How to Set Up a Tor Proxy Server on pfSense

Why You Should Use Tor

Anyone looking to protect their identity and location should route their internet traffic through the Tor network.

Once an internet request leaves your computer it passes through multiple different networks. At any time this data can be intercepted by any of these intermediate points without you ever knowing your data was compromised.

When internet traffic passes through Tor it is automatically encrypted and decrypted as it passes through multiple randomly selected relays.

The final relay, or exit node, decrypts the final layer of encryption and transmits the original data to the intended destination.

Since the data is protected through encryption during transit your information is protected from prying eyes.

By setting up a Tor proxy on pfSense you can easliy allow multiple users on your home or business network to transmit data securely.

Download and Install the Tor Package

Since Tor isn't an officially supported pfSense package it cannot be installed through the pfSense package manager. Instead it must be manually installed using the pkg_add command.

This command can be ran through an SSH terminal, or through the diagnostics\command prompt page in the web interface.

pkg_add -r

A successful installation will display the message seen in the image below.

Installing the Tor package using the pkg_add command through the command prompt.
Installing the Tor package using the pkg_add command through the command prompt.

Libevent Error Messages

You may receive a warning message if the installer detects a conflicting version of libevent on the system. Some pfSense packages such as ntop install a version of libevent that will cause Tor to fail to start.

In order for Tor to work correctly you will need to remove any existing version of libevent , then reinstall the Tor package.

To list any versions of libevent installed on the system:

pkg_info | grep libevent

libevent-1.4.14b_1 Provides an API to execute callback functions on certain ev
libevent-1.4.14b_2 Provides an API to execute callback functions on certain ev
libevent2-2.0.16 API for executing callback functions on events or timeouts

If any conflicting versions are detected, remove them with these commands:

pkg_delete libevent-1.4.14b_1

pkg_delete libevent-1.4.14b_2

pkg_delete libevent2-2.0.16

If you see an error message stating the package cannot be deinstalled and is required by other packages you must remove the packages that depend on it.

pkg_delete: package 'libevent-1.4.14b_1' is required by these other packages
and may not be deinstalled:

pkg_delete ntop-5.0.1

Create the Required Directories and Log File

Tor requires the creation of two directories before it can be started, run the commands below to create them.

mkdir /var/db/tor
mkdir /var/run/tor

Tor also requires the creation of a log file before it will start.

touch /var/log/tor

Finally we must set the the Tor user as the owner of both directories and the log file.

chown -R _tor /var/db/tor/
chown -R _tor /var/log/tor
chown _tor /var/run/tor

Edit the Config File

The Tor package includes a default config file that can be used as a good starting point for most users.

The command below will create a copy of the default config file called torrc in the same directory as the sample.

cp /usr/local/etc/tor/torrc.sample /usr/local/etc/tor/torrc

There are a couple of lines in the config file that need to be modified.

You can make these changes through the command line using the Vi editor but I find it much easier to use the file editor in the web gui located in the diagnostics menu.

In the /usr/local/etc/tor/torrc file uncomment both of the lines below by removing the # sign at the beginning of the lines. Modify the ip address in the second line to reflect the LAN IP address of the pfSense router.



In order for Tor to run in daemon mode you'll need to uncomment the following line as well.

RunAsDaemon 1

Editing the Tor configuration file using the text editor in the web interface.
Editing the Tor configuration file using the text editor in the web interface.

Edit the rc.conf File

Tor will fail to start and display an error message unless tor_enable is set to 'yes' in the rc.conf file. The command below will add the required entry to the bottom of the rc.conf file.

echo "tor_enable=yes" >> /etc/defaults/rc.conf

Creating the Tor Startup Script

When pfSense boots the system will automatically run any scripts with a .sh file extension located in /usr/local/etc/rc.d. To allow Tor to run at boot time the script must be created, and the permissions must be modified to make it executable.

The commands below will create create the startup script, and make the script executable.

touch /usr/local/etc/rc.d/

chmod +x /usr/local/etc/rc.d/

After creating the script copy and paste the contents in the code section below into the file and save it.

This step can be completed using either the vi text editor (vi /usr/local/etc/rc.d/ , or the web based file editor.


rc_start() {
           /usr/local/etc/rc.d/tor tart

rc_stop() {
           /usr/local/etc/rc.d/tor stop

case $1 in

Starting the Tor Service

At this point all of the pieces are in place to start the Tor service. Run the init script created in the previous step with the 'start' parameter to start Tor.

/usr/local/etc/rc.d/ start

If the Tor daemon successfully start you'll see a message similar to the one below. If you don't see this message you may receive an error message that will provide a clue of why Tor is unable to start.

[notice] Opening Socks listener on

Starting the Tor service using the startup script.
Starting the Tor service using the startup script.
Tor is not an HTTP proxy error message.
Tor is not an HTTP proxy error message.

Setting up a Proxy Server

At this point the Tor daemon should be up and running but we're not quite finished yet.

If you attempt to configure he IP and port of the server as a proxy in you web browser you'll receive a message that states "Tor is not an HTTP Proxy".

Since Tor is a SOCKS proxy it operates at a lower level then most web proxy servers which makes it necessary to run a separate web proxy server in addition to the Tor daemon.

Unfortunately the popular Squid proxy server does not support the SOCKS protocol unless it is recompiled from source. Instead of recompiling Squid I recommend installing the Polipo caching proxy service.

Polipo is a very fast, lightweight proxy service with native support for SOCKS and some other really cool features such as HTTP piplining and partial object caching.

Configuring Tor as an Upstream Proxy for Polipo

After installing Polipo it must be configured to use the Tor daemon as a parent proxy server. Edit the Polipo configuration file (/usr/local/etc/polipo/config) and uncomment both of the lines below.

socksParentProxy = "localhost:9100"

socksProxyType = socks5

Save the changes to this file once the edits have been made.

Editing the Polipo configuration file to support an upstream Tor proxy.
Editing the Polipo configuration file to support an upstream Tor proxy.

After the changes to the config file have been modified the Polipo service must be restarted to apply the changes.

/usr/local/etc/rc.d/ restart

Testing the Tor Proxy

Now that Tor is running and Polipo has been configured to use Tor as a parent proxy everything is in place for testing!

If you haven't already done so configure your browser to point to the LAN IP address of pfSense on port 8123 (the default port for Polipo)

To confirm your internet traffic is being forwarded through the Tor network visit This page will run a test on your connection to determine if it is using the Tor network. If your traffic is going through Tor successfully you'll see the message below displayed.

Confirming Tor is working using the online test page.
Confirming Tor is working using the online test page.

Contributing to Tor

Since the Tor network is operated by volunteers the best way you can contribute to the project is to operate your own Tor relay.

Anyone with a reliable internet connection can operate a relay by running Tor in relay mode. Additional Tor relays add to the speed and reliability of the entire Tor network.

Further Protect Your Identity With Bitcoin

Once you've starting using Tor for anonymity you may want to consider protecting your financial information by making purchases with Bitcoin.

You can easily purchase Bitcoins (or mine your own) making it possible to make anonymous purchases.

Bitcoins spend like cash but can be transmitted over the internet instantly to any location in the world.

© 2013 Sam Kear

More by this Author

Comments 24 comments

0scar 3 years ago


/usr/local/etc/rc.d/tor start

Starting tor.

/libexec/ Shared object "" not found, required by "tor"

/usr/local/etc/rc.d/tor: WARNING: failed to start tor

i have and i try this ln -s


/libexec/ /usr/local/lib/ unsupported file layout

/usr/local/etc/rc.d/tor: WARNING: failed to start tor

skear profile image

skear 3 years ago from Kansas City Author


Which version of pfSense are you using?

0scar 3 years ago

2.0.3-RELEASE (amd64)

built on Fri Apr 12 10:27:56 EDT 2013

FreeBSD 8.1-RELEASE-p13

skear profile image

skear 3 years ago from Kansas City Author


I'm running on the same version as you are using and I can't seem to reproduce the problem. It's possible you have another package installed that is providing a conflicting version of libevent.

Can you try removing the other packages from pfSense and try to reinstall the tor package?

You can remove the current tor installation by running:

pkg_delete tor-devel-

If you're running a different version you can find the installed version with this command:


0scar 3 years ago

I send you a mail


skear profile image

skear 3 years ago from Kansas City Author


Thanks for helping me debug this issue. I've added a section above called "Libevent Error Messages" in case anyone else encounters the same issue.

Andrea 2 years ago

thank for this guide! i can install and run tor correctly but i've an issue: i got all the right messages after start tor for the first time but when i reboot pfsense i can't run tor and the error is:

Shared object "" not found, required by tor.

but if i search for "" i found it in ./usr/local/lib/event2/

i tried uninstalling tor and libevent with same result: at first start everything is right but when i restart pfSense something goes wrong (with the same error)

i run pfSense 2.1 (freebsd 8.3) and installed tor via pkg_add -r tor

me 2 years ago

@create symbolic link to fix

ln -s /usr/local/lib/event2/ /usr/lib/

Le Doanh Tran profile image

Le Doanh Tran 2 years ago from Brampton, Ontario

This is what I got after running /usr/local/etc/rc.d/ start

Couldn't open file for 'Log notice file /var/log/tor': Permission denied

The version Im running is 2.1-RELEASE (i386)

Le Doanh Tran profile image

Le Doanh Tran 2 years ago from Brampton, Ontario

I realized after running /usr/local/etc/rc.d/ start the system kicks me out as root and log me in as _tor user. But tor is actually not running. I can get both tor and polipo to run if I run both as root using command "polipo & && tor"

lpdourado 2 years ago


First of all, this is a great tutorial with a brief explanation of any kind of command. Great work!

I had a problem to starting the Tor.

When I started occurs me an error:

"[warn] Couldn't open the file for 'Log notice file /var/log/tor': Is a directory"

Can help me with this error?


lpdourado 2 years ago


Isn't a problem any more. I already solve.

I delete the folder /var/log/tor and create the log file correctly with the touch command and gave the permissions to the log file.

Thank you.

kiddo 2 years ago

nice tut but this site cannot be browse with tor on.

barbambea 2 years ago

Dave 2 years ago

Would you please let us know how to configure for to act as a relay?

Aladdins Cave profile image

Aladdins Cave 16 months ago from Melbourne, Australia

I wanted to do what exactly what this Hub is about.

But man o man, I gotta go back to school first, I'm lucky if I can switch

the modem on / off switch :)

If your ever in Melbourne, look me up, I've got a small job for you hehehe

Cheers from DOWNUNDER

Brandon Bledsoe profile image

Brandon Bledsoe 15 months ago from Houston, Texas

Great. Thanks

Aydin 15 months ago

How i can use only with https traffics and without configure used squid?

Thank you for your help..

Chad 11 months ago

I use Pfsense 2.5.5 and can not find command pkg_add in shell.

skear profile image

skear 11 months ago from Kansas City Author


On pfSense 2.x you'll need to install the pkg command first. See the link below for information on bootstrapping pkg.

Stremenx 4 months ago

How to install pfSense 2.3.1 help...

EdwinGarzon profile image

EdwinGarzon 2 months ago

How to install on pfsense 2.3.2, help !!!

msurg 6 hours ago

How to install on pfSense 2.3.2?

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.

    Click to Rate This Article