def install_tor(image):
image.mount_chroot()
sources_list = [
'deb http://deb.torproject.org/torproject.org jessie main',
'deb-src http://deb.torproject.org/torproject.org jessie main']
raspseed.write_file(
sources_list, image.mountpoint+'/etc/apt/sources.list',
append=True, uniqueonly=True)
chroot_env = {
'LANG':'C',
'DEBIAN_FRONTEND':'noninteractive'}
chroot_cmds = [
'gpg --keyserver keys.gnupg.net --recv 886DDD89',
'gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -',
'apt-get update',
'apt-get -y install tor deb.torproject.org-keyring tor-geoipdb']
raspseed.sh(chroot_cmds, env=chroot_env, chroot=image.mountpoint, chroot_disable_daemons=True)
def route_thru_tor(image, wan_if, tor_ap):
image.mount_chroot()
# TODO: we overwrite sysctl.conf and torrc below, because by default they are only comments
# might be worth writing a function that grabs any non-comment lines and rewrites the file, though,
# in case that changes in the future
torrc = [
'VirtualAddrNetworkIPv4 {}/{}'.format(tor_virt_addr, tor_virt_cidr),
'AutomapHostsOnResolve 1',
'TransPort {}:{}'.format(tor_wap_addr, tor_trans_port),
'DNSPort {}:{}'.format(tor_wap_addr, tor_dns_port)]
raspseed.write_file(torrc, image.mountpoint+'/etc/tor/torrc', append=False)
# I need to run these iptables commands on every boot
# I think you can add a post-up script to the interface in /etc/network/interfaces ?
# I'm not sure if I need to enable ipv4 forwarding in sysctl or not, but I don't think so?
# TODO: make sure it fails closed: if the script fails for some reason, there should be no internet access.
iptables_cmds = [
'iptables -F'
'iptables -t nat -F'
'iptables -t nat -A PREROUTING -i {} -p udp --dport 53 -j REDIRECT --to-ports {}'.format(tor_ap, tor_dns_port)
'iptables -t nat -A PREROUTING -i {} -p tcp --syn -j REDIRECT --to-ports {}'.format(tor_ap, tor_trans_port)]