OpenWRT as TOR client: no dhcp route advertisement

berferd · November 4, 2024, 6:44am

I'm setting up a Fritzbox 4040 as a TOR router for a friend. This Fritzbox has a WAN port and a LAN port.
I followed https://openwrt.org/docs/guide-user/services/tor/client exactly, and things work in general (internet uplink on WAN port, client computers on LAN port).
Firmware used is openwrt-23.05.5 (i.e.: latest).

The problem:
a computer attached to the LAN port gets an IP via DHCP, and I can ping the OpenWRT Frizbox (and login via ssh). But the computer does not get a route to the (TOR) internet, so unless I manually add a default route on the computer, there is not access.
It seems that in the DHCP advertisement, no route is advertised by OpenWRT.

I tried to fix this using option gateway "192.168.1.1" in section config dhcp 'lan' in file /etc/config/dhcp, but this did not change anything.
One guess was that the default route only gets advertised when the TOR network has been set up successfully, but waiting for that and only then connnecting the computer also did not change anything.

What's going wrong here?

pavelgl · November 4, 2024, 11:52am

The correct syntax is list dhcp_option '3,192.168.1.1'

berferd · November 4, 2024, 4:08pm

Thanks Pavel!

Tried it, but still doesn't work, same problem: no default route advertised.
The lan section of my /etc/config/dhcp looks like this, maybe there's another problem I did not spot:

config dhcp 'lan'                                              
        option interface 'lan'      
        option start '100'          
        option limit '150'          
        option leasetime '12h'      
        option dhcpv4 'server'      
        option dhcpv6 'server'      
        option ra 'server'          
        option ra_slaac '1'   
        list dhcp_option '3,192.168.1.1'
        list ra_flags 'managed-config'  
        list ra_flags 'other-config'

As mentioned, everything else is exactly as in the TOR setup howto link above.

pavelgl · November 4, 2024, 5:55pm

Before we ask you to post the complete configuration, enable temporarily DHCP logging to check which options are sent to clients.

uci set dhcp.@dnsmasq[0].logdhcp='1'
/etc/init.d/dnsmasq restart
logread -f | grep dhcp | grep option

berferd · November 4, 2024, 7:02pm

According to the log capture, the router is advertised correctly.

I did a wireshark capture, and the DHCP advertisements in fact looked fine - almost identical, to my DSL Fritzbox, where the connection works, actually. Except... that there also IPv6 IPs were being obtained from the DSL modem.
So I digged a bit deeper... and on my computer there was a wrong setting for the LAN interface for IPv4 ('only use for their network' - thanks for the vague phrasing, Ubuntu ..). I didn't notice before, since my DSL modem also give me a IPv6 address, where the route gets set properly. Duh.
Classical user error.
Documenting here so others googling for it can learn how to not do it...

system · November 14, 2024, 7:03pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.