Essentially, this tutorial just follows the tor "anonymizing middlebox" writeup here.

If you hate typing a lot, this script from breadk will do it all for you! Make sure to read through the script to make sure you don't want to change anything! (More about how to use it here!) We do suggest going step by step so you can have the experience of all the upkeep tasks.

We'll begin by installing tor - the onion routing software.

Log into your pi by Ethernet or console cable and run

sudo apt-get update
sudo apt-get install tor
Edit the tor config file by running
sudo nano /etc/tor/torrc
and copy and paste the text into the top of the file, right below the the FAQ notice.
Log notice file /var/log/tor/notices.log
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53

Let's edit the host access point so it is called something memorable like Onion Pi - don't forget to set a good password, don't use the default here!

sudo nano /etc/hostapd/hostapd.conf

(Don't forget to do the AP setup step in "Preparation" before this!)

Time to change our ip routing tables so that connections via the wifi interface (wlan0) will be routed through the tor software.
Type the following to flush the old rules from the ip NAT table
sudo iptables -F
sudo iptables -t nat -F
If you want to be able to ssh to your Pi after this, you'll need to add an exception for port 22 like this (not shown in the screenshot below)
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
Type the following to route all DNS (UDP port 53) from interface wlan0 to internal port 53 (DNSPort in our torrc)
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
Type the following to route all TCP traffic from interface wlan0 to port 9040 (TransPort in our torrc)
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
Next you can check that the ip tables are right with
sudo iptables -t nat -L

If all is good, we'll save it to our old NAT save file
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
It will automatically get loaded when the networking is set up on reboot (as we did in the last tutorial on making a Pi access point)
Next we'll create our log file (handy for debugging) with
sudo touch /var/log/tor/notices.log
sudo chown debian-tor /var/log/tor/notices.log
sudo chmod 644 /var/log/tor/notices.log
Check it with
ls -l /var/log/tor
Start the tor service manually
sudo service tor start
Check its really running (you can run this whenever you're not sure, it something is wrong you'll see a big FAIL notice
sudo service tor status
Finally, make it start on boot
sudo update-rc.d tor enable
That's it, now you're ready to test in the next step.

This guide was first published on Jun 14, 2013. It was last updated on Sep 13, 2016.

This page (Install Tor) was last updated on Jun 13, 2013.

Text editor powered by tinymce.