Hi, I have an OpenWrt router and an IP address that is a normal IP address.
Given how much oppression there is, I’d like to find some way to allow anyone to use this IP address to connect to Tor.
I would prefer to do this using a programming running on the OpenWrt router (which doesn’t run a VPN and has a good processer).
Is there a way for me to create a snowflake “node” that just constantly runs and connects people to Tor so they can experience the wonders of the Internet?
Also, would there be any legal concerns if someone connects to Tor and does something bad or if they are in a country that doesn’t like Tor or would Snowflake protect me?
I do not have a regular cell that I can run for the same purpose, and this connection could also accommodate quite a few people.
Would there be a risk of being hacked if I do this?
You can run an exit node on openwrt: https://openwrt.org/docs/guide-user/services/tor/extras
Depending on your country’s laws, you may be on the hook for any content that is accessed via your network. So all the child porn, extremist content etc, thats all possibly on you.
Hacking risk is minimal, but every additional service you run on your router increases its attack surface.
this is dangerous, and I’m pretty sure it’s not what they wanted
I dont disagree on the danger, but what did you think they wanted?
a wifi access point that routes all traffic through Tor.
I’m aware that Tor is not exactly made for that, but rather to work as a proxy (which could work for devices that account for proxy autoconfiguration), its not unheard of
That also makes sense. Wouldnt that potentially risk the users de-anonymising themselves (and OP)? They wouldnt be protected by the tor browser protections, so a site could request location etc.
Standard VPN is probably a better tool.
For OP: Routing all traffic through a VPN isnt too hard, you can just add the VPN client and then route traffic through the interface. You can do it all from Luci. If you want more info, I can share how I did it with wireguard.
well the given permissions should be vetted, but even then, considering all the traffic that suddenly and collectively comes from a different IP, maybe that could still deanonymize users.
but, the point was censorship circumvention, not anonymity, so if the user considers the risks it could still be useful
yeah but that could be easier to block. and often the provider requires you to have their app which will do who knows what.
and actually it’s easier. like you just create a tunnel, which gets its own network interface, and you set that network interface up as if it was your actual internet connection. I’m pretty sure there’s a package that adds the web gui menus for the first part.
but, OP should also look up V2Ray and other proxying tech to be able to do something in case things become worse.