Topic: Installing TOR server on SME 7

[Philippe MARTY]

Hi,

I'm really interrested by the Tor project.
http://tor.eff.org/

And I would like to have some help to achieve an installation of that product on a SME server in order to create a "onion router" capable of hosting web sites.

many thanks

[dtech]

Hi Philippe, welcome to contribs.org.

OK, first of all I don't see why you couldn't install privoxy and tor on your SME 6.01 server. Stable Privoxy is fairly old at this point, and I'm not sure what SME 6.01 was based on but I would think that an RPM for Red Hat Linux 9 would work. That can be found at the Privoxy site. Next would be Tor, which can either be found at the Dries repository or from the Tor site. I'm just repeating myself here for the benefit of other readers.

Before we go further I'm going to remove Tor, privoxy, and e-smith-privoxy from my server and try a fresh installation of Tor from tor.eff.org and privoxy from privoxy.org. I'm not going to install e-smith-privoxy this time, and I'll post my results tomorrow. Maybe we can come up with a how-to after this is all done.

-P

[Philippe MARTY]

Ok dtech, but I have to confesse that I'm quiet a newbie with SME.
I've installed my 6.01 server followiong a tutorial and some little other contribs.
But, I think I'm not ready yet to install product without procedure. I don't know, for example, how to add controls in the server management panel after installing new rpms ?

[william_syd]

Why all this talk about SME 6.01 in a SME 7.x forum category ? Did I miss something ?

[Philippe MARTY]

Nono, it's ok, I'd like to learn a lot on SME7 but I just can't work on it yet because of my stupid little server...
So dtech is helping me (thanks to him) to understand how Tor must be configured, even on SME 6, in order to anticipate my new server  

If you read posts, you'll see that dtech is working on implementation of Tor on SME 7. I think this is the right place for the right guys !

Sorry fot that little trouble.

[dtech]

Sorry for the late reply, I couldn't get to the forums all day today. Anyway, here is a rough draft of an SME7 tor/privoxy howto. Suggestions/corrections/comments are welcome.

SME 7 Tor/Privoxy HowTo

The recommended way to run tor is to use it in combination with privoxy. The benefit of this combination is that not only do you get a degree of anonymity when browsing the web on the tor network, you can enjoy an ad free experience as well with privoxy.

1. Download the privoxy RPM from http://sourceforge.net/project/showfiles.php?group_id=11118 . As of this writing privoxy 3.0.5 is in beta, I use the stable 3.0.3 RPM for Fedora Core 1.

2. Download the latest tor Red Hat RPM from http://tor.eff.org/download-unix.html.en. Currently tor is at version 0.1.1.24.

3. Download the libevent RPM from the Dag repository. Tor 0.1.1.24 requires libevent 1.1b, so look for libevent-1.1b-1.el4.rf.i386.rpm. http://dag.wieers.com/packages/libevent/

4. Put all of the RPMs into an empty directory, cd into the directory and run

Code: [Select]

yum localinstall *.rpm

5. This howto assumes you will NOT be running a tor server; that is, configuring your server to be a middleman or exit node on the tor network. If you don't know what this means, don't worry. Some of the following instructions were taken from here http://tor.eff.org/docs/tor-doc-unix.html.en.

Privoxy keeps a log file of everything passed through it. In order to stop this you will need to comment out the following two lines by inserting a # before the line. In section 1.5 comment out the line

Code: [Select]

logfile logfile
and in section 1.6 comment out the line

Code: [Select]

jarfile jarfile

The instructions on the Tor page assume that we're installing tor on the same machine we use for web browsing. In our case, we're installing it on our SME server for use by the whole network. So we need to modify the listen address. Find section 4.1 in the privoxy config file and change the listen-address line to, assuming your server's internal IP is 192.168.1.1, this:

Code: [Select]

listen-address 192.168.1.1:8118

Then scroll down to section 5.2 and add the line

Code: [Select]

forward-socks4a / localhost:9050 .
at the bottom of the section. Don't forget to add the dot at the end.

Save /etc/privoxy/config .

6. Now we need to make some changes to SME so that tor and privoxy run automatically at startup. From the command line:

Code: [Select]

config set privoxy service status enabled
config set tor service status enabled
then

Code: [Select]

ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S84privoxy
ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S90tor

7. Then we reboot the server like this:

Code: [Select]

signal-event post-upgrade
signal-event reboot

8. When our SME server comes back online, tor and privoxy should be running. Now a critical step; we can not use SME's built in HTTP proxy, squid, if we want to preserve our anonymity. More information can be found here http://wiki.noreply.org/noreply/TheOnionRouter/SquidWarning. I've tested this myself and they're not kidding. So, in the server-manager we need to disable the HTTP proxy in the Security > Proxy settings pane.

9. Now we need to set up our web browser. Information about torifying other applications can be found here http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO.

Assuming we're using firefox, click on Edit > Preferences > General > Connection Settings > Manual proxy configuration and enter your server's internal IP address in the HTTP, SSL, FTP, Gopher, and SOCKS host fields. In the port field of HTTP, SSL, FTP, and Gopher enter 8118. IN the port field of SOCKS, enter 9050. Then select the SOCKS v5 radio button. Other web browsers can be easily set up using the this information.

10. Finally, we're ready to surf anonymously. To make sure that we're set up correctly, browse over to http://ipid.shat.net. You should see an IP address that is NOT your own external IP address. Also browse over to http://serifos.eecs.harvard.edu/cgi-bin/ipaddr.pl?tor=1. Assuming that the exit node you're connected to is registered properly on the tor network, you should see a page confirming that you are on the tor network.

----------
Notes:

1. The tor network tends to be slow. Sometimes connections don't complete at all. If you want to be a part of the solution to this problem, consider running a tor server. Info here: http://tor.eff.org/docs/tor-doc-server.html.en

2. You should not assume that the tor/privoxy combination makes you totally anonymous on the internet; it doesn't. Other steps that one can take are beyond the scope of this howto.

3. For tor related discussion, consider subscribing to the or-talk mailing list here: http://archives.seul.org/or/talk/

[dtech]

I was just reading through the howto I just posted and realized I didn't put anything in there about configuring privoxy.

The previous howto will not result in a configuration pane within the SME server-manager. Tor configuration is really only necessary if you decide that you want to run a server, and that info can be found at tor.eff.org. The ins and outs of configuring privoxy can be found at privoxy.org, but to get started you can type the following into your browser:

Code: [Select]

config.privoxy.org

This will bring up the web configuration interface. There are a number of options. Right out of the box privoxy will work well, fine tuning information is at the privoxy site.

-P

[CrayXMP]

Hi,
Just a newbie, very fond of SME Server.

I have succeeded in installing a TOR server on SME7, following the good advices below, and more.
I modified the TOR config file /etc/tor/torrc :

------ Start -------
### Client
# Where to send logging messages.  Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log notice syslog # /var/log/tor/tor.log visible in log panel

# Bind address to listen to connections from SOCKS-speaking applications.
SocksListenAddress 127.0.0.1 # Privoxy forwarding on localhost (lo)

# Optional, TOR can be reached from LAN socks apps (TCP 9050)
# In this example, LAN is 172.16.0.0/24 and SME is 172.16.0.1
SocksListenAddress 172.16.0.1 # Socks on LAN (eth0)
TestSocks 1

# Optional
# If non-zero, try to use crypto hardware acceleration when available.
# From TOR devs: "This is untested and probably buggy. (Default: 0)"
HardwareAccel 1 #Note: this option works fine with my old Intel 82801AA RNG used as a seeder

### Server
# The advertised (external) address we should use.
Address # Empty, since TOR will self-guess external IP address
# or (example)
#Address mysite.dyndns.org # IP resolved using ddclient on DynDNS.org
ContactInfo <email_address> # Optional

# Relay node (see TOR documentation on http://www.torproject.org/)
ExitPolicy reject *:* # middleman only -- no exits allowed

Nickname <tornode_nickname>
ORPort 9001 # TCP port that must be reachable from outside

#  Bandwidth allowed to TOR server (example)
BandwidthRate 200 KB # average
BandwidthBurst 400 KB # max
------ End -------

# Crypto ID for this node will be located (don't forget to backup once):
/var/lib/tor/keys/secret_id_key
/var/lib/tor/keys/secret_onion_key
/var/lib/tor/fingerprint

Since this node must be reachable from outside WAN on port TCP 9001:
$ config set tor service access public status enabled TCPPort 9001
$ signal-event remoteaccess-update

Either reboot SME or TOR service:
$ /etc/rc.d/init.d/tor restart

I did not find the latest Privoxy release (3.0.6) so I think it should be compiled from source under a CentOS 4.6 or a SME-dev, which I have none.
My TOR has been updated since with the latest rpm release (0.1.2.19) with no trouble.

It works fine for me night&day.
That is all, for my tiny little contribution!

[william_syd]

That is all, for my tiny little contribution!

All this info should go into the wiki as a How-To.

http://wiki.contribs.org/Tor