History

CyberMind-FR fa1f6ddbb8 feat(tor-shield): Add server mode for split-routing with public IP preservation Server mode routes all outbound traffic through Tor while preserving inbound connections (HAProxy, etc) on the public IP. Fixes kill switch blocking response packets by adding ESTABLISHED,RELATED conntrack rule, and adds PREROUTING chain for LAN client Tor routing. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>		2026-02-03 13:46:26 +01:00
..
files	feat(tor-shield): Add server mode for split-routing with public IP preservation	2026-02-03 13:46:26 +01:00
Makefile	fix(bonus): Strip libc dependency from local feed packages	2026-01-30 19:46:26 +01:00
README.md	docs(secubox): Add KISS README for all 46 remaining packages	2026-02-03 07:34:06 +01:00

README.md

SecuBox Tor Shield

Tor integration for OpenWrt providing transparent proxy, SOCKS proxy, DNS over Tor, kill switch, hidden services, and bridge support.

Installation

opkg install secubox-app-tor

Configuration

UCI config file: /etc/config/tor-shield

uci set tor-shield.main.enabled='1'
uci set tor-shield.main.mode='transparent'
uci set tor-shield.main.dns_over_tor='1'
uci set tor-shield.main.kill_switch='0'
uci commit tor-shield

Usage

torctl start           # Start Tor service
torctl stop            # Stop Tor service
torctl status          # Show Tor status and circuits
torctl newnym          # Request new Tor identity
torctl bridges         # Manage bridge relays
torctl hidden add      # Create a hidden service
torctl hidden list     # List hidden services
torctl killswitch on   # Enable kill switch (block non-Tor traffic)
torctl killswitch off  # Disable kill switch

Modes

Transparent proxy -- All LAN traffic routed through Tor via iptables
SOCKS proxy -- SOCKS5 endpoint for per-app Tor usage
DNS over Tor -- DNS queries resolved through Tor network
Kill switch -- Blocks all non-Tor traffic if Tor goes down

Dependencies

iptables
curl
jsonfilter
socat

License

Apache-2.0