Is it possible to route all traffic through TOR similar to Tails?

Hardware Librem 5
1

So having seen Orbot on Graphene OS, I was curious if there was a way to route all traffic through TOR. Has there been any progress in TOR browser for mobile? Is Wireguard the best option we get?

Thank you!

3 Likes
2

I donā€™t have my phone yet, but is there some reason TOR doesnt work on on the Librem 5? I canā€™t see why it wouldnt. Also AFAIK pure OS has different spoofing capabilities on top of the built-in environment protections (like tails).

1 Like
3

Tor is available in the package repo, and can be installed with following command:

sudo apt install -y tor torsocks

A Tor socks5 proxy will start on port 9050. You can proxy applications through Tor with torsocks:

torsocks curl https://check.torproject.org | grep 'Congrat'

however, not all programs are supported, nor will this route all traffic through Tor.

The answer is likely yes, but there is some nuance. TAILS does not route all traffic through Tor per se, but rather routes specific traffic through Tor, and then simply blocks all other traffic. Since both TAILS and PureOS are built on top of Debian and use similar package repos, you could in theory apply the same configuration TAILS is using. Iā€™ve actually tried this, but ran into an issue with the ferm (the firewall used by TAILS) config and havenā€™t had time to look into it further. You can read more about TAILSā€™s tor enforcement process here: https://tails.boum.org/contribute/design/Tor_enforcement/

Correct me if Iā€™m wrong, but if I recall correctly Orbot does not actually route all traffic through Tor, but rather routes traffic for apps that are configured to use Orbotā€™s proxy through Tor. While Orbot is active, non-Tor traffic is not blocked.

4 Likes
4

You are absolutely correct, and thank you for your expertise. Is there a TOR browser that works on ARM yet?

To be more specific an import of the tor browser to ARM.

2 Likes
5

Script to redirect all traffic through tor network including dns queries for anonymizing entire system by BlackArch

*Any data that does not support SOCKS protocol cannot be routed through the Tor Network.

  • Therefore, it is not possible to route ā€œallā€ traffic through the Tor Network.

This script works great on Debian and Mobian.
Work on Pure OS too, but it seems to me that it can be a bit ā€œTrcky - freezingā€
I wait a little longer for the network connection, and I use restart scripts a little more often.

sudo apt install tor macchanger secure-delete

sudo apt install git

git clone GitHub - BlackArch/torctl: Script to redirect all traffic through tor network including dns queries for anonymizing entire system

cd torctl

sudo mv service/* /etc/systemd/system/

sudo mv bash-completion/torctl /usr/share/bash-completion/completions/torctl

Edit the input commands of the script.

sed -i ā€˜s/start_service iptables//ā€™ torctl

sed -i ā€˜s/TOR_UID=ā€œtorā€/TOR_UID=ā€œdebian-torā€/ā€™ torctl

sudo mv torctl /usr/local/bin/torctl.

Remove the Torctl script from the original folder.

cd ā€¦ && rm -rf torctl/

Use Torctl Terminal commands:

Display list of commands:
torctl --help
Find your IP address:
torctl ip
Start Torctl and start routing traffic:
sudo torctl start
Stop Torctl:
sudo torctl stop
Check Torctl status:
torctl status
Change your IP address on the Tor Network:
sudo torctl chngid
Change MAC address:
sudo torctl chngmac
Recover original MAC address:
sudo torctl rvmac
Automatically start Torctl on startup:
sudo systemctl enable torctl-autostart.service
Remove Torctl from startup services:
sudo systemctl disable torctl-autostart.service
Add automatic memory cleaning when you shut down your computer:
sudo systemctl enable torctl-autowipe.service
Disable automatic memory cleaning:
sudo systemctl disable torctl-autowipe.service

Firefox settings
ā€¦ Settings + Network Settings + Configure Proxy Access to the Internet
(3) Use system proxy settings + OK (save)
if you want the browser to access the Internet exclusively over the Tor network, set it manually.
Sock Host : 127.0.0.0 Port 9050 Sock v5 and proxy DNS if you wish

*during the installation of macchanger I chose to change mac at every boot so I donā€™t know if I duplicated the command with torctl, however it works.
*after starting the system check if the Tor network is active if not # sudo torctl restart

reference:

3 Likes
6

after a few days i notice:

starting the system : open terminal

sudo torctl status

[+] torctl is started
[+] tor service is: active
[+] torctl-autowipe service is: enabled
[+] torctl-autostart service is: enabled

it is ok

starting wireless net.

curl ifconfig.me

51.49.231.159

whois 51.49.231.159

ā€¦ my ISP

so does not route through tor

sudo torctl restart

curl ifconfig.me

403 Forbidden

ok itā€™s look like tor :slight_smile:

curl ident.me
185.218.101.170

whois 185.218.101.170

%ERROR:201: access denied for ā€¦

yes it is :slight_smile:

ip a

sudo macchanger -s wlan0

Current MAC: d0:00:6a:06:49:27 (Samsung Electronics Co.,Ltd)
Permanent MAC: 99:2c:72:bf:58:90 (unknown)

macchanger has a proper status
sleep & wake up has a proper status
for an unknown reason, the script needs to be restarted every time after turning on/off the device.

1 Like