Creating And Configuring TOR Nodes

From Nick's Personal Wiki
Revision as of 01:38, 26 March 2026 by Nick (talk | contribs) (→‎Configuring TOR)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Placeholder content, page coming soon.

Bridge Node

This tutorial will be based on CentOS/RHEL/Fedora distributions for now, additional distributions may be added later.

Prerequisites

A remote server that has already been configured and secured should be used to host this TOR Bridge node, assistance in doing so can be found here.

Preparing The Server

In order to install TOR packages on CentOS/RHEL/Fedora the EPEL repositories need to be enabled first, do so via: 

sudo dnf install epel-release

Add the following to the '/etc/yum.repos.d/Tor.repo' file, create the file if it does not already exist: 

[tor]
name=Tor for Enterprise Linux $releasever - $basearch
baseurl=https://rpm.torproject.org/centos/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://rpm.torproject.org/centos/public_gpg.key
cost=100

Even if using 'dnf' instead of 'yum' the above should be completed.


Installing TOR

Install the TOR packages: 

sudo dnf install tor

Install dependencies via: 

sudo dnf install git golang policycoreutils-python-utils

Build the binaries that have been installed: 

export GOPATH='/home/EXAMPLE_USER/go'
go install gitlab.com/yawning/obfs4.git/obfs4proxy@latest
sudo cp /home/EXAMPLE_USER/go/bin/obfs4proxy /usr/local/bin/
sudo chcon --reference=/usr/bin/tor /usr/local/bin/obfs4proxy

Configuring TOR

Edit the TOR config file located at /etc/tor/torrc by default, and replace the content with: 

RunAsDaemon 1
BridgeRelay 1

# Replace "TODO1" with a Tor port of your choice.  This port must be externally
# reachable.  Avoid port 9001 because it's commonly associated with Tor and
# censors may be scanning the Internet for this port.
ORPort TODO1

ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy

# Replace "TODO2" with an obfs4 port of your choice.  This port must be
# externally reachable and must be different from the one specified for ORPort.
# Avoid port 9001 because it's commonly associated with
# Tor and censors may be scanning the Internet for this port.
ServerTransportListenAddr obfs4 0.0.0.0:TODO2

# Local communication port between Tor and obfs4.  Always set this to "auto".
# "Ext" means "extended", not "external".  Don't try to set a specific port
# number, nor listen on 0.0.0.0.
ExtORPort auto

# Replace "<address@email.com>" with your email address so we can contact you if
# there are problems with your bridge.  This is optional but encouraged.
ContactInfo <address@email.com>

# Pick a nickname that you like for your bridge.  This is optional.
Nickname PickANickname

Change the 'ORPort', 'ServerTransportListenAddr', 'ContactInfo', and 'Nickname' options to preference.

Remember that the OR port and the obfs4 proxy ports must be accessible from the internet, and will need to be permitted via firewall rules. Information on how to accomplish this via Firewalld can be found here.

A connectivity test is provided by the TOR Project, and can be found here.


Configuring Bandwidth Limits

Use the following options in the '/etc/tor/torrc' file to configure bandwidth rate limits, burst limits, accounting limits, and accounting terms.

To configure when the server should begin totaling it's networking bandwidth usage, and for how long, add: 

 AccountingStart [DAY] [TIME (24H formatted as HH:MM)]

To configure what the MAXIMUM bandwidth the server should use in that term is, add: 

AccountingMax [NUMBER] [UNITS (GBytes, MBytes, KBytes, Bytes)]

To configure the AVERAGE bandwidth rate the server should adhere to for that term, add: 

 RelayBandwidthRate [NUMBER] [UNITS (GBytes, MBytes, KBytes, Bytes)]

To configure the MAXIMUM BURST of bandwidth the server may use, while still adhering to it's average speed over the set term, add: 

RelayBandwidthBurst [NUMBER] [UNITS (GBytes, MBytes, KBytes, Bytes)]

Tor Services

Restart the related services: 

sudo semanage port -a -t tor_port_t -p tcp OR_PORT
sudo semanage port -a -t tor_port_t -p tcp OBFS4_PORT

Enable the TOR services on every boot: 

sudo systemctl enable --now tor


Check Logs

Confirm the bridge is running without issue by checking the logs located at '/var/log/tor/log' or '/var/log/syslog'.

If the bridge is working correctly the below should be seen: 

[notice] Your Tor server's identity key fingerprint is '<NICKNAME> <FINGERPRINT>'
[notice] Your Tor bridge's hashed identity key fingerprint is '<NICKNAME> <HASHED FINGERPRINT>'
[notice] Registered server transport 'obfs4' at '[::]:46396'
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
[notice] Bootstrapped 100%: Done
[notice] Now checking whether ORPort <redacted>:3818 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.


Checking Performance

Check the performance of the Bridge Node on the TOR Metrics site here.

Retrieved from "https://nlear.xyz/wiki/index.php?title=Creating_And_Configuring_TOR_Nodes&oldid=207"