Transport Plugin OnionPi - Raspberry Pi Forums

so followed instructions adafruit , got onionpi router running. https://learn.adafruit.com/onion-pi/overview there 1 problem, i'm in china , block virtually tor traffic. however, did tor run using meek-amazon transport plugin on ubuntu computer using gui tor browser package.

reading stuff , found can install plugin here https://packages.debian.org/search?keywords=obfs4proxy. have obfs4proxy_0.0.0.4-1_armhf.deb installed on raspberrypi 2.

after reading man tor page found this:

code: select all

clienttransportplugin transport socks4|socks5 ip:port, clienttransportplugin transport exec path-to-binary [options]            in first form, when set along corresponding bridge line, tor client forwards traffic            socks-speaking proxy on "ip:port". it’s duty of proxy forward traffic bridge.             in second form, when set along corresponding bridge line, tor client launches pluggable transport            proxy executable in path-to-binary using options command-line options, , forwards traffic it. it’s            duty of proxy forward traffic bridge.  servertransportplugin transport exec path-to-binary [options]            tor relay launches pluggable transport proxy in path-to-binary using options command-line options, ,            expects receive proxied client traffic it.  servertransportlistenaddr transport ip:port            when option set, tor suggest ip:port listening address of pluggable transport proxy tries            launch transport.

how configure torrc file enable plugin?

here file...

code: select all

## configuration file typical tor user ## last updated 22 april 2012 tor 0.2.3.14-alpha. ## (may or may not work older or newer versions of tor.) ## ## lines begin "## " try explain what's going on. lines ## begin "#" disabled commands: can enable them ## removing "#" symbol. ## ## see 'man tor', or https://www.torproject.org/docs/tor-manual.html, ## more options can use in file. ## ## tor file in various places based on platform: ## https://www.torproject.org/docs/faq#torrc  log notice file /var/log/tor/notices.log virtualaddrnetwork 10.192.0.0/10 automaphostssuffixes .onion,.exit automaphostsonresolve 1 transport 9040 translistenaddress 192.168.42.1 dnsport 53 dnslistenaddress 192.168.42.1   ## tor opens socks proxy on port 9050 default -- if don't ## configure 1 below. set "socksport 0" if plan run tor ## relay, , not make local application connections yourself. #socksport 9050 # default: bind localhost:9050 local connections. #socksport 192.168.0.1:9100 # bind adddress:port too. #socksport 0  ## entry policies allow/deny socks requests based on ip address. ## first entry matches wins. if no sockspolicy set, accept ## (and only) requests reach socksport. untrusted users ## can access socksport may able learn connections ## make. #sockspolicy accept 192.168.0.0/16 #sockspolicy reject *  ## logs go stdout @ level "notice" unless redirected ## else, 1 of below lines. can have many log lines ## want. ## ## advise using "notice" in cases, since more verbose ## may provide sensitive information attacker obtains logs. ## ## send messages of level 'notice' or higher /var/log/tor/notices.log #log notice file /var/log/tor/notices.log ## send every possible message /var/log/tor/debug.log #log debug file /var/log/tor/debug.log ## use system log instead of tor's logfiles #log notice syslog ## send messages stderr: #log debug stderr  ## uncomment start process in background... or use ## --runasdaemon 1 on command line. ignored on windows; ## see faq entry if want tor run nt service. #runasdaemon 1  ## directory keeping keys/etc. default, store ## things in $home/.tor on unix, , in application data\tor on windows. #datadirectory /var/lib/tor  ## port on tor listen local connections tor ## controller applications, documented in control-spec.txt. #controlport 9051 ## if enable controlport, sure enable 1 of these ## authentication methods, prevent attackers accessing it. #hashedcontrolpassword 16:872860b76453a77d60ca2bb8c1a7042072093276a3d701ad684053ec4c #cookieauthentication 1  ############### section location-hidden services ###  ## once have configured hidden service, can @ ## contents of file ".../hidden_service/hostname" address ## tell people. ## ## hiddenserviceport x y:z says redirect requests on port x ## address y:z.  #hiddenservicedir /var/lib/tor/hidden_service/ #hiddenserviceport 80 127.0.0.1:80  #hiddenservicedir /var/lib/tor/other_hidden_service/ #hiddenserviceport 80 127.0.0.1:80 #hiddenserviceport 22 127.0.0.1:22  ################ section relays ##################### # ## see https://www.torproject.org/docs/tor-doc-relay details.  ## required: port advertise incoming tor connections. #orport 443 ## if want listen on port other 1 advertised in ## orport (e.g. advertise 443 bind 9090), can ## follows.  you'll need ipchains or other port forwarding ## make work. #orport 443 nolisten #orport 127.0.0.1:9090 noadvertise  ## ip address or full dns name incoming connections ## relay. leave commented out , tor guess. #address noname.example.com  ## if have multiple network interfaces, can specify 1 ## outgoing traffic use. # outboundbindaddress 10.0.0.5  ## handle relay, people don't have refer key. #nickname ididnteditheconfig  ## define these limit how relayed traffic allow. ## own traffic still unthrottled. note relaybandwidthrate must ## @ least 20 kb. ## note units these config options bytes per second, not bits ## per second, , prefixes binary prefixes, i.e. 2^10, 2^20, etc. #relaybandwidthrate 100 kb  # throttle traffic 100kb/s (800kbps) #relaybandwidthburst 200 kb # allow bursts 200kb/s (1600kbps)  ## use these restrict maximum traffic per day, week, or month. ## note threshold applies separately sent , received bytes, ## not sum: setting "4 gb" may allow 8 gb total before ## hibernating. ## ## set maximum of 4 gigabytes each way per period. #accountingmax 4 gb ## each period starts daily @ midnight (accountingmax per day) #accountingstart day 00:00 ## each period starts on 3rd of month @ 15:00 (accountingmax ## per month) #accountingstart month 3 15:00  ## contact info published in directory, can contact ## if relay misconfigured or else goes wrong. google ## indexes this, spammers might collect it. #contactinfo random person <nobody @ example dot com> ## might include pgp or gpg fingerprint if have one: #contactinfo 0xffffffff random person <nobody @ example dot com>  ## uncomment mirror directory information others. please ## if have enough bandwidth. #dirport 9030 # port advertise directory connections ## if want listen on port other 1 advertised in ## dirport (e.g. advertise 80 bind 9091), can ## follows.  below too. you'll need ipchains or other port ## forwarding make work. #dirport 80 nolisten #dirport 127.0.0.1:9091 noadvertise ## uncomment return arbitrary blob of html on dirport. ## can explain tor if wonders why ip address ## contacting them. see contrib/tor-exit-notice.html in tor's source ## distribution sample. #dirportfrontpage /etc/tor/tor-exit-notice.html  ## uncomment if run more 1 tor relay, , add identity ## key fingerprint of each tor relay control, if they're on ## different networks. declare here tor clients can avoid ## using more 1 of relays in single circuit. see ## https://www.torproject.org/docs/faq#multiplerelays ## however, should never include bridge's fingerprint here, ## break concealability , potentionally reveal ip/tcp address. #myfamily $keyid,$keyid,...  ## comma-separated list of exit policies. they're considered first ## last, , first match wins. if want _replace_ ## default exit policy, end either reject *:* or ## accept *:*. otherwise, you're _augmenting_ (prepending to) ## default exit policy. leave commented use default, ## described in man page or @ ## https://www.torproject.org/documentation.html ## ## @ https://www.torproject.org/faq-abuse.html#typicalabuses ## issues might encounter if use default exit policy. ## ## if ips , ports blocked externally, e.g. firewall, ## should update exit policy reflect -- otherwise tor ## users told destinations down. ## ## security, default tor rejects connections private (local) ## networks, including public ip address. see man page entry ## exitpolicyrejectprivate if want allow "exit enclaving". ## #exitpolicy accept *:6660-6667,reject *:* # allow irc ports no more #exitpolicy accept *:119 # accept nntp default exit policy #exitpolicy reject *:* # no exits allowed  ## bridge relays (or "bridges") tor relays aren't listed in ## main directory. since there no complete public list of them, ## isp filters connections known tor relays ## won't able block bridges. also, websites won't treat ## differently because won't know you're running tor. if can ## real relay, please do; if not, bridge! #bridgerelay 1 ## default, tor advertise bridge users through various ## mechanisms https://bridges.torproject.org/. if want run ## private bridge, example because you'll give out bridge ## address manually friends, uncomment line: #publishserverdescriptor 0

alright, since no 1 here has clue i'll post answer. figured out , work.

make sure have clean install of latest raspbian , install on sdcard. did mine headless can want. ssh mine right away , ran raspi-config. set likings , restart. apt-get remove wolfram , sonic-pi. cleans space , won't need them, unless want them leave them. after that, run update , upgrade, reboot.

it's time follow these instructions here, https://learn.adafruit.com/setting-up-a ... l-software. setup router. when part

code: select all

interface=wlan0 driver=rtl871xdrv ssid=pi_ap hw_mode=g channel=6 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=raspberry wpa_key_mgmt=wpa-psk wpa_pairwise=tkip rsn_pairwise=ccmp

want fix correct driver, left alone , worked. change passphrase , ssid, made mine onionpi since it's you'll doing next.

first, download meek-client here https://github.com/bbs4us/meek-client-pi, can pi or laptop , "scp meek-client pi@192.168.1.x:meek-client" transfer over.

download script don't worry you're not going run it. https://github.com/bbs4us/onion_pi use other pieces of code.

you're doing following these instructions
https://learn.adafruit.com/onion-pi/install-tor you'll add in script downloaded them, example.

want install few programs: "apt-get install -y ntp unattended-upgrades monit tor wget"

in script has move meek-client "mv meek-client /usr/local/bin/meek-client"

want add code in torrc file,

code: select all

## more information: https://github.com/bbs4us/onion_pi/  virtualaddrnetwork 10.192.0.0/10 translistenaddress 192.168.42.1 dnslistenaddress 192.168.42.1  # transparent proxy port transport 9040 # explicit socks port applications. socksport 9050  # have tor run in background runasdaemon 1  # ever run client. not run relay or exit. clientonly  # ensure resolution of .onion , .exit domains happen through tor. automaphostssuffixes .onion,.exit automaphostsonresolve 1  # serve dns responses dnsport 53  # meek bridges usebridges 1 # tor 0.2.4 or earlier, have configure url , front on # command line, , can use 1 url/front combination @ time: bridge meek 0.0.2.0:1 # google blocked in china # clienttransportplugin meek exec ./meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com --log meek-client.log clienttransportplugin meek exec /usr/local/bin/meek-client --url=https://d2zfqthxsdq309.cloudfront.net/ --front=a0.awsstatic.com --log /var/log/tor/meek-client.log  datadirectory /var/lib/tor pidfile /var/run/tor/tor.pid user debian-tor  controlsocket /var/run/tor/control controlsocketsgroupwritable 1  cookieauthentication 1 cookieauthfilegroupreadable 1 cookieauthfile /var/run/tor/control.authcookie log notice file /var/log/tor/notice.log

you'll notice changed log notice file /var/log/tor/log" /notice.log important can view log file find errors , see if works.

after both have , configure monit, blah blah blah... once done should work!

cheers!

raspberrypi