Example #1
0
def install_tor(image):
    image.mount_chroot()

    sources_list = [
        'deb http://deb.torproject.org/torproject.org jessie main',
        'deb-src http://deb.torproject.org/torproject.org jessie main']
    raspseed.write_file(
        sources_list, image.mountpoint+'/etc/apt/sources.list',
        append=True, uniqueonly=True)

    chroot_env = {
        'LANG':'C', 
        'DEBIAN_FRONTEND':'noninteractive'}
    chroot_cmds = [
        'gpg --keyserver keys.gnupg.net --recv 886DDD89',
        'gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -',
        'apt-get update',
        'apt-get -y install tor deb.torproject.org-keyring tor-geoipdb']
    raspseed.sh(chroot_cmds, env=chroot_env, chroot=image.mountpoint, chroot_disable_daemons=True)
Example #2
0
def route_thru_tor(image, wan_if, tor_ap):
    image.mount_chroot()

    # TODO: we overwrite sysctl.conf and torrc below, because by default they are only comments
    # might be worth writing a function that grabs any non-comment lines and rewrites the file, though, 
    # in case that changes in the future

    torrc = [
        'VirtualAddrNetworkIPv4 {}/{}'.format(tor_virt_addr, tor_virt_cidr),
        'AutomapHostsOnResolve 1',
        'TransPort {}:{}'.format(tor_wap_addr, tor_trans_port),
        'DNSPort {}:{}'.format(tor_wap_addr, tor_dns_port)]
    raspseed.write_file(torrc, image.mountpoint+'/etc/tor/torrc', append=False)

    # I need to run these iptables commands on every boot
    # I think you can add a post-up script to the interface in /etc/network/interfaces ?
    # I'm not sure if I need to enable ipv4 forwarding in sysctl or not, but I don't think so? 
    # TODO: make sure it fails closed: if the script fails for some reason, there should be no internet access. 
    iptables_cmds = [
        'iptables -F'
        'iptables -t nat -F'
        'iptables -t nat -A PREROUTING -i {} -p udp --dport 53 -j REDIRECT --to-ports {}'.format(tor_ap, tor_dns_port)
        'iptables -t nat -A PREROUTING -i {} -p tcp --syn -j REDIRECT --to-ports {}'.format(tor_ap, tor_trans_port)]