Project

General

Profile

Support #613

Install a TOR Hidden Service on FreeBSD

Added by Daniel Curtis over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Curtis
Category:
The Onion Router (TOR)
Target version:
FreeBSD 9
Start date:
05/03/2015
Due date:
% Done:

100%

Estimated time:
1.50 h
Spent time:
1.50 h

Description

This is a guide for setting up a TOR Hidden Service.

Prepare the Environment

  • Make sure the system is up to date:
    portsnap fetch extract && portmaster -a

Install OpenNTPD

  • Install OpenNTPD:
    portmaster net/openntpd
  • Edit the OpenNTPD config file:
    vi /usr/local/etc/ntpd.conf
    • And add a couple more ntp sources for good measure:
      servers pool.ntp.org
servers clock.via.net
servers clock.isc.org
  • Start and enable OpenNTPD at boot:
    echo 'openntpd_enable="YES"' >> /etc/rc.conf
service openntpd start

    NOTE: An NTP server in a jail will fail to start. Jails get their time from the host system, make to install the NTP server on the host.

Install TOR

  • Install TOR:
    portmaster security/tor
  • Setup the TOR environment:
    rm -r /var/db/tor /var/run/tor
mkdir -p /var/db/tor/data /var/run/tor
touch /var/log/tor
chown -R _tor:_tor /var/db/tor /var/log/tor /var/run/tor
chmod -R 700 /var/db/tor
  • Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting:
    sysctl net.inet.ip.random_id=1
  • Create a folder for the hidden service owned by the _tor user:
    mkdir -p /var/tor/hidden_service
chown -R _tor:_tor /var/tor
chmod -R 700 /var/tor
  • Edit the TOR config file:
    vi /usr/local/etc/tor/torrc
    • And add/modify the following lines:
      HiddenServiceDir /var/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

      NOTE: The above configuration will forward requests coming into the TOR address on port 80 to 127.0.0.1:80
  • Start and enable TOR at boot:
    echo 'tor_enable="YES"' >> /etc/rc.conf
service tor start
  • Monitor the status of the TOR connection:
    tail /var/log/tor
    • Truncated output:
      ...
May 03 16:12:44.000 [notice] Bootstrapped 50%: Loading relay descriptors
May 03 16:12:53.000 [notice] Bootstrapped 57%: Loading relay descriptors
May 03 16:12:56.000 [notice] Bootstrapped 64%: Loading relay descriptors
May 03 16:12:57.000 [notice] Bootstrapped 69%: Loading relay descriptors
May 03 16:12:58.000 [notice] Bootstrapped 78%: Loading relay descriptors
May 03 16:12:59.000 [notice] Bootstrapped 80%: Connecting to the Tor network
May 03 16:12:59.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
May 03 16:13:00.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
May 03 16:13:00.000 [notice] Bootstrapped 100%: Done
  • Once the TOR service is up and running, a new hostname and key file will appear in the /var/tor/hidden_service directory:
    cat /var/tor/hidden_service/hostname

Resources

Also available in: Atom PDF