wiki:doc/Torouter

Codename: Torouter

Torouter is the codename for a hardware project to provide an easy to set up Tor bridge or relay. It could also act as an optional wireless access point with all traffic transparently routed through Tor. The end goal is to have an easy to use system that is a bridge or relay by default, functions as your Internet router, and is around $120 or another hopefully reasonable price point.

There have been two approaches, taken by different groups, to implementing something called a torouter. One group, including some Tor Project developers, has built upon the debian linux distribution running on plug-computer-style hardware devices. At some future time the Tor Project might help organize the distribution of such dedicated devices specifically for use as Tor network nodes. Another group has built upon the existing OpenWRT Linux firmware, primarily targeting widely available consumer-grade routers with limited computing resources; there is a separate page documenting the OpenWRT efforts. See also this March 2012 tor-dev mailing list post describing the two approaches.

Status

The Torouter project is alpha software. It has received some press but it is far from a well tested project. It is highly experimental and while seemingly functional, we have lots of bugs to iron out and features to implement. Please consider helping - we're open about our development process and we'd love for you to jump in and hack; there's a lot to do!

Please see the current proposed road map for the group targeting the DreamPlug plug-computer hardware.

The OpenWRT effort has a separate page.

Goals

In general: demonstrate, document, and streamline mechanisms for individuals with always-on internet connections to participate in and support both the Tor onion routing network and Tor Project initiatives.

Specifically:

  1. Provide an accessible mechanism for friendly non-expert "general internet users" to opt-in and participate in the Tor network as a bridge with minimal effort.
  1. Provide an accessible mechanism to *informed and committed* individuals to opt-in and and participate as a middle relay or an exit relay.
  1. Provide a generic mechanism for publishing HTTP content via a Tor hidden service.
  1. Provide a platform from which to potentially run OONI (Open Observatory of Network Interference) node software.

Additionally, implement a transparently Tor-ifying always-on network gateway to experimentally provide (limited) onion routing benefits to downstream devices. This last goal is controversial, and the serious scenarios where this would be useful seem very limited (devices must highly trust the gateway, the local network could be malicious and/or monitored, etc). Some speculative use cases:

  • Creating demonstration/outreach networks
  • Accessing hidden services with no concern for client-end anonymity
  • Publicly sharing wireless internet access with less chance of being accountable for the actions of guests (perhaps not legally advisable)
  • For a single operator in control of the entire local network, and having properly "anonymized" all downstream software to not leak identifying information, could have usability improvements for mobile devices which would not need to re-initialize connectivity to the onion network.

Getting Started

/These directions are likely obsolete/

If you have acquired DreamPlug hardware, you'll probably just want to install the current Torouter set of packages. Look at our Torouter git repo and specifically at the instructions for making a bootable DreamPlug USB disk .

Hardware

We have three main prototype ideas: Debian ARM on the Excito NAS device, Debian ARM on the DreamPlug plug computer, and OpenWRT on an embedded MIPS devices. Please see the respective project page to understand the status of each.

There is strong interest in using a headless variant of the Novena open hardware laptop board as a hardware platform.

A few other hardware platforms were previously under investigation, such as Ubiquiti Networks equipment.

Assigned Tickets to this project

Ticket Summary Status Priority Keywords Owner
#3664 Tor web interface for the DreamPlug accepted normal ficus
#6686 torouter IPv6 support accepted minor ficus
#6687 torouter dreamplug update to debian wheezy and 3.2 kernel accepted minor ficus
#2269 Hardware Router: 20 test relays/bridges assigned normal ioerror
#2334 Torouter on Buffalo breaks with large cached-descriptors[.new] files closed normal ioerror
#2370 Torouter basic Web UI for OpenWRT closed normal openwrt, torouter ioerror
#2376 Torouter on OpenWRT shouldn't have its data directory in /tmp/ closed normal ioerror
#2594 Excito needs a web interface to easily install and configure Tor closed normal torouter interface usability UI web ioerror
#2791 Web interface for an Excito B3 version of the Torouter closed normal SponsorE20120315 runa
#2969 I need a build machine closed normal weasel
#2976 Package the libnatpmp and miniupnpc libraries for OpenWrt closed normal ioerror
#2977 Benchmark mode for Tor closed normal ioerror
#3374 Torouter OS and configuration closed normal runa
#3401 Script to install and configure Debian on the Torouter closed normal runa
#3477 A plan to understand specific features for the "Feature complete alpha-test prototype" closed normal ioerror
#3478 A general support plan for the Torouter closed normal ioerror
#3479 A specific feedback plan and process for Torouter closed normal ioerror
#3480 Remote access to admin the Torouter closed normal ioerror
#3481 A rate limited config Tor bridge or relay for Torouter closed normal ioerror
#3482 At least two weeks of actual Tor network testing closed normal ioerror
#3484 Alpha-test Tor upgrade and security maintance plan closed normal ioerror
#3485 Alpha-test OS upgrade and security maintance plan for Torouter closed normal ioerror
#3486 Alpha-test plan to select testers for Torouter closed normal ioerror
#3645 Make Torouter mailing list closed normal phobos
#3646 Survey Torouter users closed normal SponsorE20120315 runa
#3647 Torouter metapackage for Debian closed blocker ioerror
#3840 Duplicate mark_for_close when running server with bufferevents closed normal ioerror
#4376 Tor crashes about 5 times per hour since version 0.2.2.34 closed normal ioerror
#6859 Bridge-by-default image for the Raspberry Pi closed normal SponsorZ runa
#3629 Arm/Tor Deb Torrc Configuration needs_review normal ioerror
#2596 Figure out a better name than "torouter" new normal naming, marketing ioerror
#3378 Tor 0.2.3.x and tor-fw-helper new normal ioerror
#3447 Torouter kernel new normal torouter ioerror
#3453 Torouter desires and features new normal torouter tor-fw-helper upnp natpmp debian ioerror
#3483 Alpha-test shipping support plan for Torouter new normal ioerror
#3487 Alpha-test plan to collect feedback from all testers for Torouter new normal ioerror
#3488 A plan to discuss feedback and to iterate for the Beta-test run new normal ioerror
#3489 Hardware flashed running Alpha-test firmware new normal ioerror
#3490 Understand successes and failures of Alpha-test Torouter new normal ioerror
#3491 Iterate and improve Torouter for Beta-test new normal ioerror
#3492 A plan to select Beta-testers new normal ioerror
#3493 Hardware flashed running Beta-test firmware new normal ioerror
#3494 A plan to collect feedback from all Beta-testers new normal ioerror
#3495 A plan to discuss feedback and to iterate for the Beta-test new normal ioerror
#3854 Summary of outstanding things with Torouter new blocker ioerror
#6588 torouter should attempt to screw with timing analysis new normal ioerror
#6684 PGP key included in torouter_easy_setup.sh expired new critical ioerror
#6685 torouter dreamplug sources.list for deb.torproject.org seems out of date new major ioerror
#6824 Torrouter Update Mechanism new normal ioerror
#6981 changes to recommended DreamPlug torouter boot configuration new normal ioerror
#7576 Debian Live build tool for torouter new normal torouter ioerror
#3790 Debian package for torouter-tui is broken reopened blocker ioerror

Acknowledgements

This document is based off of work with AccessLabs, the University of Washington Security and Privacy Research Lab with suggestions borrowed from the OpenWRT forum and other documents about transparent Tor networking.

Last modified 15 months ago Last modified on Jan 10, 2013 11:46:56 PM