gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c4a2601c11
secubox-openwrt/package/secubox/secubox-app-tor/README.md
CyberMind-FR ccfb58124c docs: Add trilingual documentation (French and Chinese translations) 
Add complete French (fr) and Chinese (zh) translations for all documentation:

- Root files: README, CHANGELOG, SECURITY, BETA-RELEASE
- docs/: All 16 core documentation files
- DOCS/: All 19 deep-dive documents including embedded/ and archive/
- package/secubox/: All 123+ package READMEs
- Misc: secubox-tools/, scripts/, EXAMPLES/, config-backups/, streamlit-apps/

Total: 346 translation files created

Each file includes language switcher links for easy navigation between
English, French, and Chinese versions.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-20 10:00:18 +01:00

78 lines
2.1 KiB
Markdown
Raw Blame History

English | [Francais](README.fr.md) | [中文](README.zh.md)
# SecuBox Tor Shield
Tor integration for OpenWrt providing transparent proxy, SOCKS proxy, DNS over Tor, kill switch, hidden services, and bridge support.
## Installation
```bash
opkg install secubox-app-tor
```
## Configuration
UCI config file: `/etc/config/tor-shield`
```bash
uci set tor-shield.main.enabled='1'
uci set tor-shield.main.mode='transparent'
uci set tor-shield.main.dns_over_tor='1'
uci set tor-shield.main.kill_switch='0'
uci commit tor-shield
```
## Usage
```bash
torctl start # Start Tor service
torctl stop # Stop Tor service
torctl status # Show Tor status and circuits
torctl newnym # Request new Tor identity
torctl bridges # Manage bridge relays
torctl hidden add # Create a hidden service
torctl hidden list # List hidden services
torctl killswitch on # Enable kill switch (block non-Tor traffic)
torctl killswitch off # Disable kill switch
```
## Modes
- **Transparent proxy** -- All LAN traffic routed through Tor via iptables
- **SOCKS proxy** -- SOCKS5 endpoint for per-app Tor usage
- **DNS over Tor** -- DNS queries resolved through Tor network
- **Kill switch** -- Blocks all non-Tor traffic if Tor goes down
## Excluded Domains (System Services Bypass)
When Tor Shield is active, certain system services (opkg, NTP, ACME) need direct
internet access. These domains bypass Tor DNS and routing:
- OpenWrt package repositories (`downloads.openwrt.org`, mirrors)
- NTP time servers (`pool.ntp.org`, `time.google.com`)
- Let's Encrypt ACME (`acme-v02.api.letsencrypt.org`)
- DNS provider APIs (Gandi, OVH, Cloudflare)
Configure additional exclusions in UCI:
```bash
uci add_list tor-shield.trans.excluded_domains='my.example.com'
uci commit tor-shield
/etc/init.d/tor-shield restart
```
The exclusions are implemented at two levels:
1. **dnsmasq bypass** -- DNS queries for excluded domains go directly to upstream
2. **iptables RETURN** -- Traffic to resolved IPs bypasses Tor transparent proxy
## Dependencies
- `iptables`
- `curl`
- `jsonfilter`
- `socat`
## License
Apache-2.0
Reference in New Issue View Git Blame Copy Permalink