More and more I’ve been using ssh tunneling, encrypted emails or privacy networks while I’m online. Between (US) government sponsored wiretaps, to identity theft there are plenty of people out there that want to know what you’re doing and get your information. This is one of the reasons I recently looked into donating some bandwidth to the Tor network.
If you’re not familiar with the Tor network it is “The Onion Router”, basically meaning that between your machine and the machines you end up connecting to there are layers. Layers of encryption and anonymity that can help ensure your privacy.
Now this system (just like any system) can be abused. There are some people out there that feel the Tor network is simply for crackers and terrorists trying to do bad things. On the contrary, its for real people like you and me that don’t care for our personal information to be so freely available just by casual browsing.
I used the Tor network fairly early on and it was great. Eventually more and more people started using it and the limited donated bandwidth was running short and therefore your Tor-enabled private connections were slower. This became a common complaint about using Tor–it was too slow.
Well, we can help change that by donating a throttled section of our bandwidth to the Tor network. If one-hundred more people donated a bit of their bandwidth it would open the network quite a bit.
In any event, lets get to the details. (note: This was tested on Ubuntu 6.06.1 but should function on later versions)
Downloading the Tor software
The first thing we need to do is install the latest Tor software for handling the private connections. While the tor package is available it is not the latest version (with 6.06.1 backports) and not compatible with the latest network. We’ll need to add the latest package by adding this to our sources.list: The version we need is >=0.1.2.15
deb http://mirror.noreply.org/pub/tor dapper main
(replace dapper, of course, with the distribution version you are running)
You may also want to add the GPG key the package was signed with to validate it:
gpg --keyserver subkeys.pgp.net --recv 94C09C7F
gpg --export 94C09C7F | sudo apt-key add -
Once you have added that line to your /etc/sources.list file you’ll need to run these commands: (or use your favorite package manager front-end)
sudo aptitude update
sudo aptitude install tor
We’ll now prepare the machine to run as a Tor server. Two things need to be done here.
- Make sure your time clock is up to date
- Make sure your machine can resolve DNS properly
We can do this via these two commands:
sudo ntpdate pool.ntp.org
(this will synchronize the clock unless you are already running the ntd daemon. If so you're probably synched)
host google.com / host ubuntu.com / host some-random-domain.com
(the host tool will resolve names to IPs using DNS lookups. If your machine is able to resolve domains quickly and easily you're set. If not, consider configuring OpenDNS on your machine)
Configure the Tor Server
Three last things to do and your machine will join the Tor network. We’ll need to set a Tor unique server ID and the ports to use. If you are behind a router you’ll need to configure NAT for the second step.
Edit your /etc/tor/torrc file:
sudo vim/nano/gedit /etc/tor/torrc
- Find the line that says “Nickname” and define a nickname for your server. It’ll need to be something unique.
- Find the line that says “ORPort” and define the port number. You can use the defaults (uncomment existing lines) or define an alternate port.
- You’ll also probably want to define the bandwidth limitations that will be donated to the network. Look for “BandwidthRate” for the minimum long-term bandwidth rate. The minimum to join the network is 20K. Also find “BandwidthBurstRate” for occasional burst speeds across the network. The overall average, even with the burst rate will stay to the lower value. You may also want to look at the Hibernation value which lets you put a total cap on a timeline basis on shared bandwidth.
Running the Server
You’re now ready to start running the server and donating to the Tor privacy network. You’ll simply need to start the service and quickly watch a log file to see that everything functions as it should. If it does not please see the Tor FAQ for help.
sudo /etc/init.d/tor start
tail -f /var/log/tor/log
If you see a message like “Self-testing indicates your ORPort is reachable from the outside. Excellent” then you are ready to go. You can close the log (ctrl-c) and just let it go.
You’ll probably want to watch your bandwidth for the next day or two and find the best limit for your connection.
Thank you for donating to the Tor network. Thousands of privacy-concerned citizens around the world appreciate it!