I could produce one of these for the intel edison, but I have a feeling that nobody would use the image file, since the instructions set is still x86, and that I'm not a trusted source for such software.
On Sun, May 31, 2015 at 7:38 PM, CJ Barlow <cbar...@sigaint.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Would you like to contribute to the Tor network by running your own relay? > This is a guide to do just that via a Raspberry Pi 2. > > This guide is intended to cover the set up in detail from start-to-finish > but, as always, will need to be tweaked with community feedback. > > In an attempt to make this as plug-and-play as possible I fully prepared > an image[1] while writing this guide. This image was tested on my > Raspberry Pi 2. > > TL;DR: Download the image file, copy it to your Raspberry Pi 2 MicroSDHC > card and run a relay. > You can use either dd[2] or Win32 Disk Imager[3] to write the image to > your MicroSDHC card. Alternatively, you can follow these instructions to > tweak the official Raspbian image[4]. > > *I do not have any experience with a headless set up. Additional > help/corrections, especially to the SSH part of the guide are > appreciated.* > > Equipment needed: > - - Raspberry Pi 2 > - - Ethernet cable > - - 4GB Class 10 (or higher) MicroSDHC card. A 16GB card is recommended. > - - Power supply with at least 2A output. > > Some nice-to-have but optional equipment: > - - Case > - - Heatsinks > > Step 1: > - Install a torrent client such as Deluge.[5] > - Download the image prepared with this guide or the official one. > Please > be sure to seed it. > - The prepared image is signed with my GPG subkey.[6] > - Use either dd or Win32 Disk Imager to write the image to your > MicroSDHC > card. > > Step 2: > - Insert your MicroSDHC card into the Raspberry Pi 2 and plug it > in to > power it on. > > - If you are using the stock image skip to step 3c. > > - The default login for my image is: > tor / changeme > > - Use raspi-config to change the locale settings (keyboard, time > zone > etc.) and user password: > sudo raspi-config > > - Select Expand Filesystem so the entire SDHC card is available to > the > Raspberry Pi 2. > - Press <TAB> twice to select Finish and reboot. > > - Bring the image up-to-date with: > sudo apt-get update > sudo apt-get upgrade > > Step 3a: > > - Check that tor is running and the ORPort is reachable: > sudo tail -f /var/log/tor/notices.log > > - The following lines will be in the log file if your Relay is > working > correctly: > [notice] Tor has successfully opened a circuit. Looks like > client > functionality is working. > [notice] Self-testing indicates your ORPort is reachable > from the > outside. Excellent. Publishing server descriptor. > [notice] Self-testing indicates your DirPort is reachable > from the > outside. Excellent. > [notice] Performing bandwidth self-test...done. > > - If the above lines are not present see the > troubleshooting section at > the end of the document. > > - Please read "Tor Fingerprint backup" at the end of the document. > > - As an optional step you can change your relay's nickname. Change > the > nickname line in torrc with: > sudo /etc/tor/torrc > > - Edit the Nickname line, leaving a space between Nickname > and what you > change it to. For example: > Nickname pickyourownnickname > > - Your Relay is now up and running! > > Step 3b (SSH usage)[7][8]: > - Enable SSH with: > sudo raspi-config > - Select Advanced Options: > Set SSH to Enable. > > - Find the IP of your Raspberry Pi 2 with: > hostname -I > > - SSH to the Pi: > ssh <username>@<Pi IP> > > - For off-site usage, I recommend a DynamicDNS on the Relay's > connection. > This will make SSHing to it easier. > - The DynamicDNS goes on the Address line of torrc, for > example: > Address thisismy.duckdns.org > > - SSH to it with: > ssh <username>@thisismy.duckdns.org > > Step 3c: > Instructions if using the stock image[9]: > > - Select Expand Filesystem so the entire SDHC card is available to > the > Raspberry Pi 2. > - Press <TAB> twice to select Finish and reboot. > > - The default login is: > pi / raspberry > > - Run raspi-config: > sudo raspi-config > > - Change Internationalisation Options to suit your preferences. > - When changing locale press the spacebar to select the > option(s). > > - Select Overclock: > Pi2 > - Overclocking your Raspberry Pi 2 this way does not void > the warranty! > > - Select Advanced Options: > - Hostname is the device name on your network. > > - Select Finish and reboot. > > - Log back in using: > pi / raspberry > > - Create a new user: > sudo adduser username > > - Load the sudoers list: > sudo visudo > > - Change the last line to: > username ALL=(ALL)ALL > - Example: > bill ALL=(ALL)ALL > > - Be sure to leave a space after username *and* > below the last line. > - Press Control + X to close the document. > - Press Y to save the changes and Enter to accept > the default file name. > > - Reboot and log in under the username you just created. > sudo reboot > > - Remove the pi user: > sudo deluser --remove-home pi > > - Update the OS and all packages: > sudo apt-get update > sudo apt-get upgrade > > - Install cron-apt to automate updates. > sudo apt-get install cron-apt > > - Configure a cron job to automatically download updates > on a semi-daily > basis with: > sudo nano /etc/cron.d/cron-apt > > - Add a # to the start of line 5. > > - Change line 6 to "Every 12 hours." Delete the # > (and the space) from > line 7 and put: > 0 */12 * * * root test -x > /user/sbin/cron-apt && /usr/sbin/cron-apt > /etc/cron-apt/config2 > > - Run the following once or twice a day to install updates: > sudo apt-get dist-upgrade > > - Install tor with: > sudo apt-get install tor > > - Change the following in /etc/tor/torrc (from top-to-bottom in > torrc) with: > sudo nano /etc/tor/torrc > > - Remove the "#" before the following lines (lines with dashes are > comments for this guide): > > - Change the SocksPort to 0 from 9050. > SocksPort 9050 > > Log notice file /var/log/tor/notices.log > RunAsDaemon 1 > > - Change the DataDirectory to a RAM drive per TorProject's > suggestion.[10] > - See "Tor Fingerprint backup" at the bottom of this > document. > > DataDirectory /dev/shm/tor > > ORPort 9001 > Nickname pickyourownnickname > > - Run a speed test and convert the result to Megabytes by > dividing by 8. > - Alternatively you can use a online bits-to-bytes > calculator, such as > Google.[11] > - At least 2 Megabits of upload is recommended for > a good relay. > > - Set the RelayBandwidthRate to a maximum of 80% of your > upload speed. > - Set the RelayBandwidthBurst to a maximum of 95% of your > upload speed. > - Burst speed is used occasionally. > > RelayBandwidthRate > RelayBandwidthBurst > > *Bandwidth accounting is unidirectional, it will use twice > what is listed!* > - To use 50GB per month (starting on the first of the > month at midnight): > > AccountingMax 25GB > AccountingStart month 1 00:00 > > - The contact info is posted online so please keep that in > mind! > ContactInfo Your name <youremail@address> > > DirPort 9030 > > - Be sure to uncomment this line so you only run as a > middle relay. > ExitPolicy reject *:* > > - Reboot with: > sudo reboot > > - Log back in to the Pi. > > - Check that tor is running and the ORPort is reachable: > sudo tail -f /var/log/tor/notices.log > > - The following lines will be in the log file if your Relay is > working > correctly: > [notice] Tor has successfully opened a circuit. Looks like > client > functionality is working. > [notice] Self-testing indicates your ORPort is reachable > from the > outside. Excellent. Publishing server descriptor. > [notice] Self-testing indicates your DirPort is reachable > from the > outside. Excellent. > [notice] Performing bandwidth self-test...done. > > - If these are not present see the troubleshooting section below. > > > THANK YOU for running a relay! :-) > > Relay Fingerprint backup: > Because the Fingerprint is contained on a RAM Drive it is erased in the > event of a power loss (due to shut down, reboot, etc). This makes your > Relay appear as "new" each time. > > To maintain a steady relay back up the fingerprint to a USB flash drive > with the following commands: > First, make a directory to mount the drive to: > mkdir /mnt/d > > If it is the only drive connected and formatted to FAT32 use: > sudo mount -t vfat /dev/sda1 /mnt/d > > If it is formatted to NTFS you will need to install ntfs-3g first: > apt-get install ntfs-3g > > Then mount it with: > sudo mount -t ntfs /dev/sda1 /mnt/d > > To access the RAM drive you need to be root (sudo): > sudo su > > Browse to the Fingerprint location: > cd /dev/shm/tor/keys > > Copy the "secret_id_key", which is the fingerprint, to your flash drive. > Rename it something memorable like "tor_fingerprint". > cp secret_id_key /mnt/d/tor_fingerprint > rm /mnt/tor-root/var/lib/tor/keys/secret_id_key > > Invert the copy (cp) command to restore it. > > Troubleshooting: > If you do not see "Self-testing indicates your ORPort is reachable from > the outside. Excellent." in the notices log you will need to check that > your port is forwarded correctly in your router. > If your port forwarding is correct but the ORPort is still unreachable you > may need a Dynamic DNS. The Dynamic DNS address will be put in the Address > line in torrc. > See footnote 13 for a example on setting up a Dynamic DNS. > > Extra info: > To safely shut down the system use: > sudo shutdown -h now > > If Bandwidth accounting is *enabled* the DirPort is automatically disabled. > Tor uses TCP ports, the UDP ports do *not* need to be forwarded. > > OS modifications for my images: > "Turbo mode" overclocking is enabled with Pi 2 setting. This does > *not* > void the warranty![12] > OS hardening enabled via harden-servers package. > Tor logs are rotated daily, rotated logs are not kept. > Semi-daily cron job running apt-get update and apt-get upgrade. > Removed pi (default) user. > Hostname is RelayPi. > RelayBandwidthRate and RelayBandwidthBurst are set to 80% and 90% > of the > Ookla Global Broadband upload speeds, respectively. > AccountMax is set to 25GB (50GB per month), starts at midnight on > the > first day of the month. > > [1] > > https://torrage.com/torrent/64CF7A9D083BA58C31987B2AFA1B34B4334456F7.torrent > [2] > > https://www.raspberrypi.org/documentation/installation/installing-images/linux.md > [3] https://i.imgur.com/gIamfK7.png > [4] http://downloads.raspberrypi.org/raspbian_latest.torrent > [5] http://deluge-torrent.org/ > [6] https://pgp.mit.edu/pks/lookup?op=vindex&search=0xD4EB587D15734B19 > Primary Fingerprint: > 3E37 9905 05C0 050A FEFE C675 D4EB 587D 1573 4B19 > Signing subkey Fingerprint: > 2F28 004A 19B2 E62B 3690 BF2B CCF6 3BA2 CBE9 49C3 > [7] > > https://www.raspberrypi.org/documentation/troubleshooting/hardware/networking/ip-address.md > [8] https://www.raspberrypi.org/documentation/remote-access/ssh/unix.md > > https://www.raspberrypi.org/documentation/remote-access/ssh/windows.md > [9] http://www.instructables.com/id/Raspberry-Pi-Tor-relay/?ALLSTEPS > [10] https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity > [11] https://www.google.com/?q=9000Kbps+to+MBps > [12] > > https://www.raspberrypi.org/introducing-turbo-mode-up-to-50-more-performance-for-free/ > [13] > > https://tor.stackexchange.com/questions/6558/relay-getting-traffic-showing-as-unreachable/6575#6575 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJVa8OrAAoJEMz2O6LL6UnDzEYP/1FYY1cZ+ZpzKIo9rd7CEoCF > jhZ/c7MMh8G2I9v9H8xCXJOAwE2EYm0omGcdMDJ/FrQBq4+SrWfhklH5pLb71wMd > CcPCPE23l9sspmm8Ll4Ox/AGOgn1I7AhLR8/c6gqlYuL2VroJv7FSrU4wlXaiqtb > Us5o8xGeKKdENnyR59Hsct0/XvuACv8KdjIibn/r0GmiRbF87hKtyrOa/fAQPR6G > CAZ+cxbsLWaplUyimcJdMjerfA/OFAM/ghCCPCmrG4HfDe3+rpEZpSiTmjU+wMID > kpcc/vZH2mJD8IAa0XgFvMUj6aSjG+Bk5TcHo1QVleTF0IvraDSyYk4CC3Z7ZPBv > rCJKiTUIRdr0MoVXSXs5DL9Pa+dqfQKd3d0sgzox/095wOf5VAnr3EeZ6Jh0dyDc > mQZz55rAoCFP0MI/XPkd/SyoICP6rVWpCg9v/OwuPhj++jKDKySc/StP1Ppq++6m > MIM7RQIVNIPoeNK/1bmYTXEyFmsUyerZq4QWjbBvlE7rnnWdBqjJ7XraUTgtbWAm > lP1KKVO9UlverDAheAk3wvAYuF5LUltxoTSL5zZssHBEWdOiooIS6C/aphycNVLK > cHsWh7fIoXZmLSJc6uVYbKxfXmlt6T6fHucpoOgYUX6JWePlpy5To9rB0tYYDv2x > 33UYpCp4tZ0julM7xPqy > =Jr3r > -----END PGP SIGNATURE----- > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
