Who is this good for?
If you want to browse anonymously on a netbook, tablet, phone, or other mobile or console device that cannot run Tor and does not have an Ethernet connection. If you do not want to or cannot install Tor on your work laptop or loan computer. If you have a guest or friend who wants to use Tor but doesn’t have the ability or time to run Tor on their computer, this gift will make the first step much easier.
What is Tor?
Tor is an onion routing service – every internet packet goes through 3 layers of relays before going to your destination. This makes it much harder for the server you are accessing (or anyone snooping on your Internet use) to figure out who you are and where you are coming from. It is an excellent way to allow people who are blocked from accessing websites to get around those restritions.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members’ online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company’s patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
What you’ll need
You’ll need a few things to run this tutorial:
- Raspberry Pi model B+ (or B) – Ethernet is required
- Ethernet cable
- WiFi adapter – Not all WiFi adapters work, we know for sure it works with the ones in the Adafruit shop!
- SD Card (4GB or greater) with Raspbian on it. You can either copy the Raspbian image onto it or buy a ready-made Raspbian card
- Power supply for your Pi
- USB Console cable (optional) – this makes it a little easier to debug the system
- Case for your Pi (optional)
- A SD or MicroSD card reader (optional)
Chances are you’ve got a couple of these items already. If not, our Onion Pi starter pack has everything you need
Please follow these tutorials in order to
- Install the OS onto your SD card
If you bought an SD card with Wheezy pre-burned on you can skip this step
- Boot the Pi and configure
Don’t forget to change the default password for the ‘pi’ acccount!!!
Make sure to expand the filesystem to the entire disk or you may run out of space
- Set up and test the Ethernet and Wifi connection
Check that you can ping from the Raspberry Pi and that your Wifi adapter is recognized and shows up as wlan0 when you run ifconfig -a
- Connect with a USB console cable (optional)
Handy for debugging especially when connecting to the access point hosted by the Pi
When done you should have a Pi that is booting Raspbian, you can connect to with a USB console cable and log into the Pi via the command line interface.
- Then follow our Pi-as-Access-Point tutorial to set up the Pi as a wifi access point router.
When done you should be able to connect to the Pi as a WiFi access point and connect to the internet through it.
If using a console cable, even though the diagram on the last step shows powering the Pi via the USB console cable (red wire) we suggest not connecting the red wire and instead powering from the wall adapter. Keep the black, white and green cables connected as is.
If you hate typing a lot, this script from breadk will do it all for you! Make sure to read through the script to make sure you don’t want to change anything! (More about how to use it here!) We do suggest going step by step so you can have the experience of all the upkeep tasks.
We’ll begin by installing tor – the onion routing software.
Log into your pi by Ethernet or console cable and run
sudo apt-get update
sudo apt-get install tor
sudo nano /etc/tor/torrc
and copy and paste the text into the top of the file, right below the the FAQ notice.
- Log notice file /var/log/tor/notices.log
- VirtualAddrNetwork 10.192.0.0/10
- AutomapHostsSuffixes .onion,.exit
- AutomapHostsOnResolve 1
- TransPort 9040
- TransListenAddress 192.168.42.1
- DNSPort 53
- DNSListenAddress 192.168.42.1
Let’s edit the host access point so it is called something memorable like Onion Pi – don’t forget to set a good password, don’t use the default here!
sudo nano /etc/hostapd/hostapd.conf
(Don’t forget to do the AP setup step in “Preparation” before this!)
Type the following to flush the old rules from the ip NAT table
sudo iptables -F
sudo iptables -t nat -F
If you want to be able to ssh to your Pi after this, you’ll need to add an exception for port 22 like this (not shown in the screenshot below)
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp –dport 22 -j REDIRECT –to-ports 22
Type the following to route all DNS (UDP port 53) from interface wlan0 to internal port 53 (DNSPort in our torrc)
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp –dport 53 -j REDIRECT –to-ports 53
Type the following to route all TCP traffic from interface wlan0 to port 9040 (TransPort in our torrc)
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp –syn -j REDIRECT –to-ports 9040
Next you can check that the ip tables are right with
sudo iptables -t nat -L
sudo sh -c “iptables-save > /etc/iptables.ipv4.nat”
It will automatically get loaded when the networking is set up on reboot (as we did in the last tutorial on making a Pi access point)
sudo touch /var/log/tor/notices.log
sudo chown debian-tor /var/log/tor/notices.log
sudo chmod 644 /var/log/tor/notices.log
Check it with
ls -l /var/log/tor
Start the tor service manually
sudo service tor start
Check its really running (you can run this whenever you’re not sure, it something is wrong you’ll see a big FAIL notice
sudo service tor status
Finally, make it start on boot
sudo update-rc.d tor enable