-
Notifications
You must be signed in to change notification settings - Fork 5
/
install
88 lines (69 loc) · 2.34 KB
/
install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/bin/sh
#
# Configure onionwrt
#
[ -z "$SSID" ] && SSID=OnionWRT
LAN_IP=$(uci get network.lan.ipaddr)
opkg update 2>&1 >/dev/null
# Check key:
if [ ! -z "$KEY" ]
then
[ $(echo -n $KEY| wc -c) -lt 7 ] && { echo "KEY is too short."; exit; }
[ $(echo -n $KEY| wc -c) -gt 62 ] && { echo "KEY is too long."; exit; }
( opkg list-installed |grep -q wpad-mini ) || opkg install wpad-mini
fi
# Install Tor
( opkg list-installed |grep -q tor ) || opkg install tor
( opkg list-installed |grep -q tor ) || { echo "Error: Tor is not installed."; exit; }
# Configure Tor
# Create User and Group
( cat /etc/passwd |grep -q ^tor ) || echo "tor:*:52:52:tor:/var/run/tor:/bin/false" >> /etc/passwd
( cat /etc/shadow |grep -q ^tor ) || echo "tor:*:0:0:99999:7:::" >> /etc/shadow
( cat /etc/group |grep -q ^tor ) || echo "tor:x:52:" >> /etc/group
# Netejem directoris
killall -9 tor
rm -rf /etc/tor
rm -rf /var/lib/tor
rm -f /var/run/tor.pid
# Create Tor Configuration
mkdir -p /etc/tor
cat > /etc/tor/torrc << EOF
# Tor configuration
User tor
RunAsDaemon 1
PidFile /var/run/tor.pid
DataDirectory /var/lib/tor
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress ${LAN_IP}
DNSPort 9053
DNSListenAddress ${LAN_IP}
EOF
mkdir -p /var/lib/tor
chown tor /var/lib/tor
mkdir -p /var/run
touch /var/run/tor.pid
chown tor /var/run/tor.pid
# Configure transparent proxy
sed -i -e '/# DNT/d' /etc/firewall.user
cat >> /etc/firewall.user << EOF
iptables -t nat -A PREROUTING -i br-lan -s $(uci get network.lan.ipaddr)/$(ipcalc.sh $(uci get network.lan.ipaddr) $(uci get network.lan.netmask)|grep PREFIX|cut -d "=" -f 2) -d $(uci get network.lan.ipaddr) -j RETURN # DNT
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j REDIRECT --to-ports 9053 # DNT
iptables -t nat -A PREROUTING -i br-lan -p tcp --syn -j REDIRECT --to-ports 9040 # DNT
EOF
# Configure wifi.
mv /etc/config/wireless /etc/config/wireless.bak
wifi detect |grep -v disabled|grep -v REMOVE > /etc/config/wireless
# Configure all "lan" wifis.
for radio in $(uci show wireless|grep lan|cut -d "." -f 2)
do
uci set wireless.${radio}.ssid=${SSID}
[ ! -z "$KEY" ] && { uci set wireless.${radio}.encryption=psk;uci set wireless.${radio}.key=${KEY}; } || uci set wireless.${radio}.encryption=none
done
uci commit
# Wifi up
wifi
/etc/init.d/tor enable
/etc/init.d/tor start
/etc/init.d/firewall stop
/etc/init.d/firewall start