OnionPi Rasperry Pi "recipe"

Image

Moderators: Admiral of the Fleet, Vice Admiral

Post Reply
User avatar
0v3rz34l0u5
Posts: 518
Joined: Tue Oct 23, 2018 8:29 pm
Location: Hertfordshire
Contact:
0v3rz34l0u5’s avatar
Loading…

OnionPi Rasperry Pi "recipe"

Post by 0v3rz34l0u5 » Sat Jul 13, 2019 11:50 am

According to Wikipedia Tor is:
Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays[ to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.
YOU WILL NEED:
  • A Raspberry Pi
  • Raspberry Pi Case (this is optional but it'll be tidy with a case and the official case is £6)
  • A Micro USB power supply (you can draw power from another device using a USB to microUSB cable).
  • An 8GB microSD Card (it'll work with cards from 4GB to 32GB)
  • An ethernet cable (and of course a spare port on your router or switch)
  • A keyboard and mouse (for the setup - I use one of these)
  • An SETI@Home account - if you haven't got one, create one -
    https://setiathome.berkeley.edu/create_account_form.php
    (This will work with other BOINC projects too. Just choose one and sign up. Use your details to login on your Pi).
DISCLAIMER:
After configuring your OnionPi, there are a lot of ways you can be identified even if your IP address is changed. Please go to https://www.torproject.org/ for more information on how to stay anonymous.

I do not know whether any 3rd party software is safe. By following the guide below you accept ALL responsibility. I will not be held accountable for any issues that may arise.

SOME PEOPLE USE TOR AS A METHOD OF ACCESSING THE DEEP OR DARK WEB.
DO NOT DO THIS.


One. Download the latest version of Raspian from the Raspberry Pi Foundation.
Download Raspbian Stretch with Desktop from https://www.raspberrypi.org/downloads/raspbian/

Two. "Burn" the image to the SD card using Etcher.
Download from https://www.balena.io/etcher/

Three. Run through the "out of the box" wizard.
Connect power (microUSB), network and a monitor to the Pi and allow it to boot up then follow the "Welcome to Raspberry Pi" wizard.
  1. Set the locale and keyboard language as required
  2. Aet the password for user 'pi'
  3. Updating Raspbian

Four. Enable remote GUI access (and do some optional customisations to the desktop)
Go to "Start", Preferences, Raspberry Pi Configuration.
  1. System: Disable Splash Screen.
  2. Interfaces: Enable VNC.
Five. Update the Pi Firmware and Install the relevant packages
Open the Terminal and type (wait for each command to finish before proceeding).

Code: Select all

sudo rpi-update
sudo apt-get update
sudo apt-get upgrade
Six. Set up the DHCP server
Open the Terminal and type (wait for each command to finish before proceeding).

Code: Select all

sudo apt-get install hostapd isc-dhcp-server
Type y and press enter

Code: Select all

sudo apt-get install iptables-persistent
Type y and press enter
The package configuration wizard will be displayed. Click yes to both.

Code: Select all

sudo nano /etc/dhcp/dhcpd.conf
Find the lines

Code: Select all

option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
Add a # to the beginning of them.

Code: Select all

#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;
Find the lines

Code: Select all

default-lease-time 600;
max-lease-time 7200;
Add a # to the beginning of them (you'll re-add them later)

Code: Select all

#default-lease-time 600;
#max-lease-time 7200;
Find the lines

Code: Select all

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
Remove the # from authoritative;

Code: Select all

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
Scroll down the bottom and add the following lines. Note, don't forget the ; at the end of each line!!

Code: Select all

subnet 10.255.1.0 netmask 255.255.255.0 {
         range 10.255.1.10 10.255.1.50;
         option broadcast-address 10.255.1.255;
         option routers 10.255.1.254;
         default-lease-time 600;
         max-lease-time 7200;
         option domain-name "local";
         option domain-name-servers 8.8.8.8, 8.8.4.4;
 }
Save the file by pressing ctrl-x, pressing y then enter.

Code: Select all

sudo nano /etc/default/isc-dhcp-server
Find the lines

Code: Select all

INTERFACESv4""
INTERFACESv6""
Add wlan0 between the speech marks for v4 and add # to v6

Code: Select all

INTERFACESv4"wlan0"
#INTERFACESv6""
Save the file by pressing ctrl-x, pressing y then enter.

Code: Select all

sudo cp /run/systemd/generator.late/isc-dhcp-server.service /etc/systemd/system
sudo nano /etc/systemd/system/isc-dhcp-server.service
Find the line

Code: Select all

Restart=no
Edit from no to on-failure

Code: Select all

Restart=on-failure
Add RestartSec=1 underneath

Code: Select all

Restart=on-failure
RestartSec=1
Scroll down the bottom and add the following lines.

Code: Select all

[Install]
WantedBy=multi-user.target
Save the file by pressing ctrl-x, pressing y then enter.

Code: Select all

sudo systemctl daemon-reload
sudo systemctl disable isc-dhcp-server
sudo systemctl enable isc-dhcp-server
Seven. Set up wlan0 for static IP
Open the Terminal and type (wait for each command to finish before proceeding).

Code: Select all

sudo nano /etc/dhcpcd.conf
Scroll down the bottom and add the following lines.

Code: Select all

interface eth0

interface wlan0
static ip_address=10.255.1.254/24
Save the file by pressing ctrl-x, pressing y then enter.

Eight. Configure the AP
Open the Terminal and type (wait for each command to finish before proceeding).

Code: Select all

sudo nano /etc/hostapd/hostapd.conf
Add the following lines.

Code: Select all

interface=wlan0
ssid=OnionPi
country_code=GB
hw_mode=g
channel=13
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=Password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_group_rekey=86400
ieee80211n=1
wmm_enabled=1
Make sure each line has no extra spaces at the end or beginning then save the file by pressing ctrl-x, pressing y then enter.

Code: Select all

sudo nano /etc/default/hostapd
Find the line

Code: Select all

#DAEMON_CONF=""
Remove the # and add /etc/hostapd/hostapd.conf between the speech marks.

Code: Select all

DAEMON_CONF="/etc/hostapd/hostapd.conf"
Save the file by pressing ctrl-x, pressing y then enter.

Code: Select all

sudo nano /etc/init.d/hostapd
Find the line

Code: Select all

DAEMON_CONF=
Add /etc/hostapd/hostapd.conf

Code: Select all

DAEMON_CONF=/etc/hostapd/hostapd.conf
Save the file by pressing ctrl-x, pressing y then enter

Nine. Configure NAT
Open the Terminal and type (wait for each command to finish before proceeding).

Code: Select all

sudo nano /etc/sysctl.conf
Find the line

Code: Select all

#net.ipv4.ip_forward=1
Remove the #

Code: Select all

net.ipv4.ip_forward=1
Save the file by pressing ctrl-x, pressing y then enter.

Code: Select all

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
Check the tables

Code: Select all

sudo iptables -t nat -S
sudo iptables -S
If all looks correct, run sudo sh -c "iptables-save > /etc/iptables/rules.v4"
If you have made a mistake, reboot (sudo reboot) and then run the three iptables commands again (just press the up key to find them and make any changes).

Ten. Test the AP
Open the Terminal and type (wait for each command to finish before proceeding).

Code: Select all

sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf
  1. Connect to the AP
  2. Disconnect from the AP
  3. Disable the AP with ctrl+x
  4. If all went well, run sudo systemctl start hostapd

Code: Select all

sudo service isc-dhcp-server start
sudo udpate-rc.d hostapd enable
Sudo update-rc.d isc-dhcp-server enable
Eleven. Install Tor
Open the Terminal and type (wait for each command to finish before proceeding).

Code: Select all

sudo apt-get install tor
type y and press enter.

Code: Select all

sudo nano /etc/tor/torrc
Add the following to the top of the file but after the FAQ.

Code: Select all

Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 10.255.1.254
DNSPort 53
DNSListenAddress 10.255.1.254
Save the file by pressing ctrl-x, pressing y then enter.

Code: Select all

sudo touch /var/log/tor/notices.log
sudo chown debian-tor /var/log/tor/notices.log
sudo chmod 644 /var/log/tor/notices.log
Twelve. Update NAT so that traffic is routed through the Tor software
Open the Terminal and type (wait for each command to finish before proceeding).

Code: Select all

sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
sudo iptables -t nat -L
Check the tables

Code: Select all

sudo iptables -t nat -L
If all looks correct, run sudo sh -c "iptables-save > /etc/iptables/rules.v4"
If you have made a mistake, reboot (sudo reboot) and then run the three iptables commands again (just press the up key to find them and make any changes).

Thirteen. Enable Tor
Open the Terminal and type (wait for each command to finish before proceeding).

Code: Select all

sudo service tor start
sudo update-rc.d tor enable
sudo reboot
Test!
Open the Terminal and type (wait for each command to finish before proceeding).
  1. On a device connected to the OnionPi, go to Google and search what's my IP.
  2. On a device not connected to the OnionPi, go to Google and search what's my IP.
  3. The IP addresses should be different. If they're not, something hasn't gone right.
To manage remotely, download VNC Viewer and connect to the IP address of the OnionPi. I'd recommend using VNC Connect (free for personal use upto 5 devices) - create an account here.

References:
https://learn.adafruit.com/onion-pi/overview
https://learn.adafruit.com/setting-up-a ... cess-point
Image

Post Reply