More and more I’ve been using ssh tunneling, encrypted emails or privacy networks while I’m online. Between (US) government sponsored wiretaps, to identity theft there are plenty of people out there that want to know what you’re doing and get your information. This is one of the reasons I recently looked into donating some bandwidth to the Tor network.
If you’re not familiar with the Tor network it is “The Onion Router”, basically meaning that between your machine and the machines you end up connecting to there are layers. Layers of encryption and anonymity that can help ensure your privacy.
Now this system (just like any system) can be abused. There are some people out there that feel the Tor network is simply for crackers and terrorists trying to do bad things. On the contrary, its for real people like you and me that don’t care for our personal information to be so freely available just by casual browsing.
I used the Tor network fairly early on and it was great. Eventually more and more people started using it and the limited donated bandwidth was running short and therefore your Tor-enabled private connections were slower. This became a common complaint about using Tor–it was too slow.
Well, we can help change that by donating a throttled section of our bandwidth to the Tor network. If one-hundred more people donated a bit of their bandwidth it would open the network quite a bit.
In any event, lets get to the details. (note: This was tested on Ubuntu 6.06.1 but should function on later versions)
Downloading the Tor software
The first thing we need to do is install the latest Tor software for handling the private connections. While the tor package is available it is not the latest version (with 6.06.1 backports) and not compatible with the latest network. We’ll need to add the latest package by adding this to our sources.list: The version we need is >=0.1.2.15
deb http://mirror.noreply.org/pub/tor dapper main
(replace dapper, of course, with the distribution version you are running)
You may also want to add the GPG key the package was signed with to validate it:
gpg --keyserver subkeys.pgp.net --recv 94C09C7F
gpg --export 94C09C7F | sudo apt-key add -
Once you have added that line to your /etc/sources.list file you’ll need to run these commands: (or use your favorite package manager front-end)
sudo aptitude update
sudo aptitude install tor
Config Preparation
We’ll now prepare the machine to run as a Tor server. Two things need to be done here.
- Make sure your time clock is up to date
- Make sure your machine can resolve DNS properly
We can do this via these two commands:
sudo ntpdate pool.ntp.org
(this will synchronize the clock unless you are already running the ntd daemon. If so you're probably synched)
host google.com / host ubuntu.com / host some-random-domain.com
(the host tool will resolve names to IPs using DNS lookups. If your machine is able to resolve domains quickly and easily you're set. If not, consider configuring OpenDNS on your machine)
Configure the Tor Server
Three last things to do and your machine will join the Tor network. We’ll need to set a Tor unique server ID and the ports to use. If you are behind a router you’ll need to configure NAT for the second step.
Edit your /etc/tor/torrc file:
sudo vim/nano/gedit /etc/tor/torrc
- Find the line that says “Nickname” and define a nickname for your server. It’ll need to be something unique.
- Find the line that says “ORPort” and define the port number. You can use the defaults (uncomment existing lines) or define an alternate port.
- You’ll also probably want to define the bandwidth limitations that will be donated to the network. Look for “BandwidthRate” for the minimum long-term bandwidth rate. The minimum to join the network is 20K. Also find “BandwidthBurstRate” for occasional burst speeds across the network. The overall average, even with the burst rate will stay to the lower value. You may also want to look at the Hibernation value which lets you put a total cap on a timeline basis on shared bandwidth.
Running the Server
You’re now ready to start running the server and donating to the Tor privacy network. You’ll simply need to start the service and quickly watch a log file to see that everything functions as it should. If it does not please see the Tor FAQ for help.
sudo /etc/init.d/tor start
tail -f /var/log/tor/log
If you see a message like “Self-testing indicates your ORPort is reachable from the outside. Excellent” then you are ready to go. You can close the log (ctrl-c) and just let it go.
You’ll probably want to watch your bandwidth for the next day or two and find the best limit for your connection.
Thank you for donating to the Tor network. Thousands of privacy-concerned citizens around the world appreciate it!
Excellent tutorial. I’m donating some bandwidth right 🙂
One thing to note is that your blogging software seems to be turning two dashes into one long emm dash–which obviously doesn’t work when you’re copying and pasting (and looks like just one dash if your typing the commands in yourself.)
I knew enough to change the dashes but it might trip other people up.
It is important for anyone considering running a Tor server to seriously think about their ExitPolicy.
The default ExitPolicy leaves your node open for *any* traffic to come “from” your server.
http://tor.eff.org/faq-abuse.html.en#TypicalAbuses
While I was working at an ISP I ran my own Tor server. Because of my position I was the contact for the FBI. I received a subpoena for information because my server was involved in Child Pornography. Luckily I just responded with the details they need to prove that I was running a Tor server, and it was over very quickly. However, be aware that you may need to respond to these kinds of legal issues.
Thanks. I didn’t realize that a newer version of TOR was out. This seems faster than what comes with Feisty.
Just a note – Gutsy comes with 0.1.2.16
interesting im in the starting modes of converting over to linux ubuntu, and i think ill look into more about this tor network. thanks digg, and the person who wrote this.
Pingback: How To Run a Tor Server: Donate bandwidth to the Tor Network « Jak’s Life 2.0
Great if brief intro, thanks. Tor, and any privacy-focused networks, are very cool. Not necessarily a new idea, but still a cool idea.
As far as encrypted email and the like, it just doesn’t get any easier these days does it?
Thunderbird + GPG – Check
Pidgin IM + Encryption – Check
SSL websites – Check
SSH tunnels – Check
Really, if you are doing plaintext it seems like you’ve gone out of your way to do it now. 😉
—
Dustin Puryear
Author, Best Practices for Managing Linux and UNIX Servers
http://www.puryear-it.com
Pingback: Andrew Barnett
Pingback: holotone.net
Pingback: links for 2007-09-02 at DeStructUred Blog
Pingback: links for 2007-09-04 « Where Is All This Leading To?
Good job with that tutorial. Although I am providing all the bandwidth my dedicated root is able to give, I am not using it a lot since it is too slow. So well done with promoting the idea even more; even more as I see it already brought some more servers online.
To all those able to code: You can help out even more; there are quite a few open issues and ideas to be thought about and tried out
please note that the up to date torproject repository is at
https://www.torproject.org/docs/debian.html.en
the noreply mirror is defunct and the packages in ubuntu universe are outdated.
Thanks a lot for the tutorial. It helped me set up a tor server on Ubuntu in a few minutes. Up to now running with a “no exit “-policy, though. I first have to look into the legal side of it in Germany before I open the exit.