Setup a Tor (The Onion Router) proxy with Raspberry PI and Raspberry PI OS Lite
Last Updated on 6th February 2022 by peppe8o
What Are Proxy Servers And Why Use Them
Following Wikipedia description, “a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity“. A descriptive picture is also shown in the same page:
Proxy servers are useful in many contexts:
- in Office context: to control internet traffic by blocking some websites or some keywords, to manage contact with external internet from a single point or to optimize internet bandwidth usage by caching pages at the proxy level
- in Home context: for example to control family internet access to block dangerous websites for children
- in Personal use context: for example to use an anonymous connection or to bypass network ISP blocks
What Is Tor Project
Also for this description Wikipedia comes to help us in Tor (anonimy network) Wikipedia page:
“Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name “The Onion Router”. Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”. Tor’s intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.“
Tor Project is a nonprofit association which currently develops software to make easy the use of Tor Network.
Do I Need A Tor Proxy Or Alternative Way To Use Tor Network?
You can find a simple answer to this question with a few checks:
- If you need a way to use the TOR network with your current browser or you need to connect a number of computers maintaining their current browsers, then you would opt for a Proxy
- If can use a different browser within a single computer, then you could also evaluate the Tor Browser installation
TOR Proxy can be installed in a cheap Raspberry PI with the following steps in this article.
On the other hand, a TOR Browser is a browser that can be installed on your PC and allows you to browse the web with a TOR network. People needing a TOR Browser can get it from TOR Browser Download Page.
What We Need
As usual, I suggest adding from now to your favourite e-commerce shopping cart all the needed hardware, so that at the end you will be able to evaluate overall costs and decide if to continue with the project or remove them from the shopping cart. So, hardware will be only:
- Raspberry PI Computer Board (including proper power supply or using a smartphone micro USB charger with at least 3A)
- high speed micro SD card (at least 16 GB, at least class 10)
Step-By-Step Procedure
In this guide, we are going to use the default Raspberry PI OS Lite as the Operating System. Then we’ll install Tor from the Raspberry PI OS repository and apply a very simple configuration to use it as a Socks proxy.
I’ll configure Tor proxy to manage access for all clients on a 192.168.1.0/24 private network to the internet. You will need to modify this network depending on your needs and networking configurations.
Install OS And Tor
Start with a fresh Raspberry PI OS Lite installation.
Make sure your OS is updated:
sudo apt-get update
sudo apt-get upgrade
Simply install Tor by using the aptitude repository:
sudo apt-get install tor
At the installation end, you will have 2 services running as tor: “tor.service” and “[email protected]“
The first one is a dummy service, which appears to the user as active but in exited status. In fact, a simple check:
sudo systemctl status tor.service
will give the following result:
● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2019-10-01 20:25:18 BST; 35s ago
Main PID: 5546 (code=exited, status=0/SUCCESS)
Memory: 0B
CGroup: /system.slice/tor.service
…which is normal. The real service to check if Tor is running is the second one:
sudo systemctl status [email protected]
should give a more familiar result:
● [email protected] - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/[email protected]; enabled-runtime; vendor preset: enabled)
Active: active (running) since Tue 2019-10-01 20:25:30 BST; 1min 36s ago
Main PID: 5552 (tor)
Memory: 23.5M
CGroup: /system.slice/system-tor.slice/[email protected]
└─5552 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
Configure Tor
Tor’s main configuration file is named torrc. Before editing, create a backup copy:
sudo cp /etc/tor/torrc /etc/tor/torrc.backup
A very simple configuration will expose Tor Socks proxy service on tor default port (9050) and will accept connections only from local LAN (192.168.1.0/24). It will run as daemon, so that we’ll not need to call it each time we use it. Finally, it will store data in the default directory (/var/lib/tor/).
Edit configuration file:
sudo nano /etc/tor/torrc
and make it include only the following lines (assuming that 192.168.1.100 is your Raspberry PI IP address):
SocksPort 192.168.1.100:9050
SocksPolicy accept 192.168.1.0/24
RunAsDaemon 1
DataDirectory /var/lib/tor
Close and save the file. Restart Tor service:
sudo systemctl restart [email protected]
Configure Your Client To Use Proxy Server
Now you need to configure your client to use Socks proxy server for internet connections. You have to check this depending on your client’s browser. Surely Mozilla Firefox can use Socks proxy and can be configured in Options -> Network Settings -> Settings button.
In the following window, select “Manual Proxy Configuration”, insert the Raspberry PI IP address in SOCKS Host field, insert 9050 in the related port and make sure “SOCKS v5” flag is active. You should have a configuration like the following picture:
Close and open again your browser. Now you are using your Tor network in your browser. You can verify it by browsing the URL https://check.torproject.org/?lang=en:
Enjoy!
Thanks for the info and walk-through. I was able to set this up on my RP3
Thank you for your feedback, hope you enjoy also other projects published!
Onion urls don’t work. Is there something I need to add to the config file
Hi Asa,
to reach also “.onion” urls you need to incapsutate also dns queries in your Tor connection. In Firefox, you can find this option in proxy config page
I have followed various methods for installing TOR and I had it running perfectly for a while. However, using the RPi internal wifi was too weak and couldn’t be reached from various locations around the house. I thought perhaps an external wifi adapter would give me better range, so I purchased a Panda Wireless USB adapter. When I do
ip a
the panda adapter shows up as wlan1
I edited the install_tor.sh file to point to wlan1 instead of wlan0, ran the installer, but nonetheless, it installs on wlan0
Any suggestions?
Hi David,
I don’t know what your install_tor.sh file makes. However, this tutorial uses RPI as TOR proxy and you browse web from any external device. In this configuration, you can leave your Raspberry PI in any position able to communicate with your home router. It will be enought for all devices using your router to get TOR proxy services and you don’t need to take RPI with you around home
Nach Englisch (US)
Hi, thanks for the tutorial. Is there a way to route only external requests through Tor and simply pass internal IP addresses (e.g. routers) directly to the local network?
Many greetings
Hi Kai. This tutorial is to create a direct proxy: this means that you are using this server only for requests to the external world. I suspect you need to create a published service on TOR network, which is a different project. Am I wrong?
Great tuotrial.
I just have an issue.
All is perfect and I can use the proxy-Tor but when I reboot the Pi-4 Tor fails to start.
Any idea, maybe permissions ???
Thanks
Hi Frank,
Please, can you check tor log files (by default should be /var/log/tor) to see what is the error? Also check what “sudo systemctl status tor.service” returns
Here is the status of tor.service
pi@rasPROXY:~ $ sudo systemctl status tor.service
● tor.service – Anonymizing overlay network for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
Active: active (exited) since Sun 2022-01-23 01:04:42 GMT; 56s ago
Process: 457 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 457 (code=exited, status=0/SUCCESS)
CPU: 10ms
Jan 23 01:04:42 rasPROXY systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)…
Jan 23 01:04:42 rasPROXY systemd[1]: Finished Anonymizing overlay network for TCP (multi-instance-master).
Here is status of [email protected]
pi@rasPROXY:/var/log/tor $ sudo systemctl status [email protected]
● [email protected] – Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/[email protected]; enabled-runtime; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2022-01-23 01:04:46 GMT; 1min 40s ago
Process: 583 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (code=exited, status>
Process: 584 ExecStartPre=/usr/bin/tor –defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc>
Process: 585 ExecStart=/usr/bin/tor –defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc –>
Main PID: 585 (code=exited, status=1/FAILURE)
CPU: 137ms
On the BOOT SCREEN
[FAILED] Failed to start Anonymizing overlay network for TCP.
see ‘systemctl sttus [email protected]‘ for details.
log folder is empty !!!
Thanks
Please try the following debugging command:
journalctl -xe | grep tor
This will be more verbose on errors, filtering whatever line includes the “tor” word (by the grep command after pipe). Let me know if you see something particularly strange, or send it to me at [email protected]
Also, check that your Raspberry PI has still the same IP address configured on SocksPort in your /etc/tor/torrc file. If, for whatever reason, you use DHCP and the router assigned a new IP address to your RPI after the reboot, this error could occurr.
here is something :
Jan 23 14:44:19 rasPROXY tor[556]: Jan 23 14:44:19.334 [notice] Read configuration file “/etc/tor/torrc”.
Jan 23 14:44:19 rasPROXY tor[556]: Jan 23 14:44:19.339 [notice] You configured a non-loopback address ‘10.25.25.20:9050’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Jan 23 14:44:19 rasPROXY tor[556]: Jan 23 14:44:19.339 [notice] Opening Socks listener on 10.25.25.20:9050
Jan 23 14:44:19 rasPROXY tor[556]: Jan 23 14:44:19.339 [warn] Could not bind to 10.25.25.20:9050: Cannot assign requested address
Jan 23 14:44:19 rasPROXY tor[556]: Jan 23 14:44:19.339 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
Jan 23 14:44:19 rasPROXY tor[556]: Jan 23 14:44:19.339 [err] Reading config failed–see warnings above.
Jan 23 14:44:19 rasPROXY systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
IP is STATIC and good
Contents of torrc
SocksPort 10.25.25.20:9050
SocksPolicy accept 10.25.25.0/24
RunAsDaemon 1
DataDirectory /var/lib/tor
And your
ifconfig
?