Tor and Squid autostart?

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
baboeska
DD-WRT Novice


Joined: 22 Jun 2011
Posts: 48

PostPosted: Wed Apr 05, 2023 2:59    Post subject: Tor and Squid autostart? Reply with quote
Hi there,
I'm wondering how I get Tor and Squid to auto-start from entware.

I believe the commands I want to issue are "squid -d 1" and "tor -f /opt/etc/tor/torrc"
I've tried putting those into my startup but it appears to be not working, tried cron, nothing seems to work except manual login and command line start.
I'd also like to know how to auto-start DNSCryptproxy-2 with a working custom config file that tells it to use the tor network, as the built-in entware one gives me major hiccups.

Thanks for the help Smile
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Wed Apr 05, 2023 4:41    Post subject: Reply with quote
DNSCryptproxy-2 via entware works ok make sure your Entware instalation is ok...for more info about
DNSCryptproxy-2 click green link in my signature... Cool

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
baboeska
DD-WRT Novice


Joined: 22 Jun 2011
Posts: 48

PostPosted: Wed Apr 05, 2023 9:22    Post subject: Reply with quote
Alozaros wrote:
DNSCryptproxy-2 via entware works ok make sure your Entware instalation is ok...for more info about
DNSCryptproxy-2 click green link in my signature... Cool


Thanks, yeah I found that dnscryptproxy wouldn't load my config file, not sure why not.
Had to add heaps of #'s infront of every line :/ - with default entware .toml.

root@DD-WRT:/opt/etc# dnscrypt-proxy /opt/etc/dnscrypt-proxy.toml
/opt/etc/dnscrypt-proxy.toml:42:1: property not found line 42: [listen_addresses = ['127.0.0.1:30']].
Wed Apr 5 21:39:10 2023 [ERROR] Unable to read the configuration file
Wed Apr 5 21:39:10 2023 [ERROR] Unable to start the proxy
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Wed Apr 05, 2023 11:55    Post subject: Reply with quote
you have to use its default .toml file just edit the values as they should look
toml file is very specific and small change in intervals or any incorrect value i will not work
the bad thing is on some updates it can depreciate ot change values or add spaces and you have to
manually edit your settings again…it is very touchy picky thing i moved to smartdns on that device i used
dnscrypt

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
baboeska
DD-WRT Novice


Joined: 22 Jun 2011
Posts: 48

PostPosted: Wed Apr 05, 2023 21:09    Post subject: Reply with quote
Ok figured this out.
With entware, it's all about the files in /opt/etc, and /opt/etc/init.d/rc.unslung restart will restart the services.
Running by command line over ride vs actual proper config files doesn't work as well.

Re DNSCrypt, probably easiest to run the inbuilt one, as the entware config files give me major issues on a Broadcom Northstar Prototype based cpu.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Wed Apr 05, 2023 21:18    Post subject: Reply with quote
did you install broadcom entware version or arm based dual core version as this is the correct one for R7000
and this line that restarts opt scripts you save in usb script so it will be-called when usb is up

do we know your router and firmware number ? there you go you must start with it as we
cant guess it and help gets down to zero…as it gets messy

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
baboeska
DD-WRT Novice


Joined: 22 Jun 2011
Posts: 48

PostPosted: Thu Apr 06, 2023 4:16    Post subject: Reply with quote
Alozaros wrote:
did you install broadcom entware version or arm based dual core version as this is the correct one for R7000
and this line that restarts opt scripts you save in usb script so it will be-called when usb is up

do we know your router and firmware number ? there you go you must start with it as we
cant guess it and help gets down to zero…as it gets messy


https://github.com/Lanchon/ddwrt-secure-entware
armv7sf-k3.2

Dual core Broadcom Northstar Prototype - Linksys XAC1900 EA6900 DDWRT 51140
Ah, usb script.
Good to know what that's for, thanks Alozaros.
Currently I'm pretty happy with adblock filter ipv6 for dnscrypt redirected on port 30 from dnsmasq, but was wondering if there are advantages to running DNS through the TOR network as tcp via the socks proxy?
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Thu Apr 06, 2023 20:15    Post subject: Reply with quote
https://github.com/Lanchon/ddwrt-secure-entware

i just replaced wget with curl -O and worked out...as curl is included on most of the routers..

cd /opt
curl -O https://bin.entware.net/armv7sf-k3.2/installer/generic.sh (click enter)
sh generic.sh (click enter)

sadly the opkg updates are http, but all the entware thing is about a great level of trust as its been build and maintained by Russians... for free... But many of us are finding it quite useful Cool
its also synch with OpenWRT, so updates are not always on time, when the new binaries updates are up..also not all the stuff get updated to their last versions...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
baboeska
DD-WRT Novice


Joined: 22 Jun 2011
Posts: 48

PostPosted: Thu Apr 06, 2023 22:53    Post subject: Reply with quote
Alozaros wrote:
https://github.com/Lanchon/ddwrt-secure-entware

i just replaced wget with curl -O and worked out...as curl is included on most of the routers..

cd /opt
curl -O https://bin.entware.net/armv7sf-k3.2/installer/generic.sh (click enter)
sh generic.sh (click enter)

sadly the opkg updates are http, but all the entware thing is about a great level of trust as its been build and maintained by Russians... for free... But many of us are finding it quite useful Cool
its also synch with OpenWRT, so updates are not always on time, when the new binaries updates are up..also not all the stuff get updated to their last versions...


Mmm. Well it's a great resource, no doubt about that.
I'm more worried about misconfigured entware packages ie tor/squid/etc allowing anyone on the internet to connect, vs deliberate hacks, it is, ofcourse, free software and it's our job to make sure it's set up properly for us and default config needs vary widely.

I think the reason to use the patch installer is so that you use secure https for dl's all the time with entware, as compared to internal stuff rolling back to not secure port 80.
I suspect that caching servers/ssl bumps can lead to systems being compromised, even if the source is clean.
It's lead me to a tiny bit of wonder if my (borrowed) http blocklist could be a way for someone to insert some dodgy dns resolution, but probably not. Works better than https.
Re dnscrypt, yeah it has the option to push stuff through a tor proxy, is that a good or bad thing to turn on?

And back to my main question.
how do you autoexecute specific commands in entware, as compared to the full config files?
I'm okay with full config files now, but, it's probably worth knowing.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Fri Apr 07, 2023 8:18    Post subject: Reply with quote
the thing with entware packages is some of them may need special configs to make them work as intended
and it could be very difficult to find or adapt the correct cmds
as far as checking security of entware packages…there are many ways for it…

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum