Ra(s)ptor

Time to start another project

After monthes of waiting my RaspberryPi eventually arrived.

So it’s time to start another project. Beside some other ideas (I directly ordered another one) I’d like to use this device to donate some of the bandwidth of our internet connection to the TOR network (https://www.torproject.org/)

This page describes the required steps. The TOR project needs more nodes. So reproduction of this work is very welcome.

Some background information

The TOR network offers anonymous communication over the internet by routing the traffic via a set of TOR servers that are randomly chosen. More details on TOR can be found under http://en.wikipedia.org/wiki/Tor_(anonymity_network).

Obviously, TOR needs a large amount of servers. As the TOR network is not a commercial organisation, it requires voluntary supporters.

Setting up the base system

In the time that I hvae been waiting for my rPI the community has been very engaged. My favorite OS for servers has been ported to the hardware. I prefer debian for all headless systems and like the way that apt maintains the software.

To set up the base system I followed the instructions givenin http://www.raspbian.org/RaspbianInstaller. This will install a very basic system.

I don’t like working as root constantly. Therefore, I also installed the packet for “sudo” via

apt-get install sudo (as root)

You also need to add the user account that you created to the list of sudoers. To do so, run

nano /etc/sudoers

and add the line

user ALL=(ALL) ALL

while replacing “user” with the name of the user that you want to add.

After having installed the system plase consider running regularly

sudo apt-get update
sudo apt-get upgrade

to make sure that you have the latest security patches installed.

Configuring network

After having installed the base system I configured the network interface via

sudo nano /etc/network/interfaces

By default the system obtains an IP adress from the local DHCP server (which is a Fritz.Box in my case). However, I prefer to have a static IP address for some systems in my network. So I changed the default setting

iface eth0 inet dhcp

to

iface eth0 inet static
address 192.168.1.102
netmask 255.255.255.0
gateway 192.168.1.1

Installing TOR

Fortunately, the TOR package is available for the raspbian OS already. So installing TOR can be done via

sudo apt-get install tor

Configuring TOR

The whole configuration for TOR is stored in the file /etc/tor/torrc. In order to run TOR as a relay I use the following torrc:

SocksPort 0
Log notice file /var/log/tor/notices.log
RunAsDaemon 1
ORPort 9001
DirPort 9030
ExitPolicy reject *:*
Nickname rasptor
RelayBandwidthRate 100 KB  # Throttle traffic to 100KB/s (800Kbps)
RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)

If anybody is reproducing this work I’d appreciate if you could use the same nickname for the rPi.

Tunneling the firewall

My rPI oeprates behind my Fritz.Box as a firewall. In order to allow other nodes in the TOR network to contact my rPI it has been necessary to two ports in the firewall (9030 for the directory service and 9001 for the actual operation of the relay).

Checking for connectivity

After setting up the configuration, you should restart the TOR service by:

sudo /etc/init.d/tor restart

Afterwards you should check for the entries in the log file /var/log/tor/notices.log and search for an entry similar to

Self-testing indicates your ORPort is reachable from the outside

After a few more hours of operation of your node you may also check your system via the URL https://atlas.torproject.org/#search/rasptor.

11 Responses to Ra(s)ptor

  1. email says:

    interesting one to read. thanks.

  2. ig says:

    Fascinating blog! Is your theme custom made or did you
    download it from somewhere? A design like yours with a few simple adjustements would really make my blog stand out.
    Please let me know where you got your theme. Kudos

  3. cave says:

    hi,
    my pi is running now with Tor on it, and my ISP-Router is configured for 9001 & 9030 port forwarding to it.

    I have also read http://www.instructables.com/id/Raspberry-Pi-Tor-relay/

    But why is it necessary to create a new user “tor”.
    where can i change the daemon to run as tor user?
    which rights are necessary for the Tor Daemon?

    • epsilon says:

      As far as I know there is no need for a dedicated user account named “tor”. I guess that the guide means to create a user that you are working with rather than using “root” all the time.

      - E

  4. DanielS says:

    Nice post to get people started and of course any bandwidth donated to the torproject is MUCH appreciated!

    I’ve been running a tor exit node for a while and I would also recommend uncommenting the line:
    DirPortFrontPage /etc/tor/tor-exit-notice.html
    or grab the sourcecode from here and change everything that say’s “fixme”
    It will help to keep your ISP from getting too many complaints about your IP (at least that’s the plan.)

    Another good site (for protection advice) if you wish to run an exit node can be found here.

  5. epsilon says:

    I do not operate my node as an exit node. This is simply because I’m not interested in getting bugged with any abuse messages. I also heard from other people who operate an exit node that they have to solve a CAPTCHA every time they use google.
    But yes, if one operates an exit node, uncommenting this line would be helpful for sure.

  6. epsilon says:

    I just updated the article as the URL for the status-check has changed.
    While doing so, I found that by today there are 9 TOR nodes online that have the “Rasptor” nickname (or a small variation of it).
    It’s great to see that people are really adopting this guide and bringing the TOR network forward!
    Thanks to everyone who operates such a node!

  7. Pingback: Coolest uses for the Raspberry Pi | Tech Cube Ltd

  8. Pingback: Raspberry Pi as TOR Middle Relay | cave's tinker pit

  9. R. Bomke says:

    This is more a question than a comment. How do I open ports 9030 and 9001 on a Fritz.Box router? I’ve done port forwarding before (to use Anonymizer when it was still available to linux-users), but none of my attempts open ports to other tor users. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *


+ 8 = twelve

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>