How to setup a Raspberry Pi TOR Access Point

In this tutorial, we will be going through the steps on how to set up a basic Raspberry Pi TOR Access Point.

Raspberry Pi TOR access point

Before you get started with this tutorial, you must have already completed our wireless access point tutorial as this tutorial is an extension of that.

In this tutorial, we will show you how to download and install TOR as well as set it up in a way that we can redirect our wireless access point traffic through it. This setup will mean that any device that is connected to the Raspberry Pi’s wireless access point will automatically have its traffic pushed through the TOR Network.

For anyone who is entirely new to TOR then to explain it briefly, TOR is a network of volunteer servers that people can use to both help improve their privacy and security on the internet.

When you connect via TOR, you’re connecting via a series of virtual tunnels rather than connecting directly to the source. This setup makes it a lot harder to track the origin of the connection. If you’re interested in learning more about it, then be sure to head over to the TOR project’s website.

The Raspberry Pi provides a very cheap and power efficient way of setting up a TOR access point, and it also has the bonus of being incredibly easy to move around, meaning you can take your TOR access point with you anywhere you go.

Equipment List

You can find all the recommended pieces of equipment for this Raspberry Pi TOR access point tutorial right below.

Recommended

Optional

Setting up the TOR Access Point

To set up our TOR Access Point you will first have to of followed our wireless access point tutorial, as this will set up your Raspberry Pi correctly for this tutorial.

1. We need first to make sure we are running up to date software before we set up our TOR Access Point. To do this, we can run the following two lines in the terminal.

sudo apt update
sudo apt upgrade

2. With the Raspberry Pi now freshly updated we can get along with installing TOR itself, this is easily done by running the following command into the terminal.

sudo apt install tor -y

3. Now that we have installed TOR itself let’s begin by modifying its configuration, let’s open up the file in the nano text editor by entering the command below.

sudo nano /etc/tor/torrc

4. To this file, add the following configurations just under the FAQ notice. These lines will configure TOR to run on port 9050 and port 53.

Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.220.1
DNSPort 53
DNSListenAddress 192.168.220.1

Now we can save and quit out of the file by pressing Ctrl +X then Y and then Enter.

5. With TOR now set up, we need to flush the iptables, and we can do this by running the following two commands:

sudo iptables -F
sudo iptables -t nat -F

6. With the IPTables now flushed we can now install our new IPTables. This setup will route all the traffic incoming from the wlan0 connection through to our TOR connection that is running through port 53. The first line will add an exception for port 22 since we need that to be able to SSH to the Raspberry Pi.

If you have upgraded to Raspbian Stretch, then wlan0 may need to be changed. Use the ifconfig command to see what the new names are, they’re likely quite long and will contain the MAC address.

sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040

If you need to check that the IPtables have been correctly entered you can use the following command.

sudo iptables -t nat -L

7. With our new iptables rules in place we will want to store this into the file we set up in our wireless access point, this will ensure the new IP Tables are loaded instead.

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

8. Now let’s create our log file, and this will be handy for tracking problems. To do so, run the following commands.

sudo touch /var/log/tor/notices.log
sudo chown debian-tor /var/log/tor/notices.log
sudo chmod 644 /var/log/tor/notices.log

9. We can check to see if the log file has now been created and permissions set correctly by utilizing the following ls command.

ls -l /var/log/tor

10. Now we can finally fire up the TOR service.

sudo service tor start

11. With the TOR service started we can check that the service is running by using the following command, if anything has gone wrong you will see a big FAIL notice appear.

sudo service tor status

12. Now finally, let’s make the TOR service start on boot, this will ensure that the traffic will always be routed through it. Do this with the following command.

sudo update-rc.d tor enable

If TOR isn’t really taking your fancy, then there are plenty of alternatives. The one I use almost daily is a simple Raspberry Pi VPN router that spawns a WiFi access point that you’re able to connect to. Once connected you’re on the VPN, and your origin is hidden.

Hopefully, by now you should have a fully operational Raspberry Pi TOR Access Point. If you run into issues while doing this tutorial or have some feedback that you would like to share, then please don’t hesitate to leave a comment below.

7 Comments

  1. Avatar for Jef
    Jef on

    FYI, the TransListenAddress and DNSListenAddress directives (deprecated in 0.2.9.2) no longer work and generate the following:

    [warn] Skipping obsolete configuration option ‘TransListenAddress’
    [warn] Skipping obsolete configuration option ‘DNSListenAddress’

    This leaves the transparent proxies bound to 127.0.0.1, which doesn’t work. The address bindings are now made using x.x.x.x:xxxx format for the Port directives. The config should be:

    Log notice file /var/log/tor/notices.log
    VirtualAddrNetwork 10.192.0.0/10
    AutomapHostsSuffixes .onion,.exit
    AutomapHostsOnResolve 1
    TransPort 192.168.220.1:9040
    DNSPort 192.168.220.1:53

    With that change, everything works great with current (2021-01-11) build of buster-lite.

    Thanks for the tutorial.

    1. Avatar for asdad
      asdad on

      Thanks for this!

  2. Avatar for Timo
    Timo on

    And now? What do i do, when TOR is installed on the Pi? 🙂

    How do i connect to it?

  3. Avatar for papi
    papi on

    Hello i have a problem with my server tor when i finished installing tor on raspberry pi when i sudo service tor status it wrote me the text below i wanted to know if you can help me?

    tor.service - LSB: The Onion Router daemon processes
    Loaded: loaded (/etc/init.d/tor)
    Active: failed (Result: exit-code) since game 2017-06-08 02:05:33 UTC; 22s ago
    Process: 976 ExecStart = / etc / init.d / tor start (code = exited, status = 1 / FAILURE)

    June 08 02:05:33 raspberrypi tor [976]: Starting tor daemon ... Jun 08 02: 05: 33.896 [warn] Could not bind to 192.168.42.1:53: Can not assign requested address
    June 08 02:05:33 raspberrypi tor [976]: Jun 08 02: 05: 33.897 [warn] Could not bind to 192.168.42.1:9040: Can not assign requested address
    June 08 02:05:33 raspberrypi tor [976]: Jun 08 02: 05: 33.901 [warn] Failed to parse / validate config: Failed to bind one of the listener ports.
    June 08 02:05:33 raspberrypi tor [976]: Jun 08 02: 05: 33.901 [err] Reading config failed - see warnings above.
    June 08 02:05:33 raspberrypi tor [976]: failed.
    June 08 02:05:33 raspberrypi systemd [1]: tor.service: control process exited, code = exited status = 1
    June 08 02:05:33 raspberrypi systemd [1]: Failed to start LSB: Starts The Onion Router daemon processes.
    June 08 02:05:33 raspberrypi systemd [1]: Unit tor.service entered failed state

    1. Avatar for Gus
      Gus on
      Editor

      Hi Papi,

      I have looked into this and think I have found the issue.

      Can you please try redoing step 4 but using the IP 192.168.220.1 instead.

    2. Avatar for papi
      papi on

      thanks it’s work! you are resolved my problem

  4. Avatar for Peter
    Peter on

    Very interested in project. However, being new at this, 2 questions. Will this be a tor replay? Also, will the Pi be dedicated online for tor or can I run other apps?

Leave a Reply

Your email address will not be published. Required fields are marked *