I'm looking to use OpenWRT with Tor, but attached to a different router that already has a regular OpenVPN setup.
Internet -> OpenVPN Router -> OpenWRT with Tor -> PC
When OpenWRT is setup like this, does it need it's own DHCP for Tor?
Would it be an Access Point or it's own Gateway?
So I got it working as a regular router behind the regular VPN.
Then following the OpenWRT documentation entered these commands below and now can't SSH in or get to web browser GUI:
root@OpenWrt:~# cat << EOF > /etc/tor/custom
AutomapHostsOnResolve 1
AutomapHostsSuffixes .
VirtualAddrNetworkIPv4 172.16.0.0/12
VirtualAddrNetworkIPv6 fc00::/7
DNSPort 0.0.0.0:9053
DNSPort [::]:9053
TransPort 0.0.0.0:9040
TransPort [::]:9040
EOF
root@OpenWrt:~# cat << EOF >> /etc/sysupgrade.conf
/etc/tor
EOF
root@OpenWrt:~# uci del_list tor.conf.tail_include="/etc/tor/custom"
root@OpenWrt:~# uci add_list tor.conf.tail_include="/etc/tor/custom"
root@OpenWrt:~# uci commit tor
root@OpenWrt:~# /etc/init.d/tor restart
root@OpenWrt:~# uci -q delete firewall.tcp_int
root@OpenWrt:~# uci set firewall.tcp_int="redirect"
root@OpenWrt:~# uci set firewall.tcp_int.name="Intercept-TCP"
root@OpenWrt:~# uci set firewall.tcp_int.src="lan"
root@OpenWrt:~# uci set firewall.tcp_int.dest_port="9040"
root@OpenWrt:~# uci set firewall.tcp_int.proto="tcp"
root@OpenWrt:~# uci set firewall.tcp_int.extra="--syn -m addrtype ! --dst-type L
OCAL,BROADCAST"
root@OpenWrt:~# uci set firewall.tcp_int.target="DNAT"
root@OpenWrt:~# uci -q delete firewall.@forwarding[0]
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# /etc/init.d/firewall restart
Warning: Unable to locate ipset utility, disabling ipset support
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv6 filter table
* Flushing IPv6 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Redirect 'Intercept-TCP'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 nat table
* Redirect 'Intercept-TCP'
Warning: fw3_ipt_rule_append(): Can't find match 'addrtype'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
root@OpenWrt:~# uci -q delete firewall.dns_int
root@OpenWrt:~# uci set firewall.dns_int="redirect"
root@OpenWrt:~# uci set firewall.dns_int.name="Intercept-DNS"
root@OpenWrt:~# uci set firewall.dns_int.src="lan"
root@OpenWrt:~# uci set firewall.dns_int.src_dport="53"
root@OpenWrt:~# uci set firewall.dns_int.proto="tcp udp"
root@OpenWrt:~# uci set firewall.dns_int.target="DNAT"
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# /etc/init.d/firewall restart
Warning: Unable to locate ipset utility, disabling ipset support
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv6 filter table
* Flushing IPv6 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Redirect 'Intercept-TCP'
* Redirect 'Intercept-DNS'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 nat table
* Redirect 'Intercept-TCP'
Warning: fw3_ipt_rule_append(): Can't find match 'addrtype'
* Redirect 'Intercept-DNS'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
root@OpenWrt:~# /etc/init.d/dnsmasq stop
root@OpenWrt:~# uci set dhcp.@dnsmasq[0].boguspriv="0"
root@OpenWrt:~# uci set dhcp.@dnsmasq[0].rebind_protection="0"
root@OpenWrt:~# uci set dhcp.@dnsmasq[0].noresolv="1"
root@OpenWrt:~# uci -q delete dhcp.@dnsmasq[0].server
root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#9053"
root@OpenWrt:~# uci add_list dhcp.@dnsmasq[0].server="::1#9053"
root@OpenWrt:~# uci commit dhcp
root@OpenWrt:~# /etc/init.d/dnsmasq start
udhcpc: started, v1.33.2
udhcpc: sending discover
udhcpc: no lease, failing
root@OpenWrt:~# /etc/init.d/dnsmasq start
root@OpenWrt:~# reboot