| Name | Tor Hotspot |
|---|---|
| Description | Build a WiFi AP which tunnels TCP connections through Tor |
| Status | Concluded |
| Contact | virii |
| Participants: | virii |
Want a Tor Router out of a raspberry pi?! Well here we go!
Hardware
We need the following:
- Raspberry Pi (Modell B, REV1 or REV2) ~40€
- A case for our Pi ~10€
- Transcend Extreme-Speed SDHC 16GB SDCARD ~12€
- Micro-USB 5V 1500mA Power Supply ~4€
- LAN Cable ~1€
- TP-Link TL-WN722N Wireless adapter ~12€
- D-Link DUB-H4 USB HUB ~18€
Makes a total of ~97€ for a ready-to-go Tor Hotspot. (amazon prices!)
Setup
Prepare the SDCard with the latest version of Raspbian.
wget -O /tmp/raspbian.img http://downloads.raspberrypi.org/raspbian_latest
dd if=/tmp/raspbian.img of=/dev/<YOUR SDCARD> bs=4M
- Plug the SDcard into the Pi
- Connect it with the LAN cable to your router/switch
- Connect the Pi with an HDMI cable to a monitor
- Connect the USB Hub to the Pi.
- On the HUB, connect an USB Keyboard and the Wireless adapter.
- Connect the USB Hub and the Pi to their power supplies and fire it all up.
Config
When raspi-config opens, tell it to expand the filesystem to the full size of your SDcard.
Next, go and enable the SSH daemon. Now you can change the hostname to something like "TorRouter".
Switch to the root user!
sudo su
Install Hostapd (does the Hotspot/Access Point) stuff, the DCHP server and Tor.
apt-get update && apt-get install isc-dhcp-server tor
For our setup we must compile Hostapd by hand as our TP-Link TL-WN722N uses a driver that's not enabled by the default raspbian hostapd.
apt-get install libssl-dev libnl-dev
wget http://w1.fi/releases/hostapd-2.0.tar.gz
tar xzvf hostapd-2.0.tar.gz
cd hostapd-2.0/hostapd
cp defconfig .config
nano .config
Uncomment the following line
#CONFIG_DRIVER_NL80211=y
Compile it!
make
make install
Edit dhcpd.conf
nano /etc/dhcp/dhcpd.conf
Comment the following lines out
# option domain-name "example.org";
# option domain-name-servers ns1.example.org, ns2.example.org;
Uncomment the following line
# authoritative;
Now add the following block of lines to the config (at the end of the file)
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.50;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.8.4;
}
Edit /etc/default/isc-dhcp-server
nano /etc/default/isc-dhcp-server
Change the INTERFACES value to this
INTERFACES=wlan0
Now open /etc/network/interfaces and edit it to the following lines
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug wlan0
#iface wlan0 inet manual
#wpa-roam /etc/wpa_supplicant/wpa_upplicant.conf
#iface default inet dhcp
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
Enable wlan0
ifup wlan0
Now we create /etc/hostapd/hostapd.conf
nano /etc/hostapd/hostapd.conf
Fill it with the following lines
interface=wlan0
driver=nl80211
ssid=TorRouter
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=YOURSECRETPASSWORDGOESHERE
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
Enable DAEMON mode in hostapd.
nano /etc/default/hostapd
Edit it
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Now we need to download some more firmware for the chipset on our TP-Link
wget -O /etc/driver/htc_9271.fw http://wireless.kernel.org/download/htc_fw/1.3/htc_9271.fw
Go ahead and start the 2 services!
service hostapd start
service isc-dhcp-server start
Enable autostart
update-rc.d hostapd enable
update-rc.d isc-dhcp-server enable
Add the following line to /etc/sysctl.conf
net.ipv4.ip_forward=1
Activate the changement
sysctl -p
Delete any old IPtables rule (if any)
iptables -F
iptables -t nat -F
Add the following ip-forwarding rules
iptables -t nat -A PREROUTING -i wlan0 -p tcp –dport 22 -j REDIRECT –to-ports 22
iptables -t nat -A PREROUTING -i wlan0 -p udp –dport 53 -j REDIRECT –to-ports 53
iptables -t nat -A PREROUTING -i wlan0 -p tcp –syn -j REDIRECT –to-ports 9040
iptables-save > /etc/iptables.ipv4.nat
Add the following line to /etc/network/interfaces but after a newline.
up iptables-restore /etc/iptables.ipv4.nat
Config Tor! Add the following lines after this line ## https://www.torproject.org/docs/faq#torrc
Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion, .exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.42.1
DNSPort 53
DNSListenAddress 192.168.42.1
Start Tor
service tor start
Enable Tor in autostart
update-rc.d tor enable
Now your Hotspot is ready to be used!
Go ahead and connect to it. Then go to https://check.torproject.org. It will tell you that you are using Tor!
Have fun with it!
Buyable solutions
If you want to buy a package with everything you need then have a look at Adafruit. But you still need do configure everything by your own!
Costs: $94.95