CGX_net
The new [WIP] CGX network with transparent Tor gateway using OpenBSD and OpenWrt on a PC Engines apu2c4 and Linksys WRT32X.
If I added an 802.11x card in the apu2 it could function as an AP instead of the WRT32X but the current setup provides for better isolation and lower load on the apu2 to accommodate services such as tor.
Todo
- .onion resolution (nslookup works but TCP connections fail)
Network
Internet (5G modem/router)
|
|
[ Tor network ]
^
|
outbound Tor connections
(9001 / 9030 / 443 etc.)
|
+----------------+
| OpenBSD APU2 |
| "redgate" |
|----------------|
| em0 (WAN): |
| DHCP |
| [outbound *] |
| |
| em1 (LAN): |
| 10.10.10.1 |
| |
| Tor daemon |
| TransPort 9040 |
| DNSPort 5353 |
| SOCKSPort 9050 |
| PF redirect |
| transparent Tor|
+----------------+
^
|
+----------------+
| WRT32X OpenWrt |
| "blackgate" |
|----------------|
| wan (WAN): |
| 10.10.10.2 |
| |
| br-lan (LAN): |
| 192.168.50.1 |
| |
| 802.11* WiFi |
| |
+----------------+
|
-----------------------------------
| |
| |
+----------------+ +------------------+
| LAN clients | | WLAN Clients |
| 192.168.50.0/24| | 192.168.50.0/24 |
|----------------| |-------------------|
| WS/Srvs | | phones/laptops/etc|
| GW 192.168.50.1| | GW 192.168.50.1 |
| DNS 10.10.10.1 | | DNS 10.10.10.1 |
+----------------+ +------------------+
|
|
direct tests from client:
- SOCKS: 10.10.10.1:9050
- transparent TCP via PF -> 9040
- DNS via Tor -> 5353
Redgate
Redgate is a PC Engines APU2 (3-port, 4GB version) connected to the WAN (a 5G router) and provides transparent tor proxying (incl. DNS) on LAN (em1, connected to a Linksys WRT32X running OpenWrt).
Blackgate
Blackgate is a Linksys WRT32X running OpenWrt. It acts as a Wireless AP and switch/router for LAN clients