Setting up a Raspberry Pi as a Tor proxy allows you to anonymize your internet traffic and enhance privacy.
What is a Tor Proxy
A Tor proxy is a middleman between a client, such as a web browser, and a service, like a web server, that uses the Tor network to encrypt and anonymize internet traffic.
How it Works: When using a Tor proxy, the client sends a message to the proxy, which then passes the request through the Tor network, a series of volunteer-operated servers, before reaching the destination server. This process helps protect the user’s identity and location by making it difficult for the destination server to know who is making the request.
Comparison to Other Proxies: Unlike simple proxy providers, Tor proxy does not create a single point of failure, as the traffic is passed through at least three different servers, each with its own layer of encryption, making it harder for anyone to intercept and read the traffic.
Tor Proxy vs Traditional Proxies: Traditional proxies may see the user’s traffic and personal details, whereas Tor proxy ensures that each relay only sees the previous and next hop, not the entire path, providing better anonymity and privacy.
Accessing Onion Sites: Some Tor proxies allow users to access onion sites, which are websites that can only be accessed through the Tor network, without having to install Tor on their device.
Security Benefits: Using a Tor proxy can add an extra layer of security to web requests, as the traffic is encrypted and passed through multiple relays, making it more difficult for hackers or surveillance agencies to intercept and read the traffic.
This tutorial will guide you through the process step by step of setting this on a Raspberry Pi.
Requirements
- A Raspberry Pi (any model, though newer models are recommended for better performance. I used a raspberry Pi 4).
- Raspberry Pi OS (Lite version van be used and is sufficient).
- A microSD card (8GB or larger).
- Power supply and internet connection (Ethernet preferred, Wi-Fi is acceptable).
- Basic familiarity with Linux and networking.
Step 1: Prepare Your Raspberry Pi
Install Raspberry Pi OS
- Download and install Raspberry Pi Imager.
- Flash Raspberry Pi OS (Lite) to the microSD card.
- Enable SSH:
- After flashing, create a file named ssh (no extension) in the boot directory of the microSD card.
- Set up Wi-Fi (if not using Ethernet):
- Create a file named wpa_supplicant.conf in the boot directory and add:
country=US ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev update_config=1 network={ ssid="Your_SSID" psk="Your_PASSWORD" }Replace Your_SSID and Your_PASSWORD with your Wi-Fi credentials.
- Create a file named wpa_supplicant.conf in the boot directory and add:
- Insert the microSD card into the Raspberry Pi and power it on.
Access the Raspberry Pi
- Find the Pi's IP address using your router or a network scanner.
- SSH into the Pi:
ssh pi@<IP_ADDRESS>
Default username: pi, password: raspberry.
- Update and upgrade the system:
sudo apt update && sudo apt upgrade -y
Step 2: Install Tor
- Install the Tor package:
sudo apt install tor -y
- Check if Tor is running:
systemctl status tor
If it’s not running, start and enable it:
sudo systemctl start tor sudo systemctl enable tor
Step 3: Configure Tor as a Proxy
- Edit the Tor configuration file:
sudo nano /etc/tor/torrc
- Add or uncomment the following lines:
SocksPort 9050 SocksPolicy accept 192.168.0.0/16 ControlPort 9051 HashedControlPassword <hashed_password>
- Replace 192.168.0.0/16 with your local network range.
- The HashedControlPassword is optional if you want to control Tor with a password.
- Generate a hashed password for Tor (if using):
tor --hash-password YourPassword
Replace YourPassword with a secure password. Copy the hashed output and paste it into the HashedControlPassword line.
- Restart Tor to apply changes:
sudo systemctl restart tor
Step 4: Set Up iptables for Traffic Routing
- Enable IPv4 forwarding:
sudo nano /etc/sysctl.conf
Uncomment or add:
net.ipv4.ip_forward=1
Apply changes:
sudo sysctl -p
- Configure iptables for routing traffic through Tor:
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9050 sudo iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p tcp --dport 9050 -j ACCEPT sudo iptables -A OUTPUT -d 192.168.0.0/16 -o eth0 -j ACCEPT sudo iptables -A OUTPUT -j REJECT
- Save iptables rules:
sudo sh -c "iptables-save > /etc/iptables/rules.v4"
Step 5: Configure Your Network
Option 1: Use the Raspberry Pi as a Wi-Fi Access Point
- Install hostapd and dnsmasq:
sudo apt install hostapd dnsmasq -y
- Configure the access point (refer to a detailed Wi-Fi Access Point setup tutorial).
Option 2: Set the Raspberry Pi as a Network Gateway
Configure devices on your network to use the Raspberry Pi's IP address as their SOCKS5 proxy with port 9050.
Step 6: Test the Tor Proxy
- From a connected device, configure the SOCKS5 proxy:
- Proxy IP: Raspberry Pi's IP.
- Proxy Port: 9050.
- Test connectivity:
- Visit check.torproject.org to confirm traffic is routed through Tor.
Optional Enhancements
Monitor Tor Traffic
- Install nyx, a Tor monitoring tool:
sudo apt install nyx -y
Run:
nyx
Harden Security
- Change the default pi user password:
passwd
- Disable unnecessary services:
sudo systemctl disable bluetooth.service
Log Traffic
- Enable verbose logging in /etc/tor/torrc:
Log notice file /var/log/tor/notices.log
Troubleshooting
- Tor doesn’t start:
- Check logs:
sudo journalctl -xe | grep tor
- Check logs:
- No internet connection:
- Verify iptables rules and DNS configuration.
- Slow speeds:
- Tor inherently slows traffic for anonymity. Test with a wired connection for better performance.
By following this guide, you’ll have a Raspberry Pi functioning as a Tor proxy, providing anonymized internet traffic for connected devices.
If nothing else if you have never investigated Tor even the browser – I thoroughly recommend you do