Tor not working on lede 17.01.4

Installing and Using OpenWrt Network and Wireless Configuration
1

I follow this guideline below
https://commotionwireless.net/blog/2014/09/15/transparent-tor-gateway-on-openwrt
It's working on Chaos Calmer (tor ver.0.2.7.4), but lede 17.01.4 using
new tor ver.0.3.1.8
I don't understand what's going on
Can somebody help?

/var/log/tor/notices.log

Nov 30 17:59:04.000 [notice] Tor 0.3.1.8 (git-ad5027f7dc790624) opening new log file.
Nov 30 17:59:04.536 [notice] Tor 0.3.1.8 (git-ad5027f7dc790624) running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Nov 30 17:59:04.536 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 30 17:59:04.746 [notice] Read configuration file "/etc/tor/torrc".
Nov 30 17:59:04.970 [warn] You specified a public address '172.168.1.1:9050' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.970 [warn] You specified a public address '172.168.1.1:9053' for DNSPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.970 [warn] You specified a public address '172.168.1.1:9040' for TransPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.983 [warn] You specified a public address '172.168.1.1:9050' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.984 [warn] You specified a public address '172.168.1.1:9053' for DNSPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.984 [warn] You specified a public address '172.168.1.1:9040' for TransPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.985 [notice] Opening Socks listener on 172.168.1.1:9050
Nov 30 17:59:04.985 [notice] Opening DNS listener on 172.168.1.1:9053
Nov 30 17:59:04.986 [notice] Opening Transparent pf/netfilter listener on 172.168.1.1:9040
Nov 30 17:59:05.000 [warn] Your log may contain sensitive information - you're logging more than "notice". Don't log unless it serves an important reason. Overwrite the log afterwards.
Nov 30 17:59:05.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Nov 30 17:59:22.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Nov 30 18:00:43.000 [notice] Bootstrapped 0%: Starting
Nov 30 18:00:43.000 [notice] Starting with guard context "default"
Nov 30 18:00:43.000 [notice] Bootstrapped 5%: Connecting to directory server
Nov 30 18:00:43.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Nov 30 18:10:20.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 10; recommendation warn; host 9FBEB75E8BC142565F12CBBE078D63310236A334 at 91.121.84.137:4052)
Nov 30 18:10:20.000 [warn] 10 connections have failed:
Nov 30 18:10:20.000 [warn]  10 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
Nov 30 18:11:44.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 11; recommendation warn; host 439D0447772CB107B886F7782DBC201FA26B92D1 at 178.62.86.96:9001)
Nov 30 18:11:44.000 [warn] 11 connections have failed:
Nov 30 18:11:44.000 [warn]  11 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
Nov 30 18:11:45.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 12; recommendation warn; host 7EA6EAD6FD83083C538F44038BBFA077587DD755 at 194.109.206.212:443)
Nov 30 18:11:45.000 [warn] 12 connections have failed:
Nov 30 18:11:45.000 [warn]  12 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
Nov 30 18:14:44.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 13; recommendation warn; host 3D7E274A87D9A89AF064C13D1EE4CA1F184F2600 at 176.10.107.180:9001)
Nov 30 18:14:44.000 [warn] 13 connections have failed:
Nov 30 18:14:44.000 [warn]  13 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
Nov 30 18:16:10.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 14; recommendation warn; host F2044413DAC2E02E3D6BCF4735A19BCA1DE97281 at 131.188.40.189:443)
Nov 30 18:16:10.000 [warn] 14 connections have failed:
Nov 30 18:16:10.000 [warn]  14 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN

/var/log/tor/debug.log

Nov 30 17:59:04.000 [notice] Tor 0.3.1.8 (git-ad5027f7dc790624) opening new log file.
Nov 30 17:59:04.536 [notice] Tor 0.3.1.8 (git-ad5027f7dc790624) running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Nov 30 17:59:04.536 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 30 17:59:04.746 [notice] Read configuration file "/etc/tor/torrc".
Nov 30 17:59:04.970 [warn] You specified a public address '172.168.1.1:9050' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.970 [warn] You specified a public address '172.168.1.1:9053' for DNSPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.970 [warn] You specified a public address '172.168.1.1:9040' for TransPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.983 [warn] You specified a public address '172.168.1.1:9050' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.984 [warn] You specified a public address '172.168.1.1:9053' for DNSPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.984 [warn] You specified a public address '172.168.1.1:9040' for TransPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Nov 30 17:59:04.985 [notice] Opening Socks listener on 172.168.1.1:9050
Nov 30 17:59:04.985 [notice] Opening DNS listener on 172.168.1.1:9053
Nov 30 17:59:04.986 [notice] Opening Transparent pf/netfilter listener on 172.168.1.1:9040
Nov 30 17:59:05.000 [warn] Your log may contain sensitive information - you're logging more than "notice". Don't log unless it serves an important reason. Overwrite the log afterwards.
Nov 30 17:59:05.000 [info] options_act_reversible(): Recomputed OOS thresholds: ConnLimit 1000, ConnLimit_ 4064, ConnLimit_high_thresh 4000, ConnLimit_low_thresh 3048
Nov 30 17:59:05.000 [debug] tor_disable_debugger_attach(): Attemping to disable debugger attachment to Tor for unprivileged users.
Nov 30 17:59:05.000 [debug] tor_disable_debugger_attach(): Debugger attachment disabled for unprivileged users.
Nov 30 17:59:05.000 [info] tor_lockfile_lock(): Locking "/var/lib/tor/lock"
Nov 30 17:59:05.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 128.31.0.39:9131 (9695)
Nov 30 17:59:05.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 86.59.21.38:80 (847B)
Nov 30 17:59:05.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 194.109.206.212:80 (7EA6)
Nov 30 17:59:05.000 [debug] parse_dir_authority_line(): Trusted 16 dirserver at 37.218.247.217:80 (1D8F)
Nov 30 17:59:05.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 131.188.40.189:80 (F204)
Nov 30 17:59:05.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 193.23.244.244:80 (7BE6)
Nov 30 17:59:05.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 171.25.193.9:443 (BD6A)
Nov 30 17:59:05.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 154.35.175.225:80 (CF6D)
Nov 30 17:59:05.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 199.58.81.140:80 (74A9)
Nov 30 17:59:05.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 204.13.164.118:80 (24E2)
Nov 30 17:59:05.000 [debug] file_status(): stat()ing /var/lib/tor/state
Nov 30 17:59:05.000 [info] or_state_load(): Initialized state
Nov 30 17:59:05.000 [info] circuit_build_times_parse_state(): Adding 0 timeouts.
Nov 30 17:59:05.000 [info] circuit_build_times_parse_state(): Loaded 0/0 values from 0 lines in circuit time histogram
Nov 30 17:59:05.000 [debug] tor_rename(): Renaming /var/lib/tor/state.tmp to /var/lib/tor/state
Nov 30 17:59:05.000 [info] or_state_save(): Saved state to "/var/lib/tor/state"
Nov 30 17:59:05.000 [info] read_file_to_str(): Could not open "/var/lib/tor/router-stability": No such file or directory
Nov 30 17:59:05.000 [info] cell_ewma_set_scale_factor(): Disabled cell_ewma algorithm because of value in Default value
Nov 30 17:59:05.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Nov 30 17:59:22.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Nov 30 17:59:28.000 [info] add_predicted_port(): New port prediction added. Will continue predictive circ building for 3097 more seconds.
Nov 30 17:59:28.000 [info] crypto_global_init(): NOT using OpenSSL engine support.
Nov 30 17:59:28.000 [info] evaluate_evp_for_aes(): No AES engine found; using AES_* functions.
Nov 30 17:59:32.000 [debug] file_status(): stat()ing /var/lib/tor/unparseable-descs
Nov 30 18:00:43.000 [notice] Bootstrapped 0%: Starting
Nov 30 18:00:43.000 [info] read_file_to_str(): Could not open "/var/lib/tor/cached-certs": No such file or directory
Nov 30 18:00:43.000 [info] read_file_to_str(): Could not open "/var/lib/tor/cached-consensus": No such file or directory
Nov 30 18:00:43.000 [info] read_file_to_str(): Could not open "/var/lib/tor/unverified-consensus": No such file or directory
Nov 30 18:00:43.000 [info] read_file_to_str(): Could not open "/var/lib/tor/cached-microdesc-consensus": No such file or directory
Nov 30 18:00:43.000 [info] read_file_to_str(): Could not open "/var/lib/tor/unverified-microdesc-consensus": No such file or directory
Nov 30 18:00:43.000 [info] tor_mmap_file(): Could not open "/var/lib/tor/cached-microdescs" for mmap(): No such file or directory
Nov 30 18:00:43.000 [info] read_file_to_str(): Could not open "/var/lib/tor/cached-microdescs.new": No such file or directory
Nov 30 18:00:43.000 [info] microdesc_cache_reload(): Reloaded microdescriptor cache. Found 0 descriptors.
Nov 30 18:00:43.000 [info] tor_mmap_file(): Could not open "/var/lib/tor/cached-descriptors" for mmap(): No such file or directory
Nov 30 18:00:43.000 [debug] file_status(): stat()ing /var/lib/tor/cached-descriptors.new
Nov 30 18:00:43.000 [info] tor_mmap_file(): Could not open "/var/lib/tor/cached-extrainfo" for mmap(): No such file or directory
Nov 30 18:00:43.000 [debug] file_status(): stat()ing /var/lib/tor/cached-extrainfo.new
Nov 30 18:00:43.000 [info] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Nov 30 18:00:43.000 [info] update_consensus_bootstrap_attempt_downloads(): Launching microdesc bootstrap mirror networkstatus consensus download.
Nov 30 18:00:43.000 [notice] Starting with guard context "default"
Nov 30 18:00:43.000 [debug] get_guard_selection_by_name(): Creating a guard selection called default
Nov 30 18:00:43.000 [info] sample_reachable_filtered_entry_guards(): Trying to sample a reachable guard: We know of 0 in the USABLE_FILTERED set.
Nov 30 18:00:43.000 [info] sample_reachable_filtered_entry_guards():   (That isn't enough. Trying to expand the sample.)
Nov 30 18:00:43.000 [info] entry_guards_expand_sample(): Not expanding the sample guard set; we have no live consensus.
Nov 30 18:00:43.000 [info] sample_reachable_filtered_entry_guards():   (After filters [b], we have 0 guards to consider.)
Nov 30 18:00:43.000 [info] sample_reachable_filtered_entry_guards(): Trying to sample a reachable guard: We know of 0 in the USABLE_FILTERED set.
Nov 30 18:00:43.000 [info] sample_reachable_filtered_entry_guards():   (That isn't enough. Trying to expand the sample.)
Nov 30 18:00:43.000 [info] entry_guards_expand_sample(): Not expanding the sample guard set; we have no live consensus.
Nov 30 18:00:43.000 [info] sample_reachable_filtered_entry_guards():   (After filters [7], we have 0 guards to consider.)
Nov 30 18:00:43.000 [info] select_entry_guard_for_circuit(): Absolutely no sampled guards were available. Marking all guards for retry and starting from top again.
Nov 30 18:00:43.000 [info] directory_pick_generic_dirserver(): No router found for consensus network-status fetch; falling back to dirserver list.
Nov 30 18:00:43.000 [debug] directory_initiate_request(): anonymized 0, use_begindir 1.
Nov 30 18:00:43.000 [debug] directory_initiate_request(): Initiating consensus network-status fetch
Nov 30 18:00:43.000 [info] connection_ap_make_link(): Making internal direct tunnel to [scrubbed]:443 ...
Nov 30 18:00:43.000 [debug] connection_add_impl(): new conn type Socks, socket -1, address (Tor_internal), n_conns 4.
Nov 30 18:00:43.000 [info] connection_ap_make_link(): ... application connection created and linked.
Nov 30 18:00:43.000 [debug] connection_add_impl(): new conn type Directory, socket -1, address 92.222.38.67, n_conns 5.
Nov 30 18:00:43.000 [info] directory_send_command(): Downloading consensus from 92.222.38.67:443 using /tor/status-vote/current/consensus-microdesc/0232AF+14C131+23D15D+27102B+49015F+D586D1+E8A9C4+ED03BB+EFCBE7.z
Nov 30 18:00:43.000 [debug] directory_send_command(): Sent request to directory server '92.222.38.67:443': (purpose: 14, request size: 192, payload size: 0)
Nov 30 18:00:43.000 [debug] download_status_log_helper(): microdesc attempted 1 time(s); I'll try again in 1 seconds.
Nov 30 18:00:43.000 [info] update_consensus_bootstrap_attempt_downloads(): Launching microdesc bootstrap authority networkstatus consensus download.
Nov 30 18:00:43.000 [debug] directory_initiate_request(): anonymized 0, use_begindir 1.
Nov 30 18:00:43.000 [debug] directory_initiate_request(): Initiating consensus network-status fetch
Nov 30 18:00:43.000 [info] connection_ap_make_link(): Making internal direct tunnel to [scrubbed]:443 ...
Nov 30 18:00:43.000 [debug] connection_add_impl(): new conn type Socks, socket -1, address (Tor_internal), n_conns 6.
Nov 30 18:00:43.000 [info] connection_ap_make_link(): ... application connection created and linked.
Nov 30 18:00:43.000 [debug] connection_add_impl(): new conn type Directory, socket -1, address 154.35.175.225, n_conns 7.
Nov 30 18:00:43.000 [info] directory_send_command(): Downloading consensus from 154.35.175.225:443 using /tor/status-vote/current/consensus-microdesc/0232AF+14C131+23D15D+27102B+49015F+D586D1+E8A9C4+ED03BB+EFCBE7.z
Nov 30 18:00:43.000 [debug] directory_send_command(): Sent request to directory server '154.35.175.225:443': (purpose: 14, request size: 194, payload size: 0)
Nov 30 18:00:43.000 [debug] download_status_log_helper(): microdesc attempted 1 time(s); I'll try again in 6 seconds.
Nov 30 18:00:43.000 [debug] circuit_get_open_circ_or_launch(): considering 1, $DED6892FF89DBD737BA689698A171B2392EB3E82
Nov 30 18:00:43.000 [debug] onion_pick_cpath_exit(): Launching a one-hop circuit for dir tunnel.
Nov 30 18:00:43.000 [info] onion_pick_cpath_exit(): Using requested exit node '$DED6892FF89DBD737BA689698A171B2392EB3E82~DED6892FF89DBD737BA at 92.222.38.67'
Nov 30 18:00:43.000 [debug] onion_extend_cpath(): Path is 0 long; we want 1
Nov 30 18:00:43.000 [debug] onion_extend_cpath(): Chose router $DED6892FF89DBD737BA689698A171B2392EB3E82~DED6892FF89DBD737BA at 92.222.38.67 for hop 1 (exit is DED6892FF89DBD737BA689698A171B2392EB3E82)
Nov 30 18:00:43.000 [debug] onion_extend_cpath(): Path is complete: 1 steps long
Nov 30 18:00:43.000 [debug] circuit_handle_first_hop(): Looking for firsthop '92.222.38.67:443'
Nov 30 18:00:43.000 [info] circuit_handle_first_hop(): Next router is [scrubbed]: Not connected. Connecting.
Nov 30 18:00:43.000 [notice] Bootstrapped 5%: Connecting to directory server
Nov 30 18:00:43.000 [debug] channel_tls_connect(): In channel_tls_connect() for channel 0xda7440 (global id 1)
Nov 30 18:00:43.000 [debug] channel_tls_connect(): Marking new outgoing channel 1 at 0xda7440 as remote
Nov 30 18:00:43.000 [info] connection_or_set_canonical(): Channel 0 chose an idle timeout of 254.
Nov 30 18:00:43.000 [debug] connection_or_init_conn_from_address(): init conn from address 92.222.38.67: DED6892FF89DBD737BA689698A171B2392EB3E82, <unset> (1)
Nov 30 18:00:43.000 [info] connection_or_set_identity_digest(): Set identity digest for 0xda7610 ([scrubbed]): DED6892FF89DBD737BA689698A171B2392EB3E82 <unset>.
Nov 30 18:00:43.000 [info] connection_or_set_identity_digest():    (Previously: 0000000000000000000000000000000000000000 <unset>)
Nov 30 18:00:43.000 [debug] channel_set_identity_digest(): Setting remote endpoint digest on channel 0xda7440 with global ID 1 to digest DED6892FF89DBD737BA689698A171B2392EB3E82
Nov 30 18:00:43.000 [debug] connection_connect(): Connecting to [scrubbed]:443.
2

SSH in to the router and run cat /etc/config/network.

Post your results.

3

/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd1e:d1a7:c513::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ifname 'eth0.1'

config interface 'tor'
	option type 'bridge'
	option ifname 'eth0.3 wlan0-1'
	option proto 'static'
	option ipaddr '172.168.1.1'
	option netmask '255.255.255.0'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0 6t'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '6t'
	option vid '3'

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/10180000.wmac'
	option htmode 'HT20'
	option country '00'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'MyWifi'
	option encryption 'psk2'
	option key 'xxxxxxxx'

config wifi-iface
	option device 'radio0'
	option network 'tor'
	option mode 'ap'
	option ssid 'TOR'
	option encryption 'psk2'
	option key 'xxxxxxxx'

/etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6'

config zone
	option name 'tor'
	option network 'tor'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config forwarding
	option src 'lan'
	option dest 'wan'

config forwarding
	option src 'tor'
	option dest 'wan'

config rule
	option name 'Allow-Tor-DHCP'
	option src 'tor'
	option proto 'udp'
	option dest_port '53 67'
	option target 'ACCEPT'
	option family 'ipv4'
	option enabled '1'

config rule
	option name 'Allow-Tor-Transparent'
	option src 'tor'
	option proto 'tcp'
	option dest_port '9040'
	option target 'ACCEPT'
	option family 'ipv4'
	option enabled '1'

config rule
	option name 'Allow-Tor-SOCKS'
	option src 'tor'
	option proto 'tcp'
	option dest_port '9050'
	option target 'ACCEPT'
	option family 'ipv4'
	option enabled '1'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option name 'Redirect-Tor-Traffic'
	option src 'tor'
	option src_dip '!172.168.1.1'
	option dest_port '9040'
	option proto 'tcp'
	option target 'DNAT'
	option enabled '1'

config redirect
	option name 'Redirect-Tor-DNS'
	option src 'tor'
	option src_dport '53'
	option dest_port '9053'
	option proto 'udp'
	option target 'DNAT'
	option enabled '1'

config include
	option path '/etc/firewall.user'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'any'
	option reload '1'

/etc/tor/torrc

User tor
RunAsDaemon 1
PidFile /var/run/tor.pid
DataDirectory /var/lib/tor
Log notice file /var/log/tor/notices.log
Log debug file /var/log/tor/debug.log
GeoIPFile /usr/share/tor/geoip
GeoIPv6File /usr/share/tor/geoip6
MaxCircuitDirtiness 60
ExitNodes {us}
StrictNodes 1
VirtualAddrNetworkIPv4 10.192.0.0/11
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1

TransPort 172.168.1.1:9040
DNSPort 172.168.1.1:9053
SocksPort 172.168.1.1:9050
4

For starters, 172.168.1.1 is not a private IP address, and you should not use it for your internal network.

5

The sample config from the how-to link posted above by the OP used 172.16.1.1

6

change IP to 172.16.1.1, still not working

/var/log/tor/notices.log

Dec 01 13:55:00.000 [notice] Tor 0.3.1.8 (git-ad5027f7dc790624) opening new log file.
Dec 01 13:55:00.002 [notice] Tor 0.3.1.8 (git-ad5027f7dc790624) running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Dec 01 13:55:00.003 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 01 13:55:00.008 [notice] Read configuration file "/etc/tor/torrc".
Dec 01 13:55:00.077 [notice] You configured a non-loopback address '172.16.1.1:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 01 13:55:00.078 [notice] You configured a non-loopback address '172.16.1.1:9053' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 01 13:55:00.078 [notice] You configured a non-loopback address '172.16.1.1:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 01 13:55:00.087 [notice] You configured a non-loopback address '172.16.1.1:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 01 13:55:00.087 [notice] You configured a non-loopback address '172.16.1.1:9053' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 01 13:55:00.087 [notice] You configured a non-loopback address '172.16.1.1:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 01 13:55:00.088 [notice] Opening Socks listener on 172.16.1.1:9050
Dec 01 13:55:00.088 [notice] Opening DNS listener on 172.16.1.1:9053
Dec 01 13:55:00.089 [notice] Opening Transparent pf/netfilter listener on 172.16.1.1:9040
Dec 01 13:55:00.000 [warn] Your log may contain sensitive information - you're logging more than "notice". Don't log unless it serves an important reason. Overwrite the log afterwards.
Dec 01 13:55:00.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Dec 01 13:55:52.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Dec 01 13:56:12.000 [notice] Bootstrapped 0%: Starting
Dec 01 13:56:12.000 [notice] Starting with guard context "default"
Dec 01 13:56:12.000 [notice] Bootstrapped 5%: Connecting to directory server
Dec 01 13:56:13.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Dec 01 14:01:12.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Dec 01 14:01:12.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Dec 01 14:01:12.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Dec 01 14:01:12.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Dec 01 14:01:12.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Dec 01 14:01:12.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Dec 01 14:01:12.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Dec 01 14:01:13.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
7

Looks like it's trying to use port 0.

Do another cat on your config files and post the results.

8

what should i do to fix this?

9

Re-post your configs...

One thing I noticed above is your firewall rule for Allow-Tor-DHCP is using option dest_port '53 67’

In the how-to... option dest_port '9053'

10

Some questions...

  • LEDE 17.01.4 supports TOR 0.2.9.12, but you are using TOR 0.3.1.8; did you build it yourself?
  • What about all those "[info] read_file_to_str(): Could not open /var/lib/tor/" messages?
  • Do you have any restrictions in your internet connection?
11

i try that rule, but it's not working
then i try redirect option, but also not working

12

nope, build from lede github by cloning https://github.com/lede-project/source.git
i think that's trunk build Reboot (SNAPSHOT, r5399-6aa4b97)

those “[info] read_file_to_str(): Could not open /var/lib/tor/” messages, because no such files in directories. not sure where to get the files, but on working router chaos calmer (tor ver.0.2.7.4) has such files.

as for the internet connection, i think my isp doesn't have restriction.
it's working fine on other router chaos calmer (tor ver.0.2.7.4)

13

let me try to build lede 17.01.4
will let you know whether tor for that version working or not

14

When I do a package search for tor in 17.01.4, the result is version 0.2.9.12-1

15

Lede Reboot (17.01.4, r3560-79f57e422d) using Tor 0.2.9.12 is working OK
So the problem confirmed with updated Tor 0.3.1.8
I guess this is due to Tor 0.3.1.8 needs Liblzma and Libzstd however latest lede doesn't have this package.

16

The guide you linked to is for a special special use case. You should understand 1) what he is trying to do and 2) how he goes on doing it before you draw any conclusions about what is broken and what is not.

He creates a separate interface of his 5 GHz radio and forces all clients that connect to it to either use Tor or not get Internet access at all. You could simply forget about the interface and have Tor use your regular router address, which seems to be 192.168.1.1 now.

Or was it the special case you were trying? What did you eventually do?

17

Hello dony71,

I was wondering how you were able to get Tor version 0.2.9.12 on LEDE v 17.01.4? Did you have to compile it or run a specific opkg install command with the version number?

Was the version the culprit and root cause of the problem so after install that 0.2.9.12 version, it all worked seamlessly or were there additional configuration and tweaks you had to modify to get it working?

I am experiencing the same issues myself with a Linksys WRT3200acm router. I wanted to reach out to you before opening a new ticket.

Thanks in advance and sorry moderators if this reply is not following protocol, please let me know and I will provide additional requirements as needed.

Sincerely,

A humble committed student

18

You need to compile the packages yourself: prepare the build environment in your computer, update the Makefile for TOR so it points to the latest release, and build the packages locally; there are guides covering this, and you can ask in this forum.

Or, since you are running the same router as me, just drop me a private message with your email address, and I will send the packages I built.

1 Like
19

Hello eduperez,

I must admit that I am a noob when it comes to compiling but I do have the urge to learn how to do it. I have come across others talking about compiling their own packages when I was wanting to incorporate 2FA with google auth with openvpn for openwrt/lede. The instruction I have came across online isn't exactly clear as to how to merge the downloaded file and lede image together. Do you have any procedures that you recommend that has helped you? I wouldn't mind taking you up on your offer to receive your image for comparison.

Thanks for all that you do.

20

Ok, this is the procedure I followed, you can try that path if you are eager to learn (I was not too specific of purpose, so you can investigate by yourself and learn more), or you can send me a private message with your email address when you give up:

Hope this helps!