Blog

Setup a Tor Relay on FreeBSD 12

Introduction

Tor is an onion network that allows people to anonymously access the internet or Tor hidden services by connecting through a series of relays.

This guide will show you how to install and configure Tor as guard/middle relay.

We will be configuring Tor strictly as a guard/middle relay only, as exit relays can generate abuse requests for your server’s IP address, and many networks/hosts will ban you after too many abuse requests. Running a Tor relay as a guard/middle relay only will not garner any abuse reports.

  • It is assumed that you are running as the root user during this guide. Use su to change to root if you are not running as root already.

Prerequisites

  • A FreeBSD 12 server with root access.

Step 1 – Updating FreeBSD

By default, FreeBSD does not come with the pkg package manager, but comes with a tool to bootstrap it. If FreeBSD asks to install it, answer ‘Yes’.

It is best to update the system beforehand to ensure you are getting the latest packages when installing Tor. You can do this by running the following command:

pkg update ; pkg upgrade

This will update the repositories of pkg, and then upgrade any installed packages that you may have.

Step 2 – Setting up NTP

Having the exact time set is critical for Tor to function correctly. To make sure that you have the correct time, add the following to /etc/rc.conf.

ntpdate_enable="YES"
ntpdate_hosts="pool.ntp.org"

This will sync your local time with the pool.ntp.org NTP server on startup. To start the service:

service ntpdate start

Step 3 – Installing Tor

Next, we need to install Tor and the SSL Root Certificates, so we can use it as a Tor relay. To do so:

pkg install tor ca_root_nss

Then, we need to make sure that Tor runs on startup.

echo 'tor_enable="YES"' >> /etc/rc.conf

To configure Tor, edit /usr/local/etc/tor/torrc and add the following:

Nickname exampleNick
ORPort 9001
#ORPort [2001:db8:1234::1]:9001 # Listening for IPv6 Connections
DirPort 9030
ExitPolicy reject *:*
ExitRelay 0
ContactInfo [email protected]
Log notice syslog
#AccountingStart month 1 00:00
#AccountingMax 1000 GB
  • Replace exampleNick with a nickname (alphanumeric, up to 19 characters) for your Tor relay to be identified by, and replace [email protected] with a working email address so that you can be contacted if there is an issue with your relay.
  • If you have a firewall, make sure to open TCP ports 9001 and 9030 so that Tor is accessible from the outside.
  • If you have IPv6 working on your server, uncomment the second ORPort line and replace the IP address with your server’s public IPv6 address.
  • To prevent possible traffic analysis from sequential IP IDs, add the following to your /etc/sysctl.conf file:
  • Some hosts limit the amount of traffic you can use per month on your server, if that is the case then uncomment AccountingStart and AccountingMax and replace 1000 with your monthly bandwidth allocation in gigabytes.
net.inet.ip.random_id=1

Finally, start the service:

service tor start

Tor should now be running, and after a few hours your relay should be seen on the Tor relay search page.

Step 4 – Installing vnstat (Optional)

To monitor how much traffic your server is using, it is a good idea to install vnstat. This allows you to record how much data is being sent/received from your server.

Install vnstat by running the following:

pkg install vnstat

Then change the default network interface in /usr/local/etc/vnstat.conf to the network interface that you are using (run ifconfig to find out what your network interface is).

Interface "re0"

After that, enable and start the service:

echo 'vnstat_enable="YES"' >> /etc/rc.conf
service vnstat start

To use it, just run vnstat, however it will take a little while before any data can be displayed by vnstat. Test that it is working by doing a live capture with vnstat -l. Further documentation on how to use vnstat is avaliable here

Conclusion

Congratulations!! You should now have a working guard/middle Tor relay! It will take a few days for Tor to be used as a relay, and the bandwidth utilisation will slowly increase until it reaches its peak after about 2 months of operation. For more information, please refer to https://blog.torproject.org/lifecycle-new-relay

  • Further monitoring of your Tor relay can be done using nyx, with features like showing how much bandwidth is being used in realtime, any information/errors about your relay, listing your torrc config, listing active connections, and more. Information is available at https://nyx.torproject.org/.
  • It is a good idea to backup your Tor Identity Keys which are located in /var/db/tor/keys so that if you move your relay to another server or if your disk fails, you do not have to go through the inital ramp-up process of new Tor relays
  • You should also subscribe to the tor-announce mailing list to get information about any new Tor releases or security issues so that you can update your Tor relay in a timely fashion.
  • After two months of running a Tor relay (at 500KB/s average speed) you are eligible for a free Tor T-Shirt.

Reprint:https://community.hetzner.com/tutorials/setup-a-tor-relay-on-freebsd-12

Posted

in

by

admin

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *