After installing TorBox either by using the image file and the corresponding start-up instruction or by running our installation script or manually according to our detailed manual, TorBox can be accessed with an SSH-client either by the TorBox’s WLAN (password: CHANGE-IT) and/or by an Ethernet connection. If a client is connected via ethernet cable to the TorBox, whether using the onboard or external ethernet adapter, then the TorBox functionality is automagically enabled for that client. To establish a connection between the SSH-client and TorBox, use 192.168.42.1 (username: torbox / password: CHANGE-IT); with an Ethernet connection, use 192.168.43.1 (username: torbox / password: CHANGE-IT). Afterwards, the main menu automatically starts. The primary purpose of the main menu is to offer a simple way of changing connection modes. The main menu also offers access to additional sub-menus.
In the following, we look at all menu entries one by one:
- Menu entry 1: Tor statistics: This menu entry starts Nyx, a very informative statistic tool. Besides showing the actual data transfer rate and the last log messages, you can also get a new identity or reset Tor. Press “h” to display a brief help window, “m” to activate a simple pull-down menu, and use twice “q” to quit the statistics.
Important: Nyx, which shows the Tor statistics, uses the control port of the local Tor installation. Unfortunately, it shows you only a black screen with a blinking cursor if Tor gets stuck in its boot process (possible due to network problems or censorship). In this case, take Menu entry 3 “Show the Tor log file – quick and dirty”. The screen updates automatically when a new entry is written to the log file. Press CTRL-C to leave the log.
- Menu entry 2: Enforce a new exit node with a new IP: The title of this menu entry is, without doubt, self-explanatory. By default, Tor changes all 10 minutes its circuit, which results in a change of the external IP address. With this menu entry, you force an immediate change. This can solve problems with unresponsive or slow circuits, or blocked IPs from known exit nodes. Notice: Even if the middle and exit nodes change, the entry guard remains the same. That’s intentional: a fast and stable relay remains as an entry guard in your circuit for 2-3 months to protect against a known anonymity-breaking attack (for more information, see here). However, you have more reset possibilities in the update and reset sub-menu (menu entry 9).
- Menu entry 3: Show the Tor log file – quick and dirty: As the name says, the Tor log file is displayed and automatically refreshed when new entries are added. This is useful when connection errors occur and Nyx (menu entry 1) cannot be started.
- Menu entries 4-9: With these menu entries, you can choose and change from where you get the Internet.
Currently, TorBox supports the following connections (listed as in the main menu):
INTERNET CLIENT Remarks -------------------------------------------------------------------------------------------- ETH0 WLAN0(+ETH1) Cable-internet (onboard ethernet adapter) - STANDARD ETH1 WLAN0(+ETH0) USB ethernet adapter or Tethering (iOS) WLAN1 WLAN0(+ETH0) Wireless-internet (USB wireless adapter, usually 2.4 GHz only) WLAN0 WLAN1(+ETH0) Wireless-internet (onboard chip, with >RPi3B+: 2.4/5 GHz) USB0 WLAN0(+ETH0) USB dongle or Tethering (Android) (ppp0; usb0) PPP0 WLAN0(+ETH0) Cellular-internet TUN0 WLAN0(+ETH0) Over a VPN connection
- For menu entries 5 and 6, an additional USB-WiFi adapter is required in most cases.
- You can only use one Internet connection. Especially if you don’t get the Internet via Ethernet cable (eth0), you have to remove the cable. Otherwise, TorBox thinks you have a client on that cable, which is not the case and probably will block loading Tor (this is the case if the menu entry 3 shows you just a blank screen).
- TorBox is configured as a DHCP client, which means that the router has to give TorBox all necessary network information (usually, the router is configured like that). If that doesn’t work, check out this FAQ entry.
There are two possibilities of how TorBox handles VPN connections:
- The VPN connection is already established, and the interface tun0 is configured (manually or by using menu entry 12 in the countermeasure sub-menu).
- The VPN connection is not established yet, but one or more *.ovpn – files are in the ~/openvpn directory so that TorBox can execute OpenVPN with that file.
To completely disconnect from a VPN, please, use the countermeasure sub-menu entry 12. Using in the main menu entries 4-8 will only change the route of Tor’s network traffic to the Internet, but local network traffic from the command prompt will still be routed through the VPN.
For more information about “VPN over Tor” and “Tor over VPN“, see the FAQ.
“Open access” or “captive portal”
All connection setting menu entries support “open access” or “captive portal”. “Open access” means that you already have entered a password to access the provided network, and you don’t have to fill out an additional login/authentication page. By contrast, “captive portal” are additional login pages for which you have to register. If unsure, chose “captive portal”.
- Menu entry 10: Go to the countermeasure sub-menu…: This sub-menu deals with the circumvention of censorship by using bridges. It allows you to enable, disable or/and configure the bridge mode easily. Furthermore, it gives you the possibility to connect/disconnect TorBox to/from a VPN and offers a measure against a disconnection if the connection is not used.
- Menu entry 11: Go to the configuration sub-menu…: This sub-menu gives you the ability to change some basic configurations like passwords, network, security and logging settings. From that sub-menu, additional software can be installed to support currently three hardware accessories (Adafruit’s PiTFT displays, Sixfab Shields/HATs for cellular connections, and 3.5″ no-name TFT displays).
- Menu entry 12: Go to defend the open Internet…: This sub-menu offers you a simple way to set up, backup and restore a bridge relay. However, to do so, you need a public IP address, 24/7 Internet connectivity over a long time, and a bandwidth of at least 1 Mbps. By setting up an OBSF4 bridge relay, you can help censored users connect to the open Internet through Tor.
- Menu entry 13: Go to the update and reset sub-menu…: This sub-menu allows you to update and, if necessary, reset your TorBox. Solely chose in the displayed list what tasks you like to have to be performed.
- Menu entries 14: Reboot / Shutdown TorBox: Here, you can choose to reboot or shut down the TorBox.
• • •
Pressing the ESC key exits the TorBox main menu, and you are taken to the command line. This gives you full access to your entire system. You can reload the menu with the command ./menu in ~/torbox. The menu is reloaded each time when you open a new console. If you like to avoid that, then use the following procedures:
cd sudo nano .profile
Remove the following lines at the end of .profile:
cd torbox ./menu
Important: Network transfers from the command line do not pass through Tor and are, therefore, by default, not secured or anonymized.
• • •
“TOR is working”
A little message (“TOR is working”, “VPN is up & TOR working” or “VPN is up”) in the right corner of the main menu shows you immediately if you are connected with the Tor network (meaning https://check.torproject.org returns a positive result) and/or if the TorBox is connected to a VPN. Since a missing “TOR is working” does not automatically mean that there is no connection to the Tor network, no error message is displayed. In other words, if this message is missing, there may or may not be a connection problem.
Using Torbox’s Wireless Manager (TWM)
TWM is very easy to use and self-explaining. You chose the Wireless Network with which you like to connect the TorBox and press ENTER. If TWM needs a password, it will ask for it; otherwise, it will simply connect with the network. Next time, when you start TorBox and have a USB WiFi adapter plugged in, TWM will automatically try to connect with the wireless network again. The same applies when TWM is started from the main menu. In the update and reset sub-menu,these remembered wireless networks can be reset with entry 7.
• • •
Problems and questions
- Can I use TorBox and VPN together? –> see here.
- How can I be sure that my devices are using the Tor network? –> see here.
- Why do I receive a grey onion on the Tor Project’s check-site? –> see here.
- I can’t get tethering to work. What’s wrong with it? –> see here.
- I’m connected to TorBox with an ethernet cable, and all is working as expected. However, when I change my Internet to “Wireless network”, I’m not able to connect to the Internet anymore. –> see here.
- My TorBox is connected with the Internet via ethernet. I’m using onboard WiFi for my client devices. How can I additionally connect a cable client? –> see here.
- The Internet is reachable, but Tor is stuck at “Bootstrapped 0%”! How can I fix that! –> see here.
- My client, which is connected to the TorBox, doesn’t receive an IP address. –> see here.
- My TorBox doesn’t receive an IP address from the network router. –> see here.
- My TorBox receives an IP address (192.168.42.* or 192.168.43.*) from the network router, but it doesn’t work. –> see here.
- Tor statistics don’t show up — the screen stays black. What can I do? –> see here.
- When I boot up my TorBox, I can see the following error: “Failed to start Raise network interfaces” – what does it mean? –> see here.
- When I boot up my TorBox, I can see the following error: “Failed to start /etc/rc.local Compatibility” – what does it mean? –> see here.
- Which SSH client do you prefer? –> see here.