test

1. #!/bin/sh
2. ######################
3. # Configure onionwrt #
4. ######################
5.  
6. [ -z "$SSID" ] && SSID=OnionWRT
7. LAN_IP=$(uci get network.lan.ipaddr)
8. opkg update 2>&1 >/dev/null
9.  
10. # Check key:
11. if [ ! -z "$KEY" ]
12. then
13. [ $(echo -n $KEY| wc -c) -lt 7 ] && { echo "KEY is too short."; exit; }
14. [ $(echo -n $KEY| wc -c) -gt 62 ] && { echo "KEY is too long."; exit; }
15. ( opkg list-installed |grep -q wpad-mini ) || opkg install wpad-mini
16. fi
17.  
18. # Install Tor
19. ( opkg list-installed |grep -q tor ) || opkg install tor
20. ( opkg list-installed |grep -q tor ) || { echo "Error: Tor is not installed."; exit; }
21.  
22. # Configure Tor
23. # Create User and Group
24. ( cat /etc/passwd |grep -q ^tor ) || echo "tor:*:52:52:tor:/var/run/tor:/bin/false" >> /etc/passwd
25. ( cat /etc/shadow |grep -q ^tor ) || echo "tor:*:0:0:99999:7:::" >> /etc/shadow
26. ( cat /etc/group |grep -q ^tor ) || echo "tor:x:52:" >> /etc/group
27.  
28. # House Keeping
29. killall -9 tor
30. rm -rf /etc/tor
31. rm -rf /var/lib/tor
32. rm -f /var/run/tor.pid
33.  
34. # Create Tor Configuration
35. mkdir -p /etc/tor
36.  
37. cat > /etc/tor/torrc << EOF
38. # Tor configuration
39. User tor
40. RunAsDaemon 1
41. PidFile /var/run/tor.pid
42. DataDirectory /var/lib/tor
43. ##################################
44. VirtualAddrNetwork 10.192.0.0/10
45. AutomapHostsOnResolve 1
46. TransPort 9040
47. TransListenAddress 127.0.0.1
48. TransListenAddress ${LAN_IP}
49. DNSPort 9053
50. DNSListenAddress 127.0.0.1
51. DNSListenAddress 0.0.0.0:5300
52. DNSListenAddress ${LAN_IP}
53. ControlPort 9051
54. #################################
55.  
56. EOF
57. mkdir -p /var/lib/tor
58. chown tor /var/lib/tor
59. mkdir -p /var/run
60. touch /var/run/tor.pid
61. chown tor /var/run/tor.pid
62.  
63. # Configure transparent proxy
64. sed -i -e '/# DNT/d' /etc/firewall.user
65.  
66. cat >> /etc/firewall.user << EOF
67. iptables -t nat -A PREROUTING -i br-lan -s $(uci get network.lan.ipaddr)/$(ipcalc.sh $(uci get network.lan.ipaddr) $(uci get network.lan.netmask)|grep PREFIX|cut -d "=" -f 2) -d $(uci get network.lan.ipaddr) -j RETURN # DNT
68. iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j REDIRECT --to-ports 9053 # DNT
69. iptables -t nat -A PREROUTING -i br-lan -p tcp --syn -j REDIRECT --to-ports 9040 # DNT
70. # Drop ICMP # DNT
71. iptables -A INPUT -p icmp --icmp-type 8 -j DROP # DNT
72. # security rules from https://lists.torproject.org/pipermail/tor-talk/2014-March/032507.html # DNT
73. iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP # DNT
74. iptables -A OUTPUT -m state --state INVALID -j DROP # DNT
75. # security rules to prevent kernel leaks from link above # DNT
76. iptables -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,FIN ACK,FIN -j DROP # DNT
77. iptables -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,RST ACK,RST -j DROP # DNT
78. # disable chrome and firefox udp leaks # DNT
79. iptables -t nat -A PREROUTING -p udp -m multiport --dport 3478,19302 -j REDIRECT --to-ports 9999 # DNT
80. iptables -t nat -A PREROUTING -p udp -m multiport --sport 3478,19302 -j REDIRECT --to-ports 9999 # DNT
81.  
82. EOF
83.  
84. # Configure wifi.
85. mv /etc/config/wireless /etc/config/wireless.bak
86. wifi detect |grep -v disabled|grep -v REMOVE > /etc/config/wireless
87.  
88. # Configure all "lan" wifis.
89. for radio in $(uci show wireless|grep lan|cut -d "." -f 2)
90. do uci set wireless.${radio}.ssid=${SSID}
91. [ ! -z "$KEY" ] && { uci set wireless.${radio}.encryption=psk;uci set wireless.${radio}.key=${KEY}; } || uci set wireless.${radio}.encryption=none
92. done
93.  
94. uci commit
95. # Wifi up
96. wifi
97. /etc/init.d/tor enable
98. /etc/init.d/tor start
99. /etc/init.d/firewall stop
100. /etc/init.d/firewall start