The instructions provided in the following sections are geared towards the user running BeagleBridge on a home network. The bridge will consume some otherwise unused bandwidth and donate it to the Tor network. You should check your ISP's Terms of Service before running a server to see whether it's permitted. Also, you'll need to configure port forwarding from your home router. As there are numerous devices, each with their own configuration mechanism, you should consult your router's manual on how to enable port forwarding.
The Tor images in the official Debian repository are not as up to date as those from the Tor Project. We'll use the Tor Project's development repository to retrieve the latest software. This is especially important when you are running a bridge, as the bridge and the pluggable transport software are updated frequently.
Note
The latest instructions as well as the latest GPG fingerprint can be found on the Tor Project's website (https://www.torproject.org/docs/debian). The following steps explain the installation procedure, but you should cross-reference them with the published instructions.
Edit /etc/apt/sources.list by adding the following lines:
deb http://deb.torproject.org/torproject.org wheezy main deb http://deb.torproject.org/torproject.org tor-experimental-0.2.5.x-wheezy main
Next, add the GPG key used to sign these Tor packages:
gpg --keyserver keys.gnupg.net --recv 886DDD89 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
Then, issue the following command:
sudo apt-get update
The Tor Project recommends that you add the GPG key ring with the following command:
sudo apt-get install deb.torproject.org-keyring
Tor needs an up-to-date time as it enforces the time validity on certificates. In a later chapter, we'll show you how to keep time with a dedicated Real Time Clock (RTC). For now, update your clock from the Network Time Protocol (NTP) as follows:
sudo ntpdate -b -u pool.ntp.org
Install Tor:
sudo apt-get install tor
Then, install obfsproxy. Obfsproxy is the software that implements the obfuscated proxy and allows various pluggable transports. Obfsproxy uses Python Twisted library, an event-driven networking engine, which will install around 17 MB of packages in total:
sudo apt-get install obfsproxy
While we are installing software, let's install the Stem Python package. Stem is a Python controller library for Tor, and we'll be using it later to interact with our bridge. The easiest method is to install it with pip:
sudo pip install stem
Under Debian, the configuration file for Tor is /etc/tor/torrc. Before editing /etc/tor/torrc, you should first take a backup. This torrc file is available for download at https://github.com/jbdatko/beagle-bone-for-secret-agents/blob/master/ch2/torrc. We will discuss more interesting aspects of this configuration file in the following sections. When you are ready, replace /etc/tor/torrc with the following:
# We are running a relay, no need for the SocksPort SocksPort 0 # Extra logging is nice Log notice file /var/log/tor/notices.log # Run in the background RunAsDaemon 1 # The following two lines are so we can connect with the ## Tor Stem library over the control port ControlPort 9051 CookieAuthentication 1 # The is the Onion Router (OR) Port for normal relay operation ORPort 9001 # Your bridge's nickname, change! Nickname changeme # Bandwidth settings RelayBandwidthRate 520 KB # Throttle traffic to 520 KB/s RelayBandwidthBurst 640 KB # But allow burts up to 640 KB/s # You put a real email here, but consider making a new account ## or alias address ContactInfo Random Person <nobody AT example dot com> # Do not exit traffic ExitPolicy reject *:* # no exits allowed # Yes, we want to be a bridge BridgeRelay 1 # Use the obfs3 pluggable transport ServerTransportPlugin obfs3 exec /usr/bin/obfsproxy managed # Enable extra bridge statistics collection ExtORPort auto # A nice option for embedded platforms to minimize writes # to eMMC or SD card AvoidDiskWrites 1
At minimum, you should change the Nickname field and ContactInfo. The Nickname field is a shorter way to refer to your bridge; however, your bridge's fingerprint is always the best method as it is unique. The ContactInfo field allows the Tor project to send you an e-mail if there is a problem with your bridge. You can create an e-mail alias if you are concerned about receiving spam. Just be sure to monitor this account for infrequent e-mails from the Tor project.
Tor's man page will describe most of these settings in detail, but some warrant extra explanation. The bandwidth settings, RelayBandwidthRate and RelayBandwidthBurst, are tunable bandwidth settings, and in a later section, we will connect our hardware controls to manipulate these settings. The rate and the burst are in kilobytes per second, not in the more common kilo or megabits per second, so watch your units.