The primary purpose of the configuration sub-menu is to offer a simple way to configure your TorBox. In this sub-menu, you also find all the necessary entries to change the default passwords. You should do that as soon as possible — check the red coloured menu entries below. Additionally, this menu gives you the ability to change basic configurations like network, security, and logging settings and install additional software for specific hardware support.
In the following, we look at all menu entries one by one:
- Menu entry 1: Change admin (user torbox) password: That’s the first thing you should do!
- Menu entry 2: Change the password of TorBox’s WLAN: That’s the second thing you should do! A reboot is required to take effect.
Important: Only letters (upper and lower case) and numbers are allowed. The length must be between 8 and 63 characters.
- Menu entry 3: Change the password of your Tor control port: The control port is used for controlling Tor, usually through other software. To change that password is generally not necessary. If you, nevertheless, change the password, Tor restarts automatically.
- Menu entry 4: Change the name of TorBox’s WLAN: Depending on your environment, it could be a good idea to fit in with the name of your wireless network.
- Menu entry 5: Set TorBox’s WLAN regulatory domain for the 5 GHz band: By default, TorBox WLAN regulatory domain is set to the United States, which works in most cases. Depending on the location, however, it may be necessary to adjust the WLAN regulatory domain to use all bands, channels and frequencies and not get in trouble.
- Menu entry 6: Change TorBox’s WLAN from the xx GHz to the xx GHz band: This menu entry changes the TorBox’s WLAN — the one, which the SSH client connects — from 2,5 GHz to 5 GHz or back. If you are in an area with many devices transmitting on 2.5 GHz, a change on the 5 GHz band could solve some problems and provide higher throughput. This is only supported by a Raspberry Pi 3 Model B+ or a Raspberry Pi 4 Model B.
- Menu entry 7: Change TorBox’s WLAN channel and the MHz: This menu entry changes the channel and the frequency of TorBox’s WLAN. If you are in an area with many devices communicating on the same channel you’re using for TorBox’s WLAN, changing channels can solve some problems and increase throughput. It is also true that higher frequencies are associated with higher throughput. However, this also means that more power is required and thus a reliable power supply. Frequencies above 20 MHz are only supported by a Raspberry Pi 3 Model B+ or a Raspberry Pi 4 Model B.
Important: 40 MHz is only activated if there is no overlap with other devices. For this purpose, hostapd performs a background scan. This can also be checked with the following command:
hostapd -dd /etc/hostapd/hostapd.conf
- Menu entry 8: Change/randomize/list the MAC addresses of TorBox’s interfaces: A MAC address is a unique identifier assigned to a network interface. According to Edward Snowden, the NSA has a system that tracks the movements of mobile devices in a city by monitoring MAC addresses. Therefore vendors started to randomize the MAC addresses on their devices. Since TorBox v.0.5.1, TorBox began to randomize the MAC addresses of the interfaces wlan0, wlan1, eth0 and eth1 by default. However, to overcome captive portals, you can also use the MAC address of another device that has successfully passed through a captive Portal. See here for more information on how to pass through a captive portal.
- Menu entry 9: Hide / Unhide TorBox’s WLAN: If you choose “hide”, TorBox sends empty SSID in beacons and ignores probe request frames that do not specify full SSID. In other words: to connect with your wireless network, the full name of that network must be known. “Unhide” will reverse this behaviour.
- Menu entry 10: Disable / Enable TorBox’s WLAN: If at least one client device is connected to the TorBox with a cable, this menu entry gives the possibility to disable the TorBox WLAN. It can be chosen between a temporary disabling, which lasts only until the next restart of the TorBox, and a permanent disabling. To disable TorBox’s WLAN involves the risk of locking you out.
- Menu entry 11: Disable / Enable TorBox’s WebSSH access: With TorBox v.0.5.1,
shellinabox, which seems is not maintained anymore. With
webssh, users don’t need a ssh client because every web browser can jump in. A user on a wifi-client can type 192.168.42.1, someone on a cable-client 192.168.43.1. This functionality comes with a certain risk because
websshis not encrypted (this would need a self-signed certificate, which the browser doesn’t support easily). However, this shouldn’t cause any problems because the TorBox AP and its wlan or the connection cable should be controlled by you. By default,
websshcannot be accessed from the Internet. If you seek maximum security, you still can keep using an ssh client and even deactivate the
websshfunctionality with this menu entry.
- Menu entry 12: Enable / Disable SSH access from the Internet: Does what it says – the default is disabled.
- Menu entry 13: Enable / Disable Tor control port access for clients: For security reasons, the Tor control port is only used locally on the TorBox itself and is protected by a password. If someone needs to control Tor from a client, he can enable the Tor control port access for clients.
- To take effect of the change, you must (re-)select the Internet connection in the Main Menu (entry 5-10).
- You are strongly advised to change the password of your Tor control port (entry 3 in the Configuration sub-menu).
- Enabled Tor control port access for clients generates warning messages in the Tor log.
- Menu entry 14: Enable / Disable HTTP plain text traffic block: This option blocks all HTTP plain text traffic through Tor by blocking port 80. This should avoid unencrypted data traffic at the Exit Node, which could break your anonymity (see here). However, it is only a very superficial block, which could help if, for example, a browser requests an unencrypted Webpage (http://). Currently, it does not block plain text traffic in general (for example, Telnet). Also, HTTP plain text traffic from clients using TorBox’s SOCKS 5 functionality or the Tor Browser cannot be blocked. Another downside is that not only unencrypted web pages but also other traffic on port 80 are blocked so that probably some application will not work correctly anymore. For example, in Chrom and Chromium .onion addresses using “http://” will be blocked too. For that reason, HTTP plain text traffic blocking is by default disabled, and we recommend installing HTTPS Everywhere in the Browser.
- Menu entry 15: Enter the advanced tor configuration editor: This menu entry gives access to the Tor configuration file. You should know what you are doing before you change anything in the configuration file — here, you can break your TorBox. If you are unsure, then contact us. Did you something wrong? You can always overwrite this configuration with the default one, stored in ~/torbox/etc/tor/. After changing the configuration, use the following commands in the editor: CTRL-S to save the changes. CTRL-X to exit the editor.
- Menu entry 16 : Changing the extent of logging: By default, TorBox reduces logging to a minimum. However, the protocol function for Tor remains activated so that the correct operation be determined. Tor ensures that no sensitive information is leaked into the log files. For detailed troubleshooting, the log function can be set to “High”, which effectively means that the normal log function of the operating system is activated.
- Menu entry 17: Erase all log files: It does what it says.
- Menu entry 18: Support for Adafruit’s PiTFT displays: A nice way to display the real-time statistics (main menu entry 1) of TorBox is to combine a Raspberry Pi with a PiTFT 3.5″ resistive touch 320×480 from Adafruit (for more information, see here). With this menu entry, the necessary drivers are installed. TorBox has to be connected to the internet and a reboot is required to take effect. Supported are following Adafruit’s PiTFT displays: PiTFT 3.5″ resistive touch 320×480, PiTFT 2.8“ capacitive touch 240×320, PiTFT 2.4″, 2.8″ or 3.2″ resistive 240×320, PiTFT 2.2″ no touch 240×320, Braincraft 1.54″ display 240×240.
- Menu entry 19: Support for 3,5″ no-name TFT displays: Instead of an Adafruit TFT display, it is also possible to use a 3,5″ no-name TFT (for more information, see here). With this menu entry, the necessary drivers are installed. TorBox has to be connected to the internet, and a reboot is required to take effect.
- Menu entry 20: Support for Sixfab Shields/HATs for cellular connections: This menu entry installs the necessary drivers for Sixfab Cellular Shields/HATs for cellular connections (for more information, see here). Supported are the following Sixfab Shields/HATs: Raspberry Pi GSM/GPRS Shield, Raspberry Pi 3G-4G/LTE Base Shield V2, Raspberry Pi 3G/4G<E Base HAT, Raspberry Pi Cellular IoT Application Shield, Raspberry Pi Cellular IoT HAT, Raspberry Pi Tracker HAT.
• • •
Regarding the use of TFT displays
TorBox’s menus and dialogue boxes have only been adapted for TFTs with a minimal resolution of 320×480. Adafruit’s and 3,5″ no-name TFTs are widely used and are therefore included in the configuration menu. On request, we are happy to support other widespread small screens for the Raspberry Pi.
• • •
Problems and questions
- Should I change the default passwords? How can I change my passwords? –> see here.
- Should I change the name of the wireless network (SSID) of my TorBox? How can I change it? –> see here.
- Can I hide the name of the wireless network (SSID) of my TorBox? –> see here.
- TorBox’s Wireless manager doesn’t show me all wireless networks! It seems that the ones on the 5 GHz band are missing. What can I do? –> see here.
- I’m connected to TorBox, and all is working as expected, but Firefox, Safari and any iOS device don’t display .onion sites. What’s wrong? –> see here.
- Is there a way to force/block TorBox to use an exit node in a specific country? –> see here.