Use Rapsberry Pi as Tor relay with desktop computer

Question

I know this is possible to make an WiFi Tor Router with a Raspberry Pi

cf : http://www.instructables.com/id/Raspberry-Pi-Tor-relay/

But I'm trying to make the same thing for desktop computer using RJ45 cables.

I think I can use the same logic as the WiFi Tor relay config but I really don't know how to links my Internet router, my Raspberry Pi and my wired things (computeur, nas, printer, ...)

I thought doing something like this

Router --> RPi --> Switch --> Computeur, nas, ...

THe problem is, there only one RJ45 port on a RPi, I thought to use a USB to RJ45 port or something like that.

Did something should work ? Have you a better solution or do you already make something like this ?

Answer 1

You linked to a very outdated tutorial on how to setup a Tor relay not a Tor proxy. From your question, I'm gathering that you want to set up a black box that you connect through to get all your network traffic routed over the Tor network. That's a Tor proxy. There is a good diagram on that tutorial which shows how Tor networking works. The three nodes between the two users are each relays. The diagram does not clearly indicate the proxies, but both of the users have a proxy on their computer. You are talking about making a Pi operate as a separate Tor proxy.

Now, with semantics out of the way we can get on with hardware concerns. I see three options:

1. Raspberry Pi 3 has built-in Wifi and Bluetooth, so you could make it a Wifi hotspot or setup Bluetooth tethering to allow other devices to connect.
2. You could purchase a USB to Ethernet adapter and daisy-chain the Pi between two devices.
3. If you aren't conserned about local snooping, you can just connect the Pi to the same router the other devices connect to. You won't be able to use the Pi to prevent leaks though.

After hardware is covered, now you need to install the onion router and enable it to accept connections from other devices (which is disabled by default):

1. Install Tor on the Pi. There is an Adafruit tutorial at https://learn.adafruit.com/onion-pi/overview which describes the steps, starting with basic install commands.

   sudo apt-get update
   sudo apt-get install tor
   

2. There are many complex things you can do with tor, but just insert this configuration into /etc/tor/torrc to start.

   # You can choose to log or not with the following line.
   Log notice file /var/log/tor/notices.log
   # The VirtualAddrNetwork specifies a private IP range
   # which tor can route onion addresses to
   VirtualAddrNetwork 10.192.0.0/10
   AutomapHostsSuffixes .onion,.exit
   AutomapHostsOnResolve 1
   # TransPort specifies a transparent proxy port.
   # You can use it to transparently route network traffic through tor.
   # That's an advanced subject which uses iptables rules.
   TransPort 9040
   TransListenAddress 192.168.X.Y
   # Tor has it's own DNS server, which is how it connects onion
   # addresses to IP addresses. Leaks are easy to miss when DNS slips
   # over to your ISP's DNS servers.
   DNSPort 53
   DNSListenAddress 192.168.X.Y
   DNSListenAddress 127.0.0.1
   # The standard way to connect to tor is through a SOCKS proxy connection.
   # This is how you specify the SOCKS port number.
   SocksPort 9050
   # If you want other devices to connect to the Pi's tor proxy,
   # you must specify the IP address of the network adapter to
   # listen for connections on.
   SocksListenAddress 192.168.X.Y:9100
   # Always listen on localhost.
   SocksListenAddress 127.0.0.1
   # SocksPolicy allows you to restrict which external devices are
   # allowed to connect through this proxy. First matching pattern
   # takes the cake, which is why the wildcard reject statement is last.
   SocksPolicy accept 192.168.X.0/24
   # You should allow local connections too.
   SocksPolicy accept 127.0.0.1
   # Reject strangers who try to connect
   SocksPolicy reject *
   

3. Restart tor

   sudo systemctl restart tor
   

4. Configure other devices to use the Pi as their SOCKS5 proxy.