Disclaimer
This short post is partly satire. Do not share your home internet connection with strangers unless you know what you are doing.
Building a Poor Man’s VPN using Tor
To become more anonymous online, we need to share our internet connections with each other. This is the simple premise of a privacy VPN. By mixing your traffic with everyone else’s, no one activity can be attributed back to any individual. Anonymity loves company. Being private online can have benefits, like being served ads in odd languages you cannot understand, for example. But paying for privacy VPNs costs money, and sharing a connection with people can be done for free with some technical know-how.
The Hack
A simple and effective way to tunnel other users’ traffic through your own internet connection is to run a Tor Exit node. By doing so, you let other people use your connection, which effectively makes you anonymous!
Step 1: Forward Relevant Ports on Your Router
You need to set up port forwarding so that internet users can reach your computer on your LAN. In this post, we will use port 8443 to host our Tor exit node!
Step 2: How to Run a Tor Exit Node using Nix
Nix is a wonderful operating system that lets us effectively configure our exit node with just 10 lines of configuration. See below:
{
config,
pkgs,
...
}: {
# Bootloader.
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.useOSProber = true;
# Setting your Tor config in Nix is like 10 lines of config!
services.tor = {
enable = true;
openFirewall = true;
relay = {
enable = true;
role = "exit";
};
settings = {
ContactInfo = "your.email@hotmail.com";
Nickname = "AndersAndersson";
ClientUseIPv6 = false;
ControlPort = 9051;
ORPort = [
{
port = 8443;
IPv4Only = true;
}
];
BandWidthRate = "1337 MBytes";
};
};
# These settings a recommended for increasing throughput on your Network Interface
boot.kernel.sysctl."net.ipv4.tcp_fin_timeout" = 20;
boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 1200;
boot.kernel.sysctl."net.ipv4.tcp_syncookies" = 1;
boot.kernel.sysctl."net.ipv4.tcp_tw_reuse" = 1;
boot.kernel.sysctl."net.ipv4.ip_local_port_range" = "10000 65000";
boot.kernel.sysctl."net.ipv4.tcp_max_syn_backlog" = 8192;
boot.kernel.sysctl."net.ipv4.tcp_max_tw_buckets" = 5000;
networking = {
hostName = "SexyTorExitNode"; # Define your hostname.
networkmanager.enable = true;
nftables.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [22 80 443 10050];
};
};
# Set your time zone.
time.timeZone = "Europe/Stockholm";
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
}
Discussion
Whoho! You just saved $5 a month! : D And you also get the added benifit of not being able access you online banks through you home connection because your home ip has now been flagged as a tor exit node.
Personally, I do run an exit node, but not for my own anonymity, but to help others who need it. And you should too, if you have the capability to do so. It’s a simple way to further democracy and do something good for someone else. Currently,
Legal considerations
Talk to your isp before running a tor exit node. They might cut you off if you dont.
Further reading
If you are seriously interested in running a tor exit node, read this link to learn more