258 lines
10 KiB
Plaintext
258 lines
10 KiB
Plaintext
{% from 'OPNsense/Macros/interface.macro' import physical_interface %}
|
|
##
|
|
## OPNsense autogenerated config file.
|
|
## Don't change it because your changes get lost.
|
|
##
|
|
##
|
|
{% if helpers.exists('OPNsense.tor.general.enabled') and OPNsense.tor.general.enabled == '1' %}
|
|
|
|
SOCKSPort 127.0.0.1:{{ OPNsense.tor.general.socks_listen_port|default('9050') }} # localhost IPv4
|
|
SOCKSPort [::1]:{{ OPNsense.tor.general.socks_listen_port|default('9050') }} # localhost IPv6
|
|
|
|
{% if helpers.exists('OPNsense.tor.general.socks_listen_ip') and OPNsense.tor.general.socks_listen_ip != '' %}
|
|
{% for listen_interface in OPNsense.tor.general.socks_listen_ip.split(',') %}
|
|
{% if helpers.exists('interfaces.'+listen_interface+'.ipaddr') %}
|
|
{% set interface_ip = helpers.getNodeByTag('interfaces.'+listen_interface+'.ipaddr') %}
|
|
{% if '.' in interface_ip %}
|
|
# {{ listen_interface }}: IPv4
|
|
SOCKSPort {{ interface_ip }}:{{ OPNsense.tor.general.socks_listen_port|default('9050') }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if helpers.exists('interfaces.'+listen_interface+'.ipaddrv6') %}
|
|
{% set interface_ip = helpers.getNodeByTag('interfaces.'+listen_interface+'.ipaddrv6') %}
|
|
{% if ':' in interface_ip %}
|
|
# {{ listen_interface }}: IPv6
|
|
SOCKSPort [{{ interface_ip }}]:{{ OPNsense.tor.general.socks_listen_port|default('9050') }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if helpers.exists('virtualip') %}
|
|
{% for intf_item in helpers.toList('virtualip.vip') %}
|
|
{% if intf_item.interface == listen_interface and intf_item.mode in ['carp', 'ipalias'] %}
|
|
{% if intf_item.subnet.find(':') > -1 %}
|
|
# {{ listen_interface }}: IPv6 VIP
|
|
SOCKSPort [{{ intf_item.subnet }}]:{{ OPNsense.tor.general.socks_listen_port|default('9050') }}
|
|
{% else %}
|
|
# {{ listen_interface }}: IPv4 VIP
|
|
SOCKSPort {{ intf_item.subnet }}:{{ OPNsense.tor.general.socks_listen_port|default('9050') }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.aclsockspolicy') %}
|
|
{% if helpers.exists('OPNsense.tor.aclsockspolicy.policy') %}
|
|
{% for policy in helpers.toList('OPNsense.tor.aclsockspolicy.policy') %}
|
|
{% if policy.enabled == '1' %}
|
|
SOCKSPolicy {{ policy.action }}{% if policy.type == 'v6' %}6{% endif %} {{ policy.network }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
SOCKSPolicy reject *
|
|
SOCKSPolicy reject6 *
|
|
|
|
|
|
{% if helpers.exists('OPNsense.tor.general.enablelogfile') and OPNsense.tor.general.enablelogfile == '1' %}
|
|
Log {{ OPNsense.tor.general.logfilelevel }} file /var/log/tor.log
|
|
{% endif %}
|
|
{% if helpers.exists('OPNsense.tor.general.enablesyslog') and OPNsense.tor.general.enablesyslog == '1' %}
|
|
Log {{ OPNsense.tor.general.sysloglevel }} syslog
|
|
{% endif %}
|
|
|
|
|
|
{% if OPNsense.tor.general.scheduler == 'KISTLiteVanilla' %}
|
|
Scheduler KISTLite,Vanilla
|
|
{% endif %}
|
|
{% if OPNsense.tor.general.scheduler == 'Vanilla' %}
|
|
Scheduler Vanilla
|
|
{% endif %}
|
|
{% if OPNsense.tor.general.scheduler == 'KISTLite' %}
|
|
Scheduler KISTLite
|
|
{% endif %}
|
|
{% if OPNsense.tor.general.scheduler == 'VanillaKISTLite' %}
|
|
Scheduler Vanilla,KISTLite
|
|
{% endif %}
|
|
|
|
DataDirectory /var/db/tor
|
|
|
|
{% if helpers.exists('OPNsense.tor.general.control_port') and OPNsense.tor.general.control_port != '' %}
|
|
ControlPort {{ OPNsense.tor.general.control_port }}
|
|
HashedControlPassword {{ OPNsense.tor.general.control_port_password_hashed }}
|
|
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.general.fascist_firewall') and OPNsense.tor.general.fascist_firewall == '1' %}
|
|
FascistFirewall 1
|
|
{% if helpers.exists('OPNsense.tor.general.fascist_firewall_ports') and OPNsense.tor.general.fascist_firewall_ports != '' %}
|
|
FirewallPorts {{ OPNsense.tor.general.fascist_firewall_ports }}
|
|
{% endif %}
|
|
{% else %}
|
|
FascistFirewall 0
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.general.dormant_canceled_by_startup') and OPNsense.tor.general.dormant_canceled_by_startup == '1' %}
|
|
DormantCanceledByStartup 1
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.general.enable_transparent') and OPNsense.tor.general.enable_transparent == '1' %}
|
|
TransPort {{ OPNsense.tor.general.transparent_port }}
|
|
DNSPort {{ OPNsense.tor.general.transparent_dns }}
|
|
VirtualAddrNetwork {{ OPNsense.tor.general.transparent_ip_pool }}
|
|
AutomapHostsOnResolve {{ OPNsense.tor.general.dns_map_hosts }}
|
|
{% endif %}
|
|
|
|
## Client Authentication
|
|
{% if helpers.exists('OPNsense.tor.general.client_authentications.client_auth') %}
|
|
{% for service in helpers.toList('OPNsense.tor.general.client_authentications.client_auth') %}
|
|
{% if service.enabled == '1' %}
|
|
HidServAuth {{ service.onion_service }} {{ service.auth_cookie }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.general.max_memory_in_queues') and OPNsense.tor.general.max_memory_in_queues != '' %}
|
|
MaxMemInQueues {{ OPNsense.tor.general.max_memory_in_queues }} MB
|
|
{% endif %}
|
|
|
|
HardwareAccel 1
|
|
|
|
{% if helpers.exists('OPNsense.tor.hiddenservice') and helpers.exists('OPNsense.tor.hiddenserviceacl') and helpers.exists('OPNsense.tor.hiddenserviceacl.hiddenserviceacl') %}
|
|
|
|
############### This section is just for location-hidden services ###
|
|
|
|
## Once you have configured a hidden service, you can look at the
|
|
## contents of the file ".../hidden_service/hostname" for the address
|
|
## to tell people.
|
|
|
|
{% if helpers.exists('OPNsense.tor.hiddenservice.service') %}
|
|
{% for service in helpers.toList('OPNsense.tor.hiddenservice.service') %}
|
|
HiddenServiceDir /var/db/tor/{{ service.name }}/
|
|
{% if (service.clients is defined) and service.clients %}
|
|
HiddenServiceAuthorizeClient {{ service.type }} {{ service.clients }}
|
|
{% endif %}
|
|
{% for acl in helpers.toList('OPNsense.tor.hiddenserviceacl.hiddenserviceacl') %}
|
|
{% if helpers.getUUID(acl.hiddenservice).name == service.name %}
|
|
HiddenServicePort {{ acl.port}} {{ acl.target_host }}:{{ acl.target_port }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.enabled') and OPNsense.tor.relay.enabled == '1' %}
|
|
ORPort {% if helpers.exists('OPNsense.tor.relay.host') and OPNsense.tor.relay.host != '' %}{{ OPNsense.tor.relay.host }}:{% endif%}{{ OPNsense.tor.relay.port|default('9001') }}
|
|
{% if helpers.exists('OPNsense.tor.relay.hostv6') and OPNsense.tor.relay.hostv6 != '' %}
|
|
ORPort [{{ OPNsense.tor.relay.hostv6 }}]:{{ OPNsense.tor.relay.port|default('9001') }}
|
|
{% endif%}
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.address') and OPNsense.tor.relay.address != '' %}
|
|
Address {{ OPNsense.tor.relay.address }}
|
|
{% endif %}
|
|
|
|
## If you have multiple network interfaces, you can specify one for
|
|
## outgoing traffic to use.
|
|
## OutboundBindAddressExit will be used for all exit traffic, while
|
|
## OutboundBindAddressOR will be used for all other connections.
|
|
## If you do not wish to differentiate, use OutboundBindAddress to
|
|
## specify the same address for both in a single line.
|
|
#OutboundBindAddressExit 10.0.0.4
|
|
#OutboundBindAddressOR 10.0.0.5
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.outboundbind') and OPNsense.tor.relay.outboundbind != '' %}
|
|
OutboundBindAddress {{ OPNsense.tor.relay.outboundbind }}
|
|
{% endif %}
|
|
{% if helpers.exists('OPNsense.tor.relay.outboundbindv6') and OPNsense.tor.relay.outboundbindv6 != '' %}
|
|
OutboundBindAddress {{ OPNsense.tor.relay.outboundbindv6 }}
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.nick') and OPNsense.tor.relay.nick != '' %}
|
|
Nickname {{ OPNsense.tor.relay.nick }}
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.contact_info') and OPNsense.tor.relay.contact_info != '' %}
|
|
ContactInfo {{ OPNsense.tor.relay.contact_info }}
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.bandwithrate') and OPNsense.tor.relay.bandwithrate != '' %}
|
|
RelayBandwidthRate {{ OPNsense.tor.relay.bandwithrate }} KBytes
|
|
{% endif %}
|
|
{% if helpers.exists('OPNsense.tor.relay.bandwithburst') and OPNsense.tor.relay.bandwithburst != '' %}
|
|
RelayBandwidthBurst {{ OPNsense.tor.relay.bandwithburst }} KBytes
|
|
{% endif %}
|
|
|
|
## Use these to restrict the maximum traffic per day, week, or month.
|
|
## Note that this threshold applies separately to sent and received bytes,
|
|
## not to their sum: setting "40 GB" may allow up to 80 GB total before
|
|
## hibernating.
|
|
##
|
|
## Set a maximum of 40 gigabytes each way per period.
|
|
#AccountingMax 40 GBytes
|
|
## Each period starts daily at midnight (AccountingMax is per day)
|
|
#AccountingStart day 00:00
|
|
## Each period starts on the 3rd of the month at 15:00 (AccountingMax
|
|
## is per month)
|
|
#AccountingStart month 3 15:00
|
|
|
|
#ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.directory_port') and OPNsense.tor.relay.directory_port != '' %}
|
|
DirPort {% if helpers.exists('OPNsense.tor.relay.host') and OPNsense.tor.relay.host != '' %}{{ OPNsense.tor.relay.host }}:{% endif%}{{ OPNsense.tor.relay.directory_port }}
|
|
{% endif %}
|
|
|
|
## Return an arbitrary blob of html on your DirPort. Now you
|
|
## can explain what Tor is if anybody wonders why your IP address is
|
|
## contacting them. See contrib/tor-exit-notice.html in Tor's source
|
|
## distribution for a sample.
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.dir_frontpage') and OPNsense.tor.relay.dir_frontpage == '1' %}
|
|
DirPortFrontPage /usr/local/etc/tor/exit-notice.html
|
|
{% endif %}
|
|
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.exitenabled') %}
|
|
ExitRelay {{ OPNsense.tor.relay.exitenabled }}
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.exitipv6') %}
|
|
IPv6Exit {{ OPNsense.tor.relay.exitipv6 }}
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.exitrejectprivateip') %}
|
|
ExitPolicyRejectPrivate {{ OPNsense.tor.relay.exitrejectprivateip }}
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.relay.exitrejectlocalif') %}
|
|
ExitPolicyRejectLocalInterfaces {{ OPNsense.tor.relay.exitrejectlocalif }}
|
|
{% endif %}
|
|
|
|
{% if helpers.exists('OPNsense.tor.exitpolicy') %}
|
|
{% if helpers.exists('OPNsense.tor.exitpolicy.policy') %}
|
|
# exit node policy
|
|
|
|
{% for policy in helpers.toList('OPNsense.tor.exitpolicy.policy') %}
|
|
{% if policy.enabled == '1' %}
|
|
ExitPolicy {{ policy.action }} {% if policy.network == 'any' %}*{% if 'v' in policy.type %}{{ policy.type|replace('v','') }}{% endif%}{% else
|
|
%}{{ policy.network }}{% endif
|
|
%}{% if 'startport' in policy %}:{{ policy.startport
|
|
}}{% if 'endport' in policy %}-{{ policy.endport }}{% endif
|
|
%}{% endif %}
|
|
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
# default: don't pass anything
|
|
ExitPolicy reject *:*
|
|
ExitPolicy reject6 *:*
|
|
|
|
|
|
BridgeRelay {{ OPNsense.tor.relay.relay|default('1') }}
|
|
PublishServerDescriptor {{ OPNsense.tor.relay.publish|default('0') }}
|
|
{% endif %}
|
|
|
|
{% endif %}
|