{"id":205,"date":"2018-12-02T23:31:16","date_gmt":"2018-12-02T22:31:16","guid":{"rendered":"http:\/\/www.torbox.ch\/?page_id=205"},"modified":"2026-03-31T22:15:31","modified_gmt":"2026-03-31T21:15:31","slug":"i-want-to-build-it-from-scratch-pre-v-0-23","status":"publish","type":"page","link":"https:\/\/www.torbox.ch\/?page_id=205","title":{"rendered":"I want to build it from scratch on a Raspberry Pi with Raspberry Pi OS Lite!"},"content":{"rendered":"\n<p><b>Whether you like to implement TorBox in an existing system, on another hardware, or on another operating system, or you don\u2019t trust an image file which you didn\u2019t bundle yourself, this detailed manual helps you build a TorBox from scratch.<\/b><\/p>\n\n\n\n<p>This manual is written for <a href=\"https:\/\/www.raspberrypi.com\/software\/operating-systems\/#raspberry-pi-os-64-bit\">Raspberry Pi OS &#8220;Bookworm&#8221; Lite (64-bit)<\/a> (based on <a href=\"https:\/\/en.wikipedia.org\/wiki\/Debian\" target=\"_blank\" rel=\"noopener noreferrer\">Debian 13 &#8220;Trixie&#8221;<\/a>) on a\u00a0<a href=\"https:\/\/www.raspberrypi.org\/products\/raspberry-pi-3-model-b-plus\/\" target=\"_blank\" rel=\"noreferrer noopener\">Raspberry Pi 3 Model B+<\/a>, a\u00a0<a href=\"https:\/\/www.raspberrypi.org\/products\/raspberry-pi-4-model-b\/\" target=\"_blank\" rel=\"noreferrer noopener\">Raspberry Pi 4 Model B<\/a>\u00a0or a\u00a0<a href=\"https:\/\/www.raspberrypi.com\/products\/raspberry-pi-5\/\" target=\"_blank\" rel=\"noreferrer noopener\">Raspberry Pi 5<\/a>. However, this manual should also work with the 32-bit version of Raspberry Pi OS and older Raspberry Pi models.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright\"><a href=\"https:\/\/github.com\/radio24\/TorBox\/archive\/refs\/heads\/master.zip\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"74\" src=\"http:\/\/www.torbox.ch\/wp-content\/uploads\/2018\/01\/download_button-300x74.png\" alt=\"\" class=\"wp-image-133\" srcset=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2018\/01\/download_button-300x74.png 300w, https:\/\/www.torbox.ch\/wp-content\/uploads\/2018\/01\/download_button.png 325w\" sizes=\"auto, (max-width: 300px) 85vw, 300px\" \/><\/a><figcaption class=\"wp-element-caption\">Download the TorBox GitHub repository<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Before you create all configuration files by yourself, some of the below-mentioned configuration files are stored in the &#8220;etc&#8221; folder in <a href=\"https:\/\/github.com\/radio24\/TorBox\" target=\"_blank\" rel=\"noopener noreferrer\">our GitHub repository<\/a>.<\/p>\n\n\n\n<p><a name=\"01\"><\/a><\/p>\n\n\n\t\t\t\t<div class=\"wp-block-uagb-table-of-contents uagb-toc__align-left uagb-toc__columns-1 uagb-toc__collapse uagb-block-38377394      \"\n\t\t\t\t\tdata-scroll= \"1\"\n\t\t\t\t\tdata-offset= \"30\"\n\t\t\t\t\tstyle=\"\"\n\t\t\t\t>\n\t\t\t\t<div class=\"uagb-toc__wrap\">\n\t\t\t\t\t\t<div class=\"uagb-toc__title\">\n\t\t\t\t\t\t\tTable Of Contents\t\t\t\t\t\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewBox= \"0 0 384 512\"><path d=\"M192 384c-8.188 0-16.38-3.125-22.62-9.375l-160-160c-12.5-12.5-12.5-32.75 0-45.25s32.75-12.5 45.25 0L192 306.8l137.4-137.4c12.5-12.5 32.75-12.5 45.25 0s12.5 32.75 0 45.25l-160 160C208.4 380.9 200.2 384 192 384z\"><\/path><\/svg>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"uagb-toc__list-wrap \">\n\t\t\t\t\t\t<ol class=\"uagb-toc__list\"><li class=\"uagb-toc__list\"><a href=\"#1-prepare-your-system\" class=\"uagb-toc-link__trigger\">1. Prepare your system<\/a><li class=\"uagb-toc__list\"><a href=\"#2-update-your-system-and-install-all-necessary-packages\" class=\"uagb-toc-link__trigger\">2. Update your system and install all necessary packages<\/a><li class=\"uagb-toc__list\"><a href=\"#3-compiling-installing-and-configuring-tor\" class=\"uagb-toc-link__trigger\">3. Compiling, installing and configuring Tor<\/a><li class=\"uagb-toc__list\"><a href=\"#4-installing-the-torbox-menu-and-downloading-all-configuration-files\" class=\"uagb-toc-link__trigger\">4. Installing the TorBox Menu (and downloading all configuration files)<\/a><li class=\"uagb-toc__list\"><a href=\"#5-setting-up-a-dhcp-server\" class=\"uagb-toc-link__trigger\">5. Setting up a DHCP server<\/a><li class=\"uagb-toc__list\"><a href=\"#6-setting-up-network-interfaces\" class=\"uagb-toc-link__trigger\">6. Setting up network interfaces<\/a><li class=\"uagb-toc__list\"><a href=\"#7-configuring-the-torbox-ap\" class=\"uagb-toc-link__trigger\">7. Configuring the TorBox AP<\/a><li class=\"uagb-toc__list\"><a href=\"#8-configuring-network-address-translation-nat\" class=\"uagb-toc-link__trigger\">8. Configuring Network Address Translation (NAT)<\/a><li class=\"uagb-toc__list\"><a href=\"#9-configuring-nginx-to-work-with-webssh-and-onion-services\" class=\"uagb-toc-link__trigger\">9. Configuring Nginx to work with WebSSH and Onion Services<\/a><li class=\"uagb-toc__list\"><a href=\"#10-disable-bluetooth\" class=\"uagb-toc-link__trigger\">10. Disable Bluetooth<\/a><li class=\"uagb-toc__list\"><a href=\"#11-update-sudo-setup\" class=\"uagb-toc-link__trigger\">11. Update sudo setup<\/a><li class=\"uagb-toc__list\"><a href=\"#12-stop-logging-preparing-for-the-first-start-and-restarting-the-system\" class=\"uagb-toc-link__trigger\">12. Stop logging, preparing for the first start and restarting the system<\/a><\/ol>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"1-prepare-your-system\">1. Prepare your system<\/h5>\n\n\n\n<ol class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.raspberrypi.org\/software\/operating-systems\/\"><\/a>Download\u00a0<a href=\"https:\/\/www.raspberrypi.org\/software\/operating-systems\/\" target=\"_blank\" rel=\"noreferrer noopener\">the latest version of <\/a><a href=\"https:\/\/www.raspberrypi.com\/software\/operating-systems\/#raspberry-pi-os-64-bit\">Raspberry Pi OS &#8220;Trixie&#8221; Lite (64-bit)<\/a>, or use the\u00a0<a href=\"https:\/\/github.com\/raspberrypi\/rpi-imager\/releases\" target=\"_blank\">Raspberry Pi Imager<\/a>\u00a0and, under Operating System, choose Raspberry Pi OS (other) and the Raspberry Pi OS Lite (64-bit) image.<\/li>\n\n\n\n<li>If you didn&#8217;t use the Raspberry Pi Imager, then transfer the downloaded Raspberry Pi OS Lite image to an&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Secure_Digital\" target=\"_blank\" rel=\"noreferrer noopener\">SD Card<\/a>, for example, with&nbsp;<a href=\"https:\/\/etcher.balena.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">Balena Etcher<\/a>.&nbsp;TorBox needs at least an 8 GB SD Card.<\/li>\n\n\n\n<li>If asked, create a user <strong>torbox<\/strong> and remember the chosen password for later use.<\/li>\n\n\n\n<li>Log in to your newly set up system as <strong>torbox<\/strong> and with your chosen password.<\/li>\n\n\n\n<li>Log in to your newly set up system <strong>and configure it with <code>sudo raspi-config<\/code><\/strong>.<br><strong>Important<\/strong><br>&#8211; <strong>You must set the WLAN country (in raspi-config menu entry 5 &#8211; L4), or TorBox doesn&#8217;t <\/strong><strong>work because WiFi is blocked!!<\/strong><br>&#8211; Also, disable the auto-login feature <strong>(in raspi-config menu entry 1 &#8211; S5 &#8211; B1)<\/strong><br>&#8211; You need to have a stable internet connection.<\/li>\n<\/ol>\n\n\n\n<p><strong>An alternative way<\/strong> to unblock WiFi on Raspberry Pi OS without using <code>raspi-config<\/code>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nsudo iw reg set US\nsudo sed -i \"s\/^REGDOMAIN=.*\/REGDOMAIN=US\/\" \/etc\/default\/crda\nsudo rfkill unblock wlan\n<\/pre><\/div>\n\n\n<p><strong>An alternative way<\/strong> to disable the auto-login feature:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nsudo raspi-config nonint do_boot_behaviour B1\n<\/pre><\/div>\n\n\n<p>To overcome cheap censorship during the installation, put some well-known public name servers into <code>\/etc\/resolv.conf<\/code>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nsudo printf \"nameserver 1.1.1.1nnameserver 1.0.0.1nnameserver 8.8.8.8nnameserver 8.8.4.4n\" | sudo tee \/etc\/resolv.conf\n<\/pre><\/div>\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"2-update-your-system-and-install-all-necessary-packages\">2. Update your system and install all necessary packages<\/h5>\n\n\n\n<p>Some packages have to be installed to build a TorBox from scratch. To be sure to have the latest version of the base system, the package list, and the firmware, you should use the following commands:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nsudo apt-get -y update\nsudo apt-get -y dist-upgrade\nsudo apt-get -y clean\nsudo apt-get -y autoclean\nsudo apt-get -y autoremove\n<\/pre><\/div>\n\n\n<p>Depending on the updated packages (firmware, kernel, driver etc.) a reboot is recommended.<\/p>\n\n\n\n<p>The following additional packages are necessary and have to be installed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>hostapd<\/strong> -&gt; provides a wireless access point (AP).<\/li>\n\n\n\n<li><strong>isc-dhcp-client, isc-dhcp-server <\/strong>-&gt; DHCP client and server &#8211; we need both of them.<\/li>\n\n\n\n<li><strong>iptables<\/strong>, <strong>ipset<\/strong> -&gt; administration tools for packet filtering and NAT.<\/li>\n\n\n\n<li><strong>tor-geoipd,<\/strong> <strong>apt-transport-tor<\/strong> -&gt; gives access to the Tor network (tor will be installed later, see further below).<\/li>\n\n\n\n<li><strong>nyx<\/strong> -&gt; a command-line monitor for Tor.<\/li>\n\n\n\n<li><strong>usbmuxd<\/strong> -&gt; a socket daemon to multiplex connections from and to iOS devices (support for tethering with iOS devices).<\/li>\n\n\n\n<li><strong>dnsmasq<\/strong> -&gt; DNS forwarder (necessary to deal with captive portals).<\/li>\n\n\n\n<li><strong>dnsutils, tcpdump, iftop, vnstat<\/strong> -&gt; analytical and statistical network tools.<\/li>\n\n\n\n<li><strong>debian-goodies, apt-transport-https<\/strong>, <strong>ca-certificates, bind9-dnsutils <\/strong>-&gt; other necessary tools.<\/li>\n\n\n\n<li><strong>dirmngr<\/strong> -&gt; GNU privacy guard &#8211; network certificate management service.<\/li>\n\n\n\n<li><strong>imagemagick<\/strong>, <strong>tesseract-ocr<\/strong>, <strong>libjpeg-dev<\/strong> -&gt; necessary libraries and programs for some Python scripts.<\/li>\n\n\n\n<li><strong>qrencode<\/strong>, <strong>nginx<\/strong>, <strong>basez<\/strong> -&gt; necessary for Onion Services implementation.<\/li>\n\n\n\n<li><strong>ntpsec-ntpdate<\/strong> -&gt; necessary to set the correct system time.<\/li>\n\n\n\n<li><strong>macchanger<\/strong> -&gt; utility for manipulating the MAC address of network interfaces. <strong>Important<\/strong>: macchanger will ask for enabling an automatic change of the MAC address &#8211; <strong>REPLY WITH NO<\/strong>!<\/li>\n\n\n\n<li><strong>screen<\/strong> -&gt; a terminal multiplexer allowing users to access multiple login sessions inside a single terminal window, or detach and reattach sessions from a terminal.<\/li>\n\n\n\n<li><strong>git<\/strong> -&gt; distributed revision control system.<\/li>\n\n\n\n<li><strong>openvpn<\/strong>, <strong>openssl<\/strong> -&gt; software that implements&nbsp;virtual private network.<\/li>\n\n\n\n<li><strong>ppp<\/strong> -&gt; Point-to-Point Protocol<\/li>\n\n\n\n<li><strong>linux-headers-$(uname -r)<\/strong>,<strong> dkms<\/strong> -&gt; necessary to compile \/ install additional drivers<\/li>\n\n\n\n<li><strong>lshw<\/strong> -&gt; Detailed information about the peripheral devices<\/li>\n\n\n\n<li><strong>ifupdown<\/strong> -&gt; ifup and ifdown, used to configure network interfaces<\/li>\n\n\n\n<li><strong>build-essential, automaker, libevent-dev, libssl-dev, asciidoc, bc, devscripts, dh-apparmor, libcap-dev, liblzma-dev, libsystemd-dev, libzstd-dev, quilt, zlib1g-dev<\/strong> -&gt; installation of developer packages for the compilation of tor<\/li>\n<\/ul>\n\n\n\n<p>Install all necessary packages with the following command:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Installation of standard packages\nsudo apt-get -y install hostapd isc-dhcp-client isc-dhcp-server usbmuxd \ndnsmasq bind9-dnsutils tcpdump iftop vnstat debian-goodies \napt-transport-https dirmngr imagemagick tesseract-ocr ntpsec-ntpdate \nscreen git openvpn ppp nyx apt-transport-tor qrencode nginx basez iptables \nipset macchanger openssl ca-certificates lshw linux-headers-$(uname -r) dkms \nlibjpeg-dev ifupdown\n\n# If you use a Debian distribution instead of Raspberry Pi OS, you may need to \n# install the following additional packages\napt-get -y install wget curl gnupg net-tools unzip sudo rfkill resolvconf\n\n# If you use a Ubuntu distribution instead of Raspberry Pi OS, you may need to \n# install the following additional packages\nsudo apt-get -y install net-tools unzip equivs rfkill iw\n\n# Installation of developper packages - THIS PACKAGES ARE NECESARY FOR THE \n# COMPILATION OF TOR!! Without them, tor will disconnect and restart every \n# 5 minutes!!\nsudo apt-get -y install build-essential automake libevent-dev libssl-dev \nasciidoc bc devscripts dh-apparmor libcap-dev liblzma-dev libsystemd-dev \nlibzstd-dev quilt zlib1g-dev\n\n# IMPORTANT tor-geoipdb installs also the tor package. In an authoritarian \n# country, you may mask tor and activate it later with OBFS4 bridge support \n# to hide the use of tor.\nsudo systemctl mask tor\nsudo apt-get -y install tor-geoipdb\nsudo systemctl mask tor\nsudo systemctl stop tor\n\n# Installation of needed Python modules\n# Enable the possibility to manage Python modules with pip3\nsudo rm &quot;\/usr\/lib\/python3.12\/EXTERNALLY-MANAGED&quot;\n# or\nsudo rm &quot;\/usr\/lib\/python3.13\/EXTERNALLY-MANAGED&quot;\n\n# Installation of some basic Python packages\nsudo apt-get -y install python3-pip\nsudo pip install --ignore-installed --upgrade pip\nsudo pip3 install --ignore-installed pipenv\n\n# Generate and install the requirements\nwget --no-cache https:\/\/raw.githubusercontent.com\/radio24\/TorBox\/master\/Pipfile.lock\npipenv requirements &gt;requirements.txt\nsudo sed -i &quot;\/^pip==.*\/d&quot; requirements.txt\nsudo sed -i &quot;s\/^typing-extensions==\/typing_extensions==\/g&quot; requirements.txt\n# IMPORTANT: All requierements have to be installed, which is not always the case after executing the command below for the first time.\n# In this case, you have to execute the command multiple times until all requirements are installed.\nsudo pip3 install --ignore-installed -r requirements.txt\n\n# Installation of go \n#\n# ATTENTION\n# For a Raspberry Pi OS 32bit, you must use go1.25.5.linux-armv6l.tar.gz \n# (with a l like LIMA and not with a one (1)). Also, see here for all the \n# different packages depending on the hardware and the operating system:\n# https:\/\/go.dev\/dl\/\ncd\nsudo rm -rf \/usr\/local\/go\nwget https:\/\/golang.org\/dl\/go1.25.5.linux-arm64.tar.gz\nsudo tar -C \/usr\/local -xzvf go1.25.5.linux-arm64.tar.gz\nexport PATH=$PATH:\/usr\/local\/go\/bin\nsudo printf &quot;n# Added by TorBoxnexport PATH=$PATH:\/usr\/local\/go\/binn&quot; | sudo tee -a .profile\n\n# Create a folder &quot;openvpn&quot; for *.ovpn files\nsudo mkdir \/home\/torbox\/openvpn\nsudo chown -R torbox:torbox \/home\/torbox\/\n\n<\/pre><\/div>\n\n\n<p>We don&#8217;t want to start <code>dnsmasq<\/code> automatically after booting the system:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nsudo systemctl disable dnsmasq\nsudo systemctl daemon-reload\n<\/pre><\/div>\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"3-compiling-installing-and-configuring-tor\">3. Compiling, installing and configuring Tor<\/h5>\n\n\n\n<p>There are at least three ways to install Tor:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>From the Raspberry Pi OS itself<\/strong>: this has probably already happened with the installation of <code>tor-geoipdb<\/code>. This method is recommended in authoritarian countries. However, usually, it installs an older, long-term-supported version of tor.<\/li>\n\n\n\n<li><strong>From the Debian repository of the TorProject<\/strong>: we don&#8217;t recommend using this method because it doesn&#8217;t support 32-bit ARM systems\/OS.<\/li>\n\n\n\n<li><strong>From the <a href=\"https:\/\/gitlab.torproject.org\/tpo\/core\/tor\/\">official Tor repositories on GitHub<\/a><\/strong>: we recommend this method as the standard way to install tor on the TorBox (used below).<\/li>\n<\/ol>\n\n\n\n<p><strong>First step: Compiling and installing a specific version of tor from the official Tor repositories on GitHub<\/strong><br><a href=\"https:\/\/gitlab.torproject.org\/tpo\/core\/tor\/-\/tags\">Select a specific tor version<\/a> from the unofficial Tor repositories on GitHub (alpha versions are not recommended!). Copy the link of the source code file (the <code>tar.gz file<\/code>). You need that link for the <code>wget<\/code> command below.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nwget https:\/\/gitlab.torproject.org\/tpo\/core\/tor\/-\/archive\/tor-&lt;version&gt;\/tor-tor-&lt;version&gt;.tar.gz\ntar xzf tor-tor-&lt;version&gt;.tar.gz\ncd &lt;torversion&gt;\ngit init\ngit add -- *\ngit config --global user.name &quot;torbox&quot;\ngit config --global user.email &quot;torbox@localhost&quot;\ngit commit -m &quot;Initial commit&quot;\nsh autogen.sh\nsh configure --disable-unittests\nmake\nsudo make install\ncd\nsudo rm -r tor-*\nsudo mv \/usr\/local\/bin\/tor* \/usr\/bin \n<\/pre><\/div>\n\n\n<p><strong>Second step: Installation of obfs4proxy and Snowflake<\/strong><\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Installation of obfs4proxy\ncd\ngit clone https:\/\/salsa.debian.org\/pkg-privacy-team\/obfs4proxy.git\nexport GO111MODULE=\"on\"\ncd obfs4proxy\ngo build -o obfs4proxy\/obfs4proxy .\/obfs4proxy\nsudo cp .\/obfs4proxy\/obfs4proxy \/usr\/bin\ncd\nsudo rm -rf obfs4proxy\nsudo rm -rf go*\n\n# Installation of Snowflake\ncd\ngit clone https:\/\/gitlab.torproject.org\/tpo\/anti-censorship\/pluggable-transports\/snowflake\nexport GO111MODULE=\"on\"\ncd snowflake\/proxy\ngo get\ngo build\nsudo cp proxy \/usr\/bin\/snowflake-proxy\ncd\ncd snowflake\/client\ngo get\ngo build\nsudo cp client \/usr\/bin\/snowflake-client\ncd\nsudo rm -rf snowflake\nsudo rm -rf go*\n<\/pre><\/div>\n\n\n<p><strong>Third step: Configuring Tor<\/strong><\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n## This is the configuration file of Tor\n\n## DON&#039;T CHANGE THE FOLLOWING LINES!\n######################################################\n## Configuration for TorBox\n\n#BandwidthRate 1 GB\n#BandwidthBurst 1 GB\nLog notice file \/var\/log\/tor\/notices.log\n# IPv6 support (only)\n#ClientUseIPv6 1\nVirtualAddrNetworkIPv4 10.192.0.0\/10\nAutomapHostsSuffixes .onion,.exit\nAutomapHostsOnResolve 1\nTransPort 127.0.0.1:9040\n#TransPort 192.168.42.1:9040\n#TransPort 192.168.43.1:9040\n#TransPort 192.168.44.1:9040\nDNSPort 127.0.0.1:9053\n#DNSPort 192.168.42.1:9053\n#DNSPort 192.168.43.1:9053\n#DNSPort 192.168.44.1:9053\nSocksPort 127.0.0.1:9050\n#SocksPort 192.168.42.1:9050\n#SocksPort 192.168.43.1:9050\n#SocksPort 192.168.44.1:9050\nSocksPort 127.0.0.1:9052 IsolateDestAddr\n#SocksPort 192.168.42.1:9052 IsolateDestAddr\n#SocksPort 192.168.43.1:9052 IsolateDestAddr\n#SocksPort 192.168.44.1:9052 IsolateDestAddr\nControlPort 127.0.0.1:9051\n#ControlPort 192.168.42.1:9051\n#ControlPort 192.168.43.1:9051\n#ControlPort 192.168.44.1:9051\nHashedControlPassword 16:E68F16640ED8C0F7601F5AA3D229D8DFD8715623CB055577F9434F7FB7\nDisableDebuggerAttachment 0\nAvoidDiskWrites 1\n#%include \/etc\/tor\/torrc.exclude-slow\n\n## THE CONFIGURATION OF THE ONION SERVICES STARTS HERE!\n#######################################################\n## This will configure the Onion Services (do not remove or change that line - this is an anchor)\n\n## This will configure the Onion Service authorizations\n#ClientOnionAuthDir \/var\/lib\/tor\/onion_auth\n\n## THE CONFIGURATION OF THE BRIDGE RELAY STARTS HERE!\n######################################################\n## This will setup an obfs4 bridge relay.\n#BridgeRelay 1\n#ORPort 4235\n#ExtORPort auto\n#ServerTransportPlugin obfs4 exec \/usr\/bin\/obfs4proxy\n#ServerTransportListenAddr obfs4 0.0.0.0:443\n#ContactInfo &lt;address@email.com&gt;\n#Nickname TorBox055\n#BridgeDistribution any\n\n## TO OVERCOME A FIREWALL, START HERE!\n## HOWEVER, USE IT ONLY, IF REALLY NECESSARY!\n######################################################\n## This will allow you to run Tor as a client behind a firewall with\n## restrictive policies, but will not allow you to run as a server behind such\n## a firewall.\n## ReachableAddresses IP&#x5B;\/MASK]&#x5B;:PORT]\u2026\n## A comma-separated list of IP addresses and ports that your firewall allows\n## you to connect to. The format is as for the addresses in ExitPolicy, except\n## that &quot;accept&quot; is understood unless &quot;reject&quot; is explicitly provided. For\n## example, &#039;ReachableAddresses 99.0.0.0\/8, reject 18.0.0.0\/8:80, accept *:80&#039;\n## means that your firewall allows connections to everything inside net 99,\n## rejects port 80 connections to net 18, and accepts connections to port 80\n## otherwise.\n#ReachableAddresses accept *:443, accept *:80\n\n## TO OVERCOME CENSORSHIP, START HERE!\n######################################################\n## If you like to use bridges to overcome censorship, EDIT THE LINES BELOW!\n## To use bridges, uncomment the three lines below...\n#UseBridges 1\n#UpdateBridgesFromAuthority 0\n#ClientTransportPlugin meek_lite,obfs4 exec \/usr\/bin\/obfs4proxy\n#ClientTransportPlugin snowflake exec \/usr\/bin\/snowflake-client\n\n## Meek-Azure (do not remove or change that line - this is an anchor)\n#Bridge meek_lite 192.0.2.20:80 url=https:\/\/1603026938.rsc.cdn77.org front=www.phpmyadmin.net utls=HelloRandomizedALPN\n\n## Snowflake (do not remove or change that line - this is an anchor)\n#Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https:\/\/snowflake-broker.torproject.net\/ ampcache=https:\/\/cdn.ampproject.org\/ front=www.google.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn\n#Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https:\/\/1098762253.rsc.cdn77.org\/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn\n#Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https:\/\/1098762253.rsc.cdn77.org\/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn\n#Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https:\/\/1098762253.rsc.cdn77.org\/ fronts=app.datapacket.com,www.datapacket.com ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn\n#Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https:\/\/1098762253.rsc.cdn77.org\/ fronts=app.datapacket.com,www.datapacket.com ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn\n#Specific Snowflake bridge for China\n#Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https:\/\/snowflake-broker.torproject.net.global.prod.fastly.net\/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn\n#Specific Snowflake bridge for China\n#Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https:\/\/snowflake-broker.torproject.net.global.prod.fastly.net\/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn\n#Specific Snowflake bridge for Iran\n#Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https:\/\/snowflake-broker.azureedge.net\/ front=ajax.aspnetcdn.com ice=stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn\n#Specific Snowflake bridge for Turkmenistan\n#Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https:\/\/snowflake-broker.torproject.net.global.prod.fastly.net\/ front=foursquare.com ice=stun:206.53.159.130:3479,stun:94.23.17.185:3479,stun:217.74.179.29:3479,stun:83.125.8.47:3479,stun:23.253.102.137:3479,stun:52.26.251.34:3479,stun:154.73.34.8:3479,stun:185.125.180.70:3479,stun:195.35.115.37:3479 utls-imitate=hellorandomizedalpn\n#Specific Snowflake bridge for Turkmenistan\n#Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https:\/\/snowflake-broker.torproject.net.global.prod.fastly.net\/ front=foursquare.com ice=stun:206.53.159.130:3479,stun:94.23.17.185:3479,stun:217.74.179.29:3479,stun:83.125.8.47:3479,stun:23.253.102.137:3479,stun:52.26.251.34:3479,stun:154.73.34.8:3479,stun:185.125.180.70:3479,stun:195.35.115.37:3479 utls-imitate=hellorandomizedalpn\n\n## IMPORTANT: Currently, Snowflake supports only one bridge line. If you uncomment several bridge lines, only the first will be used.\n\n## OBFS4 bridges\n##\n## You have three ways to get new bridge-addresses:\n## 1. Get them here https:\/\/bridges.torproject.org\/\n## 2. Or send an email to bridges@torproject.org, using an address\n##    from Riseup or Gmail with &quot;get transport obfs4&quot; in the body of the mail.\n## 3. Via Telegram (official): https:\/\/t.me\/GetBridgesBot ; then use \/bridges to get a bridge.\n## 4. (Not recommended, only if needed): Via Telegram (unofficial): https:\/\/t.me\/tor_bridges\n<\/pre><\/div>\n\n\n<p><strong>Important<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Don&#8217;t remove or change the &#8220;#-lines&#8221;. TorBox changes this file automatically. If you delete values (even those with #), TorBox won&#8217;t re-add them, and It may not work correctly!<\/li>\n\n\n\n<li>You can change the &#8220;HashedControlPassword&#8221; at the end of the installation using the <a href=\"https:\/\/www.torbox.ch\/?page_id=875\">configuration sub-menu<\/a> entry 3.<\/li>\n<\/ul>\n\n\n\n<p>Also, the Tor installation has to be prepared for onion services:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nsudo mkdir \/var\/lib\/tor\/services\nsudo chown -R debian-tor:debian-tor \/var\/lib\/tor\/services\nsudo chmod -R go-rwx \/var\/lib\/tor\/services\nsudo mkdir \/var\/lib\/tor\/onion_auth\nsudo chown -R debian-tor:debian-tor \/var\/lib\/tor\/onion_auth\nsudo chmod -R go-rwx \/var\/lib\/tor\/onion_auth\n<\/pre><\/div>\n\n\n<p><strong>Fourth step: Configuring geoip and obfs4proxy<\/strong><\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Execute the following commands:\nsudo chmod a+x \/usr\/share\/tor\/geoip*\nsudo cp \/usr\/share\/tor\/geoip* \/usr\/bin\nsudo setcap 'cap_net_bind_service=+ep' \/usr\/bin\/obfs4proxy\nsudo sed -i \"s\/^NoNewPrivileges=yes\/NoNewPrivileges=no\/g\" \/lib\/systemd\/system\/tor@default.service\nsudo sed -i \"s\/^NoNewPrivileges=yes\/NoNewPrivileges=no\/g\" \/lib\/systemd\/system\/tor@.service\n<\/pre><\/div>\n\n\n<div style=\"height:37px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"5-installing-the-torbox-menu-and-download-all-configuration-files\">4. Installing the TorBox Menu (and downloading all configuration files)<\/h5>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright\"><a href=\"https:\/\/github.com\/radio24\/TorBox\/archive\/refs\/heads\/master.zip\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"74\" src=\"http:\/\/www.torbox.ch\/wp-content\/uploads\/2018\/01\/download_button-300x74.png\" alt=\"\" class=\"wp-image-133\" srcset=\"https:\/\/www.torbox.ch\/wp-content\/uploads\/2018\/01\/download_button-300x74.png 300w, https:\/\/www.torbox.ch\/wp-content\/uploads\/2018\/01\/download_button.png 325w\" sizes=\"auto, (max-width: 300px) 85vw, 300px\" \/><\/a><figcaption class=\"wp-element-caption\">Download the TorBox GitHub repository<\/figcaption><\/figure>\n<\/div>\n\n\n<p>The &#8220;TorBox Menu&#8221; is a user-friendly way to change your TorBox settings. The menu is automatically started whenever a Terminal, a\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Comparison_of_SSH_clients\" target=\"_blank\">SSH client<\/a>\u00a0(<strong>192.168.42.1<\/strong>\u00a0on a WiFi client,\u00a0<strong>192.168.43.1<\/strong>\u00a0on a cable client or\u00a0<strong>192.168.44.1<\/strong>\u00a0when connected via VPN or if you use\u00a0<a href=\"https:\/\/www.torbox.ch\/?page_id=3544\" target=\"_blank\" rel=\"noreferrer noopener\">TorBox mini<\/a>\u00a0on a\u00a0<a href=\"https:\/\/www.raspberrypi.com\/products\/raspberry-pi-zero-2-w\/\" target=\"_blank\" rel=\"noreferrer noopener\">Raspberry Pi Zero 2 W<\/a>\u00a0as a RNDIS\/Ethernet Gadget) or a web browser (<a href=\"http:\/\/192.168.42.1\" target=\"_blank\">http:\/\/192.168.42.1<\/a>\u00a0on a WiFi client,\u00a0<a href=\"http:\/\/192.168.43.1\/\" target=\"_blank\" rel=\"noreferrer noopener\">http:\/\/192.168.43.1<\/a>\u00a0on a cable client or\u00a0<a href=\"http:\/\/192.168.44.1\/\" target=\"_blank\" rel=\"noreferrer noopener\">192.168.44.1<\/a>\u00a0when connected via VPN or using TorBox mini) access the TorBox. The menu uses shell scripts that configure the correct packet filtering and NAT rules and start other supporting tools. All scripts are located in ~\/torbox and ~\/torbox\/bin; all configuration files are located in <code>~\/torbox\/etc<\/code>. If necessary, the menu can be started there with <code>.\/menu.<\/code> Use the following commands to install the menu (or <a href=\"https:\/\/github.com\/radio24\/TorBox\/archive\/refs\/heads\/master.zip\" target=\"_blank\" rel=\"noreferrer noopener\">download<\/a> the complete TorBox repository <a href=\"https:\/\/github.com\/radio24\/TorBox\" target=\"_blank\" rel=\"noreferrer noopener\">from our GitHub page<\/a>):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Execute the following commands:\ncd\nwget https:\/\/github.com\/radio24\/TorBox\/archive\/refs\/heads\/master.zip\nunzip master.zip\nmv TorBox-master torbox\nrm -r master.zip\n\n# Edit .profile:\nsudo nano .profile\n\n# Add the following lines to the end of \".profile\":\ncd torbox\nbash menu\n<\/pre><\/div>\n\n\n<p>Optionally, in <code>~\/torbox\/etc\/motd <\/code>you can find a logo, which you can copy into your <code>\/etc\/motd<\/code>.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Execute following commands:\ncp ~\/torbox\/etc\/motd \/etc\/motd\n<\/pre><\/div>\n\n\n<p>&nbsp;Finally, you need to change \/etc\/rc.local to be sure that TorBox will work properly after a restart:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Execute following commands:\nsudo cp etc\/rc.local \/etc\/\n<\/pre><\/div>\n\n\n<p>&nbsp;Make sure that the <a rel=\"noopener noreferrer\" href=\"https:\/\/en.wikipedia.org\/wiki\/Comparison_of_SSH_clients\" target=\"_blank\">SSH-client<\/a> can access the TorBox after the restart:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Execute the following commands:\nsudo systemctl unmask ssh\nsudo systemctl enable ssh\nsudo systemctl start ssh\nsudo systemctl daemon-reload\n<\/pre><\/div>\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"6-setting-up-a-dhcp-server\">5. Setting up a DHCP server<\/h5>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Set up your hostname (for example \"TorBox\" instead of \"raspberrypi\":\nsudo hostnamectl set-hostname \"TorBox\"\nsudo systemctl restart systemd-hostnamed\nsudo nano \/etc\/hosts\n\n# Adjust the configuration file of the DHCP server:\nsudo nano \/etc\/dhcp\/dhcpd.conf\n\n# Replace \/etc\/dhcp\/dhcpd.conf with the following content:\ndefault-lease-time 600;\nmax-lease-time 7200;\nddns-update-style none;\nauthoritative;\n\nsubnet 192.168.42.0 netmask 255.255.255.0 {\nrange 192.168.42.10 192.168.42.50;\noption broadcast-address 192.168.42.255;\noption routers 192.168.42.1;\noption domain-name \"local\";\noption domain-name-servers 192.168.42.1;\n}\n\nsubnet 192.168.43.0 netmask 255.255.255.0 {\nrange 192.168.43.10 192.168.43.50;\noption broadcast-address 192.168.43.255;\noption routers 192.168.43.1;\noption domain-name \"local\";\noption domain-name-servers 192.168.43.1;\n}\n\n# Adjust the configuration file of the DHCP server (isc-dhcp-server):\nsudo nano \/etc\/default\/isc-dhcp-server\n\n# Add all the available interfaces to the following line:\nINTERFACEv4=\"wlan0 wlan1 eth0 eth1 usb0\"\n<\/pre><\/div>\n\n\n<p>The classless static route option (<a href=\"https:\/\/tools.ietf.org\/html\/rfc3442\" target=\"_blank\" rel=\"noreferrer noopener\">RFC3442<\/a>) gives us some headaches with certain AP under certain conditions (see also <a href=\"https:\/\/ubuntuforums.org\/showthread.php?t=1156441\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>). Therefore, we remove this option from the configuration:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Remove in \/etc\/dhcp\/dhclient.conf the classless static route option\nsudo nano \/etc\/dhcp\/dhclient.conf\n\n# Old entries:\noption rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n\nrequest subnet-mask, broadcast-address, time-offset, routers, domain-name,\ndomain-name-servers, domain-search, host-name, dhcp6.name-servers,\ndhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, netbios-name-servers,\nnetbios-scope, interface-mtu, rfc3442-classless-static-routes, ntp-servers; \n\n# New entries:\n#option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n\nrequest subnet-mask, broadcast-address, time-offset, routers, domain-name,\ndomain-name-servers, domain-search, host-name, dhcp6.name-servers,\ndhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, netbios-name-servers,\nnetbios-scope, interface-mtu, ntp-servers;\n<\/pre><\/div>\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"7-setting-up-network-interfaces\">6. Setting up network interfaces<\/h5>\n\n\n\n<p>Currently, TorBox supports the following connections:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nINTERNET     CLIENT\u00a0\u00a0\u00a0\u00a0\u00a0           Remarks\n--------------------------------------------------------------------------------------------\nETH0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 WLAN0(+ETH1+TUN1)\u00a0\u00a0\u00a0\u00a0 Ethernet cable (eth0) or TorBox on a cloud (tun1)\nETH1         WLAN0(+ETH0)\u00a0         USB ethernet adapter or Tethering (iOS)\nWLAN1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0  WLAN0(+ETH0)\u00a0\u00a0\u00a0\u00a0      Wireless network (USB adapter; wlan1)\nWLAN0\u00a0\u00a0\u00a0\u00a0\u00a0   WLAN1(+ETH0+USB0)\u00a0\u00a0\u00a0\u00a0 Wireless network or TorBox mini (onboard chip; wlan0)\nUSB0\t     WLAN0(+ETH0)\u00a0\u00a0\u00a0\u00a0      USB dongle or Tethering (Android) (usb0)\nPPP0         WLAN0(+ETH0)\u00a0\u00a0\u00a0\u00a0      Cellular-internet\nTUN0         WLAN0(+ETH0)\u00a0         Over a VPN connection\n<\/pre><\/div>\n\n\n<p>\u00a0In the beginning, only the standard <code>\/etc\/network\/interface<\/code> &#8212; listed below &#8212; is necessary. Depending on your choice in the TorBox menu, this file is automatically altered by TorBox.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Edit \/etc\/network\/interfcae:\nsudo nano \/etc\/network\/interface\n\n# Replace \/etc\/network\/interface with the following content:\n\n# source-directory \/etc\/network\/interfaces.d\n\nauto lo\nauto eth0\nauto wlan1\nauto usb0\n\niface lo inet loopback\niface eth0 inet dhcp\niface wlan1 inet dhcp\niface usb0 inet dhcp\nallow-hotplug wlan0 wlan1 eth0 eth1 usb0\n\niface wlan0 inet static\n  address 192.168.42.1\n  netmask 255.255.255.0\n\twireless-power off\n\niface eth1 inet static\n  address 192.168.43.1\n  netmask 255.255.255.0\n<\/pre><\/div>\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"8-configuring-the-torbox-ap\">7. Configuring the TorBox AP<\/h5>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Edit \/etc\/hostapd\/hostapd.conf\nsudo nano \/etc\/hostapd\/hostapd.conf\n\n# Replace \/etc\/hostapd\/hostapd.conf with the following content:\ninterface=wlan0\ndriver=nl80211\nssid=TorBox055\ncountry_code=US\nhw_mode=g\nchannel=6\nieee80211n=1\nieee80211ac=1\nwmm_enabled=1\n#ht_capab=&#x5B;HT40-]&#x5B;HT40+]&#x5B;SHORT-GI-20]&#x5B;SHORT-GI-40]&#x5B;DSSS_CCK-40]\n#vht_oper_chwidth=1\n#vht_oper_centr_freq_seg0_idx=42\nmacaddr_acl=0\nauth_algs=1\nignore_broadcast_ssid=0\nwpa=2\nwpa_passphrase=CHANGE-IT\nwpa_key_mgmt=WPA-PSK\nrsn_pairwise=CCMP\n<\/pre><\/div>\n\n\n<p><strong>Important<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Only letters (upper and lower case) and numbers are allowed in the passphrase. The length must be between 8 and 63 characters.<\/li>\n\n\n\n<li>Don&#8217;t remove or change the &#8220;#-lines&#8221; and the <code>country_code=US<\/code> value! Otherwise, the 2.4 GHz 40 MHz and the 5 GHz 40 and 80 MHz settings will probably not work and will crash hostapd! In use, TorBox changes this file along with the selection in the configuration sub-menu. However, if you delete values (even those with #), TorBox doesn&#8217;t re-add them!<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Edit \/etc\/default\/hostapd\nsudo nano \/etc\/default\/hostapd\n\n# Old entry:\n#DAEMON_CONF=\"\"\n\n# New entry:\nDAEMON_CONF=\"\/etc\/hostapd\/hostapd.conf\"\n<\/pre><\/div>\n\n\n<p>This ensures the services start automatically when TorBox starts, and they also start immediately.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nsudo systemctl unmask hostapd\nsudo systemctl enable hostapd\nsudo systemctl start hostapd\nsudo systemctl unmask isc-dhcp-server\nsudo systemctl enable isc-dhcp-server\nsudo systemctl start isc-dhcp-server\nsudo systemctl disable dhcpcd\nsudo systemctl daemon-reload\n<\/pre><\/div>\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"9-configuring-network-address-translation-nat\">8. Configuring Network Address Translation (NAT)<\/h5>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\necho &#039;net.ipv4.ip_forward=1&#039; | sudo tee \/etc\/sysctl.d\/99-ipforward.conf\nsudo sysctl -p \/etc\/sysctl.d\/99-ipforward.conf\n\n# With the following command, we have to enable IP forwarding (necessary to overcom captive portals):\nsudo sh -c &quot;echo 1 &gt; \/proc\/sys\/net\/ipv4\/ip_forward&quot;\n<\/pre><\/div>\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"10-configuring-nginx-to-work-with-onion-services\">9. Configuring Nginx to work with WebSSH and Onion Services<\/h5>\n\n\n\n<p><meta charset=\"utf-8\">The default Nginx configuration works fine, but we need to allow uploads larger than 1 MB. Setting <code>client_max_body_size to 0<\/code> removes the size limit. Of course, there is also the possibility of setting another, bigger size limit than 1 Mb. For security reasons, we also recommend setting <code>server_tokens<\/code> to <code>off<\/code> to hide the Nginx server version on error pages.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Edit \/etc\/nginx\/nginx.conf:\nsudo nano \/etc\/nginx\/nginx.conf\n\n# Old entries:\nclient_max_body_size 1m;\n\n# New entry:\nclient_max_body_size 0;\nserver_tokens off;\n<\/pre><\/div>\n\n\n<p>Nginx also has an annoying behaviour: it doesn&#8217;t remove the socket files in <code>\/var\/run<\/code> during a restart or when closing down. When starting again, Nginx complains about these existing socket files. Currently, in TorBox, we handle this in the script by looking for unused socket files and deleting them. Nevertheless, we recommend implementing this change to the <code>\/etc\/init.d\/nginx<\/code>, which is recommended here by using the following command:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nsudo sed \"s|STOP_SCHEDULE=\"${STOP_SCHEDULE:-QUIT\/5\/TERM\/5\/KILL\/5}\"|STOP_SCHEDULE=\"${STOP_SCHEDULE:-TERM\/5\/KILL\/5}\"|g\" \/etc\/init.d\/nginx\n<\/pre><\/div>\n\n\n<p>Also, we don&#8217;t need the example configuration and HTML file, but the configuration file for WebSSH:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nsudo rm \/etc\/nginx\/sites-enabled\/default\nsudo rm \/etc\/nginx\/sites-available\/default\nsudo rm -r \/var\/www\/html\n\n# This is necessary for Nginx \/ TFS\nsudo chown torbox:torbox \/var\/www\n\nsudo cp etc\/nginx\/sites-available\/sample-webssh.conf \/etc\/nginx\/sites-available\/webssh.conf\nsudo ln -sf \/etc\/nginx\/sites-available\/webssh.conf \/etc\/nginx\/sites-enabled\/\n<\/pre><\/div>\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"11-disable-bluetooth\">10. Disable Bluetooth<\/h5>\n\n\n\n<p>For security reasons, we recommend disabling Bluetooth on your Raspberry Pi.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Change your \/boot\/config.txt:\nsudo nano \/boot\/firmware\/config.txt\n\n# Add to the end of \/boot\/firmware\/config.txt:\ndtoverlay=disable-bt\n\n# NEW v.0.5.5: hciuart removed because it is not anymore used in the latest Raspberry Pi OS\n# Run following command to disable the related services:\nsudo systemctl stop bluetooth.service\nsudo systemctl disable bluetooth.service\nsudo systemctl mask bluetooth.service\nsudo systemctl daemon-reload\nsudo apt-get purge -y bluez bluez-firmware pi-bluetooth\nsudo apt-get -y autoremove\nsudo rfkill block bluetooth\n<\/pre><\/div>\n\n\n<p>You have to reboot your Raspberry Pi to apply the changes.<\/p>\n\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"11-disable-bluetooth\">11. Update sudo setup<\/h5>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nsudo printf \"\\n# Added by TorBox\\ntorbox  ALL=(ALL) NOPASSWD: ALL\\n\" | sudo tee -a \/etc\/sudoers\nsudo visudo -c\n<\/pre><\/div>\n\n\n<h1><p style=\"text-align: center;\">\u2022 \u2022 \u2022<\/p><\/h1>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"13-stop-logging-preparing-for-the-first-start-and-restarting-the-system\">12. Stop logging, preparing for the first start and restarting the system<\/h5>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n# Preparing the system for the first start (we don't need nginx running if not needed)\nsudo systemctl stop nginx\n\n# To start TACA (TorBox Automatic Countermeasure Actions), notices.log has to be present\nsudo -u debian-tor touch \/var\/log\/tor\/notices.log\nsudo chmod -R go-rwx \/var\/log\/tor\/notices.log\n\n# Stop logging\nsudo systemctl stop rsyslog\nsudo systemctl disable rsyslog\nsudo systemctl mask rsyslog\nsudo systemctl stop systemd-journald-dev-log.socket\nsudo systemctl stop systemd-journald-audit.socket\nsudo systemctl stop systemd-journald.socket\nsudo systemctl stop systemd-journald.service\nsudo systemctl mask systemd-journald.service\n\n# Remove log files and history\nsudo rm \/var\/log\/*\nsudo journalctl --vacuum-size=1M\nhistory -c\n\n# This is not mandatory, but we recommend to start our image preparation script \n# (even if you don't make an image) to check the installation and perform some \n# routine cleaning tasks\ncd \/home\/torbox\/torbox\nbash install\/prepare_image.sh\n\n# If you don't want to use our preparation script (prepare_image.sh) in TorBox \n# Menu's install folder, you have at least to set the right start trigger in torbox.run\n# This is necessary for starting the \"first use\" configuration dialogue.\nsudo sed -i \"s\/^FRESH_INSTALLED=.*\/FRESH_INSTALLED=2\/\" \/home\/torbox\/torbox\/run\/torbox.run\n\n# Restart the system\nsudo reboot\n<\/pre><\/div>\n\n\n<p>After restarting the system, connect your client to the new WiFi &#8220;TorBox055&#8221; (password:&nbsp;<strong>CHANGE-IT<\/strong>). Log into the TorBox by using a&nbsp;<a href=\"https:\/\/www.torbox.ch\/?page_id=112#which-ssh-client-do-you-prefer\" target=\"_blank\" rel=\"noreferrer noopener\">SSH client<\/a>&nbsp;(<strong>192.168.42.1<\/strong>&nbsp;on a WiFi client,&nbsp;<strong>192.168.43.1<\/strong>&nbsp;on a cable client or&nbsp;<strong>192.168.44.1<\/strong>&nbsp;when connected via VPN or if you use&nbsp;<a href=\"https:\/\/www.torbox.ch\/?page_id=3544\" target=\"_blank\" rel=\"noreferrer noopener\">TorBox mini<\/a>&nbsp;on a&nbsp;<a href=\"https:\/\/www.raspberrypi.com\/products\/raspberry-pi-zero-2-w\/\" target=\"_blank\" rel=\"noreferrer noopener\">Raspberry Pi Zero 2 W<\/a>&nbsp;as a RNDIS\/Ethernet Gadget) or a web browser (<a href=\"http:\/\/192.168.42.1\" target=\"_blank\">http:\/\/192.168.42.1<\/a>&nbsp;on a WiFi client,&nbsp;<a href=\"http:\/\/192.168.43.1\/\" target=\"_blank\" rel=\"noreferrer noopener\">http:\/\/192.168.43.1<\/a>&nbsp;on a cable client or&nbsp;<a href=\"http:\/\/192.168.44.1\/\" target=\"_blank\" rel=\"noreferrer noopener\">192.168.44.1<\/a>&nbsp;when connected via VPN or using TorBox mini). After&nbsp;<a href=\"https:\/\/www.torbox.ch\/?page_id=2637\">seeing a welcome screen and answering initial questions during the first start-up<\/a>, you see the&nbsp;<a href=\"https:\/\/www.torbox.ch\/?page_id=775\" target=\"_blank\" rel=\"noreferrer noopener\">TorBox Main Menu<\/a>. Immediately&nbsp;<strong>change the default passwords<\/strong>&nbsp;(the associated entries are placed in the&nbsp;<a href=\"https:\/\/www.torbox.ch\/?page_id=875\" target=\"_blank\" rel=\"noreferrer noopener\">configuration sub-menu<\/a>). Check if your data stream is routed through the Tor network: <a href=\"https:\/\/check.torproject.org\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/check.torproject.org<\/a><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Whether you like to implement TorBox in an existing system, on another hardware, or on another operating system, or you don\u2019t trust an image file which you didn\u2019t bundle yourself, this detailed manual helps you build a TorBox from scratch. This manual is written for Raspberry Pi OS &#8220;Bookworm&#8221; Lite (64-bit) (based on Debian 13 &hellip; <a href=\"https:\/\/www.torbox.ch\/?page_id=205\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;I want to build it from scratch on a Raspberry Pi with Raspberry Pi OS Lite!&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_uag_custom_page_level_css":"","footnotes":""},"class_list":["post-205","page","type-page","status-publish","hentry"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"post-thumbnail":false},"uagb_author_info":{"display_name":"John Doe","author_link":"https:\/\/www.torbox.ch\/?author=2"},"uagb_comment_info":0,"uagb_excerpt":"Whether you like to implement TorBox in an existing system, on another hardware, or on another operating system, or you don\u2019t trust an image file which you didn\u2019t bundle yourself, this detailed manual helps you build a TorBox from scratch. This manual is written for Raspberry Pi OS &#8220;Bookworm&#8221; Lite (64-bit) (based on Debian 13&hellip;","_links":{"self":[{"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/pages\/205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.torbox.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=205"}],"version-history":[{"count":168,"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/pages\/205\/revisions"}],"predecessor-version":[{"id":4076,"href":"https:\/\/www.torbox.ch\/index.php?rest_route=\/wp\/v2\/pages\/205\/revisions\/4076"}],"wp:attachment":[{"href":"https:\/\/www.torbox.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}