Support #613
Install a TOR Hidden Service on FreeBSD
Status:
Closed
Priority:
Normal
Assignee:
Category:
The Onion Router (TOR)
Target version:
Description
- Table of contents
- Prepare the Environment
- Install TOR
- Resources
This is a guide for setting up a TOR Hidden Service.
Prepare the Environment¶
- Make sure the system is up to date:
portsnap fetch extract && portmaster -a
Install OpenNTPD¶
- Install OpenNTPD:
portmaster net/openntpd
- Edit the OpenNTPD config file:
vi /usr/local/etc/ntpd.conf
- And add a couple more ntp sources for good measure:
servers pool.ntp.org servers clock.via.net servers clock.isc.org
- And add a couple more ntp sources for good measure:
- Start and enable OpenNTPD at boot:
echo 'openntpd_enable="YES"' >> /etc/rc.conf service openntpd start
NOTE: An NTP server in a jail will fail to start. Jails get their time from the host system, make to install the NTP server on the host.
Install TOR¶
- Install TOR:
portmaster security/tor
- Setup the TOR environment:
rm -r /var/db/tor /var/run/tor mkdir -p /var/db/tor/data /var/run/tor touch /var/log/tor chown -R _tor:_tor /var/db/tor /var/log/tor /var/run/tor chmod -R 700 /var/db/tor
- Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting:
sysctl net.inet.ip.random_id=1
- Create a folder for the hidden service owned by the _tor user:
mkdir -p /var/tor/hidden_service chown -R _tor:_tor /var/tor chmod -R 700 /var/tor
- Edit the TOR config file:
vi /usr/local/etc/tor/torrc
- And add/modify the following lines:
HiddenServiceDir /var/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80
NOTE: The above configuration will forward requests coming into the TOR address on port 80 to 127.0.0.1:80
- And add/modify the following lines:
- Start and enable TOR at boot:
echo 'tor_enable="YES"' >> /etc/rc.conf service tor start
- Monitor the status of the TOR connection:
tail /var/log/tor
- Truncated output:
... May 03 16:12:44.000 [notice] Bootstrapped 50%: Loading relay descriptors May 03 16:12:53.000 [notice] Bootstrapped 57%: Loading relay descriptors May 03 16:12:56.000 [notice] Bootstrapped 64%: Loading relay descriptors May 03 16:12:57.000 [notice] Bootstrapped 69%: Loading relay descriptors May 03 16:12:58.000 [notice] Bootstrapped 78%: Loading relay descriptors May 03 16:12:59.000 [notice] Bootstrapped 80%: Connecting to the Tor network May 03 16:12:59.000 [notice] Bootstrapped 90%: Establishing a Tor circuit May 03 16:13:00.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. May 03 16:13:00.000 [notice] Bootstrapped 100%: Done
- Truncated output:
- Once the TOR service is up and running, a new hostname and key file will appear in the /var/tor/hidden_service directory:
cat /var/tor/hidden_service/hostname