mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
Translated by qhwdw
This commit is contained in:
parent
366c131488
commit
19bd248716
@ -1,134 +0,0 @@
|
||||
Translating by qhwdw
|
||||
Turn Your Raspberry Pi into a Tor Relay Node
|
||||
======
|
||||
|
||||
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/tor-onion-router.jpg?itok=6WUl0ElH)
|
||||
|
||||
If you’re anything like me, you probably got yourself a first- or second-generation Raspberry Pi board when they first came out, played with it for a while, but then shelved it and mostly forgot about it. After all, unless you’re a robotics enthusiast, you probably don’t have that much use for a computer with a pretty slow processor and 256 megabytes of RAM. This is not to say that there aren’t cool things you can do with one of these, but between work and other commitments, I just never seem to find the right time for some good old nerding out.
|
||||
|
||||
However, if you would like to put it to good use without sacrificing too much of your time or resources, you can turn your old Raspberry Pi into a perfectly functioning Tor relay node.
|
||||
|
||||
### What is a Tor Relay node
|
||||
|
||||
You have probably heard about the [Tor project][1] before, but just in case you haven’t, here’s a very quick summary. The name “Tor” stands for “The Onion Router” and it is a technology created to combat online tracking and other privacy violations.
|
||||
|
||||
Everything you do on the Internet leaves a set of digital footprints in every piece of equipment that your IP packets traverse: all of the switches, routers, load balancers and destination websites log the IP address from which your session originated and the IP address of the internet resource you are accessing (and often its hostname, [even when using HTTPS][2]). If you’re browsing from home, then your IP can be directly mapped to your household. If you’re using a VPN service ([as you should be][3]), then your IP can be mapped to your VPN provider, and then they are the ones who can map it to your household. In any case, odds are that someone somewhere is assembling an online profile on you based on the sites you visit and how much time you spend on each of them. Such profiles are then sold, aggregated with matching profiles collected from other services, and then monetized by ad networks. At least, that’s the optimist’s view of how that data is used -- I’m sure you can think of many examples of how your online usage profiles can be used against you in much more nefarious ways.
|
||||
|
||||
The Tor project attempts to provide a solution to this problem by making it impossible (or, at least, unreasonably difficult) to trace the endpoints of your IP session. Tor achieves this by bouncing your connection through a chain of anonymizing relays, consisting of an entry node, relay node, and exit node:
|
||||
|
||||
1. The **entry node** only knows your IP address, and the IP address of the relay node, but not the final destination of the request;
|
||||
|
||||
2. The **relay node** only knows the IP address of the entry node and the IP address of the exit node, and neither the origin nor the final destination
|
||||
|
||||
3. The **exit node** **** only knows the IP address of the relay node and the final destination of the request; it is also the only node that can decrypt the traffic before sending it over to its final destination
|
||||
|
||||
|
||||
|
||||
|
||||
Relay nodes play a crucial role in this exchange because they create a cryptographic barrier between the source of the request and the destination. Even if exit nodes are controlled by adversaries intent on stealing your data, they will not be able to know the source of the request without controlling the entire Tor relay chain.
|
||||
|
||||
As long as there are plenty of relay nodes, your privacy when using the Tor network remains protected -- which is why I heartily recommend that you set up and run a relay node if you have some home bandwidth to spare.
|
||||
|
||||
#### Things to keep in mind regarding Tor relays
|
||||
|
||||
A Tor relay node only receives encrypted traffic and sends encrypted traffic -- it never accesses any other sites or resources online, so you do not need to worry that someone will browse any worrisome sites directly from your home IP address. Having said that, if you reside in a jurisdiction where offering anonymity-enhancing services is against the law, then, obviously, do not operate your own Tor relay. You may also want to check if operating a Tor relay is against the terms and conditions of your internet access provider.
|
||||
|
||||
### What you will need
|
||||
|
||||
* A Raspberry Pi (any model/generation) with some kind of enclosure
|
||||
|
||||
* An SD card with [Raspbian Stretch Lite][4]
|
||||
|
||||
* An ethernet cable
|
||||
|
||||
* A micro-USB cable for power
|
||||
|
||||
* A keyboard and an HDMI-capable monitor (to use during the setup)
|
||||
|
||||
|
||||
|
||||
|
||||
This guide will assume that you are setting this up on your home connection behind a generic cable or ADSL modem router that performs NAT translation (and it almost certainly does). Most of them have a USB port you can use to power up your Raspberry Pi, and if you’re only using the wifi functionality of the router, then it should have a free ethernet port for you to plug into. However, before we get to the point where we can set-and-forget your Raspberry Pi, we’ll need to set it up as a Tor relay node, for which you’ll need a keyboard and a monitor.
|
||||
|
||||
### The bootstrap script
|
||||
|
||||
I’ve adapted a popular Tor relay node bootstrap script for use with Raspbian Stretch -- you can find it in my GitHub repository here: <https://github.com/mricon/tor-relay-bootstrap-rpi>. Once you have booted up your Raspberry Pi and logged in with the default “pi” user, do the following:
|
||||
```
|
||||
sudo apt-get install -y git
|
||||
git clone https://github.com/mricon/tor-relay-bootstrap-rpi
|
||||
cd tor-relay-bootstrap-rpi
|
||||
sudo ./bootstrap.sh
|
||||
|
||||
```
|
||||
|
||||
Here is what the script will do:
|
||||
|
||||
1. Install the latest OS updates to make sure your Pi is fully patched
|
||||
|
||||
2. Configure your system for automated unattended updates, so you automatically receive security patches when they become available
|
||||
|
||||
3. Install Tor software
|
||||
|
||||
4. Tell your NAT router to forward the necessary ports to reach your relay (the ports we’ll use are 443 and 8080, since they are least likely to be filtered by your internet provider)
|
||||
|
||||
|
||||
|
||||
|
||||
Once the script is done, you’ll need to configure the torrc file -- but first, decide how much bandwidth you’ll want to donate to Tor traffic. First, type “[Speed Test][5]” into Google and click the “Run Speed Test” button. You can disregard the “Download speed” result, as your Tor relay can only operate as fast as your maximum upload bandwidth.
|
||||
|
||||
Therefore, take the “Mbps upload” number, divide by 8 and multiply by 1024 to find out the bandwidth speed in Kilobytes per second. E.g. if you got 21.5 Mbps for your upload speed, then that number is:
|
||||
```
|
||||
21.5 Mbps / 8 * 1024 = 2752 KBytes per second
|
||||
|
||||
```
|
||||
|
||||
You’ll want to limit your relay bandwidth to about half that amount, and allow bursting to about three-quarters of it. Once decided, open /etc/tor/torrc using your favourite editor and tweak the bandwidth settings.
|
||||
```
|
||||
RelayBandwidthRate 1300 KBytes
|
||||
RelayBandwidthBurst 2400 KBytes
|
||||
|
||||
```
|
||||
|
||||
Of course, if you’re feeling more generous, then feel free to put in higher numbers, though you don’t want to max out your outgoing bandwidth -- it will noticeably impact your day-to-day usage if these numbers are set too high.
|
||||
|
||||
While you have that file open, you should set two more things. First, the Nickname -- just for your own recordkeeping, and second the ContactInfo line, which should list a single email address. Since your relay will be running unattended, you should use an email address that you regularly check -- you will receive an alert from the “Tor Weather” service if your relay goes offline for longer than 48 hours.
|
||||
```
|
||||
Nickname myrpirelay
|
||||
ContactInfo you@example.com
|
||||
|
||||
```
|
||||
|
||||
Save the file and reboot the system to start the Tor relay.
|
||||
|
||||
### Testing to make sure Tor traffic is flowing
|
||||
|
||||
If you would like to make sure that the relay is functioning, you can run the “arm” tool:
|
||||
```
|
||||
sudo -u debian-tor arm
|
||||
|
||||
```
|
||||
|
||||
It will take a while to start, especially on older-generation boards, but eventually it will show you a bar chart of incoming and outgoing traffic (or error messages that will help you troubleshoot your setup).
|
||||
|
||||
Once you are convinced that everything is functioning, you can unplug the keyboard and the monitor and relocate the Raspberry Pi into the basement where it will quietly sit and shuffle encrypted bits around. Congratulations, you’ve helped improve privacy and combat malicious tracking online!
|
||||
|
||||
Learn more about Linux through the free ["Introduction to Linux" ][6] course from The Linux Foundation and edX.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.linux.com/blog/intro-to-linux/2018/6/turn-your-raspberry-pi-tor-relay-node
|
||||
|
||||
作者:[Konstantin Ryabitsev][a]
|
||||
选题:[lujun9972](https://github.com/lujun9972)
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:https://www.linux.com/users/mricon
|
||||
[1]:https://www.torproject.org/
|
||||
[2]:https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications
|
||||
[3]:https://www.linux.com/blog/2017/10/tips-secure-your-network-wake-krack
|
||||
[4]:https://www.raspberrypi.org/downloads/raspbian/
|
||||
[5]:https://www.google.com/search?q=speed+test
|
||||
[6]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
|
@ -0,0 +1,133 @@
|
||||
将你的树莓派打造成一个 Tor 中继节点
|
||||
======
|
||||
|
||||
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/tor-onion-router.jpg?itok=6WUl0ElH)
|
||||
|
||||
你是否和我一样,在第一代或者第二代树莓派发布时买了一个,玩了一段时间就把它搁置“吃灰”了。毕竟,除非你是机器人爱好者,否则一般不太可能去长时间使用一个处理器很慢的并且内存只有 256 MB 的计算机的。这并不是说你不能用它去做一件很酷的东西,但是在工作和其它任务之间,我还没有看到用一些旧的物件发挥新作用的机会。
|
||||
|
||||
然而,如果你想去好好利用它并且不想花费你太多的时间和资源的话,可以将你的旧树莓派打造成一个完美的 Tor 中继节点。
|
||||
|
||||
### Tor 中继节点是什么
|
||||
|
||||
在此之前你或许听说过 [Tor 项目][1],如果恰好你没有听说过,我简单给你介绍一下,“Tor” 是 “The Onion Router(洋葱路由器)” 的缩写,它是用来对付在线追踪和其它违反隐私行为的技术。
|
||||
|
||||
不论你在因特网上做什么事情,都会在你的 IP 包通过的设备上留下一些数字“脚印”:所有的交换机、路由器、负载均衡,以及目标网络记录的来自你的原始会话的 IP 地址,以及你访问的因特网资源(经常是主机名、[甚至是在使用 HTTPS 时][2])的 IP 地址。如何你是在家中上因特网,那么你的 IP 地址可以直接映射到你的家庭所在地。如果你使用了 VPN 服务([你应该使用][3]),那么你的 IP 地址是映射到你的 VPN 提供商那里,而 VPN 提供商是可以映射到你的家庭所在地的。无论如何,有可能在某个地方的某个人正在根据你访问的网络和在网站上呆了多长时间来为你建立一个个人的在线资料。然后将这个资料进行出售,并与从其它服务上收集的资料进行聚合,然后利用广告网络进行赚钱。至少,这是乐观主义者对如何利用这些数据的一些看法 —— 我相信你还可以找到更多的更恶意地使用这些数据的例子。
|
||||
|
||||
Tor 项目尝试去提供一个解决这种问题的方案,使它们不可能(或者至少是更加困难)追踪到你的终端 IP 地址。Tor 是通过让你的连接在一个由匿名的入口节点、中继节点、和出口节点组成的匿名中继链上反复跳转的方式来实现防止追踪的目的:
|
||||
|
||||
1. **入口节点** 只知道你的 IP 地址和中继节点的 IP 地址,但是不知道你最终要访问的目标 IP 地址
|
||||
|
||||
2. **中继节点** 只知道入口节点和出口节点的 IP 地址,以及即不是源也不是最终目标的 IP 地址
|
||||
|
||||
3. **出口节点** 仅知道中继节点和最终目标地址,它是在到达最终目标地址之前解密流量的节点
|
||||
|
||||
|
||||
|
||||
|
||||
中继节点在这个交换过程中扮演一个关键的角色,因为它在源请求和目标地址之间创建了一个加密的障碍。甚至在意图偷窥你数据的对手控制了出口节点的情况下,在他们没有完全控制整个 Tor 中继链的情况下仍然无法知道请求源在哪里。
|
||||
|
||||
只要存在大量的中继节点,你的隐私被会得到保护 —— 这就是我为什么真诚地建议你,如果你的家庭宽带有空闲的时候去配置和运行一个中继节点。
|
||||
|
||||
#### 考虑去做 Tor 中继时要记住的一些事情
|
||||
|
||||
一个 Tor 中继节点仅发送和接收加密流量 —— 它从不访问任何其它站点或者在线资源,因此你不用担心有人会利用你的家庭 IP 地址去直接浏览一些令人担心的站点。话虽如此,但是如果你居住在一个提供匿名增强服务(anonymity-enhancing services)是违法行为的司法管辖区的话,那么你还是不要运营你的 Tor 中继节点了。你还需要去查看你的因特网服务提供商的服务条款是否允许你去运营一个 Tor 中继。
|
||||
|
||||
### 需要哪些东西
|
||||
|
||||
* 一个带完整外围附件的树莓派(任何型号/代次都行)
|
||||
|
||||
* 一张有 [Raspbian Stretch Lite][4] 的 SD 卡
|
||||
|
||||
* 一根以太网线缆
|
||||
|
||||
* 一根用于供电的 micro-USB 线缆
|
||||
|
||||
* 一个键盘和带 HDMI 接口的显示器(在配置期间使用)
|
||||
|
||||
|
||||
|
||||
|
||||
本指南假设你已经配置好了你的家庭网络连接的线缆或者 ADSL 路由器,它用于运行 NAT 转换(它几乎是必需的)。大多数型号的树莓派都有一个可用于为树莓派供电的 USB 端口,如果你只是使用路由器的 WiFi 功能,那么路由器应该有空闲的以太网口。但是在我们将树莓派设置为一个“配置完不管”的 Tor 中继之前,我们还需要一个键盘和显示器。
|
||||
|
||||
### 引导脚本
|
||||
|
||||
我改编了一个很流行的 Tor 中继节点引导脚本以适配树莓派上使用 —— 你可以在我的 GitHub 仓库 <https://github.com/mricon/tor-relay-bootstrap-rpi> 上找到它。你用它引导树莓派并使用缺省的用户 “pi” 登入之后,做如下的工作:
|
||||
```
|
||||
sudo apt-get install -y git
|
||||
git clone https://github.com/mricon/tor-relay-bootstrap-rpi
|
||||
cd tor-relay-bootstrap-rpi
|
||||
sudo ./bootstrap.sh
|
||||
|
||||
```
|
||||
|
||||
这个脚本将做如下的工作:
|
||||
|
||||
1. 安装最新版本的操作系统更新以确保树莓派打了所有的补丁
|
||||
|
||||
2. 将系统配置为无人值守自动更新,以确保有可用更新时会自动接收并安装
|
||||
|
||||
3. 安装 Tor 软件
|
||||
|
||||
4. 告诉你的 NAT 路由器去转发所需要的端口(端口一般是 443 和 8080,因为这两个端口最不可能被因特网提供商过滤掉)上的数据包到你的中继节点
|
||||
|
||||
|
||||
|
||||
|
||||
脚本运行完成后,你需要去配置 torrc 文件 —— 但是首先,你需要决定打算贡献给 Tor 流量多大带宽。首先,在 Google 中输入 “[Speed Test][5]”,然后点击 “Run Speed Test” 按钮。你可以不用管 “Download speed” 的结果,因为你的 Tor 中继能处理的速度不会超过最大的上行带宽。
|
||||
|
||||
所以,将 “Mbps upload” 的数字除以 8,然后再乘以 1024,结果就是每秒多少 KB 的宽带速度。比如,如果你得到的上行带宽是 21.5 Mbps,那么这个数字应该是:
|
||||
```
|
||||
21.5 Mbps / 8 * 1024 = 2752 KBytes per second
|
||||
|
||||
```
|
||||
|
||||
你可以限制你的中继带宽为那个数字的一半,并允许突发带宽为那个数字的四分之三。确定好之后,使用喜欢的文本编辑器打开 /etc/tor/torrc 文件,调整好带宽设置。
|
||||
```
|
||||
RelayBandwidthRate 1300 KBytes
|
||||
RelayBandwidthBurst 2400 KBytes
|
||||
|
||||
```
|
||||
|
||||
当然,如果你想更慷慨,你可以将那几个设置的数字调的更大,但是尽量不要设置为最大的出口带宽 —— 如果设置的太高,它会影响你的日常使用。
|
||||
|
||||
你打开那个文件之后,你应该去设置更多的东西。首先是昵称 —— 只是为了你自己保存记录,第二个是联系信息,只需要一个电子邮件地址。由于你的中继是运行在无人值守模式下的,你应该使用一个定期检查的电子邮件地址 —— 如果你的中继节点离线超过 48 个小时,你将收到 “Tor Weather” 服务的告警信息。
|
||||
```
|
||||
Nickname myrpirelay
|
||||
ContactInfo you@example.com
|
||||
|
||||
```
|
||||
|
||||
保存文件并重引导系统去启动 Tor 中继。
|
||||
|
||||
### 测试它确认有 Tor 流量通过
|
||||
|
||||
如果你想去确认中继节点的功能,你可以运行 “arm” 工具:
|
||||
```
|
||||
sudo -u debian-tor arm
|
||||
|
||||
```
|
||||
|
||||
它需要一点时间才显示,尤其是在老板子上。它通常会给你显示一个表示入站和出站流量(或者是错误信息,它将有助于你去排错)的柱状图。
|
||||
|
||||
一旦你确信它运行正常,就可以将键盘和显示器拔掉了,然后将树莓派放到地下室,它就可以在那里悄悄地呆着并到处转发加密的比特了。恭喜你,你已经帮助去改善隐私和防范在线的恶意跟踪了!
|
||||
|
||||
通过来自 Linux 基金会和 edX 的免费课程 ["Linux 入门" ][6] 来学习更多的 Linux 知识。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.linux.com/blog/intro-to-linux/2018/6/turn-your-raspberry-pi-tor-relay-node
|
||||
|
||||
作者:[Konstantin Ryabitsev][a]
|
||||
选题:[lujun9972](https://github.com/lujun9972)
|
||||
译者:[qhwdw](https://github.com/qhwdw)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:https://www.linux.com/users/mricon
|
||||
[1]:https://www.torproject.org/
|
||||
[2]:https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications
|
||||
[3]:https://www.linux.com/blog/2017/10/tips-secure-your-network-wake-krack
|
||||
[4]:https://www.raspberrypi.org/downloads/raspbian/
|
||||
[5]:https://www.google.com/search?q=speed+test
|
||||
[6]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
|
Loading…
Reference in New Issue
Block a user