Setup a Tor (The Onion Router) proxy with Raspberry PI and Raspberry PI OS Lite
Last updated on February 6th, 2022
What Are Proxy Servers And Why Use Them
Following Wikipedia description, “a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity“. A descriptive picture is also showed in the same page:
Proxy server are useful in many contexts:
- in Office context: to control internet traffic by blocking some websites or some keywords, to manage contact with external internet from a single point or to optimize internet bandwidth usage by caching pages at proxy level
- in Home context: for example to control family internet access to block dangerous websites for childrens
- in Personal use context: for example to use an anonymous connection or to bypass network ISP blocks
What Is Tor Project
Also for this description Wikipedia comes to help us in Tor (anonimy network) Wikipedia page:
“Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name “The Onion Router”. Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”. Tor’s intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.“
Tor Project is the nonprofit association which currently develops software to make easy the use of Tor Network.
Do I Need A Tor Proxy Or Alternative Way To Use Tor Network?
You can find a simple answer to this question with a few checks:
- If you need a way to use TOR network with your current browser or you need to connect a number of computers maintaining their current browsers, then you would opt for a Proxy
- If can use a different browser within single computers, then you could also evaluate Tor Browser installation
TOR Proxy can be installed in a cheap Raspberry PI with following steps in this article.
On the other hand, TOR Browser is a browser that can be installed in your PC and allows you to browse the web with TOR network. People needing TOR Browser can get it from TOR Browser Download Page.
What We Need
This is a very simple and cheap solution. I suggest adding to your shopping chart all needed hardware, so that at the end you will be able to evaluate overall costs and decide if continuing with the project or removing them from shopping chart. So, hardware will be only:
- a Raspberry Pi Zero W (or higher model) with its power supply (connected via WiFi)
- a micro SD card
In this guide we are going to use default Raspberry PI OS Lite as Operating System. Then we’ll install Tor from Raspberry PI OS repository and apply a very simple configuration to use it as Socks proxy.
I’ll configure Tor proxy to manage access for all clients on a 192.168.1.0/24 private network to internet. You will need to modify this network depending on your needs and networking configurations.
Install OS And Tor
Start from a fresh Raspberry PI OS Lite installation.
Make sure you OS is updated:
sudo apt-get update sudo apt-get upgrade
Simply install Tor by using aptitude repository:
sudo apt-get install tor
At installation end you will have 2 services running as tor: “tor.service” and “email@example.com“
The first one is a dummy service, which appears to user as active but in exited status. Infact, a simple check:
sudo systemctl status tor.service
will give the following result:
● tor.service - Anonymizing overlay network for TCP (multi-instance-master) Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled) Active: active (exited) since Tue 2019-10-01 20:25:18 BST; 35s ago Main PID: 5546 (code=exited, status=0/SUCCESS) Memory: 0B CGroup: /system.slice/tor.service
…which is normal. The real service to check if Tor is running is the second one:
sudo systemctl status firstname.lastname@example.org
should give a more familiar result:
● email@example.com - Anonymizing overlay network for TCP Loaded: loaded (/firstname.lastname@example.org; enabled-runtime; vendor preset: enabled) Active: active (running) since Tue 2019-10-01 20:25:30 BST; 1min 36s ago Main PID: 5552 (tor) Memory: 23.5M CGroup: /email@example.com └─5552 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
Tor main configuration file is named torrc. Before editing, create a backup copy:
sudo cp /etc/tor/torrc /etc/tor/torrc.backup
A very simple configuration will expose Tor Socks proxy service on tor default port (9050) and will accept connections only from local LAN (192.168.1.0/24). It will run as daemon, so that we’ll not need to call it each time we’ll use it. Finally, it will store data in default directory (/var/lib/tor/).
Edit configuration file:
sudo nano /etc/tor/torrc
and make it including only the following lines (assuming that 192.168.1.100 is your Raspberry PI ip address):
SocksPort 192.168.1.100:9050 SocksPolicy accept 192.168.1.0/24 RunAsDaemon 1 DataDirectory /var/lib/tor
Close and save the file. Restart Tor service:
sudo systemctl restart firstname.lastname@example.org
Configure Your Client To Use Proxy Server
Now you need to configure your client to use Socks proxy server for internet connections. You have to check this depending on your client browser. Surely Mozilla Firefox can use Socks proxy and can be configured in Options -> Network Settings -> Settings button. In following window, select “Manual Proxy Configuration”, insert Raspberry PI IP address in SOCKS Host field, insert 9050 in related port and make sure “SOCKS v5” flag is active. You should have a configuration like the following picture:
Close and open again your browser. Now you are using your Tor network in your browser. You can verify it by browsing the url https://check.torproject.org/?lang=en:
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?
14 thoughts on “Setup a Tor (The Onion Router) proxy with Raspberry PI and Raspberry PI OS Lite”
Thanks for the info and walk-through. I was able to set this up on my RP3
Thank you for your feedback, hope you enjoy also other projects published!
Onion urls don’t work. Is there something I need to add to the config file
to reach also “.onion” urls you need to incapsutate also dns queries in your Tor connection. In Firefox, you can find this option in proxy config page
I have followed various methods for installing TOR and I had it running perfectly for a while. However, using the RPi internal wifi was too weak and couldn’t be reached from various locations around the house. I thought perhaps an external wifi adapter would give me better range, so I purchased a Panda Wireless USB adapter. When I do
the panda adapter shows up as wlan1
I edited the install_tor.sh file to point to wlan1 instead of wlan0, ran the installer, but nonetheless, it installs on wlan0
I don’t know what your install_tor.sh file makes. However, this tutorial uses RPI as TOR proxy and you browse web from any external device. In this configuration, you can leave your Raspberry PI in any position able to communicate with your home router. It will be enought for all devices using your router to get TOR proxy services and you don’t need to take RPI with you around home
Nach Englisch (US)
Hi, thanks for the tutorial. Is there a way to route only external requests through Tor and simply pass internal IP addresses (e.g. routers) directly to the local network?
Hi Kai. This tutorial is to create a direct proxy: this means that you are using this server only for requests to the external world. I suspect you need to create a published service on TOR network, which is a different project. Am I wrong?
I just have an issue.
All is perfect and I can use the proxy-Tor but when I reboot the Pi-4 Tor fails to start.
Any idea, maybe permissions ???
Please, can you check tor log files (by default should be /var/log/tor) to see what is the error? Also check what “sudo systemctl status tor.service” returns
Here is the status of tor.service
pi@rasPROXY:~ $ sudo systemctl status tor.service
● tor.service – Anonymizing overlay network for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
Active: active (exited) since Sun 2022-01-23 01:04:42 GMT; 56s ago
Process: 457 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 457 (code=exited, status=0/SUCCESS)
Jan 23 01:04:42 rasPROXY systemd: Starting Anonymizing overlay network for TCP (multi-instance-master)…
Jan 23 01:04:42 rasPROXY systemd: Finished Anonymizing overlay network for TCP (multi-instance-master).
Here is status of email@example.com
pi@rasPROXY:/var/log/tor $ sudo systemctl status firstname.lastname@example.org
● email@example.com – Anonymizing overlay network for TCP
Loaded: loaded (/firstname.lastname@example.org; enabled-runtime; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2022-01-23 01:04:46 GMT; 1min 40s ago
Process: 583 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (code=exited, status>
Process: 584 ExecStartPre=/usr/bin/tor –defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc>
Process: 585 ExecStart=/usr/bin/tor –defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc –>
Main PID: 585 (code=exited, status=1/FAILURE)
On the BOOT SCREEN
[FAILED] Failed to start Anonymizing overlay network for TCP.
see ‘systemctl sttus email@example.com‘ for details.
log folder is empty !!!
Please try the following debugging command:
journalctl -xe | grep tor
This will be more verbose on errors, filtering whatever line includes the “tor” word (by the grep command after pipe). Let me know if you see something particularly strange, or send it to me at firstname.lastname@example.org
Also, check that your Raspberry PI has still the same IP address configured on SocksPort in your /etc/tor/torrc file. If, for whatever reason, you use DHCP and the router assigned a new IP address to your RPI after the reboot, this error could occurr.
here is something :
Jan 23 14:44:19 rasPROXY tor: Jan 23 14:44:19.334 [notice] Read configuration file “/etc/tor/torrc”.
Jan 23 14:44:19 rasPROXY tor: Jan 23 14:44:19.339 [notice] You configured a non-loopback address ‘10.25.25.20:9050’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jan 23 14:44:19 rasPROXY tor: Jan 23 14:44:19.339 [notice] Opening Socks listener on 10.25.25.20:9050
Jan 23 14:44:19 rasPROXY tor: Jan 23 14:44:19.339 [warn] Could not bind to 10.25.25.20:9050: Cannot assign requested address
Jan 23 14:44:19 rasPROXY tor: Jan 23 14:44:19.339 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
Jan 23 14:44:19 rasPROXY tor: Jan 23 14:44:19.339 [err] Reading config failed–see warnings above.
Jan 23 14:44:19 rasPROXY systemd: email@example.com: Main process exited, code=exited, status=1/FAILURE
IP is STATIC and good
Contents of torrc
SocksPolicy accept 10.25.25.0/24