Many people are beginning to realize how little privacy is available when accessing networks such as the Internet. The Onion Router, also known as the Tor Project, is one project that has attempted to address this issue.
Tor is a network stack that anonymizes users when they access the Internet. Installing the Tor Browser, their web browser, is the easiest way to use Tor. The installation is easy. The browser connects automatically to the Tor network and you can surf anonymously in minutes.
The Tor Browser does have some limitations. It does not provide security for other applications on your computer. Do you use a different browser? A custom email client? What about the chat program you use? Or synchronized file storage such as Dropbox or OneDrive. The Tor Browser does not protect any of these. You can install the Tor client on your computer to fix this problem. But what if you forget? What if your hardware device, such as a VoIP phone or Xbox, doesn’t support Tor? What about the operating system updates that run in background? They won’t use Tor. What can you do? Don’t worry. There is a solution. All you need is a Raspberry Pi.
I will show you how to create a Transparent Tor Proxy that protects your devices without the need to install or configure any software. The topology (figure 1) looks very simple. One interface will connect to a trusted network and appear like a router. The second interface will connect with an Untrusted network. The Raspberry Pi will force all trusted traffic to the Tor network. The router will ensure that all communications are sent via Tor.
You can also watch a webinar on the topic on-demand. You can view the webinar here and follow along.
Figure 1Step 1: Assemble Your Hardware
We need to gather some parts before we can get started. I used a Raspberry Pi 4 for this build. As long as the device supports Linux, you could use a Raspberry Pi 3 and similar devices. Pay attention to network throughput. Although the Raspberry Pi 3 has a gigabit interface, its actual speed is much lower due to the bottleneck created by the CPU and USB bus. The Raspberry Pi 4 has solved this problem and can now achieve gigabit speeds.
A second network interface is also required. You should be careful when choosing a second network interface. I recommend a USB NIC with the Realtek RTL8153 chipet. I am able to install the driver for this chipset in the Linux kernel. This means I won’t have to configure drivers later.
Here’s a list of all the things I bought for this project.
ComponentCostRaspberry Pi 4B (4GB)$55.0032GB Micro SD Card$7.49USB NIC with RTL8153 Chipset$13.99USB-C Power Adapter$11.99Heatsink / Cooling Solution$17.99Total$106.46Step 2: Assemble Your Software
Ubuntu Linux from Canonical is the only software required for this project. It is free and available directly from Canonical’s site (figure 2). Although Raspberry Pi OS is free, it is not designed for security. It is not worth the effort to secure a training OS. Instead, I recommend going with something more mainstream like Ubuntu.
Figure 2Next, you’ll want to flash Ubuntu onto an SD Card. This process is probably familiar to most of you. If you are not familiar with this process, I recommend that you read this tutorial from Canonical.
Step 3: Connect Your Hardware
Once you have all the pieces, it’s time to put them together. The SD Card should be inserted into the Raspberry Pi’s memory card slot. Connect the USB NIC (they have a blue tab, and not white) to one of the USB 3.0 ports. A monitor and keyboard will be needed. Ubuntu comes with SSH enabled by default. However, it is not necessary. Finally, plug in power and watch the unit boot up.
Cloud-Init is a system that automatically configures Ubuntu during its first boot. It will automatically label the USB NIC and onboard NIC “Eth0” respectively. It will also create a default account with the following credentials.
Username: UbuntuPassword: Ubuntu
Although it is not the most secure password, it will allow you to change your password after the first login. If you attempt to log in and it fails, it is usually because the Cloud-Init scripts aren’t finished. Give it a while and then try again.
Step 4: Update Ubuntu
Thanks to thousands of contributors around the globe, updates are quick and furious in Linux world. Our install is almost certain to be out-of-date on the first day. This can be fixed quickly by running the following command:
Shellsudo
