TorPi - Raspberry Pi Tor Access Point🔗


Totally Wireless TorPi
Raspberry 2 Model B
2x Edimax N150 WiFi USB Adapters
Miracase 5x 5000mAh Power Bank
Hardware Support List:
Raspberry Model | Cable to WiFi | Cable/WiFi to WiFi |
---|---|---|
Raspberry 1 | 1 WiFi USB Adapters | 2x WiFi USB Adapters |
Raspberry 2 | 1 WiFi USB Adapters | 2x WiFi USB Adapters |
Raspberry 3 | --- | 1 WiFi USB Adapters |
Raspberry 4 | --- | 1 WiFi USB Adapters |
- Native Wifi Chipset Support
- Realtek 8188 (rtl8188cus)
- MediaTek RT5370
Update: This Guide Is Deprecated - Moved to TorBox🔗
Use TorBox Project
If you still need information form the original guide is hidden below:
Deprecated Guide Archive
Installing Headless Minimal Raspberry Pi OS🔗
Download Raspberry Pi OS Minimal image from: raspberrypi.org It's a headless os - Without GUI

Since we don't won't to use external screen or keyboard, we need to allow an SSH access to the Raspberry Pi OS on the first boot. After we created our bootable SD card we need to mount it and add a file called “ssh” inside a boot partition.
This will enable and start ssh daemon on pi at boot.

Insert the SD card and the Ethernet cable and boot your pi by connecting power.
At this point the pi should boot the new OS from the SD card and get a DHCP address.
Find the new address your pi just got from your dhcp server. You can do it inside your router's ui or use nmap tp find it on the network.
If you can't find the new address you can allows connect it to external screen and keyboard - use default credentials to login and 'ip addr' command SSH to the Raspberry Pi Default credentials: - User: pi - Password: raspberry Change the default password for the Pi user
passwd
sudo apt update && sudo apt full-upgrade -y
sudo raspi-config
torPi
sudo apt install -y net-tools curl wget traceroute htop
``
Reboot The Pi for the first time
```bash
sudo reboot
RaspAP WiFi Configuration Web Portal Installation🔗
Many thanks to billz for his project RaspAP We will use raspap-webgui package to Manage our WiFi connections with simple Web-ui Let's use the Quick Interactive RaspAP Install script
curl -sL https://install.raspap.com | bash
lighttpd root: /var/www/html? - Y
Complete installation with these values? - Y
Enable HttpOnly for session cookies (Recommended)? - Y
Enable RaspAP control service (Recommended)? = Y
Install ad blocking and enable list management? - n
Install OpenVPN and enable client configuration? - n
The system needs to be rebooted as a final step. Reboot now? - Y
Default SSID Information
SSID: raspi-webgui
IP address: 10.3.141.1
DHCP range: 10.3.141.50 to 10.3.141.255
Password: ChangeMe
Default WEB-UI Information
Web-Ui: [http://10.3.141.1/](http://10.3.141.1/){target=_blank}
Username: admin
Password: secret
For this guide we will use the default gateway address of **10.3.141.1** and the gateway **DHCP range**
Login to the Web-Ui: [http://10.3.141.1/](http://10.3.141.1/){target=\_blank}.
warning
Change the Default web-ui Credentials

Configuration with One Wireless Interface
If you raspberry pi as only **one wireless** interface the default RaspAP configuration of the host sport is great.
The only think you should to in the interface is to change the SSD, PSK

Configuration with Two Wireless Interface
If you raspberry pi as only two wireless interface we need to set
wlan1 as Hotspot
wlan0 as WiFi Client
Set the Hotspot with interface wlan1


Tor Service🔗
Install tor service
sudo apt install -y tor
sudo rm -rf /etc/tor/torrc
sudo nano /etc/tor/torrc
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 10.3.141.1:9040
TransListenAddress 10.3.141.1
DNSPort 10.3.141.1:53
DNSListenAddress 10.3.141.1
CircuitBuildTimeout 10
LearnCircuitBuildTimeout 0
MaxCircuitDirtiness 10

sudo systemctl start tor.service
sudo systemctl enable tor.service
sudo netstat -plnt

Bug
There is a bug that Tor Service won't load at boot because of all the interfaces changes.
The solution is to install **Monit**. Monit Will load the tor Tor Service as soon as it can.
It will also reload it if it will crash
### Install Monit
```bash
sudo apt install monit
sudo nano /etc/monit/monitrc
check process gdm with pidfile /var/run/tor/tor.pid
start program = "/etc/init.d/tor start"
stop program = "/etc/init.d/tor stop"
sudo systemctl restart monit
sudo systemctl enable monit
warning
Be Patient!!!
With my Pi2 full startup may take up to 3 minutes
Configure iptables firewall rules🔗
Its time to firewall the traffic to specific port - Allow port 22,80 from any interface to allow access to ssh and the web-ui - Route all DNS traffic from wlan1 to internal port 53 - Route all other wlan1 tcp traffic via tor proxy on port 9040
Bug
There is a bug that Raspap overwrites iptables rules at boot.
The solution is to install make a bash script with iptables rules
to Run on startup with delay of 30 seconds.
sudo nano /iptablesOnBoot.sh
Config for One Wireless Interface with Hotspot on wlan0
#!/bin/bash
sudo iptables -F && sudo iptables -t nat -F
sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 22
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 80
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
Config for Two Wireless Interface with Hotspot on wlan1
#!/bin/bash
sudo iptables -F && sudo iptables -t nat -F
sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 22
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 80
sudo iptables -t nat -A PREROUTING -i wlan1 -p udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i wlan1 -p tcp --syn -j REDIRECT --to-ports 9040
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
sudo chmod +x /iptablesOnBoot.sh
sudo crontab -e
@reboot sleep 20 && /iptablesOnBoot.sh
sudo iptables -t nat -L

Testing🔗
warning
Be Patient!!!
Start up after reboot may take up to 3 minutes for everything to work as it should Well Thats about it, you should be able to connect the the Hotspot and gain tor network.
You can test that you are on the Tor network at https://check.torproject.org/