AnonyPi wifi Router

The Challenge

To create a secure, portable and cost-effective system which would let it’s users browse internet anonymously. It should be capable of  defending human rights activists , journalists, law enforcement officers, activists or general public from snooping. The setup should be versatile and seamless between any internet capable devices like –  Computers, Smartphones, Tablets etc.

The Solution

Tor  + Raspberry Pi – Tor is a low latency distributed anonymous network which enables users to be anonymous by routing their traffic through thousands of  volunteer servers and Raspberry Pi is a credit card sized low cost single board computing  device  created for promoting computer education in primary school. Combining them, results in a portable low-power solution for internet freedom.

Secure, Anonymous browsing

Portable and versatile

Total Internet freedom

Multiple devices, no special configuration required.

To create an AnonyPi ,

 

You’ll need :

Raspberry Pi model B (or) B+ – Ethernet is required

•Ethernet cable •WiFi adapter – Wifi Adapters which support Ad-Hoc mode e.g. Adapters with Ralink RT5370 Chipset.

SD Card (8GB or greater) , Class 10 card recommended for better performance. Model B requires MicroSD to SD adapter.

•Power supply for your Pi & a Micro USB cable – Minimum 5V/700mA power supply needed, 5V/2A USB power supply recommended.

•Case for your Pi (optional)

•Basic hardware and Linux Knowledge.

 

Setup Raspberry Pi :

 

Power Supply :

Setup proper power supply, minimum 5V/700mA power supply needed, 5V/2A USB power supply recommended for pheripherals including Wifi-Adapter.   Power_Supply

 

Setup Wifi Adapter :

Buy a compatible Wifi Adapter which supports Adhoc Mode to use it as Active point, which is mandatory for  AnonyPi setup.
Make sure the adapter runs on nl80211 driver, like Ralink RT5370 chipset. You can get a comprehensive list here – http://elinux.org/RPi_USB_Wi-Fi_Adapters

MA-WL-USB-N150X

Setup Raspbian OS:

You can install  Raspbian OS (A debian based OS for ARM Architecture) in Pi using NOOBS from Pi Foundation –  http://www.raspberrypi.org/help/noobs-setup/

Setup Active Point :

1. ssh to your pi.

2. Install DHCP Server.

sudo apt-get install hostapd isc-dhcp-server

3.Edit /etc/dhcp/dhcpd.conf , a file that sets up our DHCP server – this allows wifi connections to automatically get IP addresses, DNS, etc.

Run this command to edit the file

sudo nano /etc/dhcp/dhcpd.conf

Find the lines that say

option domain-name “example.org”;

option domain-name-servers ns1.example.org, ns2.example.org;

and change them to add a # in the beginning so they say

#option domain-name “example.org”;

#option domain-name-servers ns1.example.org, ns2.example.org;

Find the lines that say

# If this DHCP server is the official DHCP server for the local

# network, the authoritative directive should be uncommented.

#authoritative;

and remove the # so it says

# If this DHCP server is the official DHCP server for the local

# network, the authoritative directive should be uncommented.

authoritative;

Add the following lines in the bottom ,

subnet 192.168.42.0 netmask 255.255.255.0 {

range 192.168.42.10 192.168.42.50;

option broadcast-address 192.168.42.255;

option routers 192.168.42.1;

default-lease-time 600;

max-lease-time 7200;

option domain-name “local”;

option domain-name-servers 8.8.8.8, 8.8.4.4;

}

Save the file by typing in Control-X then Y then return

Run

sudo nano /etc/default/isc-dhcp-server

and scroll down to INTERFACES=”” and update it to say INTERFACES=”wlan0″

Set up wlan0 for static IP

If wlan0 is active, run

sudo if down wlan0

run,

sudo nano /etc/network/interfaces

Find the line auto wlan0 and add a # in front of the line

After allow hotplug wlan0 , add the lines

iface wlan0 inet static

address 192.168.42.1

netmask 255.255.255.0

The interfaces file should look like the one below at the end.

interfaces

 

Save the file (Control-X, Y & return)

Assign a static IP address to the wifi adapter by running

sudo ifconfig wlan0 192.168.42.1

Configure Access Point

To create an authenticated WiFi network,

Create a new file by running

sudo nano /etc/hostapd/hostapd.conf

you can change the network broadcast name in ssid=. The password can be changed in wpa_passphrase=

In the end, the hosted.conf should look similar to the one below,

Hostapd

 

 

Depending upon your wifi adapter driver=nl80211 might change.

Make sure each line has no extra spaces or tabs at the end or beginning.

Now we will tell the Pi where to find this configuration file. Run,

sudo nano /etc/default/hostapd

Find the line #DAEMON_CONF=”” and edit it so it says DAEMON_CONF=”/etc/hostapd/hostapd.conf”
Don’t forget to remove the # in front to activate it!

Then save the file with ctrl+X

Though Tor provides anonymity within it’s network, you can reveal your exact location by multiple ways. for e.g. location services in  your Smartphones, Tablets using Wifi Positioning System (WPS). Google is one of such leading WPS service provider. Use _nomap in SSID to avoid Google storing your location based on your Wifi SSID. Note that, there are other WPS based service providers including Apple, so make sure you turn off GPS and other location features when using Tor.

Configure Network Address Translation

To allow multiple clients to connect to the WiFi and have all the data ‘tunneled’ through the single Ethernet IP.

Run sudo nano /etc/sysctl.conf

Scroll to the bottom and add

net.ipv4.ip_forward=1

on a new line. Save the file. This will start IP forwarding on boot up

run

sudo sh -c “echo 1 > /proc/sys/net/ipv4/ip_forward”

to activate it immediately.

Run the following commands to create the network translation between the ethernet port eth0 and the wifi port wlan0

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

sudo iptables -A FORWARD -i eth0 -o wlan0 -m state –state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

Can check IP tableswith

sudo iptables -t nat -S

sudo iptables -S

Open UDP Port for DHCP

run,

sudo iptables -I INPUT -i wlan0 -p udp –dport 67:68 –sport 67:68 -j ACCEPT

Save,

sudo sh -c “iptables-save > /etc/iptables.ipv4.nat”

run sudo nano /etc/network/interfaces and add

up iptables-restore < /etc/iptables.ipv4.nat

at the end.

Test Hostapd :

sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf

Scan for AP with a Wifi enabled device,

Screenshot_2014-08-14-22-07-14

 

To set it up as daemon :

Run the following commands

sudo service hostapd start sudo service isc-dhcp-server start

Check the status of the host AP server and the DHCP server with

sudo service hostapd status sudo service isc-dhcp-server status

To start the daemon services. Verify that they both start successfully (no ‘failure’ or ‘errors’)
Then to make it so it runs every time on boot

sudo update-rc.d hostapd enable sudo update-rc.d isc-dhcp-server enable

 

 

 

Installing Tor :

To make the installation simple, use the script by breadtk – 

run,

curl -fsSL https://raw.github.com/timebender/onion_pi/master/setup.sh | sudo sh

To Manually run Hostapd and Tor :

A bug within Hostapd prevents it from running automatically at boot, so we have to run manually.

sudo service hostapd start

sudo service tor start

 

AnonyPi is not a magic bullet. Even though AnonyPi provides useful anonymity, you should never trust any piece of software and hardware with your life, and AnonyPi is no exception.

 

References :

This case study was made possible by,

Onion Pi by AdaFruit –  https://learn.adafruit.com/onion-pi/preparation

Tor Anonymising Middle Box – https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#AnonymizingMiddlebox

 

 

Test AnonyPi :

Connect to the AnonyPi AP using a Wifi capable device ,

Is it bit of too much fun for you to handle ? don’t worry ,Timebender has got you covered. You can buy pre-built, configured, tested AnonyPi.

AnonyPi by Timebender

Secure Internet

Secure Internet for all your Wifi enabled devices. Resist snooping, censorship and regain freedom of Internet.

Built on Raspberry Pi

Built using Raspberry Pi, the versatile credit card sized computer limited only by imagination !

Incremental Updates

Regular free automatic updates for your AnonyPi bringing in new features and more fun.

Pi Master by Timebender

Mobile Client

Use Anony Pi and other Pi goodies on the run through a interactive realtime mobile client.

Configure & Control

Configure and control your Raspberry pi, anytime and anywhere using Pi Master from Timebender.

Device

Features

%

Secure

App

AnonyPi - Hyūga

5499/unit
  • Raspberry Pi Model B – 512MB
  • Acrylic Case
  • 5V/1A Power Adapter
  • Wifi Adapter with Ad-hoc mode
  • 8GB Class 10 Micro SD card with Raspbian
  • Tor installed and Configured
  • Free Pi Master android app
Check Availability

AnonyPi - Uzumaki

8999/unit
  •  +Raspberry Pi Model B + – 512MB (low power, micro sd, extra USB ports)
  • Acrylic Case
  • 5V/2A USB Hub Power Adapter
  • Wifi Adapter with Directional antennae and Ad-hoc mode
  • 16GB Class 10 Micro SD card with Raspbian
  • Web camera for security applications.
  • Tor installed and Configured
  • Free Pi Master android app
Check Availability

Pi Master android app

99/app
  •  +Use Pi features anywhere, anytime
  • Control and Configure Pi features from android smartphone, tablet
  • Use Pi as autonomous torrent box
  • Use Pi as centralised network appliance bridge
  • Home security monitoring
  • Home automation
Check Availability

Pre-Register for intimation. When AnonyPi and Pi Master are available you’ll be given preference.

1 + 3 =