A common theme in many of the #iranelection tweets has been requests for proxies or TOR bridges. Initially, I set up an SSH connection that people could use. However, SSH connections are fairly geeky and there were reports that Iran was blocking SSH. I also tried setting up an Apache proxy, but I couldn’t get that to work. I didn’t get around to trying Squid.

However, I’ve long been interested in TOR. TOR, or The Onion Router, is a popular system for anonymizing web traffic and getting past firewalls. I’ve had friends who have worked for the TOR project, so I felt it was time to set up a TOR Bridge.

The first place I looked was The TOR project’s Relay Documentation. The Linux instructions were based on pulling down a tarball and compiling it. Much messier than doing a nice install on a Ubuntu machine. So, the second place I looked was the TOR community on Ubuntu. Their installation procedure is simple and secure and went very easily.

However, getting it to work smoothly presented a few additional challenges. The default configuration appeared to support only the use of TOR from the local machine. I wanted to make it into a bridge that others could use. The first configuration option I needed to change was the listen-address in the /etc/privoxy/config file. The default is to only listen to the local host. Depending on the interfaces you have, you can listen just to an internal network, just to an external network, or to the whole world. If you want to make your privoxy available to everyone, you probably need to change the listen-address to 0.0.0.0:8118. You also need to set the forward-forks4a to 127.0.0.1:9050

Over on the TOR side, there are a few configuration changes that you may want to make. First, in the tor-tsocks.conf file, you need to specify who can use the socks interface. The problem you have to be careful about is making sure that the tor-tsocks.conf is listening where the privoxy forward-forsk4a is directing traffic. If you change interfaces or ports in one, you need to make sure you change it in the other.

The next part is to get the bridge set up. The TOR documentation talks about using Vidalia. This is all well and good, if you have fullscreen access to your bridge. However, if you are working on a hosting service machine that you are only accessing via SSH, then you may want to go in and edit the torrc file directly. You need to make sure that the SocksPort is set up pointing the desired port and the SocksListenAddress to the interface you want, again, using 0.0.0.0 as the address if you want everyone to have access.

Further down the file there is a line called ContactInfo where you should put some way for people to contact you. Then, to enable bridging, you need to open up the ORPort and the DirPort. Initially, I didn’t do this and I wondered why I never got any external connections. On the other hand, do not turn on the ORListenAddress and the DirListenAddress unless you have some sort of port forwarding. I missed that and initially enabled that option and also wondered why I wasn’t getting any traffic.

You may also want to set up an ExitPolicy if you are particularly worried about how people might use your TOR bridge. For me, the other important thing to set up was the bandwidth throttling. My hosting agreement provides 200 GB a month. Currently, using less than half of that, so I figured I would make the other half available to the TOR bridge. I could simply put up an monthly AccountingMax of 100 GB. However, that might provide access for the next 20 days, and then I would be offline for 10 days. Instead, I figured it was better to make 3 GB available on a daily basis.

With this set up, I’ve now run for a day. At my reset time, I received a message that it was starting hibernation for about four hours. During this time, I cannot use privoxy on my server and no one can get out via the TOR bridge.

So far, it has been working well. I do get warning messages about Socks version xx not recognized. (Tor is not an http proxy.) I’m not sure what is miss configured yet, and that remains my one outstanding issue.

Setting up TOR on a Ubuntu server was fairly easy and if you have an Ubuntu server and this wasn’t too geeky for you, I would encourage you to set up a similar server. It will be interesting to see if the conflict in Iran will result in many more Ubuntu servers. Are you providing a proxy or a TOR Bridge? What have your experiences been?