete firewall.tor_nft
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tor_nft="include"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tor_nft.path="/etc/nftables.d/t
or.sh"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci -q delete firewall.tcp_int
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int="redirect"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.name="Intercept-TCP"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.src="lan"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.src="lan"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.src_dport="0-65535"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.dest_port="9040"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.proto="tcp"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.family="any"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.target="DNAT"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci -q delete firewall.@forwarding[0]
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci commit firewall
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# service firewall restart
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# sh: /etc/nftables.d/tor.sh: line 3: syntax error: unexpected "|"
-ash: sh:: not found
root@OpenWrt:~# Include '/etc/nftables.d/tor.sh' failed with exit code 2
-ash: Include: not found
root@OpenWrt:~# root@OpenWrt:~# uci -q delete firewall.dns_int
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int="redirect"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.name="Intercept-DNS"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.src="lan"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.src_dport="53"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.proto="tcp udp"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.family="any"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.dns_int.target="DNAT"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci commit firewall
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# service firewall restart
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# sh: /etc/nftables.d/tor.sh: line 3: syntax error: unexpected "|"
-ash: sh:: not found
root@OpenWrt:~# Include '/etc/nftables.d/tor.sh' failed with exit code 2
-ash: Include: not found
root@OpenWrt:~# root@OpenWrt:~# service dnsmasq stop
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set dhcp.@dnsmasq[0].boguspriv="0"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set dhcp.@dnsmasq[0].rebind_protection="0"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set dhcp.@dnsmasq[0].noresolv="1"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].server
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#
9053"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="::1#9053"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci commit dhcp
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# service dnsmasq start
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# udhcpc: started, v1.35.0
-ash: udhcpc:: not found
root@OpenWrt:~# udhcpc: broadcasting discover
-ash: udhcpc:: not found
root@OpenWrt:~# udhcpc: no lease, failing
-ash: udhcpc:: not found
root@OpenWrt:~# root@OpenWrt:~# for IPV in 4 6
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# > do
root@OpenWrt:~# > uci -q delete firewall.tor${IPV%4}
-ash: -q: not found
root@OpenWrt:~# > uci set firewall.tor${IPV%4}="ipset"
root@OpenWrt:~# > uci set firewall.tor${IPV%4}.name="tor${IPV%4}"
root@OpenWrt:~# > uci set firewall.tor${IPV%4}.family="ipv${IPV}"
root@OpenWrt:~# > uci set firewall.tor${IPV%4}.match="net"
root@OpenWrt:~# > done
root@OpenWrt:~# root@OpenWrt:~# uci add_list firewall.tor.entry="172.16.0.0/12"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci add_list firewall.tor6.entry="fc00::/8"
-ash: root@OpenWrt:~#: not found
root@OpenWrt:~# root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest
> > for IPV in 4 6
> > do
> > uci -q delete firewall.lan${IPV%4}_fwd
> > uci set firewall.lan${IPV%4}_fwd="rule"
> > uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
> > uci set firewall.lan${IPV%4}_fwd.src="lan"
> > uci set firewall.lan${IPV%4}_fwd.dest="wan"
> > uci set firewall.lan${IPV%4}_fwd.proto="all"
> > uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
> > uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
> > uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
> > done
> > uci commit firewall
> > service firewall restart
> > uci -q delete dhcp.@dnsmasq[0].noresolv
> > uci -q delete dhcp.@dnsmasq[0].server
> > uci add_list dhcp.@dnsmasq[0].server="/onion/127.0.0.1#9053"
> > uci add_list dhcp.@dnsmasq[0].server="/example.com/127.0.0.1#9053"
> > uci add_list dhcp.@dnsmasq[0].server="/example.net/127.0.0.1#9053"
> > uci commit dhcp
> > service dnsmasq restart
> >
>

Access to the OpenWRT control panel and all sites and ip's disappeared

I performed a factory reset then I entered the following commands in Putty:

login as: root


BusyBox v1.35.0 (2023-04-27 20:28:15 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.5, r20134-5f15225c1e
 -----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/22.03.5/targets/ramips/mt7621/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.org/releases/22.03.5/targets/ramips/mt7621/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/luci/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/routing/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/telephony/Packages.sig
Signature check passed.
root@OpenWrt:~# opkg install tor
Installing tor (0.4.7.10-1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/packages/tor_0.4.7.10-1_mipsel_24kc.ipk
Installing libevent2-7 (2.1.12-1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/libevent2-7_2.1.12-1_mipsel_24kc.ipk
Installing libopenssl1.1 (1.1.1w-1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/libopenssl1.1_1.1.1w-1_mipsel_24kc.ipk
Installing librt (1.2.3-4) to root...
Downloading https://downloads.openwrt.org/releases/22.03.5/targets/ramips/mt7621/packages/librt_1.2.3-4_mipsel_24kc.ipk
Installing zlib (1.2.11-6) to root...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/zlib_1.2.11-6_mipsel_24kc.ipk
Installing libcap (2.63-1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/libcap_2.63-1_mipsel_24kc.ipk
Configuring libcap.
Configuring librt.
Configuring libopenssl1.1.
Configuring zlib.
Configuring libevent2-7.
Configuring tor.
root@OpenWrt:~# cat << EOF > /etc/tor/custom
> AutomapHostsOnResolve 1
> AutomapHostsSuffixes .
> VirtualAddrNetworkIPv4 172.16.0.0/12
> VirtualAddrNetworkIPv6 [fc00::]/8
> DNSPort 0.0.0.0:9053
> DNSPort [::]:9053
> TransPort 0.0.0.0:9040\
> TransPort 0.0.0.0:9040
> TransPort [::]:9040
> EOF
root@OpenWrt:~# cat << EOF >> /etc/sysupgrade.conf
> /etc/tor
> EOF
root@OpenWrt:~# uci del_list tor.conf.tail_include="/etc/tor/custom"
root@OpenWrt:~# uci add_list tor.conf.tail_include="/etc/tor/custom"
root@OpenWrt:~# uci commit tor
root@OpenWrt:~# service tor restart
root@OpenWrt:~# cat << "EOF" > /etc/nftables.d/tor.sh
> TOR_CHAIN="dstnat_$(uci -q get firewall.tcp_int.src)"
> TOR_RULE="$(nft -a list chain inet fw4 ${TOR_CHAIN} \
> | sed -n -e "/Intercept-TCP/p")"
> nft replace rule inet fw4 ${TOR_CHAIN} \
> handle ${TOR_RULE##* } \
> fib daddr type != { local, broadcast } ${TOR_RULE}
> EOF
root@OpenWrt:~# uci -q delete firewall.tor_nft
root@OpenWrt:~# uci set firewall.tor_nft="include"
root@OpenWrt:~# uci set firewall.tor_nft.path="/etc/nftables.d/tor.sh"
root@OpenWrt:~# uci -q delete firewall.tcp_int
root@OpenWrt:~# uci set firewall.tcp_int="redirect"
root@OpenWrt:~# uci set firewall.tcp_int.name="Intercept-TCP"
root@OpenWrt:~# uci set firewall.tcp_int.src="lan"
root@OpenWrt:~# uci set firewall.tcp_int.src_dport="0-65535"
root@OpenWrt:~# uci set firewall.tcp_int.dest_port="9040"
root@OpenWrt:~# uci set firewall.tcp_int.proto="tcp"
root@OpenWrt:~# uci set firewall.tcp_int.family="any"
root@OpenWrt:~# uci set firewall.tcp_int.target="DNAT"
root@OpenWrt:~# uci -q delete firewall.@forwarding[0]
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# service firewall restart
root@OpenWrt:~# uci -q delete firewall.dns_int
root@OpenWrt:~# uci set firewall.dns_int="redirect"
root@OpenWrt:~# uci set firewall.dns_int.name="Intercept-DNS"
root@OpenWrt:~# uci set firewall.dns_int.src="lan"
root@OpenWrt:~# uci set firewall.dns_int.src_dport="53"
root@OpenWrt:~# uci set firewall.dns_int.proto="tcp udp"
root@OpenWrt:~# uci set firewall.dns_int.family="any"
root@OpenWrt:~# uci set firewall.dns_int.target="DNAT"
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# service firewall restart
root@OpenWrt:~# service dnsmasq stop
root@OpenWrt:~# uci set dhcp.@dnsmasq[0].boguspriv="0"
root@OpenWrt:~# uci set dhcp.@dnsmasq[0].rebind_protection="0"
root@OpenWrt:~# uci set dhcp.@dnsmasq[0].noresolv="1"
root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].server
root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#9053"
root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="::1#9053"
root@OpenWrt:~# uci commit dhcp
root@OpenWrt:~# service dnsmasq start
udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing
root@OpenWrt:~# for IPV in 4 6
> do
> uci -q delete firewall.tor${IPV%4}
> uci set firewall.tor${IPV%4}="ipset"
> uci set firewall.tor${IPV%4}.name="tor${IPV%4}"
> uci set firewall.tor${IPV%4}.family="ipv${IPV}"
> uci set firewall.tor${IPV%4}.match="net"
> done
root@OpenWrt:~# uci add_list firewall.tor.entry="172.16.0.0/12"
root@OpenWrt:~# uci add_list firewall.tor6.entry="fc00::/8"
root@OpenWrt:~# uci set firewall.tcp_int.ipset="tor dest"
root@OpenWrt:~# for IPV in 4 6
> do
> uci -q delete firewall.lan${IPV%4}_fwd
> uci set firewall.lan${IPV%4}_fwd="rule"
> uci set firewall.lan${IPV%4}_fwd.name="Allow-NonTor-Forward"
> uci set firewall.lan${IPV%4}_fwd.src="lan"
> uci set firewall.lan${IPV%4}_fwd.dest="wan"
> uci set firewall.lan${IPV%4}_fwd.proto="all"
> uci set firewall.lan${IPV%4}_fwd.family="ipv${IPV}"
> uci set firewall.lan${IPV%4}_fwd.ipset="!tor${IPV%4} dest"
> uci set firewall.lan${IPV%4}_fwd.target="ACCEPT"
> done
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# service firewall restart
root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].noresolv
root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].server
root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="/onion/127.0.0.1#9053"
root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="/example.com/127.0.0.1#905
3"
root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="/example.net/127.0.0.1#905
3"
root@OpenWrt:~# uci commit dhcp
root@OpenWrt:~# service dnsmasq restart
udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing
root@OpenWrt:~#

Access to the onion domain zone did not appear. Rebooting OpenWRT did not give any results

Make sure to disable DoH/DoT in the client browser/OS:
https://techdocs.akamai.com/etp/docs/disable-doh-browsers

Then check this link, it works for me:
https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/

How to do it?

Turning off the DOH had no effect. Still does not open

I did a reset and did it all over again and then I was able to access your link. I noticed that most sites give short onion links that don't work, but when the links are long, the site opens. Now how do I configure the .i2p domain zone to proxy through port 4444 using the i2pd package?

If Tor is unstable, you may need to utilize circumvention:
https://tb-manual.torproject.org/circumvention/

Short Tor links aka v2 onion services are deprecated:
https://newsletter.torproject.org/archive/2021-07-29-announcing-arti-bug-smash-campaign-2021/

I'm not sure about I2P since I have no practical experience with it.

I installed the script Ruantiblock but for some reason access to .onion after that is gone. wget --no-check-certificate -O /tmp/autoinstall.sh https://raw.githubusercontent.com/gSpotx2f/ruantiblock_openwrt/master/autoinstall/current/autoinstall.sh && chmod +x /tmp/autoinstall.sh && /tmp/autoinstall.sh https://github.com/gSpotx2f/ruantiblock_openwrt/wiki/Автоматическая-установка-с-помощью-скрипта

If you plan using a third-party script which is supposed to set up an entire multi-component application, it would be best to ask its author for troubleshooting.

1 Like