Whether you like to implement TorBox to an existing system, to another hardware, respectively another operating system, or you don’t trust an image file, which you didn’t bundle of your own, this detailed manual helps you to build a TorBox from scratch.
This manual is written for Ubuntu Server 20.04 LTS (32/64 bit) and therefore, might run on other hardware platforms then the Raspberry Pi.
Before you create all configuration files by yourself: some of the below-mentioned configuration files are stored in the “TorBox Menu” file or on our GitHub page in the folder “etc”.
- 1. Prepare your system
- 2. Update your system and install all necessary packages
- 3. Disable Bluetooth
- 4. Setting up a DHCP server
- 5. Setting up network interfaces
- 6. Configuring the TorBox AP
- 7. Configuring Network Address Translation (NAT)
- 8. Configuring a correct DNS resolution
- 9. Configuring Tor
- 10. Configuring the Wireless Interface Connection Daemon (wicd)
- 11. Installing the TorBox Menu
- 11. Adding the user “torbox”
- 13. Restart your system
1. Prepare your system
- Download the latest version of the Ubuntu Server 20.04 LTS for your specific hardware.
- Install Ubuntu Server 20.04 LTS.
- Log into your newly set up system.
Important
– After a freshly installed system, you might wait one or two minutes until you can log
in with ubuntu (password: ubuntu).
– Ubuntu is updating its system in the background. Either wait until it is finished or kill
the process (see below).
– You need to have a stable internet connection.
2. Update your system and install all necessary packages
If running, the process, which updates Ubuntu in the background blocks apt-get to work properly. Either, you have to be sure that this process is not running in the background or you have to kill it:
sudo killall unattended-upgr sudo dpkg --configure -a
We do not want Ubuntu’s automatic update feature in our TorBox:
sudo apt-get -y remove unattended-upgrades
We also do not need Ubuntu’s cloud-init feature:
udo apt-get -y purge cloud-init sudo rm -Rf /etc/cloud
However, we have to be sure that we have the latest version of the system an its packages before we start to install all necessary packages:
sudo apt-get -y update sudo apt-get -y dist-upgrade sudo apt-get -y clean sudo apt-get -y autoclean sudo apt-get -y autoremove
Depending on the updated packages (firmware, kernel, driver etc.) a reboot is recommended.
Following additional packages are necessary and have to be installed:
- python2 -> Starting with Ubuntu 20.04, Python 2 and all packages, which are depending on Python 2 and are not (yet) migrated to Python 3 are removed from the distribution. However, we still need Python 2 for the “Wireless Interface Connection Daemon” (wicd), which is not migrated tp Python 3.
- hostapd -> provides a wireless access point (AP).
- isc-dhcp-server -> acts as DHCP server.
- tor, obfs4proxy -> gives access to the Tor network.
- usbmuxd -> a socket daemon to multiplex connections from and to iOS devices (support for tethering with iOS devices).
- wicd*-> an easy to use wireless network connection manager.
- dnsmasq -> DNS forwarder (necessary to deal with captive portals).
- dnsutils, tcpdump, iftop, vnstat, links2 -> analytical and statistical network tools.
- debian-goodies, apt-transport-https -> other necessary tools.
- dirmngr -> GNU privacy guard – network certificate management service.
- python3-setuptools, python3-pip -> necessary tools for Python 3.
- python3-pil, imagemagick, tesseract-ocr -> necessary libraries and programs for bridges_get.py.
- ntpdate -> necessary to set the correct system time.
- screen -> a terminal multiplexer allowing a user to access multiple separate login sessions inside a single terminal window, or detach and reattach sessions from a terminal.
- nyx -> a command-line monitor for Tor.
- net-tools -> contains the important tools to control the network subsystem of the Linux kernel: arp, ifconfig, netstat, rarp, nameif and route.
- ifupdown -> contains the tools ifup and ifdown, which can be used to configure network interfaces based on interface definitions in the /etc/network/interfaces file.
- unzip -> unpacker for .zip files
- equivs -> bypasses the dependencies between packages
- git -> distributed revision control system (needed by LCD-show)
- openvpn -> software that implements virtual private network.
Install all necessary packages with the following command:
sudo apt-get -y install python2 hostapd isc-dhcp-server tor obfs4proxy usbmuxd \ dnsmasq dnsutils tcpdump iftop vnstat links2 debian-goodies apt-transport-https \ dirmngr python3-setuptools python3-pip python3-pil imagemagick tesseract-ocr \ ntpdate screen nyx net-tools ifupdown unzip equivs git openvpn # We also need pip for Python 2 curl https://bootstrap.pypa.io/get-pip.py --output get-pip.py sudo python2 get-pip.py # urwid for Python 2 is necessary for wicd-curse sudo pip install urwid # Additional installations for Python 3 sudo pip3 install pytesseract sudo pip3 install mechanize
We don’t want to start dnsmasq automatically after booting the system:
sudo systemctl disable dnsmasq
Now, we install the “Wireless Interface Connection Daemon” (wicd)
mkdir -p ~/Downloads/wicd cd ~/Downloads/wicd wget http://archive.ubuntu.com/ubuntu/pool/universe/w/wicd/python-wicd_1.7.4+tb2-6_all.deb wget http://archive.ubuntu.com/ubuntu/pool/universe/w/wicd/wicd-daemon_1.7.4+tb2-6_all.deb wget http://archive.ubuntu.com/ubuntu/pool/universe/w/wicd/wicd_1.7.4+tb2-6_all.deb wget http://archive.ubuntu.com/ubuntu/pool/universe/w/wicd/wicd-curses_1.7.4+tb2-6_all.deb wget http://archive.ubuntu.com/ubuntu/pool/universe/w/wicd/wicd-cli_1.7.4+tb2-6_all.deb cd sudo apt-get -y install ./Downloads/wicd/python-wicd_1.7.4+tb2-6_all.deb sudo apt-get -y install ./Downloads/wicd/wicd-daemon_1.7.4+tb2-6_all.deb sudo apt-get -y install ./Downloads/wicd/wicd-cli_1.7.4+tb2-6_all.deb sudo apt-get -y install ./Downloads/wicd/wicd_1.7.4+tb2-6_all.deb # Creating a dependency-dummy for wicd-curses (based on https://unix.stackexchange.com/questions/404444/how-to-make-apt-ignore-unfulfilled-dependencies-of-installed-package) equivs-control python-urwid.control sed -i "s/Package: <package name; defaults to equivs-dummy>/Package: python-urwid/g" python-urwid.control sed -i "s/^# Version: <enter version here; defaults to 1.0>/Version: 1.2/g" python-urwid.control equivs-build python-urwid.control sudo dpkg -i python-urwid_1.2_all.deb # Finally, we install the last package... sudo apt-get -y install ./Downloads/wicd/wicd-curses_1.7.4+tb2-6_all.deb # Cleaning rm -r ~/Downloads rm ~/get-pip.py rm ~/python-urwid*
3. Disable Bluetooth
Because of security considerations, we recommend disabling the Bluetooth functionality of your Raspberry Pi completely.
# Change your /boot/config.txt: sudo nano /boot/firmware/config.txt # Add to the end of /boot/config.txt: dtoverlay=disable-bt
You have to reboot your Raspberry Pi to apply the changes.
4. Setting up a DHCP server
# Set up your hostname (for example "TorBox" instead of "ubuntu"): sudo nano /etc/hostname sudo nano /etc/hosts # Adjust the configuration file of the DHCP server: sudo nano /etc/dhcp/dhcpd.conf # Replace /etc/dhcp/dhcpd.conf with the following content: default-lease-time 600; max-lease-time 7200; ddns-update-style none; authoritative; subnet 192.168.42.0 netmask 255.255.255.0 { range 192.168.42.10 192.168.42.50; option broadcast-address 192.168.42.255; option routers 192.168.42.1; option domain-name "local"; option domain-name-servers 192.168.42.1; } subnet 192.168.43.0 netmask 255.255.255.0 { range 192.168.43.10 192.168.43.50; option broadcast-address 192.168.43.255; option routers 192.168.43.1; option domain-name "local"; option domain-name-servers 192.168.43.1; } # Adjust the configuration file of the DHCP server (isc-dhcp-server): sudo nano /etc/default/isc-dhcp-server # Add all the available interfaces to the following line: INTERFACEv4="wlan0 wlan1 eth0 eth1"
The classless static route option (RFC3442) gives us some headaches with certain AP under certain conditions (see also here). Therefore we remove this option from the configuration:
# Remove in /etc/dhcp/dhclient.conf the classless static route option sudo nano /etc/dhcp/dhclient.conf # Old entries: option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes, ntp-servers; # New entries: #option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, netbios-name-servers, netbios-scope, interface-mtu, ntp-servers;
5. Setting up network interfaces
Currently, TorBox supports the following connections:
INTERNET CLIENT Remarks -------------------------------------------------------------------------------------------- ETH0 WLAN0(+ETH1) Cable-internet (onboard ethernet adapter) - STANDARD ETH1 WLAN0(+ETH0) USB ethernet adapter or Tethering (iOS) WLAN1 WLAN0(+ETH0) Wireless-internet (USB wireless adapter, usually 2.4 GHz only) WLAN0 WLAN1(+ETH0) Wireless-internet (onboard chip, with >RPi3B+: 2.4/5 GHz) USB0 WLAN0(+ETH0) USB dongle or Tethering (Android) (ppp0; usb0) PPP0 WLAN0(+ETH0) Cellular-internet TUN0 WLAN0(+ETH0) Over a VPN connection
In the beginning, only the standard /etc/network/interface — listed below — is necessary. Depending on your choice in the TorBox menu, this file is altered by TorBox automatically.
# Edit /etc/network/interfcae: sudo nano /etc/network/interface # Replace /etc/network/interface with the following content: source-directory /etc/network/interfaces.d auto lo auto usb0 iface lo inet loopback iface eth0 inet dhcp iface wlan1 inet dhcp iface usb0 inet dhcp allow-hotplug wlan0 wlan1 eth0 eth1 usb0 iface wlan0 inet static address 192.168.42.1 netmask 255.255.255.0 iface eth1 inet static address 192.168.43.1 netmask 255.255.255.0 wireless-power off
6. Configuring the TorBox AP
# Edit /etc/hostapd/hostapd.conf sudo nano /etc/hostapd/hostapd.conf # Replace /etc/hostapd/hostapd.conf with the following content: interface=wlan0 driver=nl80211 ssid=TorBox032 country_code=US hw_mode=g channel=6 ieee80211n=1 ieee80211ac=1 wmm_enabled=1 #ht_capab=[HT40-][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40] #vht_oper_chwidth=1 #vht_oper_centr_freq_seg0_idx=42 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=CHANGE-IT wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP
Important
- Only letters (upper and lower case) and numbers are allowed in the passphrase. The length must be between 8 and 63 characters.
- Don’t remove or change the “#-lines” and the “country_code=US” value! Otherwise, the 2.4 GHz 40 MHz and the 5 GHz 40 and 80 MHz settings will most likely not work and probably crash hostapd! In use, TorBox changes this file along to the selection in the configuration sub-menu. However, if you delete values (even the ones with #), TorBox doesn’t re-add them again!
# Edit /etc/default/hostapd sudo nano /etc/default/hostapd # Old entry: #DAEMON_CONF="" # New entry: DAEMON_CONF="/etc/hostapd/hostapd.conf"
This ensures the automatic start of the services when TorBox is started and also starts them immediately.
sudo systemctl unmask hostapd sudo systemctl enable hostapd sudo systemctl start hostapd sudo systemctl unmask isc-dhcp-server sudo systemctl enable isc-dhcp-server sudo systemctl start isc-dhcp-server sudo systemctl daemon-reload
7. Configuring Network Address Translation (NAT)
# Edit /etc/sysctl.conf: sudo nano /etc/sysctl.conf # Old entry: #net.ipv4.ip_forward=1 # New entry: net.ipv4.ip_forward=1 # With the following command, we have to enable IP forwarding (necessary to overcom caprive portals): sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
8. Configuring a correct DNS resolution
Under Ubuntu “systemd-resolved” acts as local DNS server. However, clients can not use it, because “systemd-resolved” is listening on 127.0.0.53:53. This is where dnsmasq comes into play which generally responds to all port 53 requests and then resolves them over 127.0.0.53:53. This is what we need to get to the login page at captive portals (CLIENT –> DNSMASQ –> resolve.conf –> systemd-resolver –> ext DNS address). However, this approach only works, if the following options are set in /etc/systemd/resolved.conf: LLMNR=yes / MulticastDNS=yes / Chache=no and bind-interfaces in /etc/dnsmasq.conf
# Edit /etc/systemd/resolved.conf: sudo nano /etc/systemd/resolved.conf # Old entries: #LLMNR=no #MulticastDNS=no #Cache=yes # New entries: LLMNR=yes MulticastDNS=yes Cache=no # Edit /etc/dnsmasq.conf: sudo sed -i "s/^#bind-interfaces/bind-interfaces/g" /etc/dnsmasq.conf # Execute the following commands: sudo systemctl restart systemd-resolved sudo systemctl disable dnsmasq sudo systemctl daemon-reload
9. Configuring Tor
First step: Configuring Tor
There are no bridges in the configuration file below, but you can add them later using the TorBox Menu. However, it’s a good idea to consult the latest “TorBox Menu” file or on our GitHub page in the folder “etc/tor/”, or even copy it to “/etc/tor/”.
# Edit /etc/tor/torrc sudo nano /etc/tor/torrc # Replace /etc/tor/torrc with the following content: ## This is the configuration file of Tor ## DON'T CHANGE THE FOLLOWING 13 LINES! ###################################################### ## Configuration for TorBox Log notice file /var/log/tor/notices.log VirtualAddrNetworkIPv4 10.192.0.0/10 AutomapHostsSuffixes .onion,.exit AutomapHostsOnResolve 1 TransPort 192.168.42.1:9040 #TransPort 192.168.43.1:9040 DNSPort 192.168.42.1:9053 #DNSPort 192.168.43.1:9053 SocksPort 192.168.42.1:9050 #SocksPort 192.168.43.1:9050 DisableDebuggerAttachment 0 ControlPort 9051 HashedControlPassword 16:E68F16640ED8C0F7601F5AA3D229D8DFD8715623CB055577F9434F7FB7 ## THE CONFIGURATION OF THE BRIDGE RELAY STARTS HERE! ###################################################### ## This set up an obfs4 bridge relay. #BridgeRelay 1 #ORPort 4235 #ExtORPort auto #ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy #ServerTransportListenAddr obfs4 0.0.0.0:443 #ContactInfo <[email protected]> #Nickname TorBox032 ## TO OVERCOME A FIREWALL, START HERE! ## HOWEVER, USE IT ONLY, IF REALLY NECESSARY! ###################################################### ## This allows you to run Tor as a client behind a firewall with ## restrictive policies, but doesn't allow you to run as a server behind such ## a firewall. ## ReachableAddresses IP[/MASK][:PORT]… ## A comma-separated list of IP addresses and ports that your firewall allows ## you to connect to. The format is as for the addresses in ExitPolicy, except ## that "accept" is understood unless "reject" is explicitly provided. For ## example, 'ReachableAddresses 99.0.0.0/8, reject 18.0.0.0/8:80, accept *:80' ## means that your firewall allows connections to everything inside net 99, ## rejects port 80 connections to net 18, and accepts connections to port 80 ## otherwise. #ReachableAddresses *:80, *:443 ## TO OVERCOME CENSORSHIP, START HERE! ###################################################### ## If you like to use bridges to overcome censorship, EDIT THE LINES BELOW! ## To use bridges, uncomment the three lines below... #UseBridges 1 #UpdateBridgesFromAuthority 1 #ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy ## ...and add your bridges below (the bridges below are examples which may or ## may not work. Uncomment to use them). Please give us feedback, if some of ## the bridges below doesn't work anymore: [email protected] ## ## You have two ways to get new bridge-addresses: ## 1. Get them here https://bridges.torproject.org/ ## (chose "Advanced Options", "obfs4" and press "Get Bridges) ## 2. Or send an email to [email protected], using an address ## from Riseup, Gmail or Yahoo with "get transport obfs4" in the ## body of the mail.
Important
Don’t remove or change the “#-lines”. TorBox changes this file automatically. If you delete values (even the ones with #), TorBox doesn’t re-add them again, and TorBox may not work correctly!
You should change the “HashedControlPassword” at the end of the installation with the help of the configuration sub-menu entry 9.
Second step: Configuring obfs4proxy
# Execute the following commands: sudo setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy sudo sed -i "s/^NoNewPrivileges=yes/NoNewPrivileges=no/g" /lib/systemd/system/[email protected] sudo sed -i "s/^NoNewPrivileges=yes/NoNewPrivileges=no/g" /lib/systemd/system/[email protected]
Third step: Activate Tor
# Execute the following commands: sudo systemctl unmask tor sudo systemctl enable tor sudo systemctl start tor sudo systemctl daemon-reload
10. Configuring the Wireless Interface Connection Daemon (wicd)
The Wireless Interface Connection Daemon (wicd) is an easy to use network connection manager. It provides a graphical text-interface to choose, configure, and connect to a wireless network. Usually, it is not necessary to run it manually. If needed, TorBox starts it for you.
# Edit /etc/wicd/manager-settings.conf sudo nano /etc/wicd/manager-settings.conf # Change following lines (yes, eth2 is right!): wireless_interface = wlan1 wired_interface = eth2 dhcp_client = 1 # Edit /etc/wicd/wired-settings.conf sudo nano /etc/wicd/manager-settings.conf # Change following line dhcphostname = TorBox032
11. Installing the TorBox Menu
First step: Installing the TorBox menu
The “TorBox Menu” is a user-friendly way to use and change the settings of your TorBox. The menu is automatically started, whenever a Terminal or an SSH-client access TorBox’s IP address (192.168.42.1). The menu works with shell scripts, which set the right packet filtering and NAT rules as well as starts other supporting tools. All scripts are located under “~/torbox”. If necessary, the menu can be started there with “./menu”. Use the following commands to install the menu (or download the complete TorBox repository from our GitHub page):
# Execute the following commands: cd ~ wget https://github.com/radio24/TorBox/archive/master.zip unzip master.zip rm -r torbox mv TorBox-master torbox rm -r master.zip # Edit .profile: sudo nano .profil # Add the following lines to the end of ".profile": cd torbox sleep 2 bash menu
Second step: Change set the blueish color of the TorBox menu
sudo rm /etc/alternatives/newt-palette; sudo ln -s /etc/newt/palette.original /etc/alternatives/newt-palette
Third step: Disabled Ubuntu’s update-motd feature and set our static motd
sudo rm -r /etc/update-motd.d/* sudo rm /etc/legal sudo sed -ri "s/^session[[:space:]]+optional[[:space:]]+pam_motd\.so[[:space:]]+motd=\/run\/motd\.dynamic$/#\0/" /etc/pam.d/login sudo sed -ri "s/^session[[:space:]]+optional[[:space:]]+pam_motd\.so[[:space:]]+motd=\/run\/motd\.dynamic$/#\0/" /etc/pam.d/sshd cp ~/torbox/etc/motd /etc/motd
Fourth step: Enable and configure rc.local and iptables.ipv4.nat
On Ubuntu commands in /etc/rc.local do not run on system boot. We have to enable that feature:
# Edit /etc/systemd/system/rc-local.service: sudo nano /etc/systemd/system/rc-local.service # Add the following content to /etc/systemd/system/rc-local.service: [Unit] Description=/etc/rc.local Compatibility ConditionPathExists=/etc/rc.local [Service] Type=forking ExecStart=/etc/rc.local start TimeoutSec=0 StandardOutput=tty RemainAfterExit=yes SysVStartPriority=99 [Install] WantedBy=multi-user.target # Edit /etc/rc.local: sudo nano /etc/rc.local # Add the following content to /etc/rc.local: #!/bin/sh -e # # Added by TorBox if grep "iface wlan1 inet static" /etc/network/interfaces || grep "^interface=wlan1" /etc/hostapd/hostapd.conf ; then sudo ifdown wlan0 sudo ifdown wlan1 sudo sed -i "s/^auto wlan0/auto wlan1/" /etc/network/interfaces sudo sed -i "s/^iface wlan0 inet dhcp/iface wlan1 inet dhcp/" /etc/network/interfaces sudo sed -i "s/^iface wlan1 inet static/iface wlan0 inet static/" /etc/network/interfaces sudo sed -i "s/^interface=wlan1/interface=wlan0/" /etc/hostapd/hostapd.conf sudo ifup wlan0 &>/dev/null & sudo ifup wlan1 &>/dev/null & sudo systemctl restart hostapd sudo systemctl restart isc-dhcp-server sleep 5 fi sudo /sbin/iptables-restore < /etc/iptables.ipv4.nat sudo systemctl start dnsmasq sleep 10 sudo /usr/sbin/ntpdate pool.ntp.org sudo systemctl stop dnsmasq # Create or edit /etc/iptables.ipv4.nat: sudo nano /etc/iptables.ipv4.nat # Replace /etc/iptables.ipv4.nat with the following content: *filter :INPUT DROP [384:97594] :FORWARD DROP [2:612] :OUTPUT ACCEPT [32451:18744664] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -m state --state INVALID -j DROP -A INPUT ! -s 192.0.0.0/8 -i wlan0 -j LOG --log-prefix "SPOOFED PKT " -A INPUT ! -s 192.0.0.0/8 -i eth1 -j LOG --log-prefix "SPOOFED PKT " -A INPUT ! -s 192.0.0.0/8 -i wlan0 -j DROP -A INPUT ! -s 192.0.0.0/8 -i eth1 -j DROP -A INPUT -i lo -j ACCEPT -A INPUT -i wlan0 -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A FORWARD -m state --state INVALID -j DROP -A FORWARD -p icmp -m icmp --icmp-type 8 -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 0 -j ACCEPT -A OUTPUT -m conntrack --ctstate INVALID -j DROP -A OUTPUT -m state --state INVALID -j DROP -A OUTPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 ! -o lo -p tcp -m tcp --tcp-flags RST,ACK RST,ACK -j DROP -A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -j LOG --log-prefix "SSH SHELL DNS-REQUEST TCP" --log-tcp-options --log-ip-options -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j LOG --log-prefix "SSH SHELL DNS-REQUEST UDP" --log-ip-options COMMIT # # *nat :PREROUTING ACCEPT [531:153102] :INPUT ACCEPT [2303:137217] :POSTROUTING ACCEPT [81:6206] :OUTPUT ACCEPT [80:6038] -A PREROUTING -d 192.168.42.1/32 -i wlan0 -p tcp -j REDIRECT -A PREROUTING -d 192.168.43.1/32 -i eth1 -p tcp -j REDIRECT -A PREROUTING -i wlan0 -p tcp -j REDIRECT --to-ports 9040 -A PREROUTING -i eth1 -p tcp -j REDIRECT --to-ports 9040 -A PREROUTING -i wlan0 -p udp -m udp --dport 53 -j REDIRECT --to-ports 9053 -A PREROUTING -i eth1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 9053 -A PREROUTING -i wlan0 -p udp -j REDIRECT --to-ports 9040 -A PREROUTING -i eth1 -p udp -j REDIRECT --to-ports 9040 -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Execute the following commands sudo chown u+x /etc/rc.local sudo systemctl enable rc-local sudo systemctl daemon-reload
Fifth step: Make sure that the SSH-client can access the TorBox after the restart
# Execute the following commands: sudo systemctl unmask ssh sudo systemctl enable ssh sudo systemctl start ssh sudo systemctl daemon-reload
11. Adding the user “torbox”
In this step the user “torbox” with the default password “CHANGE-IT” (or whatever you chose) is created. To use TorBox, you have to log in with “torbox” and the default password. Please, change all default passwords as soon as possible . The associated menu entries are placed in the configuration sub-menu.
cd sudo adduser --gecos "" torbox sudo adduser torbox sudo sudo mv /home/ubuntu/* /home/torbox/ sudo mv /home/ubuntu/.profile /home/torbox/ sudo mkdir /home/torbox/openvpn sudo rm .bash_history sudo chown -R torbox.torbox /home/torbox/ sudo printf "\n# Added by TorBox\ntorbox ALL=NOPASSWD:ALL\n" | sudo tee -a /etc/sudoers sudo visudo -c cd /home/torbox/
13. Restart your system
# Execute the following command sudo reboot
After restarting your system, choose the preferred connection setup and change the default passwords as soon as possible. Check if your data stream is routed through the Tor network: https://check.torproject.org
For more information about TorBox, take a look at our documentation.