Table of Contents

Contents

  1. Step 1: Your router/firewall and you.
  2. Step 2: Tor as a client and a relay, because you rule.
    1. 2a) Download Tor
    2. 2b) Install Tor as a Client
    3. 2c) Reconfigure Tor to be a relay as well as client
    4. 2d) Tying up the loose ends
  3. Step 3. Making Tor Work For You
    1. 3a) Out with the old, in with the new
    2. 3b) Anonymize Yourself
    3. 3c) Configure the Privoxy/Tor combination to work with your browser
    4. 3d) Firefox strikes again
  4. Step 4: The spoils of war

This is a complete walkthrough for Windows users. Let's admit it, most of us don't use UNIX, and it is a bit more complicated, especially trying to sift through directions for multiple operating systems. Well, I put all the directions and manuals together for you Windows users. You shouldn't need to read anything else if you follow all these directions. At the end of this guide, you will be anonymizing yourself through the Tor network, sharing a little bandwidth as a Tor server, smoothing out the interface, and configuring it. It really isn't very difficult, and we all benefit when you give back to the community.

This guide is slightly presumptuous, but it must be to remain as straight-forward as possible. As a typical Windows user, we are assuming you have administrator access to your own machine, have broadband Internet service, and you've got either a router or firewall between your computer and your internet connection. If you don't have a firewall or router, skip step 1. If you don't have a fast internet connection, or you don't want to contribute any bandwidth to tor network, skip steps 2c, and 2d.

Step 1: Your router/firewall and you.

Many of us broadband DSL/Cablemodem users have a nice little router we use, which often acts as a firewall. You may also have a direct connection to the internet with only a firewall to protect your precious ports. Either way, this will be a problem initially, so lets solve it.

If you have a router, you will first want to make sure the Tor traffic can reach your system.

Log into your router and go to the Port Forwarding or Virtual Server section, or if you are firewalled, go into your config and follow these instructions.

Open/Forward the ports to your machine so the attempted connections don't get obliterated when the servers are trying to talk to your machine.

Open up port 443 for Tor service advertisement, the orport. Also open up port 80 for the Tor directory mirror, the dirport. Why 443 and 80? Because many hopeful Tor users are firewalled for one reason or another, and they can't get to your non-standard ports. This helps those who have been electronicly censored by their government, ISP, or corporation; all of whom we would definitely like to offer support with the Tor service. You can change the configuration of these ports later if you change your mind. For those of you using a router, make sure you are forwarding it to your IP inside the network. If you don't know your IP inside the network, go to Start | Run then type in cmd or command and hit enter. Now type in ipconfig and it will read you off your IP address. In this case, my internal one is 192.168.0.2. BTW, you might want to make sure your IP is static inside your network, otherwise this will fail if your IP changes. Just go into your network properties, and change TCP/IP from being "assigned by server" to whatever your current address is, which should work immediately if you are an XP user. You might also want to change your routers settings from assigning by DHCP if you get a conflict.

step1

Step 2: Tor as a client and a relay, because you rule.

While installing Tor, especially if you're a broadband user, you might want to think about being so kind as to run Tor as a relay as well. Don't worry, you won't have to expose yourself to risk if you are worried your ISP will hate you for supporting free speech.

2a) Download Tor

First, download the latest version of Tor executable for Win32. I suggest getting the latest version, but if you're unsure, get the latest stable version. Download either from the Tor Download Page.

Install the program. I suggest using the default directories.

Disregard the Win32 installation instructions, except for in the order I give them.

2b) Install Tor as a Client

Complete ONLY step 1 of Installing Tor for Windows

2c) Reconfigure Tor to be a relay as well as client

Much of this is abbreviated from Tor Relay Config which I suggest you read when you're done and if you encounter problems.

Now that Tor is installed as a client, let's configure it as a relay.

First make sure your system time in windows synchronizes with the time server. Double-click on your time in the bottom right of the start bar, go to the Internet Time tab and make sure it is checked off.

step2c

Now we are going to edit your torrc configureation file, which you should be able to find from your program menu. If not, do a windows search for it. When you edit it, be sure you save it as torrc (just hit the save button) and not torrc.txt.

Your torrc file is everything. It determines how your computer acts, relay or client. For this purpose, I will give you two options which you can change to your liking, but generally work well. If you are already using your machine as a webserver, I suggest you change your ports to something you're not using. Replace your entire torrc with one of the following...

(Preferred) If you want to run a server where other people get to use your IP: 

Nickname PUT IN A NICKNAME FOR YOUR SERVER
Address INSERT YOUR STATIC IP ADDRESS OR DOMAIN NAME HERE
ContactInfo <INSERTYOUR@EMAIL.ADDRESS>
SocksPort 9050
SocksBindAddress 127.0.0.1
DataDirectory CREATE A DIRECTORY
ControlPort 9051
ORPort 443
DirPort 80
NumCPUs 1
BandwidthRate 200 KB

OR If you want to help out but DON'T want your IP being used: 

Nickname PUT IN A NICKNAME FOR YOUR SERVER
Address INSERT YOUR STATIC IP ADDRESS OR DOMAIN NAME HERE
ContactInfo <INSERTYOUR@EMAIL.ADDRESS>
SocksPort 9050
SocksBindAddress 127.0.0.1
DataDirectory CREATE A DIRECTORY
ControlPort 9051
ORPort 443
DirPort 80
NumCPUs 1
BandwidthRate 200 KB
ExitPolicy reject *:*

(The exit policy reject *:* line makes it to where your computer can't be an exit node, and the only logical alternative is that it can only exist in the beginning or middle of a Tor circuit. So you still help out, and we thank you for being a relay.)

If you can't afford to spare this much bandwidth, just knock it down at bandwidthrate in the torrc. If you think you can afford more, we appreciate it!

Don't forget to actually create the directory you specified for datadirectory. You might consider downloading a program to do on the fly encryption of the directory so it is even more secure for users.

So as an example, here is the Arrakis server's torrc, which you should NOT copy verbatim. To learn more about the torrc and how it can be configured, check out the tor manual. 

Nickname arrakis
Address arrakis.dynalias.org
ContactInfo <arrakistor@gmail.com>
SocksPort 9050
SocksBindAddress 127.0.0.1
DataDirectory D:\tordata
ControlPort 9051
ORPort 443
NumCPUs 1
BandwidthRate 400 KB
DirPort 80

WAIT, I'M A BROADBAND USER, AND I DON'T HAVE A STATIC IP!

Well, so am I. An excellent way around this is a free dynamic DNS/IP service. A really good one is DynDNS

Create an account, pick out an address (like I did with arrakis.dynalias.org), and set the manager to point that address to your computer/router's IP. It is suggested you put the word "proxy" or "tor-proxy" or "anon" in the server so ISPs and admins don't get the impression that any possible abuses are coming from you as a user.

One problem with having a dynamic IP and DNS service to match, is that the DNS service needs to be notified when your IP changes, so they can redirect the traffic to your computer/router. Some of you may have a router with advanced features such as dynamic DNS service handling, and obviously this would be the easiest method. Below you can see how my Netgear router does the work for me.

step2cdyn

If your router doesn't have such a feature, then go download DynDNS Updater, so you don't have to keep going to the website every time your ISP changes your IP.

So now the domain name you picked out will always be updated to whatever your IP is, just make sure DynDNS is running.

2d) Tying up the loose ends

Now you should actually run Tor. Do it from the Start menu. This should generate a fingerprint file and get things set up. Look for any error messages in the Tor windows. After it opens the circuit and publishes your directory information, close the program.

As the administrator of a Tor relay, you have responsibilities. You have to keep up to date on Tor info and updates. You should subscribe to or-announce and or-talk.

Now you must also register the nickname you gave yourself in the torrc so nobody else can confuse/steal it.

Send an email to tor-ops@freehaven.net

The subject line should be in this format: '[New Relay] <your relay's nickname>'

The message should be in this format:

So the email I sent looked like this: 

mailto: tor-ops@freehaven.net
subject: [New Relay] <arrakis>
message:
    arrakis
    arrakis C13F 9C8G 2232 DF13 1337 A088 3GG5 7272 199B 5B3C
    Kwisatz Haderach
    Exitnode relay, 400KB/SEC UL/DL, BROADBAND

YOU HAVE SET UP A TOR RELAY!

Now all you have to do is run Tor from the start menu. However, if you don't like seeing the console window sticking around, and actually want to use the tor service to anonymize yourself, keep going.

Step 3. Making Tor Work For You

3a) Out with the old, in with the new

The text Tor interface isn't very spectacular, and is rather annoying to have as just a window floating about. How about we take control of Tor, and put it in the system tray!

First, go download TorCP

Install and configure it. Make sure you give it the right directory where the actual tor program is (typically c:\program files\Tor). TorCP will run in your system tray and provide updates about the status of Tor via a tray icon. It also lets you view the amount of bandwidth Tor is currently using, as well as any log messages from Tor.

3b) Anonymize Yourself

If you are using Firefox 1.1 / Deep Park Alpha or later, you don't need to install a proxy Just follow these instructions and skip to step 3d. If you would like to be using one of the top-secret experimental Firefox browsers surf over here.

If you are using IE or an older version of Firefox, or just wish to use a proxy, keep going You need a program that works as a socks proxy so you can route your Internet traffic through the Tor network. My first choice is Privoxy.

To customize this for the specific installation described above, load up Privoxy, then edit the main configuration.

step3b

Change the first part of the configuration to look like this:

step3b2

Next comment out the lines logfile privoxy.log and jarfile jar.log from the config file by putting # in front of them. This is so you don't keep any logs and is very important for security purposes. If your ISP or some other entity asks you to turn over your logs, you can honestly say you don't have any, and they certainly aren't taking up space on your drive.

Now save the file, and don't close it yet.

3c) Configure the Privoxy/Tor combination to work with your browser

Make sure you know the port number Privoxy is working with. In this case it is 8118. Close the config file.

step3c1

If you are using Internet Explorer, go to Tools | Internet Options... | Connections | Lan Settings and now configure it to use a proxy. Of course, when you don't want to surf anonymously you have to disable using a proxy. If you think you are going to get tired of switching it around all the time, go get Firefox.

screenshot-win32-ie-proxies

Turn on your proxy by going to Tools | Options | General | Connection Settings ...

step3c2

3d) Firefox strikes again

If you are using Firefox, there is a much better solution. Get ProxyButton!

Then just add ProxyButton as an icon in your navigation bar by going to View | Toolbars | Customize... and dragging the ProxyButton icon to where you want it on your navigation bar.

If you are using Firefox, you might want to check out Hacking Firefox for Maximum Performance with Tor. If aren't and you would like to be, http://www.spreadfirefox.com/?q=affiliates&id=0&t=70

Step 4: The spoils of war

YOU HAVE COMPLETED THE WALKTHROUGH! LET'S CHECK OUT WHAT YOU'VE ACCOMPLISHED

If you're using Firefox, here is how it will look with ProxyButton. Surf over to myipis.com

Right now, the proxy is off. You can tell because the ProxyButton is white. This is my original IP when visiting the webpage, and everyone can see me.

step4a

Now click on the ProxyButton to enable the proxy. Now all your data is being passed to Privoxy, which then routes it through the Tor network, allowing you to exit from another server. Hitting reload will show you that your data is being routed through a different computer, evidenced by the fact that it isn't your IP being reported, but a different tor server.

step4b

Now lets see how we're doing as a Tor server. Go to your system tray, right-click on the onion and select bandwidth graph. This shows all the Tor data passing through your system.

step4c

Don't forget to check out the Tor Relay Directory

Thanks for contributing to the Tor network! ~ Steve Topletz

noreply: TheOnionRouter/Tor4Windows (last edited 2007-12-09 18:54:45 by cypherpunks)