Embedded Tor Node

aus Metalab, dem offenen Zentrum für meta-disziplinäre Magier und technisch-kreative Enthusiasten.
Wechseln zu: Navigation, Suche

Embedded Tor Node Hardware Appliance

Warum ist diese Projektbeschreibung in englischer Sprache? - Why is this page in english?

Da das Projekt ein wenig Interesse aus internationalen Kreisen bekommen hat sind die Informationen in Englisch besser zugänglich. Wer Fragen dazu hat wendet sich bitte an Pepi! Since the project gained some interest by international people the documentation is available to a broader audience when in english. If you have questions, please contact Pepi!


The average Desktop PC has a lot of components which I deem unnecessary for a network-only device. Like a graphics card, audio components, harddrive, etc. I wanted to build a Tor node that can act as a relay or bridge based on efficient embedded hardware instead of an electricity-hungry general purpose PC. Think green-IT.

If you don't know what Tor is, you should read up on the Tor-Overview which is also available in german as Tor-Überblick and many other languages.

The Hardware: ALIX 3D2 Single Board Computer

I've chosen an ALIX 3D2 SBC by swiss manufacturer PC-Engines as the main component. You can get this board for about 75,- € (plus VAT.). From the manufacturer you can also get a PDF of the schematics of the board if you want to dig deeper.


The operating system is booted from a Compact Flash card which is mounted on the bottom side of the PCB. I've been working with 2GB cards from SanDisk, but most quality CF cards should work just fine. I haven't yet done a build for 1GB cards, but it should be enough space for everything.


The Operating System: nanoBSD

I've evaluated many different OS for this device. It can run almost any OS that is available for the i386 platform including many Linux flavors, *BSD and even exotic stuff like Windows. My operating of choice for the project is nanoBSD which is a special flavor of FreeBSD for embedded devices. Since we are booting from flash memory, which doesn't like too many write cycles, this is the perfect choice as everything runs read only during normal operation. (Wear leaving of modern flash memories has reduced the write cycles problem of flash memory. Modern CF cards do not suffer from this anymore in my experience.) Yet it's still nice to have a read only system. You don't have to worry about corrupting your filesystem by a power outage. You can just pull-the-plug and nothing will happen to your system. It will just boot up again once power comes back. Another advantage of nanoBSD over Linux is that it will just boot up even if the realtime clock is not yet set correctly, skipping unnecessary boot delays because of fsck. nanoBSD will set the clock via ntp after obtaining an IP via DHCP. Keep in mind that this system board does not come with a backup battery for the clock (and we actually do not need one).

Building the OS

This has been the hardest part of the project. The nanoBSD build process is not the most simple thing in the world, especially when you're not yet acquainted with it. But steep learning curves are great, because you get to learn a lot in a very short time. One basically needs two files for the build process. A system configuration and a kernel configuration. I'll put them up very soon, so you can start building your own nodes. I also want to provide prebuilt CF images which you can simply dd to a fresh card to get going very quickly.


Things I haven't yet solved… Please contact me if you can help with any of these!

Things still needed for a deployable prototype:

  • Automatically copy torrc and cryptographic identity from a USB stick at boot up when the system is missing them.

Things needed to do to optimize security on the system:

  • Expert users of FreeBSD/nanoBSD should glance over the configuration used for the project and suggest (and hopefully help to implement) stuff needed to further secure the system.
  • improve documentation

Things needed to optimize performance:

  • Further remove things from the configuration that we do not need for operation. The smaller the installation and kernel are, the faster it will work and the faster the build process will be as well. (Currently 40 minutes on a quad Xeon 2.26)
  • Test node on a link with some bandwidth.
  • Test if the Soekris vpn1411 crypto accelerator board works with nanoBSD 8 (it should) and if you can have two of these boards in a node.
  • Test power consumption (PC-Engines specify about 5 Watts for the plain board)

Random stuff:

  • Better pictures
  • Better documentation
  • Better build instructions
  • DIY video: How to build your own
  • Get a green Tor-Shirt
  • Laser engraving on the enclosure
  • Self Update mechanism (nanoBSD directly supports this, how can I make this easily available for the users?)
  • Indicate status information with two of the three LEDs on the board
  • Management GUI?


Thanks to kyrah for her mental support during times of hair pulling struggle and worldi on ##FreeBSD for sharing his knowledge about FreeBSD package management and the nanoBSD build process. Also thanks to all the folks who wrote documentation about nanoBSD.