Raspberry Pi 3 TOR Access Point Router

Raspberry Pi 3 TOR Access Point Router.md

THIS GIST WON'T BE UPDATED ANY MORE (24/10/18)

Follow the progress of this project here 3os.org Raspberry Pi 3 TOR Access Point Router Project

Network: Router RJ45 <--> Ethernet Port on Raspberry <--> TOR <--> Raspberry WIFI AC <--> WIFI CLIENT

# -- Download Rasbian Strech Lite from: https://www.raspberrypi.org/downloads/raspbian/
# -- Burn Image to SD-Card. 
# -- Boot Raspberry Pi 3. 

sudo apt-get update && sudo apt-get upgrade && sudo apt-get install git 
sudo raspi-config
# -- Change User Password
# -- Enable SSH In Interface Options
sudo reboot

# SSH TO Raspberry Pi 3

git clone https://github.com/unixabg/RPI-Wireless-Hotspot.git
cd RPI-Wireless-Hotspot
sudo ./install

# -- "Y" to agree to terms
# -- "Y" to use preconfigured DNS
# -- "Y" to use Unblock-Us DNS servers
# -- "N" for WiFi defaults
# -- Type in a new WiFi password (it will be checked)
# -- Type in a new SSID
# -- Type in your desired WiFi channel (1, 6, 11)
# -- Type "N" when asked - "Are you using a rtl871x chipset?" -- 
# -- Type "N" for chromecast support (unless you plan to use a chromecast w/RasTor)

sudo reboot
sudo apt-get update && sudo apt-get upgrade

# -- Connect to Your new SSID with a Phone and check if you have full Internet Connection.

sudo apt-get install tor
sudo nano /etc/tor/torrc

# -- Add the following just below the first set of comments:

Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.42.1
DNSPort 53
DNSListenAddress 192.168.42.1

# -- iptable routes:

sudo iptables -F && sudo iptables -t nat -F
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040

# -- Check your routes:

sudo iptables -t nat -L

# -- if all routs looks like about:

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

# -- Create log file:

sudo touch /var/log/tor/notices.log 
sudo chown debian-tor /var/log/tor/notices.log && sudo chmod 644 /var/log/tor/notices.log

# -- Start TOR:

sudo service tor start

# -- Check to see if the service is running:

sudo service tor status

# -- Run TOR Service at Boot:

sudo update-rc.d tor enable
sudo reboot

# -- Test for TOR service is running after reboot, connect to the WIFI. 
# -- DONE -- #


# -- Optional: Install Monit Service to reload Tor Serivce if Down

sudo apt-get install monit
sudo nano /etc/monit/monitrc

# -- add those lines to the end of the config:

check process gdm with pidfile /var/run/tor/tor.pid
   start program = "/etc/init.d/tor start"
   stop program = "/etc/init.d/tor stop"
   
# -- realod and add Monit to startup
sudo monit reload
sudo update-rc.d monit enable

Hi fire1ce,
I have installed your setup to make my raspberry pi into a tor router. It works fine.
Now I want to route all my network trough openvpn over tor.
I installed openvpn and connected my own openvpn server. whenever I connect to openvpn, I can't access internet. When I stop the openvpn client, everything turns back working.
I think that some changes have to be done on Iptables or what else. I don't have enough knowledge :)
Can you help me for achieving my goal?
best regards

This is the only one of these configurations I have used that has actually worked - so good stuff from me! Just a note that the last but one line has reload spelt incorrectly.

This is the only one of these configurations I have used that has actually worked - so good stuff from me! Just a note that the last but one line has reload spelt incorrectly.
thanks about the "misspell" comment. ill change it right a way. by the way, you can follow my work at https://3os.org

Hi fire1ce,
I have installed your setup to make my raspberry pi into a tor router. It works fine.
Now I want to route all my network trough openvpn over tor.
I installed openvpn and connected my own openvpn server. whenever I connect to openvpn, I can't access internet. When I stop the openvpn client, everything turns back working.
I think that some changes have to be done on Iptables or what else. I don't have enough knowledge :)
Can you help me for achieving my goal?
best regards

hey! I been working on other protects lately. but i want to add openvpn support in the future, ill update on the progress, any way. follow my work a https://3os.org

hi
for fast speed add this command in torrc :
`# -- Add the following just below the first set of comments:

Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.42.1
DNSPort 53
DNSListenAddress 192.168.42.1
CircuitBuildTimeout 5
KeepalivePeriod 60
NewCircuitPeriod 15
NumEntryGuards 8
StrictNodes 1
ExitNodes {us},{uk},{ca},{fr},{de},{il},{ru},{nl},{gb},{hu}

UseBridges 1

ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/bin/obfs4proxy

Bridge obfs4 154.35.22.10:443 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0
Bridge obfs4 154.35.22.12:80 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0
Bridge obfs4 85.17.30.79:443 FC259A04A328A07FED1413E9FC6526530D9FD87A cert=RutxZlu8BtyP+y0NX7bAVD41+J/qXNhHUrKjFkRSdiBAhIHIQLhKQ2HxESAKZprn/lR3KA iat-mode=0
Bridge obfs4 37.218.245.14:38224 D9A82D2F9C2F65A18407B1D2B764F130847F8B5D cert=bjRaMrr1BRiAW8IE9U5z27fQaYgOhX1UCmOpg2pFpoMvo6ZgQMzLsaTzzQNTlm7hNcb+Sg iat-mode=0
Bridge obfs4 198.245.60.50:443 752CF7825B3B9EA6A98C83AC41F7099D67007EA5 cert=xpmQtKUqQ/6v5X7ijgYE/f03+l2/EuQ1dexjyUhh16wQlu/cpXUGalmhDIlhuiQPNEKmKw iat-mode=0
Bridge obfs4 38.229.33.83:80 0BAC39417268B96B9F514E7F63FA6FBA1A788955 cert=VwEFpk9F/UN9JED7XpG1XOjm/O8ZCXK80oPecgWnNDZDv5pdkhq1OpbAH0wNqOT6H6BmRQ iat-mode=1
Bridge obfs4 154.35.22.11:16488 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0
Bridge obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1
Bridge obfs4 154.35.22.11:443 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0
Bridge obfs4 154.35.22.9:443 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0
Bridge obfs4 37.218.240.34:40035 88CD36D45A35271963EF82E511C8827A24730913 cert=eGXYfWODcgqIdPJ+rRupg4GGvVGfh25FWaIXZkit206OSngsp7GAIiGIXOJJROMxEqFKJg iat-mode=1
Bridge obfs4 83.212.101.3:50002 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0
Bridge obfs4 154.35.22.13:443 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0
Bridge obfs4 154.35.22.11:80 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0
Bridge obfs4 109.105.109.165:10527 8DFCD8FB3285E855F5A55EDDA35696C743ABFC4E cert=Bvg/itxeL4TWKLP6N1MaQzSOC6tcRIBv6q57DYAZc3b2AzuM+/TfB7mqTFEfXILCjEwzVA iat-mode=1
Bridge obfs4 154.35.22.12:4304 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0
Bridge obfs4 109.105.109.147:13764 BBB28DF0F201E706BE564EFE690FE9577DD8386D cert=KfMQN/tNMFdda61hMgpiMI7pbwU1T+wxjTulYnfw+4sgvG0zSH7N7fwT10BI8MUdAD7iJA iat-mode=2
Bridge obfs4 38.229.1.78:80 C8CBDB2464FC9804A69531437BCF2BE31FDD2EE4 cert=Hmyfd2ev46gGY7NoVxA9ngrPF2zCZtzskRTzoWXbxNkzeVnGFPWmrTtILRyqCTjHR+s9dg iat-mode=1
Bridge obfs4 [2001:470:b381:bfff:216:3eff:fe23:d6c3]:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1
Bridge obfs4 154.35.22.9:12166 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0
Bridge obfs4 154.35.22.9:80 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0
Bridge obfs4 192.99.11.54:443 7B126FAB960E5AC6A629C729434FF84FB5074EC2 cert=VW5f8+IBUWpPFxF+rsiVy2wXkyTQG7vEd+rHeN2jV5LIDNu8wMNEOqZXPwHdwMVEBdqXEw iat-mode=0
Bridge obfs4 154.35.22.13:16815 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0
Bridge obfs4 154.35.22.10:80 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0
Bridge obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0

`

hello, i install this setup on my raspberry pi and it works fine. i want raspi to use Tor as a client while connecting to the internet with Ethernet cable. is there a set up for that raspi (that use Tor) be a client only or it can switch between AccessPoint mode and client mode?

All work perfect but cant access to .onion sites :(

.onion hidden services works with iptables rules:

-A PREROUTING -i wlan0 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -i wlan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
-A PREROUTING -i wlan0 -p tcp -d 10.192.0.0/10 -j REDIRECT --to-port 9040

Hello! Great guide but i keep getting the same problem and i cannot fix it!
The status keep saying
active: active (exited)

Can you please help me....

Hello! Great guide but i keep getting the same problem and i cannot fix it!
The status keep saying
active: active (exited)

Can you please help me....

follow updated guide:
TOR-Pi

The Guide was updated
follow updated guide:
TOR-Pi