Tunneled TOR relay

Version 0.5

Andrea Trentini - 2009

tor AT atrent DOT it

Goal

Create a TOR (http://www.torproject.org) relay setup to be run inside a NAT network with the option of running an EXIT node through a tunnel to a host with a public IP.

Why?

To split incoming TOR traffic from outgoing traffic: incoming is directed to the public IP, outgoing comes from NATted machine, this setup gives interesting achievements:

  • Spare bandwith on the VPS (useful if you have monthly/periodical limits)
  • The public IP is an exit node but does not generate tipical exit-node traffic, i.e. if your public IP is monitored it will not raise alarms!
  • NAT translation adds another (weak, I admit) layer of indirection to the route

Status

No package nor GUI available yet (but is it really needed?).

Photos

Some photos of the alix3d3 running… with a home made refrigerating system ;)

First version

two

The small pot is half full of water.

Second version

new

Idea

If you have a pc inside a NAT network (e.g. http://fastweb.it) and a VPS (Virtual Private Server) somewhere you can run a TOR relay using an ssh tunnel from your pc to the VPS.

You configure a TOR relay on the pc in the usual way… almost ;)

Then you set up a tunnel from your pc to the VPS, redirecting ORport and (optionally) DirPort to the “inner” pc.

Here following some excerpts from the config files…

SSH tunnels

(Very simple) script I wrote to keep ssh tunnels going:

#ORPort 9002
#DirPort 9032
if
 ps aux|grep auto|grep -v grep >/dev/null
then
 echo autossh running...
else
 sudo -u atrentini autossh -f -M 20000 -R 9002:localhost:9002   -R 9032:localhost:9032 -N user@hostnameOfVps
fi

The port numbers must be consistent with the ones specified in the TOR cfg (see below).

I use it as a /etc/init.d/… script, linked in /etc/rcX.d

You must upload the ssh key on the VPS if you don't want to enter the user password every time the tunnel is set up.

I also periodically run the script to ensure autossh is up and running, here's my crontab (root):

 0  * * * * /etc/init.d/autossh >/dev/null

TOR cfg

Edit /etc/tor/torrc and set (at least) the following values:

  • Nickname
  • Address (this must point to the public IP, the VPS address)
  • ContactInfo
  • ORPort 9002 (this must me redirected in autossh)
  • DirPort 9032 (this must me redirected in autossh)

Port numbers are examples, choose ports that suit you.

Feedback...

FIXME send me your feedback :)