A TorBox user reported to us via email that ICPM packages used in conjunction with ping and traceroute were not blocked by TorBox, which, if exploited, could reveal the user’s IP address and location. The reason for this vulnerability is an error in the firewall rules. The updated images, linked below, will not only fix it but also update Tor to version 0.4.8.16 and Snowflake to version 2.11.0.
TorBox Image (about 1 GB): v.0.5.4 (17.04.2025) – SHA-256 values
TorBox mini Image (about 1 GB): v.0.5.4 (17.04.2025) – SHA-256 values
TorBox Menu only: v.0.5.4 (17.04.2025) – SHA-256 values
Alternatively, you can download the image from our TorBox cloud test installation.
• • •
If you have an already running TorBox v.0.5.4 then you can manually update your system to close the vulnerability and update Tor:
- Use entry 4 in the Update & Maintenance sub-menu to update Tor and Snowflake.
- Use entry 5 in the Update & Maintenance sub-menu to update the TorBox menu.
- Reconfigure the firewall by using an entry between 5 and 10 in the Main menu.
To check if the firewall rules are fixed, use the following command on the command line interface:sudo iptables-save | grep icmp
As a result, you should see the following lines (now additional lines with FORWARD in it!):-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
• • •
By the way, using the TorBox installation script for Debian-based systems is now also compatible with DietPi. A TorBox on a DietPi system requires only about two-thirds of the space compared to a TorBox on a Raspberry Pi system and runs very smoothly. However, we are still in a test phase and cannot guarantee that all works as it should. Due to our limited resources, we require individuals who are willing to thoroughly test it and report any issues to us that we can address.
• • •
Known problems and bugs
ISSUES: The modified tables were not saved during the first start. This is only a minor issue, and it is healed if the Main Menu entry 5-10 is used. A bigger problem is that if your internet is connected via an Ethernet USB-adapter (eth1), TorBox is often unable to get the default gateway configuration, causing a disconnection between TorBox and the Internet. We have already successfully dealt with that problem on the Raspberry Pi onboard Ethernet connector (eth0) and implemented the same solution for eth1. More about these two issues and how they can be fixed is explained here. The image files are not fixed yet — PENDING! ⏳
BUG: Because of a bug in the script, entry 10 in the Main Menu (Tor Over VPN) was not working correctly (see Issue #342). We fixed the bug with Commit 6b9af96 (Tor over VPN: fix). You can fix the bug on your TorBox by updating the TorBox menu with entry 5 in the Update and Maintenance sub-menu. The image files are not fixed yet — PENDING! ⏳
torbox mini 0.5.4 from dec 2024 on raspberry p zero 2 w worked. torbox mini 0.5.4 from apr 2025 does not work. I have tried reburning the image on a sd card several times and connectiong the raspberry pi zero 2 w on different debian 12 computers. I have tried deleting the .ssh folder. Same result. The torbox mini connects to the computer and a wired connection gets established. I then run command ssh 192.168.44.1. I enter yes. I then enter the pwd CHANGE-IT. It returns permission denied. What is the pwd? Others who have encountered the error? Thank you.
Can you configure a torbox mini raspberry pi zero 2 w to act as a torbox? Such that any pc can connect to the raspberry pi zero 2 w and get a tor internet connection. I would then either connect an usb wifi card or usb ethernet converter to the raspberry pi zero 2 w. Or can a raspberry pi zero 2 w not run as a torbox because it is not fast enough? Thanks.
The TorBox mini is configured that way: Internet is on wlan0 Client is on eth0 (RNDIS/Ethernet Gadget mode). These are the only two interfaces, a Raspberry Pi Zero 2 W have by default.
To answer your question, I must know what configuration you want to use. If you don’t need the RNDIS/Ethernet Gadget mode because you have something like Internet is on wlan0 Client is on wlan1 (USB WiFi-Adapter), Internet is on eth0 (USB EThernet converter) Client is on wlan0 then you should try the standard TorBox image.
If you have something else in mind, please open an Issue on our GitHub page (https://github.com/radio24/TorBox/issues) and give us a detailed explanation of what you want to achieve.
The hardware setup would be: Raspberry pi zero 2 w, micro usb power supply connected to the right micro usb port, an usb wifi card connected to the left micro usb port.
The raspberry pi zero 2 w should connect to the internet by the built in wifi card.
Other computers should connect to the raspberry pi zero 2 w by the usb wifi card attached to the raspberry pi zero 2 w.
How do I get a torbox, not a torbox mini, on this hardware setup?
Which torbox image should I download and install on the raspberry pi zero 2 w? I know of no specific raspberry pi zero 2 w torbox image. The only image I noticed for the raspberry pi zero 2 w is the torbox mini image.
Right now I have registered no account on github.
I want to run a torbox instance on a raspberry pi zero 2 w, not a torbox mini instace on a raspberry pi zero 2 w.
Check out the top of the post. There you will find two images: TorBox Image and TorBox mini Image. You have to take the first one (https://www.torbox.ch/data/torbox-20250417-v054.img.xz) and flash it on the SD card, which you will use in your Raspberry Pi Zero 2 W.
I downloaded the file in your link. And installed it on a raspberry pi zero 2 w. I connected a psu to the right usb port and an usb wifi card to the left usb port. In the menu of the pc’s network manager I selected TorBox054. Entered pswd CHANGE-IT. And a connection between the raspberry pi zero 2 w and the pc got established. In a command line I ran command ssh [email protected].1. Nothing happens. I also tried command ssh [email protected].1 and ssh [email protected].1. Same result. Nothing happens. I do not get to the torbox menu. How do I get to start the torbox menu?
Remark: If I remove the usb wifi card I can select TorBox054 in the pc’s network menu. Enter pswd CHANGE-IT. And a connection between the raspberry pi zero 2 w and the pc gets established. Suggesting the raspberry pi zero 2 w’s built in wifi card is the wifi card used to establish a connection between the raspberry pi zero 2 w and the pc.
Answer from TorBox admin: We will work on it. See here for more information: https://github.com/radio24/TorBox/issues/295#issuecomment-2873855591
Does the beaglebone black have hardware specifications such that it can run a torbox? If yes how would you approach the matter? Than you.
Going to the Beagle Bone Distro page, I can find a Debian 11 image for BeagleBone Black. I also found an (experimental?) image supporting Debian 12.3 here: https://forum.beagleboard.org/t/debian-12-x-bookworm-monthly-snapshot-2023-10-07/36175/1. It seems that this is the latest Debian version supported by the Beagle Bone Community, although it might be worth asking in their Discord Group.
Let’s say you manage to get Debian running on the BeagleBone Black; I would try to install TorBox by using the run_install_on_debian.sh script. For more information, check our documentation: https://www.torbox.ch/?page_id=1168#script