Tor + Polipo on OpenBSD

2011/06/14

Quick how-to install Tor and Polipo on OpenBSD 4.8, and route almost all the traffic trough them by deafult.

For simplicity I've installed from packages. As root:

$ pkg_add tor
$ pkg_add polipo

Next we need to configure Polipo to use Tor and we can take advantage of the sample config file provided by Tor itself:

$ cd /etc/polipo
$ mv config config.old
$ wget http://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf
$ mv polipo.conf config

The part worth noticing is this (9050 is Tor default port):

# /etc/polipo/config
socksParentProxy = "localhost:9050"
socksProxyType = socks5

Let's tune the config a little. I want Polipo to run as a daemon and log (/var/log/polipo) so I've added:

# Run as daemon
daemonise = true
logSyslog = true

And I like Tor to run as daemon too. Open Tor config (/etc/tor/torrc) and uncomment/add:

RunAsDaemon 1

For other options you can man polipo and man tor. Note that I didn't touch the standard ports but you can easily change them from the respective configs.

Now let's make them run at startup by editing /etc/rc.local and adding:

# Start Tor
if [ -x /usr/local/bin/tor ]; then
    echo -n ' tor'
    /usr/local/bin/tor
fi

# Start Polipo
if [ -x /usr/local/bin/polipo ]; then
    echo -n ' polipo'
    /usr/local/bin/polipo
fi

Last step is to set up the HTTP_PROXY enviroment variable of your shell. This var is used by most application to connect trough a proxy. Open your shell config (like ~/.bashrc) and add:

# Proxy!
http_proxy=http://127.0.0.1:8118/
HTTP_PROXY=$http_proxy
export http_proxy HTTP_PROXY

Some applications use all lower case, some all upper, so we specify both to be safe.

Now to test you can reboot or just start everything by hand (in this case be sure to export HTTP_PROXY):

$ tor
$ polipo
$ curl ip.appspot.com

Please note that not every application understand and use HTTP_PROXY, for better security have a look at torsocks and the Tor wiki.

EDIT 16/02/2012

If you need to connect to known domains without passing trough the tor proxy (like localhost) setting up the NO_PROXY enviroment variable might help:

$ export no_proxy="localhost"
$ export NO_PROXY="localhost"

Then check if the vars have been correctly set:

$ env

Check your shell manual pages for further reference.

Follow me: @gbrindisi