Dedicated TOR Router

[espinobj]

So I have had the issue recently of wanting TOR on all my computers in the home... 5 computers later I realized not all programs utilized TOR for the internet connection such as program updates etc. I would like everything via TOR. Then I had a hell of a time trying to figure out how to rout EVERYTHING through TOR.

Then It hit me. A dedicated TOR router.

Idea: I have an extra desktop. Two network cards and a base knowledge of Linux, you guys, and Google.

Then I hit a snag. I'm not actually sure how to do this and I'm not sure where to start my research.

I would like to turn this computer into a dedicated router and firewall. The firewall will be for another day and I don't see an issue getting that going.

I would like all traffic to come into eth0 -> TOR -> eth1 -> Internet- on TOR network

Please correct me but I was thinking of setting my other computers default gateway to the router. Then I had no idea what to do from there. Any help or ideas would be greatly appreciated!!!

[digip]

If you have DD-WRT you can use TorGuard to route everything over TOR, but know, that once its done, all traffic over TOR, will be hella slow. Personally, I would use a VPN, because 1, you own the connection, and speeds are much faster, and 2, you're not a link in the TOR chain, ie: not an exit node for someone else, which is how TOR works unless you configure not to be an exit node. Someone abusing a site, from your exit node, they would come after you, not the person using the TOR client, but the person running the exit node, which your router would become if you set it up in this manner. TOR Exit nodes are easy to find, and they publish a list of all exit nodes, so weigh the pros and cons and make your choice, but personally I only use TOR, when I am on the road or such and don't have access to my VPN, I keep something like Tails, the live linux TOR distro on hand for safe web surfing(somewhat safer anyway).

VPN access would be a better solution, although its not a free one such as TOR. I do not know it TorGuard is a pay for download though, pretty sure its free just like TOR is, so do what you think is best and most secure. I use a VPN and my speeds are generally faster than when not on it, as where any time I have ever used TOR, its always been pretty much like dial up speeds, and only for specific surfing needs, and not meant for large file transfers, etc.

Edited August 4, 2013 by digip

[Lost In Cyberia]

The thing is, how do you honestly know what vpn's offer true anonymity? Sure they can say so on their website, but you know if they have have back doors, are secretly logging traffic. Is openvpn any good?

[digip]

OpenVPN is pretty much what I use, but thats the client software I use. The VPN is a paid service I use. As for anonymity, as I mentioned above, TOR exit nodes can be tracked whats going across them, and even sniffed if authorities own one you route through using regular TOR. It has been known for a while, even .onion sites, can be seen via the web through other services as well, so pretty much anything you do online, in inherently not anonymous. Unless its a tunnel you own between you and another node or friend with direct connect, you're always at the mercy of the service you use, including TOR itself, but its better than nothing.

[jermsmit]

I originally preformed similar steps to setup a raspberry pi for this reason, later using a very tiny Ubuntu server install.
http://jermsmit.com/my-quick-tor-socks-web-proxy/

info below:

Using a clean Ubuntu / or / Debian installation (recommended, not necessary) add the following repositories to /etc/apt/sources.list: deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main

to figure out the name of your distribution. A quick command to run is lsb_release –c (Ubuntu) or cat /etc/debian_version (Debian)

Next add the gpg key that was used to sign the TOR packages: gpg –keyserver keys.gnupg.net –recv 886DDD89

Then, type sudo apt-get install deb.torproject.org-keyring

Next type sudo apt-get update

Next type apt-get install tor

Once completed TOR will be installed and listening on port 9050 on 127.0.0.1 of the host. You will need to modify the following file /etc/tor/torrc and add your servers address and SOCKS Port to listen on.

Once completed you can restart the tor service and test remotely with a machine on your network; assign a web browser the SOCKS proxy info for your server and test with: https://check.torproject.org/ if all working you will be notified that you are on the TOR network.

But what if you don’t want to use SOCKS or an application / device doesn’t have a configuration for SOCKS proxy? Well I encounter this same thing and there is a fix for that.

Using privoxy you can proxy your data via the computers current network, a VPN tunnel and in our case a SOCKS proxy.

Back onyour server type sudo apt-get update , then sudo apt-get install privoxy

Once installed you will need to edit the following file: /etc/privoxy/config

You need to:

add a listen address and port for your client machines to use.

you need to setup a forward-socks5 connection, something like: forward-socks5 / 127.0.0.1:9050

Restart the privoxy server and your good to test. As we did above, setup your web browser with the proxy settings and check the following address https://check.torproject.org/ all should be working and you have an always on TOR Network proxy.