Éd_D Posted August 10, 2021 Share Posted August 10, 2021 Hi Everybody, I hope this topic is the good one for my problem… I use a raspberry Pi 3B as small wireless router : 1. 'eth0' interface is using 'dhcpcd' for the WAN connection; 2. 'wlan0' interface is running with 'hostapd' and 'dnsmasq' as a hotspot; 3. the rule 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' allows routing… Everything is ok, but not secure… Next step: I want to use Tor as a tunnel and change the routing rule as 'iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE'… root@raspberry:~# apt-get update […] root@raspberry:~# apt-get upgrade […] root@raspberry:~# apt-get install tor […] root@raspberry:~# ps xa […] 1064 ? Ss 0:06 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 […] root@raspberry:~# Tor is running… The 'ifconfig' command shows 'eth0', 'lo' and 'wlan0' interfaces but there is no 'tun0' interface on my RPI! I think, Tor is not using a 'tun0' interface because it is not a daemon (client mode) with the option "--Run AsDaemon 0". root@raspberry:~# cat /usr/share/tor/tor-service-defaults-torrc DataDirectory /var/lib/tor PidFile /run/tor/tor.pid RunAsDaemon 1 User debian-tor ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck ControlSocketsGroupWritable 1 SocksPort unix:/run/tor/socks WorldWritable SocksPort 9050 CookieAuthentication 1 CookieAuthFileGroupReadable 1 CookieAuthFile /run/tor/control.authcookie Log notice syslog root@raspberry:~# grep ^[^#] /etc/tor/torrc root@raspberry:~# As all lines in the the '/etc/tor/torrc' are commented, I have uncommented the 'RunAsDaemon 1' line. After Tor restarts, nothing has changed : root@raspberry:~# ps xa […] 3223 ? Ss 0:12 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 […] root@raspberry:~# I can't understand where this '--RunAsDaemon 0' is coming from! I have not found any information about that, neither on raspbian site, nor on torproject site. Have you an idea? Something to read? Regards, Éd. D. Link to comment Share on other sites More sharing options...
chrizree Posted August 10, 2021 Share Posted August 10, 2021 Check your Tor service file(s). --RunAsDaemon 0 overrides any setting in files. Link to comment Share on other sites More sharing options...
Éd_D Posted August 10, 2021 Author Share Posted August 10, 2021 root@raspberry:~# cat /etc/systemd/system/multi-user.target.wants/tor.service # This service is actually a systemd target, # but we are using a service since targets cannot be reloaded. [Unit] Description=Anonymizing overlay network for TCP (multi-instance-master) [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true ExecReload=/bin/true [Install] WantedBy=multi-user.target root@raspberry:~# ❓❓❓WTF root@raspberry:~# find / -name tor.service /etc/systemd/system/multi-user.target.wants/tor.service /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/tor.service /usr/lib/systemd/system/tor.service /sys/fs/cgroup/pids/system.slice/tor.service /sys/fs/cgroup/devices/system.slice/tor.service /sys/fs/cgroup/systemd/system.slice/tor.service /sys/fs/cgroup/unified/system.slice/tor.service root@raspberry:~# ls -l /etc/systemd/system/multi-user.target.wants/tor.service \ > /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/tor.service \ > /usr/lib/systemd/system/tor.service /sys/fs/cgroup/pids/system.slice/tor.service \ > /sys/fs/cgroup/devices/system.slice/tor.service \ > /sys/fs/cgroup/systemd/system.slice/tor.service \ > /sys/fs/cgroup/unified/system.slice/tor.service lrwxrwxrwx 1 root root 31 Aug 9 22:39 /etc/systemd/system/multi-user.target.wants/tor.service -> /lib/systemd/system/tor.service -rw-r--r-- 1 root root 312 Jun 18 08:27 /usr/lib/systemd/system/tor.service -rw-r--r-- 1 root root 0 Aug 8 22:09 /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/tor.service /sys/fs/cgroup/devices/system.slice/tor.service: total 0 -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.clone_children -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.procs --w------- 1 root root 0 Aug 9 22:39 devices.allow --w------- 1 root root 0 Aug 10 14:08 devices.deny -r--r--r-- 1 root root 0 Aug 10 14:08 devices.list -rw-r--r-- 1 root root 0 Aug 10 14:08 notify_on_release -rw-r--r-- 1 root root 0 Aug 10 14:08 tasks /sys/fs/cgroup/pids/system.slice/tor.service: total 0 -rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.clone_children -rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.procs -rw-r--r-- 1 root root 0 Aug 10 13:53 notify_on_release -r--r--r-- 1 root root 0 Aug 10 13:53 pids.current -r--r--r-- 1 root root 0 Aug 10 13:53 pids.events -rw-r--r-- 1 root root 0 Aug 9 22:39 pids.max -rw-r--r-- 1 root root 0 Aug 10 13:53 tasks /sys/fs/cgroup/systemd/system.slice/tor.service: total 0 -rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.clone_children -rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.procs -rw-r--r-- 1 root root 0 Aug 10 13:53 notify_on_release -rw-r--r-- 1 root root 0 Aug 10 13:53 tasks /sys/fs/cgroup/unified/system.slice/tor.service: total 0 -r--r--r-- 1 root root 0 Aug 10 14:08 cgroup.controllers -r--r--r-- 1 root root 0 Aug 9 22:39 cgroup.events -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.freeze -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.max.depth -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.max.descendants -rw-r--r-- 1 root root 0 Aug 9 22:39 cgroup.procs -r--r--r-- 1 root root 0 Aug 10 14:08 cgroup.stat -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.subtree_control -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.threads -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.type -r--r--r-- 1 root root 0 Aug 10 14:08 cpu.stat root@raspberry:~# Oh, my God! What are these directories and empty files??? Link to comment Share on other sites More sharing options...
chrizree Posted August 10, 2021 Share Posted August 10, 2021 Check the tor@default.service Link to comment Share on other sites More sharing options...
Éd_D Posted August 10, 2021 Author Share Posted August 10, 2021 👍 You are my saviour! 😉 root@raspberry:~# find / -name tor@default.service /run/systemd/generator/tor.service.wants/tor@default.service /usr/lib/systemd/system/tor@default.service /sys/fs/cgroup/pids/system.slice/system-tor.slice/tor@default.service /sys/fs/cgroup/devices/system.slice/system-tor.slice/tor@default.service /sys/fs/cgroup/systemd/system.slice/system-tor.slice/tor@default.service /sys/fs/cgroup/unified/system.slice/system-tor.slice/tor@default.service root@raspberry:~# ls -l /run/systemd/generator/tor.service.wants/tor@default.service lrwxrwxrwx 1 root root 39 Feb 14 2019 /run/systemd/generator/tor.service.wants/tor@default.service -> /lib/systemd/system/tor@default.service root@raspberry:~# grep RunAsDaemon /usr/lib/systemd/system/tor@default.service ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 root@raspberry:~# Thank you. The next step now is a 'tun0' interface with Tor… Link to comment Share on other sites More sharing options...
Éd_D Posted August 13, 2021 Author Share Posted August 13, 2021 I did some reading... and I realized that Tor does not work like a traditional VPN that I have been using until now! Tor does not use a dedicated interface like "tun0". Tor encrypts and forwards what it receives on port 9001 to the "next relay". Also, the command "iptables -t nat -A POSTROUTING -o lo --destination-port 9001 -j MASQUERADE" is not correct. There is something somewhere that I do not understand. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.