Raspberry Pi TOR access point

In this tutorial, we will be going through the steps on how to set up a basic Raspberry Pi TOR Access Point. Before you get started with this tutorial, you must have already completed our wireless access point tutorial as this tutorial is an extension of that.

In this tutorial, we will show you how to download and install TOR as well as set it up in a way that we can redirect our wireless access point traffic through it. This setup will mean that any device that is connected to the Raspberry Pi’s wireless access point will automatically have its traffic pushed through the TOR Network.

Ultimate Books of Pi

For anyone who is entirely new to TOR then to explain it briefly, TOR is a network of volunteer servers that people can use to both help improve their privacy and security on the internet. When you connect via TOR, you’re connecting via a series of virtual tunnels rather than connecting directly to the source. This setup makes it a lot harder to track the origin of the connection. If you’re interested in learning more about it, then be sure to head over to the TOR project’s website.

The Raspberry Pi provides a very cheap and power efficient way of setting up a TOR access point, and it also has the bonus of being incredibly easy to move around, meaning you can take your TOR access point with you anywhere you go.

Equipment List

You can find all the recommended pieces of equipment for this Raspberry Pi TOR access point tutorial right below.

Recommended:

Raspberry Pi

Micro SD Card or a SD card if you’re using an old version of the Pi.

Power Supply

Ethernet Connection

Wifi dongle (The Pi 3 has WiFi inbuilt)

Optional:

Raspberry Pi Case

Setting up the TOR Access Point

To set up our TOR Access Point you will first have to of followed our wireless access point tutorial, as this will set up your Raspberry Pi correctly for this tutorial.

1. We need first to make sure we are running up to date software before we set up our TOR Access Point. To do this, we can run the following two lines in the terminal.

sudo apt-get update
sudo apt-get upgrade

2. With the Raspberry Pi now freshly updated we can get along with installing TOR itself, this is easily done by running the following command into the terminal.

sudo apt-get install tor -y

3. Now that we have installed TOR itself let’s begin by modifying its configuration, let’s open up the file for this command:

sudo nano /etc/tor/torrc

4. To this file, add the following configurations just under the FAQ notice. These lines will configure TOR to run on port 9050 and port 53.

Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.220.1
DNSPort 53
DNSListenAddress 192.168.220.1

Now we can save and quit out of the file by pressing Ctrl +X then Y and then Enter.

5. With TOR now set up, we need to flush the iptables, and we can do this by running the following two commands:

sudo iptables -F
sudo iptables -t nat -F

6. With the IPTables now flushed we can now install our new IPTables. This setup will route all the traffic incoming from the wlan0 connection through to our TOR connection that is running through port 53. The first line will add an exception for port 22 since we need that to be able to SSH to the Raspberry Pi.

If you have upgraded to Raspbian Stretch, then wlan0 may need to be changed. Use the ifconfig command to see what the new names are, they’re likely quite long and will contain the MAC address.

sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040

If you need to check that the IPtables have been correctly entered you can use the following command.

sudo iptables -t nat -L

7. With our new iptables rules in place we will want to store this into the file we set up in our wireless access point, this will ensure the new IP Tables are loaded instead.

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

8. Now let’s create our log file, and this will be handy for tracking problems. To do so, run the following commands.

sudo touch /var/log/tor/notices.log
sudo chown debian-tor /var/log/tor/notices.log
sudo chmod 644 /var/log/tor/notices.log

9. We can check to see if the log file has now been created and permissions set correctly by utilizing the following command.

ls -l /var/log/tor

10. Now we can finally fire up the TOR service.

sudo service tor start

11. With the TOR service started we can check that the service is running by using the following command, if anything has gone wrong you will see a big FAIL notice appear.

sudo service tor status

12. Now finally, let’s make the TOR service start on boot, this will ensure that the traffic will always be routed through it. Do this with the following command.

sudo update-rc.d tor enable

If TOR isn’t really taking your fancy, then there are plenty of alternatives. The one I use almost daily is a simple Raspberry Pi VPN router that spawns a WiFi access point that you’re able to connect to. Once connected you’re on the VPN, and your origin is hidden.

Hopefully, by now you should have a fully operational Raspberry Pi TOR Access Point. If you run into issues while doing this tutorial or have some feedback that you would like to share, then please don’t hesitate to leave a comment below.

Ultimate Books of Pi Bottom
Pi My Life Up's Crash Course
to the Raspberry Pi

Pi My Life Up's Crash Course

to the Raspberry Pi

Subscribe to our email list to get the

Crash Course delivered straight to your inbox

Please check your inbox for a confirmation email!