Cell PhonesComputersConsumer ElectronicsGraphic Design & Video EditingHome Theater & AudioIndustrial TechnologyInternet

How to Set Up a Tor Proxy Server on pfSense

Updated on September 19, 2016
skear profile image

Sam works as a Network Analyst for an algorithmic trading firm. He obtained his Bachelors Degree in Information Technology from UMKC.

Why You Should Use Tor

Anyone looking to protect their identity and location should route their internet traffic through the Tor network.

Once an internet request leaves your computer it passes through multiple different networks. At any time this data can be intercepted by any of these intermediate points without you ever knowing your data was compromised.

When internet traffic passes through Tor it is automatically encrypted and decrypted as it passes through multiple randomly selected relays.

The final relay, or exit node, decrypts the final layer of encryption and transmits the original data to the intended destination.

Since the data is protected through encryption during transit your information is protected from prying eyes.

By setting up a Tor proxy on pfSense you can easliy allow multiple users on your home or business network to transmit data securely.

Download and Install the Tor Package

Since Tor isn't an officially supported pfSense package it cannot be installed through the pfSense package manager. Instead it must be manually installed using the pkg_add command.

This command can be ran through an SSH terminal, or through the diagnostics\command prompt page in the web interface.

pkg_add -r ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-8.1-release/Latest/tor-devel.tbz

A successful installation will display the message seen in the image below.

Installing the Tor package using the pkg_add command through the command prompt.
Installing the Tor package using the pkg_add command through the command prompt.

Libevent Error Messages

You may receive a warning message if the installer detects a conflicting version of libevent on the system. Some pfSense packages such as ntop install a version of libevent that will cause Tor to fail to start.

In order for Tor to work correctly you will need to remove any existing version of libevent , then reinstall the Tor package.

To list any versions of libevent installed on the system:

pkg_info | grep libevent

libevent-1.4.14b_1 Provides an API to execute callback functions on certain ev
libevent-1.4.14b_2 Provides an API to execute callback functions on certain ev
libevent2-2.0.16 API for executing callback functions on events or timeouts

If any conflicting versions are detected, remove them with these commands:

pkg_delete libevent-1.4.14b_1

pkg_delete libevent-1.4.14b_2

pkg_delete libevent2-2.0.16

If you see an error message stating the package cannot be deinstalled and is required by other packages you must remove the packages that depend on it.

pkg_delete: package 'libevent-1.4.14b_1' is required by these other packages
and may not be deinstalled:
ntop-5.0.1

pkg_delete ntop-5.0.1

Create the Required Directories and Log File

Tor requires the creation of two directories before it can be started, run the commands below to create them.

mkdir /var/db/tor
mkdir /var/run/tor

Tor also requires the creation of a log file before it will start.

touch /var/log/tor

Finally we must set the the Tor user as the owner of both directories and the log file.

chown -R _tor /var/db/tor/
chown -R _tor /var/log/tor
chown _tor /var/run/tor

Edit the Config File

The Tor package includes a default config file that can be used as a good starting point for most users.

The command below will create a copy of the default config file called torrc in the same directory as the sample.


cp /usr/local/etc/tor/torrc.sample /usr/local/etc/tor/torrc

There are a couple of lines in the config file that need to be modified.

You can make these changes through the command line using the Vi editor but I find it much easier to use the file editor in the web gui located in the diagnostics menu.

In the /usr/local/etc/tor/torrc file uncomment both of the lines below by removing the # sign at the beginning of the lines. Modify the ip address in the second line to reflect the LAN IP address of the pfSense router.

SocksListenAddress 127.0.0.1:9100

SocksListenAddress 192.168.0.1:9100

In order for Tor to run in daemon mode you'll need to uncomment the following line as well.

RunAsDaemon 1

Editing the Tor configuration file using the text editor in the web interface.
Editing the Tor configuration file using the text editor in the web interface.

Edit the rc.conf File

Tor will fail to start and display an error message unless tor_enable is set to 'yes' in the rc.conf file. The command below will add the required entry to the bottom of the rc.conf file.

echo "tor_enable=yes" >> /etc/defaults/rc.conf

Creating the Tor Startup Script

When pfSense boots the system will automatically run any scripts with a .sh file extension located in /usr/local/etc/rc.d. To allow Tor to run at boot time the script must be created, and the permissions must be modified to make it executable.

The commands below will create create the tor.sh startup script, and make the script executable.

touch /usr/local/etc/rc.d/tor.sh

chmod +x /usr/local/etc/rc.d/tor.sh

After creating the script copy and paste the contents in the code section below into the file and save it.

This step can be completed using either the vi text editor (vi /usr/local/etc/rc.d/tor.sh) , or the web based file editor.

Tor.sh

#!/bin/sh

rc_start() {
           /usr/local/etc/rc.d/tor tart
}

rc_stop() {
           /usr/local/etc/rc.d/tor stop
}

case $1 in
        start)
                rc_start
                ;;
        stop)
                rc_stop
                ;;
        restart)
                rc_stop
                rc_start
                ;;
esac

Starting the Tor Service

At this point all of the pieces are in place to start the Tor service. Run the init script created in the previous step with the 'start' parameter to start Tor.

/usr/local/etc/rc.d/tor.sh start

If the Tor daemon successfully start you'll see a message similar to the one below. If you don't see this message you may receive an error message that will provide a clue of why Tor is unable to start.

[notice] Opening Socks listener on 192.168.10.254:9100

Starting the Tor service using the startup script.
Starting the Tor service using the startup script.
Tor is not an HTTP proxy error message.
Tor is not an HTTP proxy error message.

Setting up a Proxy Server

At this point the Tor daemon should be up and running but we're not quite finished yet.

If you attempt to configure he IP and port of the server as a proxy in you web browser you'll receive a message that states "Tor is not an HTTP Proxy".

Since Tor is a SOCKS proxy it operates at a lower level then most web proxy servers which makes it necessary to run a separate web proxy server in addition to the Tor daemon.

Unfortunately the popular Squid proxy server does not support the SOCKS protocol unless it is recompiled from source. Instead of recompiling Squid I recommend installing the Polipo caching proxy service.

Polipo is a very fast, lightweight proxy service with native support for SOCKS and some other really cool features such as HTTP piplining and partial object caching.

Configuring Tor as an Upstream Proxy for Polipo

After installing Polipo it must be configured to use the Tor daemon as a parent proxy server. Edit the Polipo configuration file (/usr/local/etc/polipo/config) and uncomment both of the lines below.

socksParentProxy = "localhost:9100"

socksProxyType = socks5

Save the changes to this file once the edits have been made.

Editing the Polipo configuration file to support an upstream Tor proxy.
Editing the Polipo configuration file to support an upstream Tor proxy.

After the changes to the config file have been modified the Polipo service must be restarted to apply the changes.

/usr/local/etc/rc.d/polipo.sh restart

Testing the Tor Proxy

Now that Tor is running and Polipo has been configured to use Tor as a parent proxy everything is in place for testing!

If you haven't already done so configure your browser to point to the LAN IP address of pfSense on port 8123 (the default port for Polipo)

To confirm your internet traffic is being forwarded through the Tor network visit https://check.torproject.org/. This page will run a test on your connection to determine if it is using the Tor network. If your traffic is going through Tor successfully you'll see the message below displayed.

Confirming Tor is working using the online test page.
Confirming Tor is working using the online test page.

Contributing to Tor

Since the Tor network is operated by volunteers the best way you can contribute to the project is to operate your own Tor relay.

Anyone with a reliable internet connection can operate a relay by running Tor in relay mode. Additional Tor relays add to the speed and reliability of the entire Tor network.

Further Protect Your Identity With Bitcoin

Once you've starting using Tor for anonymity you may want to consider protecting your financial information by making purchases with Bitcoin.

You can easily purchase Bitcoins (or mine your own) making it possible to make anonymous purchases.

Bitcoins spend like cash but can be transmitted over the internet instantly to any location in the world.

© 2013 Sam Kear

Comments

    0 of 8192 characters used
    Post Comment

    • profile image

      0scar 3 years ago

      ;-(

      /usr/local/etc/rc.d/tor start

      Starting tor.

      /libexec/ld-elf.so.1: Shared object "libevent-1.4.so.3" not found, required by "tor"

      /usr/local/etc/rc.d/tor: WARNING: failed to start tor

      i have libevent-1.4.so.3 and i try this ln -s libevent-1.4.so.4 libevent-1.4.so.3

      and...

      /libexec/ld-elf.so.1: /usr/local/lib/libevent-1.4.so.3: unsupported file layout

      /usr/local/etc/rc.d/tor: WARNING: failed to start tor

    • skear profile image
      Author

      Sam Kear 3 years ago from Kansas City

      @0scar

      Which version of pfSense are you using?

    • profile image

      0scar 3 years ago

      2.0.3-RELEASE (amd64)

      built on Fri Apr 12 10:27:56 EDT 2013

      FreeBSD 8.1-RELEASE-p13

    • skear profile image
      Author

      Sam Kear 3 years ago from Kansas City

      @0scar

      I'm running on the same version as you are using and I can't seem to reproduce the problem. It's possible you have another package installed that is providing a conflicting version of libevent.

      Can you try removing the other packages from pfSense and try to reinstall the tor package?

      You can remove the current tor installation by running:

      pkg_delete tor-devel-0.2.2.13.a

      If you're running a different version you can find the installed version with this command:

      pkg_info

    • profile image

      0scar 3 years ago

      I send you a mail

      thanks

    • skear profile image
      Author

      Sam Kear 3 years ago from Kansas City

      @0scar

      Thanks for helping me debug this issue. I've added a section above called "Libevent Error Messages" in case anyone else encounters the same issue.

    • profile image

      Andrea 3 years ago

      thank for this guide! i can install and run tor correctly but i've an issue: i got all the right messages after start tor for the first time but when i reboot pfsense i can't run tor and the error is:

      Shared object "libevent-2.0.so.6" not found, required by tor.

      but if i search for "libevent-2.0.so.6" i found it in ./usr/local/lib/event2/libevent-2.0.so.6

      i tried uninstalling tor and libevent with same result: at first start everything is right but when i restart pfSense something goes wrong (with the same error)

      i run pfSense 2.1 (freebsd 8.3) and installed tor via pkg_add -r tor

    • profile image

      me 3 years ago

      @create symbolic link to fix

      ln -s /usr/local/lib/event2/libevent-2.0.so.6 /usr/lib/libevent-2.0.so.6

    • Le Doanh Tran profile image

      Le Doanh Tran 3 years ago from Brampton, Ontario

      This is what I got after running /usr/local/etc/rc.d/tor.sh start

      Couldn't open file for 'Log notice file /var/log/tor': Permission denied

      The version Im running is 2.1-RELEASE (i386)

    • Le Doanh Tran profile image

      Le Doanh Tran 3 years ago from Brampton, Ontario

      I realized after running /usr/local/etc/rc.d/tor.sh start the system kicks me out as root and log me in as _tor user. But tor is actually not running. I can get both tor and polipo to run if I run both as root using command "polipo & && tor"

    • profile image

      lpdourado 3 years ago

      Hi!

      First of all, this is a great tutorial with a brief explanation of any kind of command. Great work!

      I had a problem to starting the Tor.

      When I started occurs me an error:

      "[warn] Couldn't open the file for 'Log notice file /var/log/tor': Is a directory"

      Can help me with this error?

      Thanks

    • profile image

      lpdourado 3 years ago

      Hi!

      Isn't a problem any more. I already solve.

      I delete the folder /var/log/tor and create the log file correctly with the touch command and gave the permissions to the log file.

      Thank you.

    • profile image

      kiddo 3 years ago

      nice tut but this site cannot be browse with tor on.

    • profile image

      barbambea 2 years ago

    • profile image

      Dave 2 years ago

      Would you please let us know how to configure for to act as a relay?

    • profile image

      JulioQc 2 years ago

    • Aladdins Cave profile image

      Aladdins Cave 21 months ago from Melbourne, Australia

      I wanted to do what exactly what this Hub is about.

      But man o man, I gotta go back to school first, I'm lucky if I can switch

      the modem on / off switch :)

      If your ever in Melbourne, look me up, I've got a small job for you hehehe

      Cheers from DOWNUNDER

    • Brandon Bledsoe profile image

      Brandon 20 months ago from Houston, Texas

      Great. Thanks

    • profile image

      Aydin 20 months ago

      How i can use only with https traffics and without configure used squid?

      Thank you for your help..

    • profile image

      Chad 16 months ago

      I use Pfsense 2.5.5 and can not find command pkg_add in shell.

    • skear profile image
      Author

      Sam Kear 16 months ago from Kansas City

      @Chad

      On pfSense 2.x you'll need to install the pkg command first. See the link below for information on bootstrapping pkg.

      https://doc.pfsense.org/index.php/Installing_FreeB...

    • profile image

      Stremenx 10 months ago

      How to install pfSense 2.3.1 help...

    • EdwinGarzon profile image

      EdwinGarzon 8 months ago

      How to install on pfsense 2.3.2, help !!!

    • profile image

      msurg 5 months ago

      How to install on pfSense 2.3.2?

    • Yehiel Samson profile image

      Yehiel Samson 3 weeks ago

      Hi,

      I have pfSense 2.3.3, and at the first step (to install the package) I got stuck.

      The Kernel Version: 10.3-RELEASE-p16

      In pfSense version 2.3.3, pkg_add is depricated.

      Now it is "pkg add".

      I tried to look for the latest release of "tor-devel" and I found it for 10-current.

      But when trying to install:

      pkg add ftp://92.53.112.226/freebsd/ports/amd64/packages-1...

      I receive the following...

      pkg: /tmp/tor-devel.tbz.XXXXX is not a valid package: no manifest found

      Failed to install the following 1 package(s): ftp://92.53.112.226/freebsd/ports/amd64/packages-1...

      Any suggestion?

      PS. I also tried the version you proposed, but I receive the same error

    • Yehiel Samson profile image

      Yehiel Samson 3 weeks ago

      Additional question, I have setup different VLAN to test out all the options (blocking, allowing traffic etc...).

      But on the one making it a safe network (SafeSearch, OpenVPN etc...) using Squid and SquidGuard, I noticed that TOR isn't blocked.

      From looking on the web, no real way on blocking TOR. Might you have a solution?

    Click to Rate This Article