Support #613
Updated by Daniel Curtis over 10 years ago
{{>toc}}
This is a guide for setting up a TOR Hidden Service.
h2. Prepare the Environment
* Make sure the system is up to date:
<pre>
portsnap fetch extract && portmaster -a
</pre>
h3. Install OpenNTPD
* Install OpenNTPD:
<pre>
portmaster net/openntpd
</pre>
* Edit the OpenNTPD config file:
<pre>
vi /usr/local/etc/ntpd.conf
</pre>
#* And add a couple more ntp sources for good measure:
<pre>
servers pool.ntp.org
servers clock.via.net
servers clock.isc.org
</pre>
* Start and enable OpenNTPD at boot:
<pre>
echo 'openntpd_enable="YES"' >> /etc/rc.conf
service openntpd start
</pre>
*NOTE*: An NTP server in a jail will fail to start. Jails get their time from the host system, make to install the NTP server on the host.
h2. Install TOR
* Install TOR:
<pre>
portmaster security/tor
</pre>
* Setup the TOR environment:
<pre>
rm -r /var/db/tor /var/run/tor
mkdir -p /var/db/tor/data /var/run/tor
touch /var/log/tor
chown -R _tor:_tor /var/db/tor /var/log/tor /var/run/tor
chmod -R 700 /var/db/tor
</pre>
* Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting:
<pre>
sysctl net.inet.ip.random_id=1
</pre>
* Create a folder for the hidden service owned by the _tor user:
<pre>
mkdir -p /var/tor/hidden_service
chown -R _tor:_tor /var/tor
chmod -R 700 /var/tor
</pre>
* Edit the TOR config file:
<pre>
vi /usr/local/etc/tor/torrc
</pre>
#* And add/modify uncomment the following lines:
<pre>
HiddenServiceDir /var/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
</pre>
*NOTE*: The above configuration will forward requests coming into the TOR address on port 80 to 127.0.0.1:80
* Start and enable TOR at boot:
<pre>
echo 'tor_enable="YES"' >> /etc/rc.conf
service tor start
</pre>
* Monitor the status of the TOR connection:
<pre>
tail /var/log/tor
</pre>
#* _Truncated output_:
<pre>
...
May 03 16:12:44.000 [notice] Bootstrapped 50%: Loading relay descriptors
May 03 16:12:53.000 [notice] Bootstrapped 57%: Loading relay descriptors
May 03 16:12:56.000 [notice] Bootstrapped 64%: Loading relay descriptors
May 03 16:12:57.000 [notice] Bootstrapped 69%: Loading relay descriptors
May 03 16:12:58.000 [notice] Bootstrapped 78%: Loading relay descriptors
May 03 16:12:59.000 [notice] Bootstrapped 80%: Connecting to the Tor network
May 03 16:12:59.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
May 03 16:13:00.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
May 03 16:13:00.000 [notice] Bootstrapped 100%: Done
</pre>
* Once the TOR service is up and running, a new hostname and key file will appear in the /var/tor/hidden_service directory:
<pre>
cat /var/tor/hidden_service/hostname
</pre>
h2. Resources
* http://www.bsdnow.tv/tutorials/tor