From b82e907a82a581817dc7acd179c22128a5d0052e Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Fri, 20 Oct 2017 19:04:08 +0000 Subject: [PATCH] security/tor: version 1.1 adds VIPs and fixes setup.sh usage PR: https://forum.opnsense.org/index.php?topic=6207.0 PR: https://forum.opnsense.org/index.php?topic=6208.0 (cherry picked from commit 463dd0b21a3d7943dfe64961433d02fe38f7b1d3) (cherry picked from commit 19043bb281c92e90e220d60c83f99cadd8da34ca) (cherry picked from commit e8d46fa119888280526c1e517726c2c5f6dee589) --- security/tor/Makefile | 2 +- .../src/opnsense/{service => }/scripts/tor/gen_key | 0 .../{service => }/scripts/tor/get_hostnames | 0 .../scripts/tor/make_hidden_service_dirs.php | 0 .../src/opnsense/{service => }/scripts/tor/setup.sh | 4 ++-- .../{service => }/scripts/tor/tor_helper.php | 0 .../service/conf/actions.d/actions_tor.conf | 4 ++-- .../src/opnsense/service/templates/OPNsense/Tor/tor | 2 +- .../opnsense/service/templates/OPNsense/Tor/torrc | 13 +++++++++++++ 9 files changed, 19 insertions(+), 6 deletions(-) rename security/tor/src/opnsense/{service => }/scripts/tor/gen_key (100%) rename security/tor/src/opnsense/{service => }/scripts/tor/get_hostnames (100%) rename security/tor/src/opnsense/{service => }/scripts/tor/make_hidden_service_dirs.php (100%) rename security/tor/src/opnsense/{service => }/scripts/tor/setup.sh (76%) rename security/tor/src/opnsense/{service => }/scripts/tor/tor_helper.php (100%) diff --git a/security/tor/Makefile b/security/tor/Makefile index 87dc3437d..6d938aa2e 100644 --- a/security/tor/Makefile +++ b/security/tor/Makefile @@ -1,5 +1,5 @@ PLUGIN_NAME= tor -PLUGIN_VERSION= 1.0 +PLUGIN_VERSION= 1.1 PLUGIN_COMMENT= The Onion Router PLUGIN_DEPENDS= tor PLUGIN_MAINTAINER= franz.fabian.94@gmail.com diff --git a/security/tor/src/opnsense/service/scripts/tor/gen_key b/security/tor/src/opnsense/scripts/tor/gen_key similarity index 100% rename from security/tor/src/opnsense/service/scripts/tor/gen_key rename to security/tor/src/opnsense/scripts/tor/gen_key diff --git a/security/tor/src/opnsense/service/scripts/tor/get_hostnames b/security/tor/src/opnsense/scripts/tor/get_hostnames similarity index 100% rename from security/tor/src/opnsense/service/scripts/tor/get_hostnames rename to security/tor/src/opnsense/scripts/tor/get_hostnames diff --git a/security/tor/src/opnsense/service/scripts/tor/make_hidden_service_dirs.php b/security/tor/src/opnsense/scripts/tor/make_hidden_service_dirs.php similarity index 100% rename from security/tor/src/opnsense/service/scripts/tor/make_hidden_service_dirs.php rename to security/tor/src/opnsense/scripts/tor/make_hidden_service_dirs.php diff --git a/security/tor/src/opnsense/service/scripts/tor/setup.sh b/security/tor/src/opnsense/scripts/tor/setup.sh similarity index 76% rename from security/tor/src/opnsense/service/scripts/tor/setup.sh rename to security/tor/src/opnsense/scripts/tor/setup.sh index 5c71d2b37..3e1b78e51 100755 --- a/security/tor/src/opnsense/service/scripts/tor/setup.sh +++ b/security/tor/src/opnsense/scripts/tor/setup.sh @@ -12,8 +12,8 @@ chown _tor:_tor /var/log/tor.log chown _tor:_tor /var/run/tor -# create hidden service dirs: -/usr/local/opnsense/service/scripts/tor/make_hidden_service_dirs.php +# create Onion service dirs: +/usr/local/opnsense/scripts/tor/make_hidden_service_dirs.php # required to access the pf device for nat /usr/sbin/pw groupmod proxy -m _tor diff --git a/security/tor/src/opnsense/service/scripts/tor/tor_helper.php b/security/tor/src/opnsense/scripts/tor/tor_helper.php similarity index 100% rename from security/tor/src/opnsense/service/scripts/tor/tor_helper.php rename to security/tor/src/opnsense/scripts/tor/tor_helper.php diff --git a/security/tor/src/opnsense/service/conf/actions.d/actions_tor.conf b/security/tor/src/opnsense/service/conf/actions.d/actions_tor.conf index bb9387df6..4b7e8c781 100644 --- a/security/tor/src/opnsense/service/conf/actions.d/actions_tor.conf +++ b/security/tor/src/opnsense/service/conf/actions.d/actions_tor.conf @@ -23,13 +23,13 @@ type:script_output message:request tor status [genkey] -command:/usr/local/opnsense/service/scripts/tor/gen_key +command:/usr/local/opnsense/scripts/tor/gen_key parameters: type:script_output message:generate Tor control key [gethostnames] -command:/usr/local/opnsense/service/scripts/tor/get_hostnames +command:/usr/local/opnsense/scripts/tor/get_hostnames parameters: type:script_output message:query hostnames of hidden services diff --git a/security/tor/src/opnsense/service/templates/OPNsense/Tor/tor b/security/tor/src/opnsense/service/templates/OPNsense/Tor/tor index a9d9b84b2..40f2137ca 100644 --- a/security/tor/src/opnsense/service/templates/OPNsense/Tor/tor +++ b/security/tor/src/opnsense/service/templates/OPNsense/Tor/tor @@ -1,6 +1,6 @@ {% if helpers.exists('OPNsense.tor.general.enabled') and OPNsense.tor.general.enabled == '1' %} tor_enable="YES" -tor_opnsense_bootup_run="/usr/local/opnsense/service/scripts/tor/setup.sh" +tor_opnsense_bootup_run="/usr/local/opnsense/scripts/tor/setup.sh" {% else %} tor_enable="NO" {% endif %} diff --git a/security/tor/src/opnsense/service/templates/OPNsense/Tor/torrc b/security/tor/src/opnsense/service/templates/OPNsense/Tor/torrc index 6e55f4c6d..5e71ad7db 100644 --- a/security/tor/src/opnsense/service/templates/OPNsense/Tor/torrc +++ b/security/tor/src/opnsense/service/templates/OPNsense/Tor/torrc @@ -25,6 +25,19 @@ SOCKSPort {{ interface_ip }}:{{ OPNsense.tor.general.socks_listen_port|default(' SOCKSPort [{{ interface_ip }}]:{{ OPNsense.tor.general.socks_listen_port|default('9050') }} {% endif %} {% endif %} +{% if helpers.exists('virtualip') %} +{% for intf_item in helpers.toList('virtualip.vip') %} +{% if intf_item.interface == listen_interface and intf_item.type == 'single' %} +{% if intf_item.subnet.find(':') > -1 %} +# {{ listen_interface }}: IPv6 VIP +SOCKSPort [{{ intf_item.subnet }}]:{{ OPNsense.tor.general.socks_listen_port|default('9050') }} +{% else %} +# {{ listen_interface }}: IPv4 VIP +SOCKSPort {{ intf_item.subnet }}:{{ OPNsense.tor.general.socks_listen_port|default('9050') }} +{% endif %} +{% endif %} +{% endfor %} +{% endif %} {% endfor %} {% endif %}