I’ve spent the end of yesterday and all of today wrestling with making a R.Pi TOR router. I think I have it installed and working right, and that it is all down to a browser issue, but maybe not.
I was more or less following the Adafruit script for making a WiFi Access Point with TOR, (The OnionPi) but getting my wifi dongle to work was not happening (it needs a special driver) and I “had a bright idea”…
I already have 2 WiFi routers providing 4 WiFi networks, to I really need another? Why not just set up an IP Alias on the ethernet and handle like all the other connections? By picking THAT default gateway I’d take the TOR route when desired. Easy peasy… or so I thought.
Well, I’ve got the router via IP alias working, and I can browse and do nslookups and pings through the R.Pi B+ just like any other router. Nice. I’ve got NAT (Network Address Translation) running on it, so it hides my IP behind it. Very Nice. I’ve even got iptables in place. I’ve got TOR running. For a fairly long time trying to connect to it as a proxy server on the default of port 9050 was giving me a “server not accepting connections”. I found a bug report online saying “Make it 9150 and try again” and that stopped giving me the “go away kid you bother me” message.
But it then gave me “server not found” for any web address put in the browser bar. For some reason DNS is not resolving through TOR (or TOR isn’t actually connecting to the tor network). I need to turn on the “control ports” and see what’s happening.
Along the way I found one place claiming you needed to turn off ipV6 in Firefox and set some other setting. Neither one made a difference. The last increment was finding a site claiming that there is a specific TOR_DNS entry or two in Firefox that needs setting for the DNS part to work.
Having slammed on this thing most of the day, I’m “letting go” of it for the night. So close, and yet no joy in mudville…
Just to be sure it wasn’t ISP related, I installed the TOR bundle on the ASUS / Antek box. It works fine. So it isn’t my ISP blocking me or anything like that. Routing through the Pi is fine. TOR doesn’t complain on the Pi, and works fine on the PC with the tor browser, and several places have said basically “you need to use a TOR browser”… so on the ToDo list to do ToMorrow is figure out what makes a browser a TOR Browser and if it can be retrofit into the Pi IceWeasel. Or just the FireFox on the testing ASUS / Antek box in either CentOS or XP. But that’s for tomorrow…
The Interesting Service
That rambling preamble is to explain how I ended up looking at this next thing. While doing a bit of a ‘syntax and features setup’ dive on torrc config file and iptables configs, I ran into a comment on one site that said “you could just check out these folks instead” (of wrestling with configs where others were also having issues…); so I did.
I’ve not done any major vetting of them. Not even a web search on testimonials and reputation. (Hey, I’ve got half the shop in parts at the moment… and nothing is taking the usual routes to anywhere, except this one box I’ve just booted). So they might be great, or might be a bogus sting. I tend to lean toward “most likely pretty good folks” simply because they are Czech. I’ve found that those folks are prone to making good tech, have a healthy distrust of governments, and are not prone to falling for crap. I know, not much to hang your security on, but it’s what I’ve got at the moment. Anyone wanting to do the Reputational Search on them please go for it. I’m going for bed…
What makes them interesting to me is that I’ve been looking at doing TOR over VPN (while thinking it would be nice to do VPN to a TOR router, but not having any way to do that order). These folks do exactly that. You pay for a VPN service to their network, then can go outbound over TOR from their servers. Anyone finding a way to leak info past TOR and finger the source, just finds them, not your box. There are still some identity risks, like if you had a virus that was already beaconing your WiFi list of local hotspots and they had a hook in that, and a database for looking them up… but that’s fairly paranoid land… and completely defeated by things like a reflashed Pi chip (so history is gone) and any prior “bug” you picked up in more ‘open’ browsing is also washed away.
For “one low price” you get your VPN and TOR built in, and skip all the “build it yourself” work. They also claim to offer a clean cloud service so you ought to be able to store your encrypted binary blobs out of the USA legal domain there, too.
So who are these folks?
Their “About” page is mostly a sales page for the services they offer. To find out where they are you need to visit the “contacts” tab (all located at the bottom of their web pages for who knows what reason)
Contact e-mail: support [at] privatoria.net
You can contact us also through live chat.
Please note, that we provide limited support at the moment. It is available 9am – 6pm CZ time on Monday-Friday.
Read our FAQ page before contacting us via e-mail. You can save your time and find answer there.
The Services tab lists what all they offer:
2 hours unlimited
Starting with the 3-rd hour all services will be blocked. To activate them user should top up Privatoria balance
Access to all Privatoria services: Tor integrated Secure VPN, Anonymous Proxy, Secure Chat with Voice and Video Calls, Secure Data Transfer + FTP, Anonymous E-mail and Secure DNS
No credit card, e-mail or other personal info required
Current prices of the service you can check here
Available payment plans: 1 month, 6 months, 12 months and Daily SMS plan
The price includes access to all Privatoria services: Tor integrated Secure VPN, Anonymous Proxy, Secure Chat with Voice and Video Calls, Secure Data Transfer + FTP, Anonymous E-mail and Secure DNS
Paid accounts also have some limits. Check them at this page
Available payment methods: Bitcoin, PayPal, Debit/Credit Card, SMS
After the expiration of paid period account will exist 30 days, but it will be limited as free trial account
Specification of the services
Privatoria Secure VPN:
Tor integrated (optional). Dynamically changing TOR locations every 10 minutes
Hide & change your IP from hackers and spies
22+ VPN servers
Torrenting is allowed on all our servers except US and Canada
Works on all platforms and all devices: Windows, Mac OS, Linux/Unix, Fire OS, Chrome OS, Android, iOS, etc
There is no need to set up any additional software on your device
Privatoria Anonymous Proxy:
Hide & change your IP from hackers and spies
Tor integrated (optional). The simplest way to use Tor without installing any additional software on your device
63+ countries for surfing. Full list of Proxy servers you can find
Watch the content you want from any country on earth with high speed
Works on all browsers
Privatoria Secure Chat:
Secure text messaging
Secure Voice Calls
Secure Video Calls
Secure Data Transfer of any type
WebRTC based direct connection between browsers. No one can gain access to your communications
No data transfer to any server
No limits on the size of your media and chats
Supported browsers are Google Chrome, Opera, Mozilla Firefox
The service is delivered using 256 bit AES e-mail encryption
Each new e-mail can be sent from a different IP address (more than 63 locations are currently available)
20 GB mailbox size
SMTP is available
Access the mailbox through web interface or the e-mail client
Works on all platforms and all devices
Secure Data Transfer:
Secure Data and Message Storage
SSL encrypted transfer and AES 256-bit end-to-end encrypted storage
Time-limited for security purposes. Only 24 hours your file will be waiting for the recipient. The data is never at risk of being compromised
Upload files of any type
Max size of file is 1 GB
Every file is protected by unique ID
Automatic removal the data from the server after download
Self-destruction the data within 24 hours if it is not downloaded
Use Privatoria’s private DNS instead of default to add more protection to your web surfing
As usual we answer to your tickets within 72 hours
The solving of some problems may last for more than a specified time. Thank you for understanding
If you have any questions, feel free to contact us support [at] privatoria.net
The prices looks pretty good too. IF I’m reading it right. Its in the form $n,m where I’m assuming the “,” is a “decimal point” as they like in Europe and that the lack of a final 0 in the ‘cents’ portion is also maybe a European thing?
There’s that 2 hour taster for free.
One month is $3,9
6 months is $2,9 / month in a lump of $17,4
One Year is $1,9 / month in a lump of $22,8
At some point I’m going to try the ‘taster’, but that will need to wait for me to plan how to test it. As it’s only 2 hours, I don’t want to spend most of it just fooling around and not doing anything decent to validate the service. (Like, say, make a posting to my site via their service and with a fake name / email and then look for it in the moderation queue and see what I can identify from it; or try connecting back to my site, or…)
One month for a little under $4 isn’t a bad long term test. I’ll likely give that a go if nothing is sour in the Taster. In about 3 weeks after I’ve refilled my disposable Debit card ;-) (That takes a trip to Walmart and isn’t high on my “must do now” list, having just stocked up with groceries last week).
Again, anyone else wants to “run out ahead” and check it, feel free and be sure to report back.
I’m going to whack my head against TOR on the Pi from a Pi again tomorrow. “This Time For Sure!”… It will undoubtedly be a one line fix ;-)
But all the while I’m finding myself wondering if it is really worth it? Other than as an interesting bit of ‘tech kit’ to have under my belt… IFF that Privatoria.net product is as advertised, it gives you the bundle all in one go, and fairly low cost of entry. It would take 3 years for a R.Pi setup to reach breakeven, and that’s NOT counting the cost of the VPN that would still need to be bought for it…
Sometime in the next few days, after I have it working or have given up, I’ll be posting the “what I did” with tech settings and scriptletts. If nothing else, it makes for a nice NAT / Router setup. I’ll also be installing the dongle driver (that I’ve downloaded) so even if TOR on Pi defeats me, I’ll have the Access Point / NAT / Router up. Nice way to have a spare for the 2 commercial ones I have. Just put the chip in a Mints Tin in the drawer and it’s ready to go if EMP takes out the ones plugged in…
But all that is for tomorrow. For now I’m just going to do a quick scan of comments and ‘hit the sack’. It’s been a very long and not that productive day. Off-setting the ease of the encrypted Berryboot… tech stuff is like that… lots of unpredictable ups and downs…
I have it working!
The “magic” that I was missing seems to be the proxy setting. There are 3 lines for HTTP, SSL, FTP, then a separate section where you can enter SOCKS settings. TOR is a SOCKS proxy. IF you have the HTTP seeting set, as I did for using the Squid proxy, your browser takes that path. IF you set that HTTP proxy to be TOR, its not happy…
So just nuke the first lines, and put ONLY 127.0.0.01 and port 9050 in the proxy settings (under the ‘advanced’ button in IceApe / Seamonkey) and I also ticked the ‘use it for DNS lookups’ box.
Now it’s working!
This is likely ‘enough’ for what I need. I’m going to take a small look at what it would take to port the changes in the Tor browser into the Raspberry Pi version, but that’s not my major interest nor likely my best use. So yeah, the browser will likely leak some info about me if I don’t lock down a bunch of setting manually. (Then again, that might just BE the same as ‘porting the Tor browser’…)
At any rate, I can now write up the recipe to make an encrypted chip, squashfs base system, tor routed, completely disposable system that can also be told to ‘forget it all’ after any session.
Not quite Tails, but darned close.
I’m going to be whacking on this today and hopefully tonight or tomorrow have it “all done” and ready to post a “how to”.
Color me happy ;-)
Time for church… so a brief break.
FWIW, I’ve gotten this to work only as a Client on the Pi itself.
I’m still working on getting it to work for a different system connected to the Pi as a proxy server. I think there is likely a config issue in my /etc/tor/torrc file for that case.
This won’t matter for most folks as they will simply be wanting to get onto the TOR network from their R.Pi. That works nearly trivially. “apt-get install tor” and change your browser proxy to be only the SOCKS proxy as noted above.
I’m pretty sure I’ve gotten the R.PiB+ to be running as a Bridge. The log seems to indicate some such traffic. It may be that you can set them up to be Client, OR Bridge, OR Proxy Server but not more than one at a time. It’s a petite adventure in config land…