Table of Contents
Tunneled TOR relay
Version 0.5
Andrea Trentini - 2009
tor AT atrent DOT it
Goal
Create a TOR (http://www.torproject.org) relay setup to be run inside a NAT network with the option of running an EXIT node through a tunnel to a host with a public IP.
Why?
To split incoming TOR traffic from outgoing traffic: incoming is directed to the public IP, outgoing comes from NATted machine, this setup gives interesting achievements:
- Spare bandwith on the VPS (useful if you have monthly/periodical limits)
- The public IP is an exit node but does not generate tipical exit-node traffic, i.e. if your public IP is monitored it will not raise alarms!
- NAT translation adds another (weak, I admit) layer of indirection to the route
Status
- Proof-of-concept working
- Node running on alix3d3 small pc
No package nor GUI available yet (but is it really needed?).
Photos
Some photos of the alix3d3 running… with a home made refrigerating system ;)
First version
Second version
Idea
If you have a pc inside a NAT network (e.g. http://fastweb.it) and a VPS (Virtual Private Server) somewhere you can run a TOR relay using an ssh tunnel from your pc to the VPS.
You configure a TOR relay on the pc in the usual way… almost ;)
Then you set up a tunnel from your pc to the VPS, redirecting ORport and (optionally) DirPort to the “inner” pc.
Here following some excerpts from the config files…
SSH tunnels
(Very simple) script I wrote to keep ssh tunnels going:
#ORPort 9002 #DirPort 9032 if ps aux|grep auto|grep -v grep >/dev/null then echo autossh running... else sudo -u atrentini autossh -f -M 20000 -R 9002:localhost:9002 -R 9032:localhost:9032 -N user@hostnameOfVps fi
The port numbers must be consistent with the ones specified in the TOR cfg (see below).
I use it as a /etc/init.d/… script, linked in /etc/rcX.d
You must upload the ssh key on the VPS if you don't want to enter the user password every time the tunnel is set up.
I also periodically run the script to ensure autossh is up and running, here's my crontab (root):
0 * * * * /etc/init.d/autossh >/dev/null
TOR cfg
Edit /etc/tor/torrc and set (at least) the following values:
- Nickname
- Address (this must point to the public IP, the VPS address)
- ContactInfo
- ORPort 9002 (this must me redirected in autossh)
- DirPort 9032 (this must me redirected in autossh)
Port numbers are examples, choose ports that suit you.
Feedback...
send me your feedback :)