Raspberry Pi TOR access point
In this tutorial we will be going through the steps on how to setup a basic Raspberry Pi TOR Access Point. Before you get started with this tutorial you must of already completed our wireless access point tutorial as this tutorial is an extension of that.

In this tutorial we will show you how to download and install TOR as well as set it up in a way that we can redirect our wireless access point traffic through it. This will mean that any device that is connected to the Raspberry Pi’s wireless access point will automatically have its traffic pushed through the TOR Network.


For anyone who is completely new to TOR then to explain it briefly, TOR is a network of volunteer servers that people are able to use to both help improve their privacy and security on the internet. When you connect via TOR you’re connecting via a series of virtual tunnels rather than connecting directly to the source. This makes it a lot harder to track the origin of the connection. If you’re interested in learning more about it then be sure to head over to the TOR project’s website.

The Raspberry Pi provides a very cheap and power efficient way of setting up a TOR access point, it also has the added bonus of being incredibly easy to move around, meaning you can take your TOR access point with you anywhere you go.

Equipment List

You can find all the recommended pieces of equipment for this Raspberry Pi TOR access point tutorial right below.

Recommended:

Raspberry Pi

Micro SD Card or a SD card if you’re using an old version of the Pi.

Ethernet Connection

Wifi dongle (The Pi 3 has WiFi inbuilt)

Optional:

Raspberry Pi Case

Setting up the TOR Access Point

To setup our TOR Access Point you will first had to of followed our wireless access point tutorial, as this will set up your Raspberry Pi perfectly for this tutorial.

1. We need to first make sure we are running up to date software before we setup our TOR Access Point. To do this we can run the following two lines in the terminal.

sudo apt-get update
sudo apt-get upgrade

2. With the Raspberry Pi now freshly updated we can get along with installing TOR itself, this is easily done by running the following command into terminal.

sudo apt-get install tor -y

3. Now that we have installed TOR itself, let’s begin by modifying its configuration, lets open up the file for this command:

sudo nano /etc/tor/torrc

4. To this file, add the following configurations just under the FAQ notice. This will configure TOR to run on port 9050 and port 53.

Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.220.1
DNSPort 53
DNSListenAddress 192.168.220.1

Now we can save and quit out of the file by pressing Ctrl +X then Y and then Enter.

5. With TOR now set up, we need to flush the iptables, we can do this by running the following two commands:

sudo iptables -F
sudo iptables -t nat -F

6. With the IPTables now flushed we can now install our new IP Tables. This will route all the traffic incoming from the wlan0 connection through to our TOR connection that is running through port 53. The first line will add an exception for port 22 since we need that to be able to SSH to the Raspberry Pi.

sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040

If you need to check that the IP tables have been correctly entered you can use the following command.

sudo iptables -t nat -L


7. With our new iptables rules in place we will want to store this into the file we set up in our wireless access point, this will ensure the new IP Tables are loaded instead.

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

8. Now lets create our log file, this will be handy for tracking problems. To do so, run the following commands.

sudo touch /var/log/tor/notices.log
sudo chown debian-tor /var/log/tor/notices.log
sudo chmod 644 /var/log/tor/notices.log

9. We can check to see if the log file has now been created and permissions set correctly by utilizing the following command.

ls -l /var/log/tor

10. Now we can finally fire up the TOR service.

sudo service tor start

11. With the TOR service started we can check that the service is running by using the following command, if anything has gone wrong you will see a big FAIL notice appear.

sudo service tor status

12. Now finally, let’s make the TOR service start on boot, this will ensure that the traffic will always be routed through it. Do this with the following command.

sudo update-rc.d tor enable

If TOR isn’t really taking your fancy then there are plenty of alternatives. The one I use almost daily is a simple Raspberry Pi VPN router that spawns a WiFi access point that you’re able to connect to. Once connected you’re on the VPN and your origin is hidden.

Hopefully by now you should have a fully operational Raspberry Pi TOR Access Point. If you run into issues whilst doing this tutorial or have some feedback that you would like to share then please don’t hesitate to leave a comment below.

The Raspberry Pi Crash Course

The Raspberry Pi Crash Course

Enter your email address below to get the

Raspberry Pi crash course delivered straight to your inbox

Please check your inbox for a confirmation email!