[HOWTO] Setup Raspberry PI or any IOT/Linux devices remote access over NAT using tor

I have a Raspberry PI at parent’s home installed and need to control things remotely, so I can fix things easily when there is any problem they request. But the problem I faced is that all the devices are in private network under NAT and ISP don’t provide any public IP nor provide access to router to configure. Now, I need to find a solution to access my devices inside the private network.
So, I installed my RPI via LAN so that it connects to router directly and doesn’t need WiFi configuration in case change in WiFi password. Now the Raspberry PI is running, I open it via SSH to configure remote access.
After the successful login, I install a software called tor. The aptitude package many not be updated so need to update and install using following commands.

The 2nd line; upgrade may not be necessary but keeping packages update is a good thing. Now the tor is installed, we have access to a different part of internet and this is what we are trying to utilize. Now we need to configure the tor to open up the hidden service. Now, we update the tor configuration file torrc to open up the hidden service by using following command

We then search for lines that looks like this

These lines are currently commented and need to enabled with few extra configuration as

If you see line 1, we need further configuration on those folder. We will come to that in a while. Line 6 shows local port 22 is forwarded to remote port 8022. It can be configured to any port you like. Other services can also be enabled like web hosting, telnet and more services. Can be used on remote/local other device port to forward.
Now, we generate hidden service onion link. One of a sample I generated using the eschalot[needs compilation, can use any other application accordingly] is with the onion domain using following command

And the private key for above one is

Please do not use above host and keys as it may not be safe hosting same app from different tor nodes.
There is no folder called hidden_service so we need to create one with 2 files in it. But it has different user level so we need to configure with root and change the permission of the folder and files.

On line 6, you need to paste the above generated private key. Press Ctrl+X, Yes and Save. Now, next task is to set permission to hidden_service folder. One the same folder with root user.

This will set the folder and those files with debian-tor permission. If the user for other files isn’t same you need to change it to the user to the user that has same permission as  /var/lib/tor/  and finally we restart the tor service. Make sure you exit  from root mode as it is not safe to use root too much without knowledge.

Finally we have setup the service. It might not connect in 1 try as such service might take few try to resolve the newly generated onion link. We can try connecting to from any device now that has tor service enabled.

Warning: don’t set default password for the devices.
You get the app torify  when you install tor on your Linux/Mac. On Windows you can install Torifier and install putty  to access via ssh.
Now I can finally access my home devices with ports opened as a service and control everything. It can be used in more complex way and for good things for private remote access. Make sure you set complex password and latest software with no vulnerabilities on this network.

Leave a Reply

Your email address will not be published. Required fields are marked *