Build your own Tor Router with a Raspberry Pi

In a recent episode of the Paul’s Security Weekly podcast, they covered a tech segment on how to build your own Raspberry Pi Tor router. There have been quite of few of these popping up ever since the Anonabox debacle that happened a few weeks ago. In any event, I decided to give this version a go. I had the Pi lying around, so it seemed like a fun project to try.

Basically follow the steps that Kris documented on his blog.  I am not going to reinvent the wheel.  But I will add some pointers here.  For those not as familiar with the linux platform, I will simply add my 2 cents so you have a better understanding of what is going on.  Skip down to the actual Tor installation steps.

For the dhcpd.conf file, this is simply a difference view showing what the original settings where and what he changed.  The only thing you add is the subnet information.  I added a brand new section rather than uncommenting an existing definition.  Also I would recommend making a copy of the original file before you edit it.  That way you can easily revert back.  If you do not know linux, best way to do this is using the following command:

sudo cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.orig

He also doesn’t mention that most of these changes will require elevation.  I did most using just the sudo command. But proceeding through this using root would save you some time. The forward activation and saving iptables required root, rather than sudo. With regards to iptables, those commands are intended to be executed individually. You don’t add them to any of the files.

He makes mention of hostapd not working with the RealTek drivers. Download the updated version from the link he provides. Do this using wget from the Pi. Extract the zip file contents using “unzip” – unzip adafruit_hostapd.zip. Then you will need to copy that extracted hostapd file to /usr/sbin. Before doing that, make a copy of the original hostapd file like we did with the dhcpd.conf file.

After all that you should be good to reboot the Pi gracefully (i.e. don’t pull the power cable out!). If you did everything right, you should see no errors in the boot script and a new Access Point will be available. Oh and one other thing, make sure you have the ability to do this directly on the Pi rather than through SSH. You are working with networking components, so you may lose access.

There you go you can browse the net using your own mini Tor router. But keep in mind, you really don’t know what the other end is doing with your traffic, so tread carefully in these dark waters!

Leave a Reply