Setting up a Tor Relay Node on an X60s

Posted: 2024-06-24
Last Updated: 2024-07-04

So, I have this X60s ThinkPad I got off eBay for $25 a while back. My original reason forgetting this machine was that it is one of the few ThinkPads that supports software flashing of Libreboot, a distrubution of coreboot, a project that aims to replace the proprietary BIOS of your computer with free, open source, and privacy/security focused firmware. I am not especially paranoid about the NSA spying on me through an Intel Management Engine backdoor or as dogmatic on free software everywhere as Stallman, but nonetheless I thought it was a cool and interesting project and wanted to try it out to learn more.

Installing Libreboot was a bit of a pain in the ass, but I did get it eventually. Might have made a good blog post but I did it before I cared about this blog.

After Libreboot I used the ThinkPad to play around with some lightweight desktop environments on Debian Sid. Then after that I went completely without a GUI and used it to write some blog posts for this blog straight in the TTY. But currently, it mostly sits on my shelf looking cool.

I am currently in the process of trying to get rid of some old shit to make it easier for me to move in the future, and this ThinkPad appeared on the list of potential things to sell or give away.

“But it’s so cool! The form factor! The keyboard! What could I do with this to justify keeping it???”

Then I got the idea to run a Tor relay.

Tor

What’s Tor? Tor is a decentralized network of computers created to provide anonymity and privacy for ts users and with the goal of providing private and uncensored access to the web for all. I’m not going to do too much of an explainer on what Tor is in this post and focus mainly on just setting up the node, but I highly encourage you to check out their site and do some research to learn what it’s all about if you don’t know already.

I will be setting up a non-exit Tor relay because I prefer to not have police trying to bust down my door and take all my computers every month.

Getting Started

Setting up a Tor relay is actually a lot easier than I thought it was. One complexity I am adding into this however is that I do not want to port forward my relay from my home public IP, so I will be putting it behind a VPN. The VPN connection will be established to a VPS I have acting as a wireguard server.

I followed the instructions here for Debian and Ubuntu. I skipped the step of adding the Tor Project’s repository because I am running Sid therefore have the latest version.

Run sudo apt install tor to install Tor.

I also install nyx which is a command line monitor for Tor. Checkout the project here.

Next you need to configure tor, so edit /etc/tor/torrc.

You will want to uncomment and edit the following properties: Nickname, ContactInfo, ORPort, ExitRelay, SocksPort, and ControlPort.

Nickname should be the name of your relay, ContactInfo should be your email address (this will be made public!!! so probably don’t use your primary email address), ORPort is 9010 by default but you can also use 443 (assuming you don’t have an HTTPS site on your server), ExitRelay should be zero.

ControlPort should be 9051 and CookieAuthentication should be set to 1. This is for nyx to work later.

Heads up, your Nickname can not contain hypens or underscores. Learned this the hard way when my tor@default.service failed to started.

And that’s it! Run systemctl restart tor@default to enable your configuration! Well, almost. Still gotta setup Nyx and the VPN.

Nyx

When starting nyx, if you can’t connect to tor, make sure the tor@default service actually started without errors, even if the tor systemd service seems to work fine. You might have errors in your configuration.

If you start nyx and get a permission issue for reading the authentication cookie, you can get around this by running sudo nyx. Running nyx with root permissions is not recommended though, and it tells you that. To fix this I also added CookieAuthFileGroupReadable 1 to my torrc and added my user to the debian-tor group. This appears to be a Debian only problem, see this issue, so you might not have to deal with this on other distros. You could also use password authentication instead.

Wireguard and Conclusion

Before I got this part, I lost interest with this project and sold the ThinkPad. I still want to keep this guide up for when I want to setup a functioning Tor node, but I will probably Just do it on a VPS