Raspberry Pi Tor Router Tutorial

**Note: If you find this TOR router tutorial too difficult, time consuming, etc., I plan on making them available to donors on my Donations page***

If you think you are safe online, you may want to reconsider.  In the wake of events like the Cambridge Analytica data breach, or the Equifax data breach, where millions upon millions of people’s personal data was stolen, now more than ever is Internet security becoming an important component to personal protection.  Think about it.  Back in the 40’s and 50’s, lots of Americans simply didn’t lock their doors.  They didn’t feel they were in any danger, so it never really crossed their minds.  But as information became more readily accessible to the public, it became apparent that they did indeed need to lock their doors.  Then they needed deadbolts.  Chain locks.  Motion sensor lights.  Electronic alarm systems.  Some people have even begun to develop panic rooms to help keep them safe.  The point being, as threat changed, so to did the manner in which it is defended against.   In one year, as many as one out of every ten Americans will be the victims of identity theft.  Imagine what that number would be compounded over a lifetime.  So why not apply the same rigor to securing your online life as you do your home one?

Enter, the Tor Network.  This handy little security program has been around since the 90’s.  It was originally used by the U.S. Intelligence community to transfer electronic data securely.  Even DARPA used it.  This program is so effective at protecting your data, that the U.S. government tried to prevent the public from getting its hands on it, lest it be used nefariously, which it has (all card on the table).  It essentially works like this.  Your computer sends out data to another server.  Normally, without Tor, that is done directly.  If someone is watching your activity online, anyone, they can trace what you sent, where you sent it, what its contents were, etc.  The Tor network essentially allows your data to make it harder to trace by ducking down alleyways and side streets.  That data your computer sent out is directed to numerous other servers anonymously.  It makes following it very difficult.  And all the data you send is encrypted.  So no one at any of the points can see what you sent except the person you sent it to.  That is where Tor gets its name.  The Onion Router Network.  Each Tor server your data gets sent to unwraps a layer of the encryption surrounding it.  That then tells that server where to send your data next, until it eventually reaches its final destination.  This all happens with the relative speed of the Internet.

If you are still wondering why you might want to use Tor, ponder this.  Recently, the laws governing ISP’s were changed to allow them to collect and store any data you produce via their services.  Then they can sell your data to whomever they please.  They do not have to tell you they are doing it.  They do not have to ask permission.  There is no opting out.  They don’t even have to tell you what specifically they are selling and to whom.  As you can probably understand, this could lead to unbelievable problems.  I could list a litany of possible scenarios that could develop as a result of unfettered access to your data, but what scares me most are the possibilities I can’t think of.  The notions of a depraved mind with access to any of your online information is chilling to the bones.

So how do you join the Tor network?  Well, that is the easy part.  It is free and super simple.  I myself use a Tor Router I made from a Raspberry Pi, and that is what I am going to teach you to make today.  Special thank to the Father Robert Ballecer at Know How and Harry Allerston at GitHub for your work on developing this particular project.  Here is what you’ll need, and it can all be purchased through Adafruit:

  • Raspberry Pi (Any model but the Zero will do,but you may as well get the new one)
  • Micro USB Power Supply (If you don’t already have one)
  • Ethernet Cable (If you don’t already have one)
  • Case (Optional, but useful.  I like this one because the top is removable to help circulate air.  There are several available, though.)
  • Wi-Fi Dongle (Optional.  If you have an older Pi that doesn’t have Wi-Fi integrated, you will need one of these.  There are several options.)
  • Micro SD Card (and 8 GB one will do)

If you aren’t interested in buying all of these separately, Adafruit has done you a favor and packed everything you will need into a nifty little package.

Now that you have all the items in your possession, all you need is a little can do spirit and the following instructions.

  • Burn the latest Raspbian image onto your Micro SD Card
  • Assemble your Pi’s components and activate it
  • After the Pi boots, open the Terminal window.
  • Enter “sudo raspi-config” in the command line
  • Select “Advanced Options” and then “Expand the Filesystem” to give your Pi access to the entirety of the SD Card
  • Select “Change Password” to change the password from the stock “raspberry”
  • Select “Boot Options” and change the boot option to boot directly into the command line auto-login.
  • Select “Interfacing Options” and enable SSH so you can SSH into the Pi when you are done.
  • Select “Finish”.  Your Pi will then reboot directly to the command line, which is all we will need to complete the rest of the project.
  • Once rebooted, you will be logged into the command line.  Enter the following command: git clone https://github.com/unixabg/RPI-Wireless-Hotspot.git
  • Enter the following command: cd RPI-Wireless-Hotspot
  • Enter the following command: sudo ./install
  • Answer “Y” to agree to the terms
  •  Answer “Y” to use the preconfigured DNS
  •  Answer “Y” to use the Unblock-Us DNS servers
  •  Answer “N” to avoid using the Wi-Fi defaults (this is very important)
  • Type in a new password.  Make sure to remember this as it will be the password you use to login to the wi-fi network you are creating.
  •  Enter an new ssid, this is the name of the wi-fi network as it will appear to your computer.
  • Select one of the following Wi-Fi channels: 1, 6, or 11
  • When asked if you are using an “rtl871x chipset”, type “N” unless you are certain you are using one.  Hint:  The new Raspberry Pi’s with integrated Wi-Fi do not.
  •  Type “N” for chromecast support.
  •  Reboot your Pi.
  • Once rebooted, enter the command: sudo apt-get update (this will update your Pi and fix any broken dependencies.)
  • Enter the following command: sudo apt-get install tor
  •  Answer “Y” when asked to continue.
  •  Enter the following command: sudo nano /etc/tor/torrc
  • Add the following just after the first set of comments.  Comments start with ##, so where those end for the first time.

Log notice file /var/log/tor/notices.log
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53

  • Hit “Ctrl+X”.  The editor will then ask if you want to save.  Enter “Y”.  It will then ask what filename you want to use.  Simply hit “Enter” to use the current filename.
  • Once you are back in the command line, enter the following command: sudo iptables -F
  • Enter the following command: sudo iptables -t nat -F
  • Enter the following command: sudo iptables -t nat -A PREROUTING -i wlan0 -p udp –dport 53 -j REDIRECT –to-ports 53
  • Enter the following command: sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp –syn -j REDIRECT –to-ports 9040
  • Enter the following command: sudo iptables -t nat -L
  • Enter the following command: sudo sh -c “iptables-save > /etc/iptables.ipv4.nat”
  • Enter the following command: sudo touch /var/log/tor/notices.log
  • Enter the following command: sudo chown debian-tor /var/log/tor/notices.log
  • Enter the following command: sudo chmod 644 /var/log/tor/notices.log
  • Enter the following command: sudo service tor start
  • Check to see if Tor is running by entering the following command: sudo service tor status
  • Enter the following command to have Tor run on startup: sudo update-rc.d tor enable


Voila!  You have a Tor Router.  All you have to do is connect to the new network on your computer and you will be in business.  It should be listed under the ssid you entered previously and accessible via the password you selected.  Well done!  Have a drink and congratulate yourself.

**Note:  If you find the directions daunting, or you don’t have time, etc., visit my Donations page to see about me making one for you.**

If you enjoyed this article, please consider visiting the Shop or Donations page to contribute to Keith Derrick’s writing and research so you can get more content like this.

Leave a Reply

Your email address will not be published.