gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ccfb58124c
secubox-openwrt/package/secubox/secubox-app-tor
History
CyberMind-FR ccfb58124c docs: Add trilingual documentation (French and Chinese translations) 
Add complete French (fr) and Chinese (zh) translations for all documentation:

- Root files: README, CHANGELOG, SECURITY, BETA-RELEASE
- docs/: All 16 core documentation files
- DOCS/: All 19 deep-dive documents including embedded/ and archive/
- package/secubox/: All 123+ package READMEs
- Misc: secubox-tools/, scripts/, EXAMPLES/, config-backups/, streamlit-apps/

Total: 346 translation files created

Each file includes language switcher links for easy navigation between
English, French, and Chinese versions.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-20 10:00:18 +01:00
..
files feat(mesh): Yggdrasil extended peer discovery + bugfixes 2026-02-28 17:32:41 +01:00
Makefile fix(bonus): Strip libc dependency from local feed packages 2026-01-30 19:46:26 +01:00
README.fr.md docs: Add trilingual documentation (French and Chinese translations) 2026-03-20 10:00:18 +01:00
README.md docs: Add trilingual documentation (French and Chinese translations) 2026-03-20 10:00:18 +01:00
README.zh.md docs: Add trilingual documentation (French and Chinese translations) 2026-03-20 10:00:18 +01:00

README.md

English | Francais | 中文

SecuBox Tor Shield

Tor integration for OpenWrt providing transparent proxy, SOCKS proxy, DNS over Tor, kill switch, hidden services, and bridge support.

Installation

opkg install secubox-app-tor

Configuration

UCI config file: /etc/config/tor-shield

uci set tor-shield.main.enabled='1'
uci set tor-shield.main.mode='transparent'
uci set tor-shield.main.dns_over_tor='1'
uci set tor-shield.main.kill_switch='0'
uci commit tor-shield

Usage

torctl start           # Start Tor service
torctl stop            # Stop Tor service
torctl status          # Show Tor status and circuits
torctl newnym          # Request new Tor identity
torctl bridges         # Manage bridge relays
torctl hidden add      # Create a hidden service
torctl hidden list     # List hidden services
torctl killswitch on   # Enable kill switch (block non-Tor traffic)
torctl killswitch off  # Disable kill switch

Modes

  • Transparent proxy -- All LAN traffic routed through Tor via iptables
  • SOCKS proxy -- SOCKS5 endpoint for per-app Tor usage
  • DNS over Tor -- DNS queries resolved through Tor network
  • Kill switch -- Blocks all non-Tor traffic if Tor goes down

Excluded Domains (System Services Bypass)

When Tor Shield is active, certain system services (opkg, NTP, ACME) need direct internet access. These domains bypass Tor DNS and routing:

  • OpenWrt package repositories (downloads.openwrt.org, mirrors)
  • NTP time servers (pool.ntp.org, time.google.com)
  • Let's Encrypt ACME (acme-v02.api.letsencrypt.org)
  • DNS provider APIs (Gandi, OVH, Cloudflare)

Configure additional exclusions in UCI:

uci add_list tor-shield.trans.excluded_domains='my.example.com'
uci commit tor-shield
/etc/init.d/tor-shield restart

The exclusions are implemented at two levels:

  1. dnsmasq bypass -- DNS queries for excluded domains go directly to upstream
  2. iptables RETURN -- Traffic to resolved IPs bypasses Tor transparent proxy

Dependencies

  • iptables
  • curl
  • jsonfilter
  • socat

License

Apache-2.0