madhatter's delicatessen home imprint

Howto Setup a Tor Access Point (on an Odroid C2)

I got an Odroid C2 for testing from a work-mate. Because he told me that his initial tests with Ubuntu’s alpha version went not too well, I gave ArchLinux a try. As I use Arch as my daily driver on non-arm architectures I appreciated that option.
Installation went smooth, but I had no fancy idea to take the Odroid for a ride. So I set up a Tor Access Point for the living room. I already had that in mind for my dated Raspberry Pi, but never was in the mood.
I came accross a quick howto in german a few months ago and started from there. Because I had some small pitfalls I thought it might be a good idea to write it down.

First, install the required software

# pacman -Sy dnsmasq hostapd tor iptables

Now configure the dnsmasq service in /etc/dnsmasq.conf


Next, configure the access point via /etc/hostapd/hostapd.conf

ssid=Doors of Passion

Btw, you probably want to make sure, that the wifi adapter you are using is able to enter master mode. (iwconfig wlan0 mode master)

We now need a unit file to assign a static ip to the wifi adapter. Create

Description=Assign static ip to wlan0

ExecStart=/usr/bin/ip link set dev wlan0 up
ExecStart=/usr/bin/ip addr add dev wlan0
ExecStop=/usr/bin/ip addr del dev wlan0
ExecStop=/usr/bin/ip link set dev wlan0 down


And the tor configuration itself in /etc/tor/torrc

AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
User tor
Log notice syslog
DataDirectory /var/lib/tor
BridgeRelay 0
PublishServerDescriptor 0

To bind Tor to privileged ports the service must be started as root. We can modify the tor service by adding /etc/systemd/system/tor.service.d/start-as-root.conf with following content:


And to make all this work together we need to do a few more changes to the system. We have to enable ip forwarding via sysctl. Create a file like /etc/sysctl.d/99-sysctl.conf with this line


And load this configuration by

sysctl --system

At last we need some iptables rules to redirect tcp and udp traffic and to route it from the wlan0 device to eth0:

# iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
# iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
# iptables --append FORWARD --in-interface wlan0 -j ACCEPT
# iptables-save > /etc/iptables/iptables.rules

Let’s give it a try and start all services:

# systemctl start iptables
# systemctl start openwifi
# systemctl start hostapd
# systemctl start dnsmasq
# systemctl start tor

And when everything is working you can enable all the services to get them started after reboot:

# systemctl enable dnsmasq hostapd tor openwifi iptables

If it is not you have to take a further look into it.

On the Odroid C2 it performs very well and if it was any different they did something very wrong. So I am looking for some other task for the board.

Fork me on GitHub