close-circle
Close
0%
0%

Raspberry Tor Router

Connect your unsecured wireless stuff to the internet in a secure and anonymous way

Similar projects worth following
close
Turn a Raspberry Pi into a wireless AP that routes all your traffic through the Tor.

The full instructions and files are finally written and available! I apologize for this taking so long!

The instructions, as is, work for Raspbian Wheezy, Jessie, and Jessie Lite on any Pi B, B+, or Pi 2.

As of Jessie, Raspbian uses systemd, which makes many of these settings easier to do by hand than messing with IPtables. Since systemd is the new standard that most Linux distros are using, I will be rewriting these scripts to take advantage of this fact. Again, the current instructions still work just fine.

I will also explore why the specific version of Hostapd is necessary and why the default version will not work. I will update as I do each of these things I mentioned above.

Thanks for following!

Thomas

tor.sh

This script routes your WiFi access point through the Tor network. Run pifi.sh BEFORE this script

x-shellscript - 3.45 kB - 01/22/2016 at 20:07

download-circle
Download

pifi.sh

This script turns your Pi into a WiFi access point

x-shellscript - 6.27 kB - 01/22/2016 at 20:07

download-circle
Download

  • 1 × Raspberry Pi Model B, B+, or Pi 2 B Any model of B (256mb or 512mb) is fine, as is the B+ and Pi 2 B. The Model A and A+ wont work because you need either 2 USB ports or just one and an Ethernet port. Only the B models have these
  • 1 × Wifi Dongle *IMPORTANT* This requires a specific chipset to be an AP. A second normal one can be used in a completely wireless system. I will explain in the instructions
  • 1 × Raspberry Pi Case Any case will do just fine. Nothing is over clocked, so heat shouldnt be an issue
  • 1 × 4gb or larger SD card The B uses full size SD cards, the B+ and Pi 2 use microSD. Make sure you get the right kind for yours
  • 1 × Battery Pack - optional Only necessary if you are going completely wireless

View all 6 components

  • Updates

    Thomas01/22/2016 at 21:44 0 comments

    Now that I FINALLY finished writing this tutorial, I am going to explore the underlying settings and how they can be better adjusted for Rasbpian Jessie to take advantage of systemd.

    I also want to understand exactly how Hostapd works and why we need to use the specific version from Adafruit. I will update as I know more and when I update the scripts to quit using IPtables and use something more user intuitive.

  • Finished!

    Thomas01/22/2016 at 21:41 0 comments

    The Tutorial is FINALLY complete!

View all 2 project logs

  • 1
    Step 1

    Download the latest version of Raspbian. This tutorial also works with Raspbian Lite. You can find this at www.raspberrypi.org/downloads/raspbian/

    You could probably also use NOOBS and then install Raspbian from there, but that would be an extra step.

  • 2
    Step 2

    Do not insert your WiFi dongle into the Raspberry Pi yet. If you already connected it, cut the Pi off and take it back out. The required software wont install correctly with it already inserted.

  • 3
    Step 3

    Burn Raspbian to your SD card (this tutorial assumes you are familiar enough with a Raspberry Pi to do this. Follow the instructions at https://www.raspberrypi.org/documentation/installation/installing-images/README.md if you need help), boot the OS and run 'sudo raspi-config' from the command line or terminal.

    The default log-in info is username: pi and password: raspbian

    • First, hit Enter on 'Expand Filesystem'. This will allow Raspbian to use the entirety of your SD card. At the moment it is only using about 1.5gb, which is the size of the OS image you burned to the SD card.
    • Change the password to something more secure, or dont. It is your choice, but a recommended change.
    • Under 'Boot Options', change this to boot to 'Console' or 'Console Autologin'
    • Under 'Internationalisation Options', change your Locale, Timezone and keyboard layout to whatever is appropriate for where you live. Use the Space Bar to select or de-select different options and Enter to accept changes.
    • Under 'Advanced Options' you can change your Hostname to something else if you wish, or leave it alone.
    • Also under 'Advanced Options' you can go to 'Memory Split' and set the GPU memory to the lowest setting of 16. Since we wont be doing anything that involves graphics, 16mb is more than enough memory for our GPU. If you are using the full version of Raspbian (not the lite version) this may also cause issues for the desktop if you boot there rather than the command line.
    • Reboot for everything to take effect.

View all 10 instructions

Enjoy this project?

Share

Discussions

Jakub Simek wrote 12/30/2016 at 02:51 point

Hi,

thx for your tutorial, but I'm still running into one problem. Every time i try to install ISC DHCP, in the end of instalation it says:

'job for isc-dhcp-server.service failed.... '
'invoke-rc.d: initscript isc-dhcp-server, action "start" failed'

Can any1 pls tell me what to do? I tryed several tutorials, but every time this happend.

I use RPi2 B and TP-LINK - wn722n

  Are you sure? yes | no

Nick wrote 12/15/2016 at 01:09 point

Instead of using a WiFi ap module, is there anyway to reverse the setup and get unsecure Internet from WiFi dongle and distribute Tor traffic to ethernet? 

Not sure if I'm saying this correctly....  I want to connect my pi2 to my home network via WiFi, then have anonymous access via the ethernet port on the PI. 

  Are you sure? yes | no

dasilvacabrald wrote 12/13/2016 at 22:34 point

Hey Thomas,

first of all, thanks for this amazing project ! It is very well explained, which is important for newbies like me ;)

Unfortunately, I have the same problem as djosborn27. Everything went perfectly, I had no issue at all, my computer does recognize a new WiFi source named after the ID I provided, but when I try to connect to it, it tells me "Unable to connect to the network"...
No more clue.
I have checked if the driver written in hostapd.conf was the right one, it was not.
I changed it to rtl8192cu, as I am using D-Link DWA-131-B1, but now it is even worth, the Pi does not act as a WiFi source anymore...

Any help would be greatly appreciated !
Cheers, Dan.

  Are you sure? yes | no

djosborn27 wrote 12/03/2016 at 08:24 point

I followed all the steps and the install went smoothly. I found my new access point, entered my password but it cannot connect. I'm not sure what to try next. Thanks.

  Are you sure? yes | no

m_c20 wrote 10/06/2016 at 15:13 point

Would setting up a Tor Router help me get past the Great Firewall in China?

I ask as my only other option is setting up a VPN. I just want to understand if I make all my traffic go through to Tor, if that means I can avoid all the censorship in China.

  Are you sure? yes | no

Thomas wrote 10/07/2016 at 01:04 point

Great question!  You would want to use both tor and a VPN.  Tor will help hide you, but people could still see what you are looking at.  A VPN will encrypt everything, so they cant see it.  That way, the censors see encrypted information that they cannot read, AND they dont know whos information it is.  Be careful though and dont do anything you cant talk your way out of :)

  Are you sure? yes | no

ekaggrat singh kalsi wrote 11/02/2016 at 09:19 point

tor is blocked in china. u need a vpn anyways. been living here since last 5 years

  Are you sure? yes | no

50ul50c13ty wrote 09/27/2016 at 18:56 point

Hi. Will I still be able to connect to the internet even if my pi is not connected to the internet through nearby WiFi Hotspot/if my pi is not connected to the ethernet modem?

  Are you sure? yes | no

Thomas wrote 09/27/2016 at 20:23 point

Unless your computer has two wifi modules, you will only be able to connect wirelessly to the pi OR to your 'normal' wireless network.  The Pi will still broadcast a wireless signal, but it will be for its local network, not for the internet as a whole.

  Are you sure? yes | no

argos83 wrote 08/29/2016 at 11:21 point

FYI, since the latest raspbian (at the time of writing) with kernel  4.4.13-v7+, no custom hostapd binaries are required (at least for edimax ew-7811un). Actually the custom binary used in this post breaks the AP encryption. See: https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=154413

  Are you sure? yes | no

argos83 wrote 08/29/2016 at 12:06 point

Also, now you need to use "driver=nl80211" instead of "driver=rtl871xdrv" in  /etc/hostapd/hostapd.conf

  Are you sure? yes | no

Thomas wrote 09/27/2016 at 20:24 point

Thanks for this info! I havent had a chance to figure any of this out myself yet.

  Are you sure? yes | no

tku703 wrote 07/19/2016 at 18:19 point

Hello, I seem to be stuck on step 7 of your instructions.  Once i execute the pifi.sh script, reboot, halt, install the wifi dongle, and power up the Pi, I do not see my new wifi i configured.  I know you have to use a specific wifi dongle, I was wondering if the one i have will work:

$ lsusb
Bus 001 Device 004: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter

I'm I missing something?

I'm running Raspbian Jessie Lite and I've used these instructions on a RPi 1 and 2 and I get the stuck at the same step 7.

  Are you sure? yes | no

Thomas wrote 07/20/2016 at 12:34 point

In /etc/hostapd/hostapd.conf, you need to change the driver to the one for your dongle.  It looks like that would be RT5370 in your case.  After you do this, restart the Pi again. If it still doesnt work, get the output of 'sudo service hostapd status -l' and we can keep going from there.

  Are you sure? yes | no

tku703 wrote 07/20/2016 at 21:00 point

Hello Thomas,

I've modified the driver to rt5370 and rebooted the Pi, still no luck.  Please see below:

$ cat /etc/hostapd/hostapd.conf
interface=wlan0
driver=rt5370
ssid=PiFi01
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=<password>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

Below is the output of the 'sudo service hostapd status -l' command:

$ sudo service hostapd status -l
● hostapd.service - LSB: Advanced IEEE 802.11 management daemon
   Loaded: loaded (/etc/init.d/hostapd)
   Active: active (exited) since Wed 2016-07-20 16:50:11 EDT; 3min 20s ago
  Process: 557 ExecStart=/etc/init.d/hostapd start (code=exited, status=0/SUCCESS)




Jul 20 16:50:11 rpi01 hostapd[557]: Starting advanced IEEE 802.11 management: hostapd failed!
Jul 20 16:50:11 rpi01 systemd[1]: Started LSB: Advanced IEEE 802.11 management daemon.


I also ran this:

$ sudo hostapd /etc/hostapd/hostapd.conf
Configuration file: /etc/hostapd/hostapd.conf
Line 2: invalid/unknown driver 'rt5370'
1 errors found in configuration file '/etc/hostapd/hostapd.conf'

Please help.

UPDATE:

Hello Thomas, I actually order a Edimax WiFi nano USB adapter and I installed a fresh/new Raspbian Jessie on my Rpi 1 and it seem to have worked.   

$ lsusb

Bus 001 Device 004: ID 7392:7811 Edimax Technology Co., Ltd EW-7811Un 802.11n Wireless Adapter [Realtek RTL8188CUS]

I'm able to see the Wifi I created in Step 6 during the pifi.sh script.  Now I'm having issues connecting to it.  My Mac sees the new Wifi network but I'm unable to connect to it.

  Are you sure? yes | no

j.bonnier wrote 07/16/2016 at 21:24 point

Great project! Works perfectly on my Pi B+. However I have a question. How can I change the wpa password?

  Are you sure? yes | no

j.bonnier wrote 07/16/2016 at 21:29 point

Nevermind, found it in /etc/hostapd/hostapd.conf

  Are you sure? yes | no

Thomas wrote 07/20/2016 at 12:29 point

Sorry for the slow reply, but yes, that is where you do it

  Are you sure? yes | no

jake wrote 07/06/2016 at 12:22 point

I have this working on pi3b, first I used this tutorial:-
https://frillip.com/using-your-raspberry-pi-3-as-a-wifi-access-point-with-hostapd/

Then I followed the steps on this site (start from the wget tor.sh script, ignore the wifi setup scripts which you have already done).

Then I edited /etc/tor/torrc file and changed the IP addresses at the end of the file:-
TransListenAddress 172.24.1.1
DNSListenAddress 172.24.1.1

Then rebooted. It works fine, but I can't resolve .onion addresses which I'm not sure if I'm supposed to be able to...

  Are you sure? yes | no

loloupolac wrote 09/13/2016 at 18:06 point

Hi Jake, 

I followed exactly the same order that you (on raspberry pi 3) and I have no problem with access to .onion. Your problem must be local.


Lolou

  Are you sure? yes | no

Pablo Nebuloni wrote 06/29/2016 at 02:06 point

Hey! Nice project! Anyone knows if this will work on a Raspberry Pi 3 ??

Thanks!

  Are you sure? yes | no

noreplay wrote 06/15/2016 at 20:55 point

Hey Thomas!  First off, thank you!  I had tried this a few different ways to no avail, but your scripts proved incredibly useful to me.  I did, however, do things a little bit differently than you did (specifically I used two wifi dongles instead of ethernet).  In doing so, I ended up altering the scripts a little bit before running them to make sure that I had everything the way I wanted it.  


All that said, I'd like to upload my version of the scripts to my github account in case anyone else wants to set their pi up the same way.  Before I do that though, I'd like to get your permission.  Most of the code I used is still yours, with just a few additions and a few alterations here and there.  I'd like to call out your page in the comments and in the readme, but I didn't want to step on your toes.

  Are you sure? yes | no

E wrote 05/01/2016 at 00:37 point

HI

i am new  running on raspberry pi 3 and have followed the steps all the way even wacthed a youtube video still not able to see my wifi. can someone help me please.i noticed the log says eveything says ok except for "FAiled to start LSB:DHCP server.

  Are you sure? yes | no

Ken Bickel wrote 03/29/2016 at 11:23 point

Installed this app on a Model B yesterday. Words of wisdom?  - follow all of the instructions to the letter!  

  Are you sure? yes | no

Oleg wrote 03/15/2016 at 05:00 point

I have a wireless dongle with RT5370 chip. After installing raspbian jessie, I ran a little test to make sure that this dongle works (able to connect to wifi, can connect to the internet .. etc). After running the pifi.sh script however, I can't bring up the wlan0 interface. I tried to set max_usb_current=1, doesn't work... changed driver in hostpad.conf to nl80211 something, doesn't work either... At this point I am not sure if this problem is specific to the dongle I use (or the RT5370 chip) or they have changed something in the os or the software after this instruction is written.

  Are you sure? yes | no

pdeg69 wrote 04/27/2016 at 10:29 point

I used my RPI2 + RT5370 chipset wireless dongle for this purpose. 
Followed guide by the letter.  Ended up without errors but there was no wireless
AP whatsoever.  I did 2 things to get the wireless AP working.

1. not sure if this step is necessary, changed the driver in /etc/hostapd/hostapd.conf to nl80211

Still no AP. Then I discovered in /usr/sbin there was: hostapd_cli and hostapd.ORIG but no hostapd

2. Tried:

sudo /usr/sbin/hostapd.ORIG /etc/hostapd/hostapd.conf


and the AP was coming up. So, still had to copy hostapd.ORIG to hostapd

sudo cp /usr/sbin/hostapd.ORIG /usr/sbin/hostapd

rebooted my RPI and after reboot the AP was coming up. Problem solved. 

Thank you very much Thomas! Kudo's.

  Are you sure? yes | no

PhelimLennon wrote 03/04/2016 at 22:07 point

keeps saying 'unable to resolve host address' any ideas what I'm doing wrong? I'm new to this. lol

  Are you sure? yes | no

Thomas wrote 03/04/2016 at 17:06 point

It sounds like a lot of people are running into the same problem recently.  As of the day I finished writing these instructions, things were good. I am going to do this project from scratch on a Pi 2 and see if something has changed.  I will update anything necessary at that point.  Gimme a few days and hopefully we will have answers!

  Are you sure? yes | no

Thorsten Fröhlich wrote 02/27/2016 at 19:30 point

My wlan adapter is off after booting, no access point is available. Do you have any idea?

  Are you sure? yes | no

Thomas wrote 02/28/2016 at 04:57 point

What brand is your wlan adapter? Without knowing this, I would guess it is a driver issue, or possibly a power issue.  If it isnt getting enough power to cut the device on, you can add 'max_usb_current=1' in /boot/config.txt and reboot your pi.  Make sure your power supply can handle the extra power increase though

  Are you sure? yes | no

Pedro Abreu wrote 03/07/2016 at 23:29 point

Got the same driver problem I guess. in the hostapd file I've tried all the drivers I could think off and it doesn't recognize crap. Also it's not power as my Wifi dongle turns on. Which dongle did you use? Was it the one from Adafruit? Because the script works fine (and I'm using the Pi 2) it's just some driver crap. I'm using a TL-WN722N. Also, I've done the max_usb_current=1 thing.

  Are you sure? yes | no

Harpreet wrote 12/18/2015 at 04:56 point

It sounds good but I don't think he have ever created anything like that.

  Are you sure? yes | no

Thomas wrote 01/22/2016 at 18:11 point

What do you mean?

  Are you sure? yes | no

CMay wrote 12/03/2015 at 16:26 point

Any updates to this project?

  Are you sure? yes | no

Thomas wrote 12/03/2015 at 17:02 point

I am in the final stages of a book I was contracted to write.  It unfortunately has hard set deadlines that I have to meet and it leaves little time for what I had previously started on Hackaday.  My goal is to get ahead of schedule for the book and have most of it finished before the new year.  Finishing THIS tutorial will then become my next goal, especially with the attention it has recently received. Thanks for the patience!

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates