Skip to main content

How to Set Up a Tor Proxy Server on pfSense

  • Author:
  • Updated date:

Sam works as a network analyst for an algorithmic trading firm. He obtained his bachelor's degree in information technology from UMKC.

Why You Should Use Tor

Anyone looking to protect their identity and location should route their internet traffic through the Tor network.

Once an internet request leaves your computer it passes through multiple different networks. At any time this data can be intercepted by any of these intermediate points without you ever knowing your data was compromised.

When internet traffic passes through Tor it is automatically encrypted and decrypted as it passes through multiple randomly selected relays.

The final relay, or exit node, decrypts the final layer of encryption and transmits the original data to the intended destination.

Since the data is protected through encryption during transit your information is protected from prying eyes.

By setting up a Tor proxy on pfSense you can easliy allow multiple users on your home or business network to transmit data securely.


Download and Install the Tor Package

Since Tor isn't an officially supported pfSense package it cannot be installed through the pfSense package manager. Instead it must be manually installed using the pkg_add command.

This command can be ran through an SSH terminal, or through the diagnostics\command prompt page in the web interface.

pkg_add -r

A successful installation will display the message seen in the image below.

Installing the Tor package using the pkg_add command through the command prompt.

Installing the Tor package using the pkg_add command through the command prompt.

Libevent Error Messages

You may receive a warning message if the installer detects a conflicting version of libevent on the system. Some pfSense packages such as ntop install a version of libevent that will cause Tor to fail to start.

In order for Tor to work correctly you will need to remove any existing version of libevent , then reinstall the Tor package.

Scroll to Continue

To list any versions of libevent installed on the system:

pkg_info | grep libevent

libevent-1.4.14b_1 Provides an API to execute callback functions on certain ev
libevent-1.4.14b_2 Provides an API to execute callback functions on certain ev
libevent2-2.0.16 API for executing callback functions on events or timeouts

If any conflicting versions are detected, remove them with these commands:

pkg_delete libevent-1.4.14b_1

pkg_delete libevent-1.4.14b_2

pkg_delete libevent2-2.0.16

If you see an error message stating the package cannot be deinstalled and is required by other packages you must remove the packages that depend on it.

pkg_delete: package 'libevent-1.4.14b_1' is required by these other packages
and may not be deinstalled:

pkg_delete ntop-5.0.1

Create the Required Directories and Log File

Tor requires the creation of two directories before it can be started, run the commands below to create them.

mkdir /var/db/tor
mkdir /var/run/tor

Tor also requires the creation of a log file before it will start.

touch /var/log/tor

Finally we must set the the Tor user as the owner of both directories and the log file.

chown -R _tor /var/db/tor/
chown -R _tor /var/log/tor
chown _tor /var/run/tor

Edit the Config File

The Tor package includes a default config file that can be used as a good starting point for most users.

The command below will create a copy of the default config file called torrc in the same directory as the sample.

cp /usr/local/etc/tor/torrc.sample /usr/local/etc/tor/torrc

There are a couple of lines in the config file that need to be modified.

You can make these changes through the command line using the Vi editor but I find it much easier to use the file editor in the web gui located in the diagnostics menu.

In the /usr/local/etc/tor/torrc file uncomment both of the lines below by removing the # sign at the beginning of the lines. Modify the ip address in the second line to reflect the LAN IP address of the pfSense router.



In order for Tor to run in daemon mode you'll need to uncomment the following line as well.

RunAsDaemon 1

Editing the Tor configuration file using the text editor in the web interface.

Editing the Tor configuration file using the text editor in the web interface.

Edit the rc.conf File

Tor will fail to start and display an error message unless tor_enable is set to 'yes' in the rc.conf file. The command below will add the required entry to the bottom of the rc.conf file.

echo "tor_enable=yes" >> /etc/defaults/rc.conf

Creating the Tor Startup Script

When pfSense boots the system will automatically run any scripts with a .sh file extension located in /usr/local/etc/rc.d. To allow Tor to run at boot time the script must be created, and the permissions must be modified to make it executable.

The commands below will create create the startup script, and make the script executable.

touch /usr/local/etc/rc.d/

chmod +x /usr/local/etc/rc.d/

After creating the script copy and paste the contents in the code section below into the file and save it.

This step can be completed using either the vi text editor (vi /usr/local/etc/rc.d/ , or the web based file editor.


rc_start() {
           /usr/local/etc/rc.d/tor tart

rc_stop() {
           /usr/local/etc/rc.d/tor stop

case $1 in

Starting the Tor Service

At this point all of the pieces are in place to start the Tor service. Run the init script created in the previous step with the 'start' parameter to start Tor.

/usr/local/etc/rc.d/ start

If the Tor daemon successfully start you'll see a message similar to the one below. If you don't see this message you may receive an error message that will provide a clue of why Tor is unable to start.

[notice] Opening Socks listener on

Starting the Tor service using the startup script.

Starting the Tor service using the startup script.

Setting up a Proxy Server

At this point the Tor daemon should be up and running but we're not quite finished yet.

If you attempt to configure he IP and port of the server as a proxy in you web browser you'll receive a message that states "Tor is not an HTTP Proxy".

Since Tor is a SOCKS proxy it operates at a lower level then most web proxy servers which makes it necessary to run a separate web proxy server in addition to the Tor daemon.

Unfortunately the popular Squid proxy server does not support the SOCKS protocol unless it is recompiled from source. Instead of recompiling Squid I recommend installing the Polipo caching proxy service.

Polipo is a very fast, lightweight proxy service with native support for SOCKS and some other really cool features such as HTTP piplining and partial object caching.

Tor is not an HTTP proxy error message.

Tor is not an HTTP proxy error message.

Configuring Tor as an Upstream Proxy for Polipo

After installing Polipo it must be configured to use the Tor daemon as a parent proxy server. Edit the Polipo configuration file (/usr/local/etc/polipo/config) and uncomment both of the lines below.

socksParentProxy = "localhost:9100"

socksProxyType = socks5

Save the changes to this file once the edits have been made.

Editing the Polipo configuration file to support an upstream Tor proxy.

Editing the Polipo configuration file to support an upstream Tor proxy.

After the changes to the config file have been modified the Polipo service must be restarted to apply the changes.

/usr/local/etc/rc.d/ restart

Testing the Tor Proxy

Now that Tor is running and Polipo has been configured to use Tor as a parent proxy everything is in place for testing!

If you haven't already done so configure your browser to point to the LAN IP address of pfSense on port 8123 (the default port for Polipo)

To confirm your internet traffic is being forwarded through the Tor network visit This page will run a test on your connection to determine if it is using the Tor network. If your traffic is going through Tor successfully you'll see the message below displayed.

Confirming Tor is working using the online test page.

Confirming Tor is working using the online test page.

Contributing to Tor

Since the Tor network is operated by volunteers the best way you can contribute to the project is to operate your own Tor relay.

Anyone with a reliable internet connection can operate a relay by running Tor in relay mode. Additional Tor relays add to the speed and reliability of the entire Tor network.

Further Protect Your Identity With Bitcoin

Once you've starting using Tor for anonymity you may want to consider protecting your financial information by making purchases with Bitcoin.

You can easily purchase Bitcoins (or mine your own) making it possible to make anonymous purchases.

Bitcoins spend like cash but can be transmitted over the internet instantly to any location in the world.

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2013 Sam Kear


Me on February 23, 2020:

I think your tor script has an error. It says “tart” where I think it should say “start”: so copy/paste may not work?

Anonymouse on December 25, 2019:

Thank you very much for the excellent guide. I am installing this on some secondhand Watchguard Firebox appliances that I received from a colleague. pfSense can be installed via CompactFlash on them, and it makes them usable and damn fine appliances once more.

Kane on April 25, 2017:

@Yehiel Samson

Install snort, start it on your LAN (or VLAN) interface, enable the TOR policy rules and set to block?

Yehiel Samson on March 06, 2017:

Additional question, I have setup different VLAN to test out all the options (blocking, allowing traffic etc...).

But on the one making it a safe network (SafeSearch, OpenVPN etc...) using Squid and SquidGuard, I noticed that TOR isn't blocked.

From looking on the web, no real way on blocking TOR. Might you have a solution?

Yehiel Samson on March 04, 2017:


I have pfSense 2.3.3, and at the first step (to install the package) I got stuck.

The Kernel Version: 10.3-RELEASE-p16

In pfSense version 2.3.3, pkg_add is depricated.

Now it is "pkg add".

I tried to look for the latest release of "tor-devel" and I found it for 10-current.

But when trying to install:

pkg add

I receive the following...

pkg: /tmp/tor-devel.tbz.XXXXX is not a valid package: no manifest found

Failed to install the following 1 package(s):

Any suggestion?

PS. I also tried the version you proposed, but I receive the same error

msurg on October 23, 2016:

How to install on pfSense 2.3.2?

EdwinGarzon on July 29, 2016:

How to install on pfsense 2.3.2, help !!!

Stremenx on May 30, 2016:

How to install pfSense 2.3.1 help...

Sam Kear (author) from Kansas City on November 14, 2015:


On pfSense 2.x you'll need to install the pkg command first. See the link below for information on bootstrapping pkg.

Chad on November 14, 2015:

I use Pfsense 2.5.5 and can not find command pkg_add in shell.

Aydin on July 25, 2015:

How i can use only with https traffics and without configure used squid?

Thank you for your help..

Brandon from Houston, Texas on July 24, 2015:

Great. Thanks

Aladdins Cave from Melbourne, Australia on June 21, 2015:

I wanted to do what exactly what this Hub is about.

But man o man, I gotta go back to school first, I'm lucky if I can switch

the modem on / off switch :)

If your ever in Melbourne, look me up, I've got a small job for you hehehe

Cheers from DOWNUNDER

JulioQc on March 26, 2015:

Dave on September 06, 2014:

Would you please let us know how to configure for to act as a relay?

barbambea on April 28, 2014:

@chris use:


kiddo on March 08, 2014:

nice tut but this site cannot be browse with tor on.

lpdourado on February 20, 2014:


Isn't a problem any more. I already solve.

I delete the folder /var/log/tor and create the log file correctly with the touch command and gave the permissions to the log file.

Thank you.

lpdourado on February 20, 2014:


First of all, this is a great tutorial with a brief explanation of any kind of command. Great work!

I had a problem to starting the Tor.

When I started occurs me an error:

"[warn] Couldn't open the file for 'Log notice file /var/log/tor': Is a directory"

Can help me with this error?


Le Doanh Tran from Brampton, Ontario on January 24, 2014:

I realized after running /usr/local/etc/rc.d/ start the system kicks me out as root and log me in as _tor user. But tor is actually not running. I can get both tor and polipo to run if I run both as root using command "polipo & && tor"

Le Doanh Tran from Brampton, Ontario on January 23, 2014:

This is what I got after running /usr/local/etc/rc.d/ start

Couldn't open file for 'Log notice file /var/log/tor': Permission denied

The version Im running is 2.1-RELEASE (i386)

me on November 23, 2013:

@create symbolic link to fix

ln -s /usr/local/lib/event2/ /usr/lib/

Andrea on November 17, 2013:

thank for this guide! i can install and run tor correctly but i've an issue: i got all the right messages after start tor for the first time but when i reboot pfsense i can't run tor and the error is:

Shared object "" not found, required by tor.

but if i search for "" i found it in ./usr/local/lib/event2/

i tried uninstalling tor and libevent with same result: at first start everything is right but when i restart pfSense something goes wrong (with the same error)

i run pfSense 2.1 (freebsd 8.3) and installed tor via pkg_add -r tor

Sam Kear (author) from Kansas City on September 02, 2013:


Thanks for helping me debug this issue. I've added a section above called "Libevent Error Messages" in case anyone else encounters the same issue.

0scar on September 02, 2013:

I send you a mail


Sam Kear (author) from Kansas City on September 02, 2013:


I'm running on the same version as you are using and I can't seem to reproduce the problem. It's possible you have another package installed that is providing a conflicting version of libevent.

Can you try removing the other packages from pfSense and try to reinstall the tor package?

You can remove the current tor installation by running:

pkg_delete tor-devel-

If you're running a different version you can find the installed version with this command:


0scar on September 01, 2013:

2.0.3-RELEASE (amd64)

built on Fri Apr 12 10:27:56 EDT 2013

FreeBSD 8.1-RELEASE-p13

Sam Kear (author) from Kansas City on September 01, 2013:


Which version of pfSense are you using?

0scar on September 01, 2013:


/usr/local/etc/rc.d/tor start

Starting tor.

/libexec/ Shared object "" not found, required by "tor"

/usr/local/etc/rc.d/tor: WARNING: failed to start tor

i have and i try this ln -s


/libexec/ /usr/local/lib/ unsupported file layout

/usr/local/etc/rc.d/tor: WARNING: failed to start tor

Related Articles