Project

General

Profile

Support #613

Install a TOR Hidden Service on FreeBSD

Added by Daniel Curtis over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
The Onion Router (TOR)
Target version:
Start date:
05/03/2015
Due date:
% Done:

100%

Estimated time:
1.50 h
Spent time:

Description

This is a guide for setting up a TOR Hidden Service.

Prepare the Environment

  • Make sure the system is up to date:
    portsnap fetch extract && portmaster -a
    

Install OpenNTPD

  • Install OpenNTPD:
    portmaster net/openntpd
    
  • Edit the OpenNTPD config file:
    vi /usr/local/etc/ntpd.conf
    
    • And add a couple more ntp sources for good measure:
      servers pool.ntp.org
      servers clock.via.net
      servers clock.isc.org
      
  • Start and enable OpenNTPD at boot:
    echo 'openntpd_enable="YES"' >> /etc/rc.conf
    service openntpd start
    

    NOTE: An NTP server in a jail will fail to start. Jails get their time from the host system, make to install the NTP server on the host.

Install TOR

  • Install TOR:
    portmaster security/tor
    
  • Setup the TOR environment:
    rm -r /var/db/tor /var/run/tor
    mkdir -p /var/db/tor/data /var/run/tor
    touch /var/log/tor
    chown -R _tor:_tor /var/db/tor /var/log/tor /var/run/tor
    chmod -R 700 /var/db/tor
    
  • Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting:
    sysctl net.inet.ip.random_id=1
    
  • Create a folder for the hidden service owned by the _tor user:
    mkdir -p /var/tor/hidden_service
    chown -R _tor:_tor /var/tor
    chmod -R 700 /var/tor
    
  • Edit the TOR config file:
    vi /usr/local/etc/tor/torrc
    
    • And add/modify the following lines:
      HiddenServiceDir /var/tor/hidden_service/
      HiddenServicePort 80 127.0.0.1:80
      

      NOTE: The above configuration will forward requests coming into the TOR address on port 80 to 127.0.0.1:80
  • Start and enable TOR at boot:
    echo 'tor_enable="YES"' >> /etc/rc.conf
    service tor start
    
  • Monitor the status of the TOR connection:
    tail /var/log/tor
    
    • Truncated output:
      ...
      May 03 16:12:44.000 [notice] Bootstrapped 50%: Loading relay descriptors
      May 03 16:12:53.000 [notice] Bootstrapped 57%: Loading relay descriptors
      May 03 16:12:56.000 [notice] Bootstrapped 64%: Loading relay descriptors
      May 03 16:12:57.000 [notice] Bootstrapped 69%: Loading relay descriptors
      May 03 16:12:58.000 [notice] Bootstrapped 78%: Loading relay descriptors
      May 03 16:12:59.000 [notice] Bootstrapped 80%: Connecting to the Tor network
      May 03 16:12:59.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
      May 03 16:13:00.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
      May 03 16:13:00.000 [notice] Bootstrapped 100%: Done
      
  • Once the TOR service is up and running, a new hostname and key file will appear in the /var/tor/hidden_service directory:
    cat /var/tor/hidden_service/hostname
    

Resources

Also available in: Atom PDF