Hi everybody,
I use your guide for install TOR on my NEXX WT3020 on this site,  I install OpnWrt without problem but when I do the command:

wget -qO - h t t p : //onionwrt.us.to/install | sh -

on SSH the system reply me

wget: can't connect to remote host (2.139.236.123):
Connection refused

what can I do for install TOR?
thanks a lot for your work
spider81man

If you own the 8MB ROM version of the NEXX WT3020, then just build your own image with TOR inside. Its done in about 5minutes and then just wait until your image including tor is build.

https://wiki.openwrt.org/doc/howto/build

Otherwise you can use the package system to install it. Recent version of tor inside lede/openwrt is 0.3.1.9:
https://git.lede-project.org/?p=feed/pa … 8679dd402f

(Last edited by xicoyihl on 10 Jan 2018, 18:15)

Hi thanks for tour reply,
i just install OpenWRT on the router, cause before has a chinise OS, but I can't install TOR like this guide

h t t p : //w w w .securityskeptic. c o m /2016/01/how-to-turn-a-nexx-wt3020-router-into-a-tor-router.html

I connect to the router and install openwrt with this command

wget h t t p : //downloads.openwrt.org/chaos_calmer/15.05/ramips/mt7620/openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin

So for u I must re install open WRT?
Thanks

openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin This is completely outdated and unsuported old software.

This is the recent version:
https://downloads.openwrt.org/releases/ … pgrade.bin

After you installed it, you should be able to install the packages.
I still recommend you to build your own recent image with the build howto i linked above.

(Last edited by xicoyihl on 10 Jan 2018, 18:15)

Hi,
I must do, on SSH

wget htt p s://downloads.openwrt.org/releases/17.01.4/targets/ramips/mt7620/lede-17.01.4-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin

and after the reboot I've the last version of OpenWrt and AFTER I can install tor by packeages?

After the download you have the image on the device in the directory you was when pressing enter. You have to install it then to use it.

But why are you not using luci for update? Have you not installed luci on your now running software on your router? The non-developer users use typically luci for updating their devices.

I just use the guide of the site linked before.
So for u now I do this

wget htt p s://downloads.openwrt.org/releases/17.01.4/targets/ramips/mt7620/lede-17.01.4-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin

And I reinstall OpenWrt but after what I must do for use tor on this device?

I cant open your link because it does not load securely.

https://www.securityskeptic.com/2016/01 … outer.html    <- This is not working.

I have no idea what stand in this website. I dont use unencrypted http traffic for years. I can recommend you to do same and disable unencrypted traffic in your browser by using https://addons.mozilla.org/de/firefox/a … verywhere/ with option "block all unencrypted requests" enabled.

This site domain name is "securityskeptic" and it does not support secure connections. Sounds like a scam for me. I wont recommend using anything from such website.

(Last edited by xicoyihl on 10 Jan 2018, 18:18)

I can open the link http://www.securityskeptic.com/2016/01/ … outer.html try now

After I download the package I must do

mtd_write -r write /lede-17.01.4-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin

?????

(Last edited by spider81man on 10 Jan 2018, 19:27)

Your link is missing the s. Its insecure http like you posted it. It is not normal https. I dont allow my ISP to run MITM attacks so i dont care about unencrypted traffic.
Why did you not enable in the https-everywhere addon from the EFF "block all unencrypted requests" like i told you? You would see then the broken security of the website.

I dont know why you would like to use mtd_write command. I asked you about luci but you did not answer. If you for some reason want to use the command line, then read the official description:
https://wiki.openwrt.org/doc/techref/sysupgrade
https://wiki.openwrt.org/doc/howto/gene … _procedure

i don't use it cause I did not know it existed After I intall it what Imust do for use torrent on router?

u can't open i send here the guide :

You must purchase a NEXX model that has 8 MB RAM. The simplest installation choice for me was to power the WT3020 through a laptop USB, connect the laptop to the WT3020 LAN port using Ethernet, and to connect WT3020 WAN port to my switch/firewall. To do as I did, open a browser window and connect to the NEXX Web interface at http://192.168.8.1 and configure for Internet connectivity using the Home and Work option. (Note: I had limited success using the WiFi repeater alternative. My Internet connection kept dropping.)

Important. I am not aware of any efforts to confirm that the router hasn't been back-doored. If you know, please share. I've elected to use it but use with eyes wide open.

Install openWRT
Once you have an Internet connection, telnet to the WT3020 at 192.168.8.1 using the default Nexx account credentials I show here. I've copied the commands I used and the output from the scripts below:

$ telnet 192.168.8.1
Trying 192.168.8.1...
Connected to 192.168.8.1.
Escape character is '^]'.

(none) login: nexxadmin
Password: y1n2inc.com0755

BusyBox v1.12.1 (2015-02-05 18:04:51 HKT) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# cd /tmp
# wget http://downloads.openwrt.org/chaos_calm … penwrt-15.
05-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin
Connecting to downloads.openwrt.org (78.24.191.177:80)
openwrt-15.05-ramips 100% |*******************************| 3328k 00:00:00 ETA
# mtd_write -r write openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin mtd3
Unlocking mtd3 ...
Writing from openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin to mtd3 ... [e]
#reboot
Warning. Your Nexx may force close telnet. Don't panic. Reboot via a power cycle.

At this point, you should be running the openWRT software. Note that openWRT assigns the IP address 192.168.1.1 to the internal LAN port. This is different from what NEXX assigns. If you're still able to connect to 192.168.8.1, something went awry: lather, rinse, repeat.

Install OnionWRT
Telnet to openWRT and change the root password:

$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to openwrt.lan.
Escape character is '^]'.
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------

BusyBox v1.23.2 (2015-07-25 03:03:02 CEST) built-in shell (ash)

-----------------------------------------------------
CHAOS CALMER (15.05, r46767)
-----------------------------------------------------
* 1 1/2 oz Gin Shake with a glassful
* 1/4 oz Triple Sec of broken ice and pour
* 3/4 oz Lime Juice unstrained into a goblet.
* 1 1/2 oz Orange Juice
* 1 tsp. Grenadine Syrup
-----------------------------------------------------
root@OpenWrt:/# passwd
Changing password for root
New password:
Retype password:
Password for root changed by root
root@OpenWrt:/#
At this point openWRT blocks telnet. You can configure SSH if you haven't logged out (TL;DR and logged out? openWRT warned you... learn to read). You can also use the web interface, LuCI.

Configure your Internet connection via LuCI. Take a moment to admire how superior this interface is compared to the original software.

You'll want to install the OnionWRT software. Kudos to Paolo's students, who posted a link to a working script at http://www.hwupgrade.it/forum/archive/i … 92919.html

The page is in Italian but simply search for "onionwrt", use Google translate, or learn Italian:-)

At your root prompt enter the following wget command. I've again illustrated the script output below:

root@OpenWrt:/# wget -qO - http://onionwrt.us.to/install | sh -
Installing tor (0.2.5.12-1) to root...
Downloading http://downloads.openwrt.org/chaos_calm … 24kec.ipk.
Installing libevent2 (2.0.22-1) to root...
Downloading http://downloads.openwrt.org/chaos_calm … 24kec.ipk.
Installing libopenssl (1.0.2e-1) to root...
Downloading http://downloads.openwrt.org/chaos_calm … 24kec.ipk.
Installing zlib (1.2.8-1) to root...
Downloading http://downloads.openwrt.org/chaos_calm … 24kec.ipk.
Installing libpthread (0.9.33.2-1) to root...
Downloading http://downloads.openwrt.org/chaos_calm … 24kec.ipk.
Installing librt (0.9.33.2-1) to root...
Downloading http://downloads.openwrt.org/chaos_calm … 24kec.ipk.
Configuring libpthread.
Configuring libevent2.
Configuring librt.
Configuring zlib.
Configuring libopenssl.
Configuring tor.
Warning: Unable to locate ipset utility, disabling ipset support
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv4 raw table
* Flushing IPv6 filter table
* Flushing IPv6 mangle table
* Flushing IPv6 raw table
* Flushing conntrack table ...
Warning: Unable to locate ipset utility, disabling ipset support
* Populating IPv4 filter table
* Zone 'lan'
* Zone 'wan'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule #7
* Rule #8
* Forward 'lan' -> 'wan'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 raw table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 filter table
* Zone 'lan'
* Zone 'wan'
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule #7
* Rule #8
* Forward 'lan' -> 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 raw table
* Zone 'lan'
* Zone 'wan'
* Flushing conntrack table ...
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
root@OpenWrt:/#
You're done. Confirm that you're on the Tor network by visiting https://check.torproject.org/

UsesTOR

I take no credit for any of the brilliance here. I have really smart friends.

I will also take no abuse for broken external links, but if you find one on this page, contact me.

wget -qO - http://onionwrt.us.to/install | sh -

This would download a script from the website and immediately execute it on your router, but the machine at onionwrt.us.to is now broken, it has no http server.  Thus this happens:

wget: can't connect to remote host (2.139.236.123):
Connection refused 

That's probably good, you should not run some unknown script on your router.  Again, that "wget | sh" command would give whatever script is on the website (or, since it is not a secure connection, a man in the middle) complete root access to your router.  It could do anything, such as installing malware or probing / hacking machines on your LAN.

Find some instructions that do not involve the 'onionwrt' site.  It is not working.  And a bad idea in the first place.

(Last edited by mk24 on 11 Jan 2018, 01:23)

Ok I understand now I use the commanda sysupgrade -v ede-17.01.4-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin for upgrade the firmware but after what I must do for install TOR? I want all the traffic from this router is under TOR, it's possible??

Install OpenWrt
Connect router to the Internet
ssh to router command line
opkg update
opkg install tor
opkg install nano (nano is a file editor much easier to use than vi)
Google "tor on openwrt" and find for example this:
https://medium.com/openwrt-iot/lede-ope … bc2828d71a
Make sure it is a guide for a recent version.  In general these guides will have you:
* Create a new network for your tor'd traffic, separate from the router's LAN
* Create a wifi AP linked to this network so you can use it
* Create a firewall zone to forward traffic out of the tor'd network to tor client
* Configure /etc/tor/torrc and start the tor program

(Last edited by mk24 on 11 Jan 2018, 21:19)