Jump to content

Raspberry Pi: TOR config problem


Éd_D
 Share

Recommended Posts

Hi Everybody,

 

I hope this topic is the good one for my problem…

I use a raspberry Pi 3B as small wireless router :

    1.    'eth0' interface is using 'dhcpcd' for the WAN connection;
    2.    'wlan0' interface is running with 'hostapd'  and 'dnsmasq' as a hotspot;
    3.    the rule 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' allows routing…

Everything is ok, but not secure…

Next step: 

I want to use Tor as a tunnel and change the routing rule as 'iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE'…

root@raspberry:~# apt-get update
[…]
root@raspberry:~# apt-get upgrade
[…]
root@raspberry:~# apt-get install tor
[…]
root@raspberry:~# ps xa
[…]
 1064 ?        Ss     0:06 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
[…]
root@raspberry:~# 

Tor is running…
The 'ifconfig' command shows 'eth0', 'lo' and 'wlan0' interfaces but there is no 'tun0' interface on my RPI!

I think, Tor is not using a 'tun0' interface because it is not a daemon (client mode) with the option "--Run AsDaemon 0".

root@raspberry:~# cat /usr/share/tor/tor-service-defaults-torrc
DataDirectory /var/lib/tor
PidFile /run/tor/tor.pid
RunAsDaemon 1
User debian-tor

ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck
ControlSocketsGroupWritable 1
SocksPort unix:/run/tor/socks WorldWritable
SocksPort 9050

CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /run/tor/control.authcookie

Log notice syslog
root@raspberry:~# grep ^[^#] /etc/tor/torrc
root@raspberry:~# 

As all lines in the the '/etc/tor/torrc' are commented, I have uncommented the 'RunAsDaemon 1' line.

After Tor restarts, nothing has changed :

root@raspberry:~# ps xa
[…]
 3223 ?        Ss     0:12 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
[…]
root@raspberry:~# 

I can't understand where this '--RunAsDaemon 0' is coming from!

I have not found any information about that, neither on raspbian site, nor on torproject site.

Have you an idea?

Something to read?

 

Regards,

 

Éd. D.
 

Edited by Éd_D
Link to comment
Share on other sites

root@raspberry:~# cat /etc/systemd/system/multi-user.target.wants/tor.service
# This service is actually a systemd target,
# but we are using a service since targets cannot be reloaded.

[Unit]
Description=Anonymizing overlay network for TCP (multi-instance-master)

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecReload=/bin/true

[Install]
WantedBy=multi-user.target

root@raspberry:~# 

WTF

root@raspberry:~# find / -name tor.service 
/etc/systemd/system/multi-user.target.wants/tor.service
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/tor.service
/usr/lib/systemd/system/tor.service
/sys/fs/cgroup/pids/system.slice/tor.service
/sys/fs/cgroup/devices/system.slice/tor.service
/sys/fs/cgroup/systemd/system.slice/tor.service
/sys/fs/cgroup/unified/system.slice/tor.service
root@raspberry:~# ls -l /etc/systemd/system/multi-user.target.wants/tor.service \
> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/tor.service \
> /usr/lib/systemd/system/tor.service /sys/fs/cgroup/pids/system.slice/tor.service \
> /sys/fs/cgroup/devices/system.slice/tor.service \
> /sys/fs/cgroup/systemd/system.slice/tor.service \
> /sys/fs/cgroup/unified/system.slice/tor.service
lrwxrwxrwx 1 root root  31 Aug  9 22:39 /etc/systemd/system/multi-user.target.wants/tor.service -> /lib/systemd/system/tor.service
-rw-r--r-- 1 root root 312 Jun 18 08:27 /usr/lib/systemd/system/tor.service
-rw-r--r-- 1 root root   0 Aug  8 22:09 /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/tor.service

/sys/fs/cgroup/devices/system.slice/tor.service:
total 0
-rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.clone_children
-rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.procs
--w------- 1 root root 0 Aug  9 22:39 devices.allow
--w------- 1 root root 0 Aug 10 14:08 devices.deny
-r--r--r-- 1 root root 0 Aug 10 14:08 devices.list
-rw-r--r-- 1 root root 0 Aug 10 14:08 notify_on_release
-rw-r--r-- 1 root root 0 Aug 10 14:08 tasks

/sys/fs/cgroup/pids/system.slice/tor.service:
total 0
-rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.clone_children
-rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.procs
-rw-r--r-- 1 root root 0 Aug 10 13:53 notify_on_release
-r--r--r-- 1 root root 0 Aug 10 13:53 pids.current
-r--r--r-- 1 root root 0 Aug 10 13:53 pids.events
-rw-r--r-- 1 root root 0 Aug  9 22:39 pids.max
-rw-r--r-- 1 root root 0 Aug 10 13:53 tasks

/sys/fs/cgroup/systemd/system.slice/tor.service:
total 0
-rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.clone_children
-rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.procs
-rw-r--r-- 1 root root 0 Aug 10 13:53 notify_on_release
-rw-r--r-- 1 root root 0 Aug 10 13:53 tasks

/sys/fs/cgroup/unified/system.slice/tor.service:
total 0
-r--r--r-- 1 root root 0 Aug 10 14:08 cgroup.controllers
-r--r--r-- 1 root root 0 Aug  9 22:39 cgroup.events
-rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.freeze
-rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.max.depth
-rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.max.descendants
-rw-r--r-- 1 root root 0 Aug  9 22:39 cgroup.procs
-r--r--r-- 1 root root 0 Aug 10 14:08 cgroup.stat
-rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.subtree_control
-rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.threads
-rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.type
-r--r--r-- 1 root root 0 Aug 10 14:08 cpu.stat
root@raspberry:~# 

Oh, my God!

What are these directories and empty files???

Link to comment
Share on other sites

👍 You are my saviour! 😉

root@raspberry:~#  find / -name tor@default.service
/run/systemd/generator/tor.service.wants/tor@default.service
/usr/lib/systemd/system/tor@default.service
/sys/fs/cgroup/pids/system.slice/system-tor.slice/tor@default.service
/sys/fs/cgroup/devices/system.slice/system-tor.slice/tor@default.service
/sys/fs/cgroup/systemd/system.slice/system-tor.slice/tor@default.service
/sys/fs/cgroup/unified/system.slice/system-tor.slice/tor@default.service
root@raspberry:~# ls -l /run/systemd/generator/tor.service.wants/tor@default.service
lrwxrwxrwx 1 root root 39 Feb 14  2019 /run/systemd/generator/tor.service.wants/tor@default.service -> /lib/systemd/system/tor@default.service
root@raspberry:~# grep RunAsDaemon /usr/lib/systemd/system/tor@default.service
ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config
ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
root@raspberry:~# 

Thank you.

The next step now is a 'tun0'  interface with Tor…

Link to comment
Share on other sites

I did some reading... and I realized that Tor does not work like a traditional VPN that I have been using until now!

Tor does not use a dedicated interface like "tun0". Tor encrypts and forwards what it receives on port 9001 to the "next relay".

Also, the command "iptables -t nat -A POSTROUTING -o lo --destination-port 9001 -j MASQUERADE" is not correct.
There is something somewhere that I do not understand.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...