This FAQ is related to questions around TorBox. For additional questions and feedback, visit our GitHub page (especially the entries, which are labeled as Information or Documentation) or contact me. For questions relating to Tor or the Tor Browser, check the general FAQ page of the Tor Project or the official Tor support website.
- How can I access the TorBox Menu
- Should I change the default passwords? How can I change my passwords?
- Should I change the name of the wireless network (SSID) of my TorBox? How can I change it?
- Can I hide the name of the wireless network (SSID) of my TorBox?
- Can Tor protect me against tracking and/or fingerprinting in webbrowser to guaranty my anonymity accessing a website?
- Do you know some useful browser add-ons to improve anonymity, security and/or usability?
- Do you know some essential configuration adjustments for Firefox (via about:config) to improve anonymity and security?
- Can I use TorBox and VPN together?
- Is it possible to activate a OBFS4 bridge relay and simultaneously use OBFS4 bridges on the same TorBox?
- Is there a way to force/block TorBox to use an exit node in a specific country?
- I’m connected to TorBox, and all is working as expected, but I’m not able to download something with my BitTorrent client. What’s wrong?
- Isn’t there a workaround so that I can use TorBox and BitTorrent at the same time?
- I’m connected to TorBox, and all is working as expected, but Firefox, Safari and any iOS device don’t display .onion sites. What’s wrong?
- For starters, do you know some interesting .onion sites?
- Tor statistics (main menu entry 1) don’t show up — the screen stays black. What can I do?
- Tor did work without a problem. The Internet is reachable. Nevertheless, after a restart of TorBox, Tor doesn’t load anymore. It has been stuck at “Bootstrapped 0%” for more than 5 minutes! How can I fix that?
- When I boot up my TorBox, I can see the following error: “Failed to start Raise network interfaces” – what does it mean?
- When I boot up my TorBox, I can see the following error: “Failed to start /etc/rc.local Compatibility” – what does it mean?
- How can I be sure that my devices are using the Tor network?
- Why do I receive a grey onion on the Tor Project’s check-site?
- I’m connected to TorBox with an ethernet cable, and all is working as expected. However, when I change my Internet to “Wireless network”, I’m not able to connect to the Internet anymore.
- My TorBox is connected with the Internet via ethernet. I’m using onboard WiFi for my client devices. How can I additionally connect a cable client?
- My client, which is connected to the TorBox, doesn’t receive an IP address.
- My TorBox doesn’t receive an IP address from the network router.
- My TorBox receives an IP address (192.168.42.* or 192.168.43.*) from the network router, but it doesn’t work.
- I’m unable to connect a public wireless network, I’m not able to reach the captive portal, or after the authentication, it doesn’t show me a “success page.”
- I’m connected to a public wireless network; everything works as expected. However, every x minutes, the connection to the wireless network stops completely, and I have to repeat the entire login procedure. What could be the reason?
- TorBox’s wireless manager doesn’t show me all wireless networks! It seems that the ones on the 5 GHz band are missing. What can I do?
- All about the power supply: “Under-voltage detected!” / Red flashing LEDs / Unusual, strange behaviors – What do these things mean?
- I can’t get tethering to work. What’s wrong with it?
- When I’m connected with TorBox and use the Tor Browser or Tails on one of the clients, isn’t that a risk for my security/anonymity (“Tor over Tor” scenario)?
- Even if the “Tor over Tor” scenario isn’t a risk for security and anonymity, how can I avoid it when I combine TorBox and the Tor Browser?
- I don’t care about the “Tor over Tor” scenario and just want to use the Tor Browser, but it cannot connect the Tor network through TorBox – what can I do?
- If I have two or more clients, let’s say device 1 and device 2, connected to the TorBox will it intelligently make sure each client has its own tor circuit?
- I heard that transparent Tor proxies are dangerous! I shouldn’t use TorBox, right?
- What are the main differences between TorBox and Whonix?
- Why is the local TorBox traffic not routed through tor? Why is by default Google’s and/or Cloudflare’s service used to circumvent cheap censorship measures or to test the connectivity? Can I change Google and/or Cloudflare services with something else?
- Could you incorporate pi-hole to remove ads?
- I have problems with the wifi network from/to TorBox/Internet router/clients connected to the TorBox. Please fix it for me!
- I can’t get TorBox to work and need more detailed help! What should I do?
How can I access the TorBox Menu
The default way to access the TorBox Menu is with a client using the Secure Shell Protocol (SSH), either by the TorBox’s WLAN (password: CHANGE-IT) and/or by an Ethernet connection. If a client is connected via ethernet cable to the TorBox, whether using the onboard or external ethernet adapter, then the TorBox functionality is automagically enabled for that client. To establish a connection between the SSH-client and TorBox, use 192.168.42.1 (username: torbox / password: CHANGE-IT); with an Ethernet connection, use 192.168.43.1 (username: torbox / password: CHANGE-IT). Afterwards, the main menu automatically starts.
There is an extensive collection of SSH clients, but we recommend using Termius, which is available for macOS, Windows, Linux, iOS and Android. Alternatively, we can also recommend PuTTY for Windows and Prompt for iOS (even it is relatively expensive).
Since TorBox v.0.4.1, the TorBox Menu can also be accessed with a web browser using https://192.168.42.1:9000 on a WiFi client and https://192.168.43.1:9000 on a cable client. Unfortunately, with the self-signed certificate for “Shellinabox’s” secure connections, browsers will show a warning message during the first connection, which must be ignored. The user must accept this certificate to use a secure connection between the web browser and “Shellinabox”.
You should change the default passwords a soon as possible. This is an easy task: login into your TorBox with an SSH client, go to the configuration sub-menu and choose the associated menu entries.
Can Tor protect me against tracking and/or fingerprinting in webbrowser to guaranty my anonymity accessing a website?
The short and most secure answer is NO.
However, the reality is more complex, and it depends on your behaviour. We tested different web browsers with different settings on a computer connected to the tor network with EFF‘s tool “Cover Your Tracks“. This tool checks how trackers see your browser. The test is not representative but indicates how important the proper choice / configuration of a web browser is. The ranking as of October 2021 is as follow:
- The Brave browser (in its default configuration) has strong protection against web tracking (tracking ads, invisible trackers and protection from fingerprinting).
- Firefox, individually configured with some useful browser add-ons to improve anonymity and security (see below), has strong protection against web tracking (tracking ads, invisible trackers and protection from fingerprinting). However, the usability of the Brave browser is better – with Firefox, some Websites have a problem working correctly, and the removing of some of the anonymity and security add-ons will result in lower protection, especially against fingerprinting.
- The Tor Browser (in its default configuration) has strong protection against web tracking and invisible trackers and partial protection from fingerprinting.
- Safari (version 14 and 15, in its default configuration) has some protection against web tracking but a nearly-unique fingerprinting.
- Firefox (in its default configuration) has some protection against web tracking but not against fingerprinting.
- Chromium (in its default configuration) protects against invisible trackers but has no protection against tracking ads and fingerprinting.
- Google Chrome (in its default configuration) has no protection against tracking and fingerprinting.
In combination with the TorBox, we recommend using the Brave browser for having the best protection against tracking and fingerprinting. However, you can also use the Tor Browser with TorBox (for more details about, see under “When I’m connected with TorBox and use the Tor Browser or Tails on one of the clients, isn’t that a risk for my security/anonymity (“Tor over Tor” scenario)?“
BrowserLeaks comprises additional tools to check the degree of protection of your web browser.
Yes, but first let me repeat one crucial point: if your well-being depends from your anonymity, then is highly recommended to use Tails.
In my opinion following browser add-ons are very useful. All add-ons for Chrome are also available for Brave:
- https-everywhere: Automatically makes websites use a more secure HTTPS connection instead of HTTP if they support it. With HTTPS, even the connection between the Tor exit node and the web server is encrypted. Tor Browser also uses this add-on. (USED BY THE TOR BROWSER AND BRAVE; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox, Firefox for Android, Chrome, Edge and Opera).
- First Party Isolation: First Party Isolation, also known as Cross-Origin Identifier Unlinkability, is a concept from the Tor Browser. The idea is to key every source of browser identification with the domain in the URL bar (the first party). This makes all access to identifiers distinct between usage in the website itself and through third-party. Think of it as blocking Third-party cookies, but more exhaustively. (USED BY THE TOR BROWSER; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox).
- uBlock Origin: The only real working and independent ad blocker (ESSENTIAL for SECURITY / ANONYMITY / USABILITY; available for Firefox, Chrome, Edge, and Opera).
- Smart Referer: Prevents Cross Domain Referer Leakage (ESSENTIAL for ANONYMITY; available for Firefox).
- Decentraleyes: This browser add-on emulates Content Delivery Networks (CDN) by finding supported resources locally, and injecting them into the environment. All of this happens automatically, so no prior configuration is required. Here is a testing utility to find out if you are properly protected against a CDN vulnerability (ESSENTIAL for ANONYMITY; available for Firefox, Chrome, Edge, Opera).
- Neat URL: Cleans URLs, removing parameters such as Google Analytics’ utm parameters. (ESSENTIAL for ANONYMITY; available for Firefox, Chrome)
- Skip Redirect: Some web pages use intermediary pages before redirecting to a final page. This add-on tries to extract the final url from the intermediary url and goes there straight away if successful. (ESSENTIAL for PRIVACY / USABILITY; available for Firefox)
- Privacy Pass: Allow users to redeem validly signed tokens instead of completing captcha solutions. Clients receive 30 signed tokens for each captcha that is initially solved. Cloudflare currently supports Privacy Pass. (ESSENTIAL for USABILITY; available for Firefox and Chrome).
- uMatrix: Point and click matrix to filter net requests according to its source, destination, and type (available Firefox, Chrome, and Opera).
- Privacy Badger: A balanced approach to internet privacy between consumers and content providers by blocking advertisements and tracking cookies that do not respect the Do Not Track setting in a user’s web browser (available for Firefox, Chrome, Edge and Opera).
- FoxyProxy: FoxyProxy is an advanced proxy management tool (see also here; available for Firefox, Chrome, Edge, Opera, and others).
- Bypass Paywalls: Let’s say you are a researcher and one of your sources is an article in the Washington Post. Would you subscribe, only for that one article? Yes, we thought so, too 😉 (available for Firefox, Chrome and Edge).
- I’don’t care about cookies: The EU regulations require that any website using tracking cookies must get user’s permission before installing them. This add-on will remove these cookie warnings from almost all websites! (available for Firefox, Chrome, Edge and Opera).
Do you have another very useful browser add-on? Let me know in the comment section below!
Do you know some essential configuration adjustments for Firefox (via about:config) to improve anonymity and security?
Yes, but first let me repeat one crucial point: if your well-being depends from your anonymity, then is highly recommended to use the Tor Browser only or even better Tails (read here, here and here why).
In my opinion following configuration adjustments for Firefox are very useful:
- To enable strict First Party Isolation, also known as Cross-Origin Identifier Unlinkability, search for privacy.firstparty.isolate and privacy.firstparty.isolate.restrict_opener_access and set both to true. Alternatively, the browser add-on First Party Isolation does the same (see above). You should really do that!
- To disable WebRTC (possible IP leak!!), search for media.peerconnection.enabled and double-click on it –> false.
- To disable face detection using cameras, search for camera.control.face_detection.enabled and double-click on it –> false.
- To disable geolocation services, search for geo.enabled and double-click on it –> false.
- To disable the ability to report what plugins are installed, search plugin.scan.plid.all and double-click on it –> false.
- To disable web speech recognition through the microphone, search media.webspeech.synth.enable and media.webspeech.recognition.enable and double-click on them –> false.
- To disable all telemetry features, search for “telemetry” and disable all true/false settings related to telemetry by setting them to false.
- To harden your browser (a little bit) against fingerprinting, search for “privacy.resistFingerprinting” and double-click on them –> true.
- To enable tracking protection, search for “privacy.trackingprotection.enabled” and double-click on them –> true.
For more information see here. Do you have other essential configuration adjustments for Firefox or any other browser? Let me know in the comment section below!
Can I use TorBox and VPN together?
The answer is basically “yes” — another question is if you should do that. However, there are two different ways to combine Tor and VPN: “VPN over Tor” and “Tor over VPN“.
VPN over Tor
“VPN over Tor” means that while using the TorBox, a VPN connection is established on your client device. In this case, the client device connects to a VPN server through Tor.
This is possible if the VPN client application supports TCP. However, by default, many VPN client applications are set to UDP, which does not work. UDP data packages are not routed through Tor, and TorBox will block them. For example: ProtonVPN gives Windows clients the possibility to switch to TCP, which will work. In the macOS version of the ProtonVPN application, this possibility is not implemented, and solely UDP is supported, which does not work. However, there is a workaround: if you use OpenVPN / Tunnelblick to establish a VPN connection to a ProtonVPN server, you can choose if you want to use TCP instead of UDP (e.g., ProtonVPN via OpenVPN / Tunnelblick), which will work.
The appeal of this method might be that the exit IP remains static and is not blocked as a Tor exit node by some websites. However, the major drawback is that this cancels out any security and anonymity advantages Tor has to offer. Technically, with this method, the VPN provider sees all your data traffic. You have to trust the VPN provider so much that you might not even use Tor at all. That is why we recommend to leave it alone.
Tor over VPN
Using main menu entry 9 represents a “Tor over VPN” situation. In other words, the TorBox is sending its encrypted data stream to a Tor entry Guard through a VPN tunnel.
There are two possibilities of how TorBox handles VPN connections:
- The VPN connection is already established, and the interface tun0 is configured.
- The VPN connection is not established yet, but one or more *.ovpn – files are in the ~/openvpn directory so that TorBox can execute OpenVPN with that file.
“Tor over VPN” can help in a situation, when Tor entry guards are blocked, and when even the use of Bridges does not help (the first choice to circumvent the blockage of Tor entry guards is to use TorBox’s bridge feature in the countermeasure sub-menu, not using a VPN connection). Without an obfuscating protocol, like OBFS4, the VPN provider sees that you are using Tor. Still, he does not see what you are doing and where you are going because the data stream is encrypted, and the final destination is hidden. However, it may be easier for a (global) passive adversary to make a traffic correlation analysis on a VPN’s infrastructure. Matthew Traudt, a Computer Scientist at the U.S. Naval Research Laboratory, who has been doing research and development on Tor, wrote in a very comprehensive article about Tor and VPN that “[s]ince VPNs are so popular, isn’t it likely that the GPA has already done something to compromise the most popular ones?“.
Is it possible to activate a OBFS4 bridge relay and simultaneously use OBFS4 bridges on the same TorBox?
No! That’s not possible. If both configuration settings are activated in the torrc, tor will not start anymore (unfortunately, without giving any messages), which also can happen with other errors in the torrc. In these comments in a deleted branch, we discussed the question of running an OBFS4 relay and using OBFS4 bridges concurrently.
Is there a way to force/block TorBox to use an exit node in a specific country?
Using a (set of) specific Exit node(s) cannot only slow down your speed, but it can also compromise your security and anonymity (for example, this approach increases the correlation attack vulnerability) since all your traffic is always going through one or a restricted list of nodes. The Tor FAQ states the following: “You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry/exit nodes can mess up your anonymity in ways we don’t understand.”
In other words: we have not and will not give an easy possibility to alter the route selection (for example, exclude or restrict countries) in the TorBox menu. However, yes, there is a way to force/block Tor (and with it TorBox) to use an exit node in a specific country. Check “ExcludeNodes”, “ExcludeExitNodes”, “GeoIPExcludeUnknown”, “ExitNodes”, “MiddleNodes”, “EntryNodes”, and “StrictNodes” in the Tor Manual.
The question is, why someone wants to change Tor’s behaviour in such a way that it will compromise security and anonymity? If the answer to that question is that someone wants to use Tor for a streaming service like Netflix, then he will be better off with a VPN.
I’m connected to TorBox, and all is working as expected, but I’m not able to download something with my BitTorrent client. What’s wrong?
BitTorrent is not working over Tor, because Tor doesn’t support UDP. There are clients with a “Tor-switch” and there are people using the SOCKS v5 feature of the Tor Browser. However, this doesn’t change the fact that UDP is not routed through Tor. If in these configurations BitTorrent works properly, this means that the UDP packages go clear-net, revealing the identity of the client. With TorBox client-devices don’t have direct access to the clear-net. Consequently, UDP packages are dropped and the identity of the client is safeguarded. By the way: due to the high bandwidth usage caused by the BitTorrent protocol, it is considered impolite and inappropriate by Tor community members to use the Tor network for BitTorrent transfers. For that reason, some Tor exit nodes block BitTorrent traffic.
Isn’t there a workaround so that I can use TorBox and BitTorrent at the same time?
Yes, there is, but it is a little bit complicated and slow. You need a external SOCKS v5 proxy server and a BitTorrent client, which works properly with it (for example: Deluge, qbittorrent and Vuze). BitTorrent is now tunneled through Tor to the proxy server. Regarding the Socks5 proxy server: we didn’t find any reliable working free public proxy server. The best server we found is coming with costs, even not so much: Private Internet Access (for alternative commercial proxy providers see here). Nevertheless, you should think very carefully about the necessity to use Tor for your BitTorrent traffic, because it is slow and due to the high bandwidth the Tor community doesn’t like it.
I’m connected to TorBox, and all is working as expected, but Firefox, Safari and any iOS device don’t display .onion sites. What’s wrong?
As per IETF RFC 7686, “Applications that do not implement the Tor protocol should generate an error upon the use of .onion and should not perform a DNS lookup.” To display a .onion site, you have to use the Tor Browser, Brave or the Onion Browser on iOS.
Nevertheless, the display of .onion sites is still possible with certain other browsers:
- Google Chrome (tested with Version 94) and Chromium (Version 96) resolve .onion addresses by default, without any adjustments.
- With Mozilla Firefox you have to use the SOCKS v5 proxy functionality of your TorBox and to configure Firefox accordingly:
- Under about:preferences, “Network Settings”, click on “Settings…”, choose “Manual proxy configuration”, under “SOCKS Host” enter following IP: 192.168.42.1 / Port: 9050 (wlan) or IP: 192.168.43.1 / Port: 9050 (cable). Toggle on “Proxy DNS when using SOCKS v5”.
- Under about:config, search for “network.dns.blockDotOnion” and set it to “false”.
- The add-on FoxyProxy Standard offers another interesting way to resolve .onion addresses, only using the TorBox SOCKS v5 proxy for that kind of addresses:
- Install the add-on.
- Under “Options” add a new proxy, choosing as “Proxy Type” “SOCKS5”, enter IP: 192.168.42.1 / Port: 9050 (wlan) or IP: 192.168.43.1 / Port: 9050 (cable). Toggle on “Send DNS through SOCKS5 proxy?” and save the changes.
- Under “Patterns” whitelist .onion (see images below).
- Activate the new proxy settings and activate “Use Enabled Proxies by Patterns and Priority” by clicking on the FoxyProxy icon.
- Now, all .onion addresses are sent through TorBox’s SOCKS v5; all other addresses are not affected.
Starting with TorBox v.0.3.2, it can be chosen, if the old SOCKS v5 port 9050 without stream isolation or the new port 9052 with destination address stream isolation should be used. With using port 9052, each destination address has its circuit. Currently, we consider the implementation as “experimental” because we are worried about a possible negative impact on performance when using stream isolation. We like to hear your feedback on your experiences about that feature so that we can decide if we go to enable it for the entire data streams, not only for that particular socket.
• • •
• • •
• • •
• • •
Onion Services v3 Client Authorization
Client authorization is a method to make an onion service private and authenticated. It requires Tor clients to provide an authentication credential in order to connect to the onion service. For v3 onion services, this method works with a pair of keys (a public and a private). The service side is configured with a public key and the client can only access it with a private key. Currently, only the Tor Browser is supporting Client Authorization.
For starters, do you know some interesting .onion sites?
Of course, here is a very short collection: Ahmia Search Engine, Deep Web Search Engine, Def Con Media Server, Duck Duck Go Search Engine, BBC News, Facebook, Imperial Library, OnionDir – Deep Web Link Directory, Onion Links, ProtonMail, secMail, The Hidden Wiki, The Pirate Bay, The Tor Project Homepage, TorLinks.
The program “Nyx“, which shows the Tor statistics, uses the control port of the local Tor installation. If the loading of the Tor process gets stuck or takes much time (possible in case of network connection problems or censorship), “Nyx” need either much of time to start or doesn’t at all. However, we implemented an alternative way to quickly check the Tor’s log file: in the main menu, use “Show the Tor log file – quick and dirty”. The screen updates automatically when a new entry is written to the log file. Press CTRL-C to leave it.
Tor did work without a problem. The Internet is reachable. Nevertheless, after a restart of TorBox, Tor doesn’t load anymore. It has been stuck at “Bootstrapped 0%” for more than 5 minutes! How can I fix that?
First, check with “ifconfig” if TorBox did receive an IP address from your Internet device and if you can ping an Internet address like http://google.com. If that fails, then you have to (re)select the right Internet source in the main menu (entry 4-9) or/and shutdown and restart TorBox again.
Remark: Since TorBox v.0.3.2, the script responsible for reconfiguring the network settings checks some known problems and try to fix them, which reduced significantly the likelihood that TorBox is not getting any network connectivity. However, TorBox is configured as a DHCP client, which means that the router has to give TorBox all necessary network information (usually, the router is configured like that). If that doesn’t work, check out this FAQ entry.
If the Internet is reachable, but Tor is still stuck in the boot process, try to reset Tor and force a change of the permanent entry node (entry 9 in the update and reset sub-menu).
Other minor shortcomings could be the followings:
- Using two Internet sources simultaneously (for example, by forgetting to remove the ethernet cable).
- Using Internet<->wlan-TorBox-wlan<->client configuration without plugging in a USB WiFi adapter.
- Using the cellular option in the main menu without using a cellular device.
- Using a cellular device without an antenna.
When I boot up my TorBox, I can see the following error: “Failed to start Raise network interfaces” – what does it mean?
Such messages, when starting or running TorBox, do not automatically mean that something is wrong.
We try to support as many devices as possible from the first boot on — especially USB adapters, which use the device usb0. But if there is no USB device available, this message appears at boot time. It has no effect on how TorBox functions and can be ignored.
When I boot up my TorBox, I can see the following error: “Failed to start /etc/rc.local Compatibility” – what does it mean?
At the end of the boot procedure, the commands in /etc/rc.local are executed. One of the commands is “sudo /usr/sbin/ntpdate pool.ntp.org” to guarantee a correct clock. If TorBox doesn’t have a connection to the Internet, the command fails, and this message appears. If the connection to the Internet is established later (for example, by catching an IP address from the Internet router or by connecting a WiFi network), in most cases, this message has no effect.
How can I be sure that my devices are using the Tor network?
Go to https://check.torproject.org/ or http://onionbr5zulufnuj.onion. For more information, you can also use the check site operated by JonDonym. Check with Panopticlick (by the EFF), if your browser is safe against tracking? To check for other browser leaks, go here (an excellent analytic tool!); additionally, you could also test against IP leaks, DNS leaks and DNS Nameserver spoofability. Another nice program is here. You can also monitor your data transfer by using TorBox’s main menu entry 1. On macOS, there is a nice program (IP in Menubar), which permanently displays the IP address of your Tor exit node in the menu bar.
Why do I receive a grey onion on the Tor Project’s check-site?
Because the user agent string of your web browser differs from the one from the Tor Browser. The Tor Browser is using following user agent string: “Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0”. You can easily switch your current user agent string with “User Agent Switcher” (for Firefox). However, there are side effects:
- Changing the user agent without changing to a similar platform makes your browser nearly unique and allow for fingerprinting your device.
- If your string is saying that you are running Windows NT 6.1, most likely a download page automatically offers you a download package for Windows NT, even if you are running OS X. Therefore, a user agent switcher allows you to change the string in one or two clicks if needed.
I’m connected to TorBox with an ethernet cable, and all is working as expected. However, when I change my Internet to “Wireless network”, I’m not able to connect to the Internet anymore.
It may sound silly, but for an Internet<->wlan-TorBox-wlan<->client configuration, you have to plug in a USB WiFi adapter. For such a configuration, an adapter is needed because neither the Raspberry Pi onboard WiFi chip nor the USB adapter can access to the Internet and the client at the same time
My TorBox is connected with the Internet via ethernet. I’m using onboard WiFi for my client devices. How can I additionally connect a cable client?
If the Internet connection already occupies the onboard ethernet interface, then a lan to usb adapter is necessary.
Usually, the DHCP-server on TorBox provides your client with all necessary information. If it doesn’t work, and you are sure that your client is configured accordingly, first try to restart TorBox. Shouldn’t that doesn’t work either, then try to configure your client manually:
# Connected with TorBox's WiFi IPv4-address of your device: 192.168.42.x (x > 12) Net Masq: 255.255.255.0 Router / Gateway: 192.168.42.1 DNS: 192.168.42.1 / torbox.ch # Connected with a cable IPv4-address of your device: 192.168.43.x (x > 12) Net Masq: 255.255.255.0 Router / Gateway: 192.168.43.1 DNS: 192.168.43.1 / torbox.ch
TorBox is configured as a DHCP client, which means that the router has to give TorBox all necessary network information (usually, the router is configured like that). If that doesn’t work, try to configure TorBox manually according to the data of your provider or an actual client, which works with your router properly:
sudo ifconfig <interface> <static_IP_address> sudo route add default gw <gateway_ip>
My TorBox receives an IP address (192.168.42.* or 192.168.43.*) from the network router, but it doesn’t work.
TorBox, in its default configuration, occupies the IP-addresses 192.168.42.0 – 192.168.42.255 for its wireless network and 192.168.43.0 – 192.168.43.255 for cable connected clients. In the very rare case in which the network router uses the same IP range, you have either to change the IP range of the router or to change the configuration of the TorBox. For more information, please contact me.
I’m unable to connect a public wireless network, I’m not able to reach the captive portal, or after the authentication, it doesn’t show me a “success page.”
Honestly, captive portals were invented by the devil! There are several ways to configure a captive portal, and a lot of these configurations are terrible. Additionally, there are more factors to count on to find a way to connect with a captive portal working. We try to cover them in the list below:
- If yoIf you have problems connecting a public wireless network within the TorBox Wireless Manager (TWM), please try another one with the same name. The best way is to start with the one with the strongest signal (starting with TorBox v.0.5.0, the SSID’s are sorted by the signal strength). Also, it is a good idea to select networks that don’t share their channel (the “CH” column in TWM, see the image below) with other networks. Don’t forget that your AP also uses a channel, which you can change in the Configuration sub-menu. Signal interferences is a big source of problems.
- USB WiFi adapters, which are not supported out of the box (especially for 5 GHz networks), sometimes lead to problems. It is dependent on the type of USB WiFi adapter and the quality of the driver. If unsure, try to connect with a simple 2,5 GHz USB WiFi adapter supported out of the box.
- To authenticate on a captive portal, you need to choose “CAPTIVE PORTAL” when a dialogue box presents you with that option. Read the dialogue box carefully! Between activating and deactivating TorBox’s “CAPTIVE PORTAL” mode, the data traffic of the clients will be directly sent to the captive portal. This is necessary because usually, you have to fill out the captives portal form, which is only possible with a GUI browser.
- Also, DNS resolution has to go through the captive portal because, in this way, it will send the IP address of the captive portal form. This is the reason that, usually, https requests will not work – please take one of the provided http links.
- There are additional possible pitfalls. Cached DNS requests by the client’s operating system or browser could lead to errors. Therefore, the best way to deal with a captive portal is to connect with a browser, to use one of the provided http links, and to fill out the captive portal’s form immediately (because of possible timeouts).
- If this doesn’t work, go back to the dialogue window, and choose to go back to the TWM (starting with TorBox v.0.5.0). Because TorBox tries to flush the DHCP and to get a new IP, you have to press enter on the same or another wireless network in TWM to get a new, actualized IP address. Then repeat the process again.
- If you were able to submit all data on the captive portal’s form but didn’t receive any “success message”, then most probably, the captive portal was misconfigured, or there are some problems with the DNS resolution. Most likely, your authentication was successful. Go back to the TorBox dialogue and continue, which will deactivate the captive portal mode again. Don’t go back to the TWM, but instead, check the Tor log file with entry 4 in the main menu.
- If you were able to overcome the captive portal but failed to reach a tor entry guard (usually, tor stocks between 0% and 10%), try the countermeasure against a tightly configured firewall in the Countermeasure sub-menu (starting with TorBox v.0.5.0) or use bridges.
- To be clear: most of these problems also confronts other devices, not only the TorBox. If possible, you could check the captive portal with another device.
I’m connected to a public wireless network; everything works as expected. However, every x minutes, the connection to the wireless network stops completely, and I have to repeat the entire login procedure. What could be the reason?
Certain Internet provider (usually at airports, in hotels, coffee houses, etc.) disconnect the network connection after a particular time of inactivity. In this case, the Tor statistics (main menu entry 1) no longer shows any data transfer and after about 15 seconds, errors in communication with the Tor network will appear. Try to activate in the countermeasure sub-menu the “Countermeasure against a disconnection when idle feature”.
TorBox’s wireless manager doesn’t show me all wireless networks! It seems that the ones on the 5 GHz band are missing. What can I do?
Most likely you are using the “Wireless network (through a USB adapter; wlan1)” option without having an USB adapter capable to use the 5 GHz band (you are able to see the capabilities of your wireless chip / adapter with the command “iw list”). If you have a Raspberry Pi 3 Model B+ or a Raspberry Pi 4 Model B, then try following menu entry in the main menu: “Wireless network (through the onboard chip; wlan0)”. You should also check the TorBox’s WLAN regulatory domain in the configuration sub-menu. To use the 5 GHz band, to see and to connect wireless network on this band, you have to set the country-specific WLAN regulatory domain.
All about the power supply: “Under-voltage detected!” / Red flashing LEDs / Unusual, strange behaviors – What do these things mean?
It is crucial that your TorBox does receive enough power. In this case, the red PWR LED on your Raspberry Pi must be permanently lit. If it does not light up or flash, the voltage has most likely fallen below 4.63V. Additionally, with the Raspberry Pi 3 Model B+, the drop below 4.63V is notified by an “Under-voltage detected!” in the terminal. It does not automatically mean that TorBox will not work, but it can lead to strange behaviors, network disconnections, data losses, or even to a corruption of your SD card. If this message regularly arises or/and red PWR LED flashes for a longer time, then you should switch to a more reliable power supply such as the official and recommended power supply for the Raspberry Pi (for version 3 Model B/B+ and version 4 Model B – do not use the USB Micro-B to USB-C Adapter!!). If you like to use another power supply or a power bank (for a “TorBox to go” situation), the following minimum requirements are recommended to ensure a trouble-free operation of your TorBox:
- Raspberry Pi 3 Model B: 5V / 2.4A / 12W
- Raspberry Pi 3 Model B+: 5V / 3A / 15W
- Raspberry Pi 4 Model B: 5V / 3A / 15W — see also “The Raspberry Pi 4 and the trouble with its USB-C connector.”
If the “Under-voltage detected!” notification spams your console or your log file, a temporary fix is to ignore it: create /etc/rsyslog.d/ignore-underpowering.conf with :msg, contains, “voltage” ~ and you can enjoy your unstable system.
The necessary power supply is highly dependent on your peripherals. Even with a reliable power supply, you could run into problems, especially in a “wireless-internet to wireless-clients” connection setting. As a rule, simpler, low-powered USB WiFi Adapters lead to fewer problems (see image right). Especially booting up your Raspberry Pi with an already attached USB WiFi adapter could be too much for the power supply of your board. In such a case, try to boot up the Raspberry Pi first and to attach the USB WiFi adapter later when the system is already running. Another solution could be to use a Raspberry Pi 3 Model B instead of a newer, more power-hungry variant. Even if it has a lower network performance, it may run more stable, especially on a power bank, due to its lower power consumption (see this Raspberry Pi 3 B+ Review and Performance Comparison and this Power Consumption Benchmarks). Also, in case of problems, avoid using the 5 GHz band for TorBox’s own wireless network because it requires more power and usually does not give you a higher network speed.
Important for Raspberry Pi 4: the firmware updates in late autumn 2019 reduce overall power consumption. Since then also 5 GHz USB WiFi adapters will work, even in a “wireless-internet to wireless-clients” configuration — see our results when we tested three 5 GHz USB WiFi adapters.
Your TorBox must receive enough power. Therefore the tethering option is the last choice because attached smartphones charge their battery as soon as they are connected to the USB port. This could lead to an underpowered Raspberry Pi, which could result in various unforeseen behaviors (see the two questions/answers above). For that reason, it is recommended to charge your smartphone on another power source, to set up a personal hotspot, and to use one of the two “Wireless network” entries in the main menu.
Whoever wants to give a try: using tethering is simple. For example, in case of an iPhone: unlock your iPhone, but let the personal hotspot disabled for the time being and connect your iPhone with your Raspberry Pi’s USB port. Choose to trust your iPhone (necessary!). Enable personal hotspot on your iPhone (USB only). Finally, choose “Tethering or USB ethernet adapter (eth1)” in the TorBox main menu.
When I’m connected with TorBox and use the Tor Browser or Tails on one of the clients, isn’t that a risk for my security/anonymity (“Tor over Tor” scenario)?
When a user connected to TorBox uses the Tor Browser, without any modification, the data stream goes through two circuits, which means that you get six hops instead of three. The same also applies when Tails is running on a client that is connected to the TorBox. In this situation, is not guaranteed that you’ll get three different hops – you could end up with the same hops, maybe in reverse or mixed order. The Tor FAQ discusses the use of more than three hops and states that “without further protections, it seems likely that an adversary can estimate your path length anyway”.
However, we consider this to be highly unlikely. The security will not be compromised in a “Tor over Tor” scenario — the data stream is still encrypted. Based on the design of Tor, the file size of a package is always the same because Tor sends data in chunks of 512 bytes. There is no specific signature, which would indicate more encryption layers. As long as the encryption of the layers is not broken, how should an attacker know that there are not three but six hops? Of course, a global passive adversary could track your data to the Tor network and the data from the Tor network, might be able to correlate the two data streams and break your anonymity. However, the problem of such a correlation exists regardless of the number of hops. Also, the effort necessary for the adversary should not be underestimated. Roger Dingledine, president and co-founder of the Tor Project, said in a Def Con 27 presentation, an intelligence service of the size of the French one is probably not capable to de-anonymize someone with a traffic correlation analysis. Usually, it is behavioral errors that lead to a breach of anonymity and not a data correlation.
So for example, French intelligence probably isn’t in a good position to be able to see enough of the traffic on the Internet to start correlating people.Roger Dingledine, “The Tor Censorship Arms Race The Next Chapter“, Def Con 27, August 2019.
What does that mean? More hops, in whatever order, don’t break the encryption layers. The size of the data packages is always the same and not dependent on the number of completed hops. Traffic correlation, in theory, could be a problem for anonymity, not only in a “Tor over Tor” scenario. However, the amount of work for the adversary should not be underestimated and can probably only be implemented in the case of an internationally operating intelligence service. For these reasons, we believe that “Tor over Tor” does not pose a risk to a user’s security, and the risk of maintaining anonymity is not significantly increased.
Even if the “Tor over Tor” scenario isn’t a risk for security and anonymity, how can I avoid it when I combine TorBox and the Tor Browser?
Yes, there are easy ways to avoid that. We explain in “Using Tor Browser and TorBox together“, how you can prevent a “Tor over Tor” scenario using Tor Browser and TorBox together and provide for macOS, Linux, and Windows an easy to use shell script / batch file.
I don’t care about the “Tor over Tor” scenario and just want to use the Tor Browser, but it cannot connect the Tor network through TorBox – what can I do?
Use bridges in the Tor Browser (see image below).
If I have two or more clients, let’s say device 1 and device 2, connected to the TorBox will it intelligently make sure each client has its own tor circuit?
Yes, each client has its own circuit. However, all applications on the same client use the same circuit. For example: if you open Firefox and Chrome and check your connection, both browsers on the same machine have the same external IP. In contrast, in the Tor Browser, every new domain gets its own circuit — this is an advantage of the Tor Browser. TorBox changes the circuit (middle and exit node) all 10 minutes (that’s the default for Tor).
Starting with TorBox v.0.3.2, SOCKS v5 port 9052 supports destination address stream isolation. With using port 9052, each destination address has its own circuit. Currently, we consider the implementation as “experimental” because we are worried about a possible negative impact on performance when using stream isolation. We like to hear your feedback on your experiences about that feature so that we can decide if we go to enable it for the entire data streams, not only for that particular socket. See this FAQ entry to learn more about using TorBox’s SOCKS v5 proxy functionality.
I heard that transparent Tor proxies are dangerous! I shouldn’t use TorBox, right?
What are the main differences between TorBox and Whonix?
Interestingly, this question comes up quite often. Probably because Whonix was named TorBOX at the beginning. We didn’t know that at the beginning of our project in 2011/12 (there is also a hidden mailbox service, which is only accessible from Tor, called TorBox). To be clear, TorBox has nothing to do with Whonix. According to our understanding, with Whonix, the Tor gateway and the workstation run on the same physical machine, but the two are virtually separated. With TorBox, this separation is physical: there is the Raspberry Pi (TorBox) as gateway / router / firewall, and separated from that your workstation, e.g., your Laptop. Just like a virtual machine in Whonix, the workstation does not have a public IP address when using TorBox. With TorBox, all client devices are served with an IP address from a private IPv4 address space (192.168.42.x and 192.168.43.x). IPv6 support is not yet implemented, but we think about using unique local addresses for the implementation to have the same separation between the gateway (TorBox) and the workstation. In other words: if the workstation is compromised, your real IP address will not be leaked — but this does not necessarily mean that anonymity is granted. A dedicated attacker would probably hide his attack and collect as much information as possible about your workstation, the content on that workstation, and its owner. Again, if your well-being depends on your anonymity, Tails is probably the better choice for you.
Why is the local TorBox traffic not routed through tor? Why is by default Google’s and/or Cloudflare’s service used to circumvent cheap censorship measures or to test the connectivity? Can I change Google and/or Cloudflare services with something else?
We have to distinguish between the data traffic from the connected clients and the local TorBox traffic (for example for the installation, maintenance and update).
- The data traffic from the connected clients, which has to be protected, is completely routed through Tor (including DNS requests). Additionally, TorBox is configured that any direct DNS requests from clients are blocked.
- TorBox’s local traffic (DNS resolution included) is NOT routed through Tor because of two main reasons: first, some parts of the TorBox has also to function when tor is not running (installation on a new system, maintenance and update); second, to completely torify TorBox’s local traffic would break the correct interaction with captive portals.
- As an exception to point 2, by default since TorBox v.0.4.2, all local traffic to a tor related URL (torproject.org) will be done through tor for security reasons of users in highly authoritarian countries. This includes tor and Torbox menu updates as well as bridge fetching and checking. If a connection through tor is not possible, the user is asked if it is safe to access the URL directly. If the user agrees, the local DNS resolution will be made through public name servers to avoid cheap censorship mechanisms (for more information, see here); if the user disagrees, the access on the tor related URL is blocked.
Could this be a security issue? It depends on what you are doing on the command line, but if you use the TorBox, as intended as a router, this will not be an issue. In addition, when using bridges, the use of Tor can be obfuscated from the ISP, but complete hiding is unrealistic.
The reason that we decided to use Google and Cloudflare services to overcome cheap censorship mechanisms or to test the connectivity by default is the availability, accessibility and amount of data traffic to this two sites. The used (DNS) servers must be working reliable worldwide and have possibly a high data volume so that TorBox’s local requests don’t stand out. In our opinion, queries to a rather not so known xyz DNS would be more noticeable. Also, the probability that these servers would be blocked in an authoritarian country would be higher. However, after a restart, local DNS resolution must be made according to the Internet providers settings. This is necessary to deal with captive portals.
Is it possible to change? With TorBox v.0.4.2 you can change the used nameservers and the URL to check the connectivity in
run/torbox.run with the options
NAMESERVERS (see here for alternatives) and
PING_SERVER. In the installation scripts
run_install_on_ubuntu.sh at the top of the script
CHECK-URLx can be changed.
Could you incorporate pi-hole to remove ads?
Pi-hole is a fantastic project to block advertisements and probably also some malware. However, the filtering is carried out exclusively based on blocking lists. The pi-hole software does not contain any functions that check the content of the requested data. Furthermore, filtering is only carried out based on domain names. Advertising or tracking code, which is already retrieved on the client-side by accessing specific IPs and therefore does not require a DNS query, cannot be influenced by the pi-hole software. However, this type of blocking can be achieved just as well for websites by plugins such as uBlock Origin or Privacy Badger.
Integrating pi-hole into a TorBox may prove difficult because pi-hole and TorBox are probably unscrewing on the same network tools and configurations. Furthermore, such combinations can lead to security risks – the more complex and multi-modular a system is, the higher the risk.
Finally, according to “The Design and Implementation of the Tor Browser“, site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot have to be avoided. These addons do not add any real privacy to a proper implementation of Tor Browsers’ privacy requirements. On the contrary, the unique filter sets that each user creates or installs provides a wealth of fingerprinting targets. Development efforts should be focused on general solutions that prevent tracking by all third parties rather than a list of specific URLs or hosts. Even TorBox is not Tor Browser, and the addons mentioned above are not pi-hole, we think the situation is comparable.
I have problems with the wifi network from/to TorBox/Internet router/clients connected to the TorBox. Please fix it for me!
How should I be able to fix such a complex problem with no access to the hardware and (often with such requests) without any details about the problem? There are so many different possibilities: hardware problems, software bugs, bad supported dongles, configuration errors, and so much more. Important information to pinpoint the problem is the version of the TorBox, to know what exactly fails to work (is it the internal chip or an USB dongle), the name of additional used hardware (for example, the type of the USB dongle) etc.
Some of these problems will show up in the system log file in more detail. This is why I recommend as a first measure to turn the logging from low to high (Configuration sub-menu, entry 12) and to search for any suspicious entries.
Possible other measures to try:
- – If you used the image file, you could try the install script instead (vice versa).
- – Update the basic system (Update and Reset sub-menu, entry 1).
- – Update the firmware – that may help with problems with the internal chip (Update and Reset sub-menu, entry 2).
- – Update the network drivers – that may help with problems with a USB adapter (Update and Reset sub-menu, entry 3).
- – Try the Debian version of our installer on a Debian for Raspberry Pi system
- – Change the hardware
Of course, these measures are only helpful if the TorBox is the cause of the disconnections, not when the (Internet) Router is shutting down the connection. You may look at how your Router manages and renews the IPs for the connected devices (DHCP lease time).
I can’t get TorBox to work and need more detailed help! What should I do?
In this case, send us an email with the following information:
- Which version of the Raspberry Pi and TorBox do you use?
- Could you connect the TorBox WiFi (for example, “TorBox030”)? If no: Which clients did you try?
- Could you access the TorBox with an SSH client, and did you see the main menu? If no: Which SSH clients did you try?
- How did you connect your TorBox with the Internet? Did you already try with a wireless USB adapter?
- What kind of power supply do you use?
- In which country did you try to connect TorBox with the Internet.
- What else did you already try (which menu entries), and which error messages did you see?
Additionally, and if possible, we need the following files below (added to the email). You can get the files by downloading them from your TorBox by using an FTP client, which supports SFTP (it uses the same login and password as your SSH client). Alternatively, you can retrieve these files by connecting a USB stick with your TorBox. You can mount the USB stick most probably by “sudo mount /dev/sda /mnt”, and then copy all the below-mentioned files on it:
- /etc/hostapd/hostapd.conf (don’t forget to delete your password)
- the output (copy-paste) of “ifconfig”