Project

General

Profile

Support #613

Updated by Daniel Curtis over 9 years ago

{{>toc}} 

 This is a guide for setting up a TOR Hidden Service. 

 h2. Prepare the Environment 

 * Make sure the system is up to date: 
 <pre> 
 portsnap fetch extract && portmaster -a 
 </pre> 

 h3. Install OpenNTPD 

 * Install OpenNTPD: 
 <pre> 
 portmaster net/openntpd 
 </pre> 

 * Edit the OpenNTPD config file: 
 <pre> 
 vi /usr/local/etc/ntpd.conf 
 </pre> 
 #* And add a couple more ntp sources for good measure: 
 <pre> 
 servers pool.ntp.org 
 servers clock.via.net 
 servers clock.isc.org 
 </pre> 

 * Start and enable OpenNTPD at boot: 
 <pre> 
 echo 'openntpd_enable="YES"' >> /etc/rc.conf 
 service openntpd start 
 </pre> 
 *NOTE*: An NTP server in a jail will fail to start. Jails get their time from the host system, make to install the NTP server on the host. 

 h2. Install TOR 

 * Install TOR: 
 <pre> 
 portmaster security/tor 
 </pre> 

 * Setup the TOR environment: 
 <pre> 
 rm -r /var/db/tor /var/run/tor 
 mkdir -p /var/db/tor/data /var/run/tor 
 touch /var/log/tor 
 chown -R _tor:_tor /var/db/tor /var/log/tor /var/run/tor 
 chmod -R 700 /var/db/tor 
 </pre> 

 * Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting: 
 <pre> 
 sysctl net.inet.ip.random_id=1 
 </pre> 

 * Create a folder for the hidden service owned by the _tor user: 
 <pre> 
 mkdir -p /var/tor/hidden_service 
 chown -R _tor:_tor /var/tor 
 chmod -R 700 /var/tor 
 </pre> 

 * Edit the TOR config file: 
 <pre> 
 vi /usr/local/etc/tor/torrc 
 </pre> 
 #* And add/modify uncomment the following lines: 
 <pre> 
 HiddenServiceDir /var/tor/hidden_service/ 
 HiddenServicePort 80 127.0.0.1:80 
 </pre> 
 *NOTE*: The above configuration will forward requests coming into the TOR address on port 80 to 127.0.0.1:80 

 * Start and enable TOR at boot: 
 <pre> 
 echo 'tor_enable="YES"' >> /etc/rc.conf 
 service tor start 
 </pre> 

 * Monitor the status of the TOR connection: 
 <pre> 
 tail /var/log/tor 
 </pre> 
 #* _Truncated output_: 
 <pre> 
 ... 
 May 03 16:12:44.000 [notice] Bootstrapped 50%: Loading relay descriptors 
 May 03 16:12:53.000 [notice] Bootstrapped 57%: Loading relay descriptors 
 May 03 16:12:56.000 [notice] Bootstrapped 64%: Loading relay descriptors 
 May 03 16:12:57.000 [notice] Bootstrapped 69%: Loading relay descriptors 
 May 03 16:12:58.000 [notice] Bootstrapped 78%: Loading relay descriptors 
 May 03 16:12:59.000 [notice] Bootstrapped 80%: Connecting to the Tor network 
 May 03 16:12:59.000 [notice] Bootstrapped 90%: Establishing a Tor circuit 
 May 03 16:13:00.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. 
 May 03 16:13:00.000 [notice] Bootstrapped 100%: Done 
 </pre> 

 * Once the TOR service is up and running, a new hostname and key file will appear in the /var/tor/hidden_service directory: 
 <pre> 
 cat /var/tor/hidden_service/hostname 
 </pre> 

 h2. Resources 

 * http://www.bsdnow.tv/tutorials/tor

Back