Tor over Wifi only

ive got 2 routers an edgerouter who handles all the dhcp and internet firewall and so on so what it should do, the other is a fritzbox 4040 that i flashed to openwrt this week this one is setup as a switch and wifi access point. dhcp is off firewall is disabled and created just 1 large bridge so the wifi and lan ports get the ips from the edgerouter. What i wanna try but im not sure this is possible with this config on the fritzbox is have wifi route everything through tor im guessing if it is possible through vlan or such but im not quite sure how also not too sure which packages to install if this is possible. If someone knows how i can achieve this if its possible that would be great.

1 Like

@HellsAngel79 , welcome to the community!

If you make a seperate WiFi subnet:

  • Make a IP route to via the VPN on table n (n == an integer, e.g. 2)
  • Make a IP rule for the WiFi subnet to use table 2


(BTW they're many similar threads on this.) Hope this helps.

Thank you and thank you for the quick reply.
Im ok with basic network stuff i read and googled about this but their situation differs from mine
What you just wrote i have no idea how to do that where in the gui do i need to be? kinda need a step by step if thats possible. Also what packages do i need theres quite a few when you filter on tor, and preferbly a way to figure out if i can accomplish this how to verify it is actually working and using tor.

Wait wait, my apologies, I did not realize Tor...

And I'm not personally aware of an all-web-GUI setup. :slightly_frowning_face:

1 Like

Ok thanks again yeah cli is a bit problematic need to use another pc to access it but not impossible.
Im reading the link you gave i have firewall disabled do i just skip those steps?

If you want to use Tor from a LAN client, you will need to perform some firewall "magic" to get the packets and DNS requests into the Tor tunnel.

1 Like

Only need tor for wlan, tor is installed i got the cli up now but the problem is this seems tailored for anything but the setup i have like the dns wont work i think as i dont run a dns on the router as its now a switch.
so thats kind of the problem i face there is alot on the forums and google how to setup tor on openwrt but not really on a situation i have so i kinda need a step by step thats specific for the case i got. i know the basics of network setups but vlans etc thats above my head hence the step by step i kinda need. not sure i can post the openwrt config here if that helps.

Also the firewall part mentions lan only thats exactly where i dont want it just wlan.
edit2: also the tor part dns ports do i leave those or do i point those to the edgerouter as that is doing all the dns and internet traffic

Set up a guest network:

Then apply the Tor client instruction linked above by @lleachii.
And change the source in the related firewall rules to the guest zone.

Ok i read over it but i dont want a guest wifi so as i understand what i want isnt possible?
Add tor to excisting setup on the wlan only while the edgerouter gives out the ips so all the wlan ip devices keep the same ip but use tor and the lan ports wont be affected by tor.

ok so im blindly plowing through the guest network setup
sofar this error popped up but ill plow through see what happens
udhcpc: started, v1.30.1
udhcpc: sending discover
udhcpc: no lease, failing
im guessing because there is already the other router doing all dhcp

You need to remove the wireless interface from the LAN bridge and a create a separate network, DHCP pool, firewall zone, forwardings, so it's mostly the same as the guest Wi-Fi.

Instead, you can simply use the guest Wi-Fi instruction and then delete the original WLAN.

Thank you again for all the help and quick reply yes i did remove the wlan from the original bridge and moved it to guest (did keep the other one there aswell that most likely got created by cli) and wifi still works so that part works gonna move onto tor now.

At the tor part now do i change : uci set firewall.ssh_int.src="lan" into : uci set firewall.ssh_int.src="wlan0"
Ok i actually dont have working wifi. Im guessing that dhcp error is why wifi isnt working.
Where do i find the name of the guest firewall zone?

It should be the name of your guest firewall zone.

So all the steps are done wifi is not working i bet due to this error
udhcpc: started, v1.30.1
udhcpc: sending discover
udhcpc: no lease, failing
ive changed lan to wlan0 that seemed to make sense
it does get an ip on wifi devices but no working internet so any ideas how to solve it with working tor would be great. thanks again for all the help

Collect the diagnostics and post it to redacting the private parts:

uci show network; uci show wireless; uci show dhcp; uci show firewall; \
ip address show; ip route show table all; ip rule show; iptables-save; \
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

Ok here is the link :
i also see the wifi gets a router assigned of that doesnt excist also cant seem to find where to edit this in the gui the you see in there is the edgerouter the is the fritzbox in switch mode running openwrt

actually that comes from the guest network which the tutorial has set to .3.1 and i changed to .0.1 but yeah that isnt a router so wifi isnt working
doubt tor is even in between it.

1 Like

The guest subnet must be different from the LAN.

Ah there is no way to keep that the same?
changed it to same story get an ip on wlan devices router is now set to
but internet still dead as a doornail.

this also doesnt look promising
Fri Feb 26 20:43:18 2021 daemon.warn Tor[16752]: Problem bootstrapping. Stuck at 0% (starting): Starting. (Network unreachable; NOROUTE; count 36; recommendation warn; host A597AC866E40CAB5A67759ADE4942192E99DE684 at
so yeah the guides i think leave quite some to be desired for newcommers

Using different subnets is a mandatory requirement to implement split routing for wired and wireless networks.

According to your diagnostics, it should be like this:

uci -q delete firewall.@zone[0].network
uci add_list firewall.@zone[0].network="lan"
uci set firewall.@zone[0].masq="1"
uci set firewall.@zone[0].masq_src="!"
uci rename firewall.guest_wan="guest_lan"
uci set firewall.guest_lan.dest="lan"
uci set firewall.ssh_int.src="guest"
uci set firewall.http_int.src="guest"
uci set firewall.https_int.src="guest"
uci set firewall.dns_int.src="guest"
uci set firewall.tcp_int.src="guest"
uci commit firewall
/etc/init.d/firewall restart
uci -q delete network.guest.gateway
uci commit network
/etc/init.d/network restart
1 Like

Yeah i figured that hence my question if this was even possible running it as a switch i knew converting it back to a router wasnt really what i wanted but now that i might be close if this actually works im gonna just use and change every config to the new wireless ips.

Wow thank you soo much this works perfectly now TOR is now working on wifi.
1 last question is there an easy way to change the name GUEST to say WiFi-TOR in the gui > interfaces
or using the cli.

Actually figured it out renamed it now to WiFi_TOR and threw away the guest network as i still just want the password on it thanks again for the help and getting me up and running very much appreciated

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.