I'm creating this Instructable because I'm tired of seeing so many outdated guides on how to setup a Tor Relay on a Raspberry Pi 2... 95% of the guides I found led to installing some out of date bundle of Tor (0.2.5.x) instead of the current (0.2.7.x).

Step 1: Parts Needed

You need the following parts:

  • Raspberry Pi 2
  • Power supply
  • Network cable/connection to the Internet
  • Micro SD card with Raspbian (you can find all necessary installation instructions here:http://www.raspbian.org/RaspbianInstaller)

Step 2: Getting Started

In your terminal type:

sudo raspi-config

Now you are going to go to option 1 and expand your usable space on your micro sd card from 2 gigs to the actual size of your card.

Next, again:

sudo raspi-config

Now you are going to option 2 to change the password of your Pi from "raspberry" to something secure.

Step 3: Add a User

In your terminal type:

sudo adduser tor


Enter a secure password!


Enter the password again


sudo nano /etc/sudoers


Add the following line at the bottom of the page:


Step 4: Updates

Before we get started with updates for the Pi, let add the Tor Projects package repository.

In your terminal type:

sudo nano /etc/apt/sources.list

and this to the bottom of the list:

deb http://deb.torproject.org/torproject.org jessie main

Now in your terminal run:

sudo apt-get update
sudo apt-get upgrade

Step 5: Add the Tor Projects GPG Keys

In your terminal run:

gpg --keyserver keys.gnupg.net --recv 886DDD89

Then run:

gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

GPG Key source for verification: https://www.torproject.org/docs/debian.html.en

Step 6: Install Tor

In your terminal run:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install tor deb.torproject.org-keyring
sudo apt-get install tor

(This will take a long time so be patient)

Step 7: Configure Tor

In your terminal enter:

sudo nano /etc/tor/torrc

Highlight everything (Mac = Command + A) and replace it with the config below:

SocksPort 0
Log notice file /var/log/tor/notices.log
RunAsDaemon 1
DataDirectory /var/lib/tor
ControlPort 9051
CookieAuthentication 1
ORPort 443
DirPort 80
ExitPolicy reject *:*
Nickname TypeYourNicknameHere
##Remove the # before RelayBandwidthRate & RelayBandwidthBurst to throttle bandwidth speed.
#RelayBandwidthRate 1024 KB  # Throttle traffic to 1024KB/s 
#RelayBandwidthBurst 2048KB # But allow bursts up to 200KB/s 
#ContactInfo TypeYourEmailHere
DisableDebuggerAttachment 0

Control + x to close / save the file.

In terminal enter:

sudo /etc/init.d/tor restart

Step 8: Install ARM (Tor Graphical Controller)

In terminal type:

sudo apt-get install tor-arm

Then to launch ARM type:

sudo -u debian-tor arm

Step 9: Secure Ports:

Next in your terminal enter:

sudo nano /etc/iptables/rules.v4

Now copy and paste this above the word "commit"

##  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
## allow incoming SSH      
-A INPUT -p tcp --dport 22 -j ACCEPT
## allow Tor ORPort, DirPort        
-A INPUT -p tcp --dport 433 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT

## ratelimit ICMP echo, allow all others
-A INPUT -p icmp --icmp-type echo-request -m limit --limit 2/s -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j DROP
-A INPUT -p icmp -j ACCEPT

## to log denied packets uncomment this line (I uncommented it for you).
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -m state --state INVALID -j DROP

If you have any questions, feel free to post a comment and I'll respond as soon as I can!

<p>To help fund new Tor Exit Relays in the US please donate to 1NuscuwCVgFpfYCindAgyMH3CHdDjcJb3M</p>
<p>Thanks for this, do you have any recommendations on a good VPN to use with this? or is there a way to turn my RPI 2 into a VPN Server? is it needed with linux? self taught here. i know enough to get me in trouble lol</p>
<p>*** PLEASE PLEASE PLEASE - ADMIN PLEASE READ THIS ***</p><p>IN STEP 3 - it says to edit the sudoers file - this MUST NOT be done in ( ubuntu based linux editions ) with the suggested program NANO as it can definitely corrupt the sudoers file and nobody will be then allowed to use SUDO. The correct program to run is &quot;VISUDO&quot; . The procedure specifies in step three corrupted mine and was very difficult to put back.</p><p>*** PLEASE AMEND THIS ***</p>
<p>I tried step 9 but my pi threw me an error that the file or path does not exist ,i also navigated to the file and tried to get the folder iptables and its not there. Any solutions ??</p>
<p>I tried step 9 but my pi threw me an error that the file or path does not exist ,i also navigated to the file and tried to get the folder iptables and its not there. Any solutions ??</p>
<p>do i need Raspberry Pi 2? or does the first one work to?</p>
My understanding is it has to be the Raspberry Pi 2, because of the Debian armhf port.
<p>ok..time to get the new one then..</p>
<p>The Raspberry Pi 3 is for sale now (as of 2/29/16)!</p>
what is Tor?
<p>See this: &quot;What Is Tor?&quot;</p><p><a href="https://www.torproject.org/about/overview.html.en" rel="nofollow">https://www.torproject.org/about/overview.html.en</a></p>
<p>Tor is a special internet browser that allows you to view the web anonumasly and access the Darkweb.</p>
<p>Great tips!</p>

About This Instructable




More by awilson75:Raspberry Pi - SSH Hardening  Tor Relay on Raspberry Pi 2 & 3 
Add instructable to: