Introduction: Tor Relay on Raspberry Pi 2 & 3

I'm creating this Instructable because I'm tired of seeing so many outdated guides on how to setup a Tor Relay on a Raspberry Pi 2... 95% of the guides I found led to installing some out of date bundle of Tor (0.2.5.x) instead of the current (0.2.7.x).

Step 1: Parts Needed

You need the following parts:

  • Raspberry Pi 2
  • Power supply
  • Network cable/connection to the Internet
  • Micro SD card with Raspbian (you can find all necessary installation instructions here:http://www.raspbian.org/RaspbianInstaller)

Step 2: Getting Started

In your terminal type:

sudo raspi-config

Now you are going to go to option 1 and expand your usable space on your micro sd card from 2 gigs to the actual size of your card.

Next, again:

sudo raspi-config

Now you are going to option 2 to change the password of your Pi from "raspberry" to something secure.

Step 3: Add a User

In your terminal type:

sudo adduser tor

[enter]

Enter a secure password!

[enter]

Enter the password again

[enter]

sudo nano /etc/sudoers

[enter]

Add the following line at the bottom of the page:

torALL=(ALL) ALL

Step 4: Updates

Before we get started with updates for the Pi, let add the Tor Projects package repository.

In your terminal type:

sudo nano /etc/apt/sources.list

and this to the bottom of the list:

deb http://deb.torproject.org/torproject.org jessie main

Now in your terminal run:

sudo apt-get update
sudo apt-get upgrade

Step 5: Add the Tor Projects GPG Keys

In your terminal run:

gpg --keyserver keys.gnupg.net --recv 886DDD89

Then run:

gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

GPG Key source for verification: https://www.torproject.org/docs/debian.html.en

Step 6: Install Tor

In your terminal run:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install tor deb.torproject.org-keyring
sudo apt-get install tor

(This will take a long time so be patient)

Step 7: Configure Tor

In your terminal enter:

sudo nano /etc/tor/torrc

Highlight everything (Mac = Command + A) and replace it with the config below:

SocksPort 0
Log notice file /var/log/tor/notices.log
RunAsDaemon 1
DataDirectory /var/lib/tor
ControlPort 9051
CookieAuthentication 1
ORPort 443
DirPort 80
ExitPolicy reject *:*
Nickname TypeYourNicknameHere
##Remove the # before RelayBandwidthRate & RelayBandwidthBurst to throttle bandwidth speed.
#RelayBandwidthRate 1024 KB  # Throttle traffic to 1024KB/s 
#RelayBandwidthBurst 2048KB # But allow bursts up to 200KB/s 
##optional
#ContactInfo TypeYourEmailHere
DisableDebuggerAttachment 0

Control + x to close / save the file.

In terminal enter:

sudo /etc/init.d/tor restart

Step 8: Install ARM (Tor Graphical Controller)

In terminal type:

sudo apt-get install tor-arm

Then to launch ARM type:

sudo -u debian-tor arm

Step 9: Secure Ports:

Next in your terminal enter:

sudo nano /etc/iptables/rules.v4

Now copy and paste this above the word "commit"

##  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
      
## allow incoming SSH      
-A INPUT -p tcp --dport 22 -j ACCEPT
## allow Tor ORPort, DirPort        
-A INPUT -p tcp --dport 433 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT

## ratelimit ICMP echo, allow all others
-A INPUT -p icmp --icmp-type echo-request -m limit --limit 2/s -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j DROP
-A INPUT -p icmp -j ACCEPT

## to log denied packets uncomment this line (I uncommented it for you).
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP

If you have any questions, feel free to post a comment and I'll respond as soon as I can!

Comments

author
awilson75 made it!(author)2016-02-11

To help fund new Tor Exit Relays in the US please donate to 1NuscuwCVgFpfYCindAgyMH3CHdDjcJb3M

author
psilo911 made it!(author)2016-09-05

Thanks for this, do you have any recommendations on a good VPN to use with this? or is there a way to turn my RPI 2 into a VPN Server? is it needed with linux? self taught here. i know enough to get me in trouble lol

author
redcarpet made it!(author)2016-05-12

*** PLEASE PLEASE PLEASE - ADMIN PLEASE READ THIS ***

IN STEP 3 - it says to edit the sudoers file - this MUST NOT be done in ( ubuntu based linux editions ) with the suggested program NANO as it can definitely corrupt the sudoers file and nobody will be then allowed to use SUDO. The correct program to run is "VISUDO" . The procedure specifies in step three corrupted mine and was very difficult to put back.

*** PLEASE AMEND THIS ***

author
Stuxx_ made it!(author)2016-04-14

I tried step 9 but my pi threw me an error that the file or path does not exist ,i also navigated to the file and tried to get the folder iptables and its not there. Any solutions ??

author
Stuxx_ made it!(author)2016-04-14

I tried step 9 but my pi threw me an error that the file or path does not exist ,i also navigated to the file and tried to get the folder iptables and its not there. Any solutions ??

author
GlennL1 made it!(author)2016-02-15

do i need Raspberry Pi 2? or does the first one work to?

author
awilson75 made it!(author)2016-02-19

My understanding is it has to be the Raspberry Pi 2, because of the Debian armhf port.

author
GlennL1 made it!(author)2016-02-20

ok..time to get the new one then..

author
awilson75 made it!(author)2016-03-02

The Raspberry Pi 3 is for sale now (as of 2/29/16)!

author
baecker03 made it!(author)2016-02-10

what is Tor?

author
awilson75 made it!(author)2016-02-10
author
Zannin made it!(author)2016-02-10

Tor is a special internet browser that allows you to view the web anonumasly and access the Darkweb.

author
wold630 made it!(author)2016-02-10

Great tips!

author
awilson75 made it!(author)2016-02-10

Thanks!

About This Instructable

21,351views

175favorites

License:

More by awilson75:Raspberry Pi - SSH Hardening Tor Relay on Raspberry Pi 2 & 3
Add instructable to: