Tor is a network protocol that anonymizes internet traffic. Your network traffic always follows a different random path, making it difficult to eavesdrop. We explain how to turn your Raspberry Pi into a Tor router, so that you can surf the Internet via Tor with any device.
01 Supplies
Normally, if you want to use Tor, you have to configure it on every computer and mobile device that you want to surf via Tor. If you want to surf anonymously on different devices, that is rather cumbersome. That is why we use a different approach here. We turn a Raspberry Pi into a wireless access point and have our devices connect to the access point. Then we run Tor on the Pi, so that any device that surfs through the access point is automatically on the Tor network. The only thing we need extra compared to the previous workshops is a USB WiFi adapter.
02 Wi-Fi
Make sure your usb wifi adapter is compatible with the Raspberry Pi and especially the Linux distribution you are using. If you buy the adapter in a specialized Pi-shop, you are usually in the right place. We assume that you have the operating system Raspbian installed on your Pi (see also the course). Connect the adapter via usb, turn on your Pi and then give the command iwconfig. Do you see information about your adapter in the output, for example after the name wlan0, the adapter will be recognized by Raspbian.
03 Access point
Now to turn the Pi into a wireless access point, we'll install the hostapd (host access point daemon) software, as well as a DHCP server that assigns IP addresses to the devices that connect to the Pi. You can do that with the command sudo apt-get install hostapd isc-dhcp-server. If you get an error because the repository is too old, update it first with sudo apt-get update. So the intention is that the Pi connects to the Internet via the Ethernet cable, and everyone who connects via WiFi also gives access to the Internet via the Ethernet interface.
04 DHCP Configuration
Configure the DHCP server with sudo nano /etc/dhcp/dhcpd.conf. Place a hash (#) in front of the lines that start with option domain-name and option domain-name-servers. Remove # before the line #authoritative;. Search for A slightly different configuration and remove # for every line of that part, except the phrase you want. Now change some numbers: change 224 after the netmask in 0, the 26 after range in 2, the ns1.internal.example.org in 8.8.8.8, 8.8.4.4 (Google DNS), internal.example.org is becoming local and from 31 after broadcast address are you making 255. Save and exit (Ctrl+O and Ctrl+X).
