Set up a private Tor bridge to boost speed

Annoyed by how slow Tor can be? Host your very own, private bridge somewhere to boost speeds!

What is this guide about

Whenever you use Tor, your connection goes through three servers. There’s an entry node, a relay in the middle and an exit node where your traffic to the outside internet will go through. By hosting your bridge, you are essentially running your entry node. If you have a server with enough spare resources and bandwidth, doing so will significantly boost your Tor speeds. You can share that bridge with your friends or even make it public.

Please note that if you depend on anonymity for your own safety, you should not host your own bridge to use.

Installing Tor on Debian/Ubuntu

Please follow the official documentation of the Tor Project found here.

Configuring Tor to be a private bridge

First we’ll want to back up the original Tor config, in case we screw things up in the future!

cp /etc/tor/torrc /etc/tor/torrc.orig

Now we edit /etc/tor/torrc with our favorite editor like nano or vim!

nano /etc/tor/torrc

In the file, you will find many options, commented out. You will want to uncomment the following lines:

  • ORPort 9001
  • ExitPolicy reject *:*
  • BridgeRelay 1
  • PublishServerDescriptor 0

The description of what those mean is in the comments above those lines. You should know that PublicServerDescriptor 0 is the trick to make it private, meaning the Tor Project will not share your bridge with anyone. But you can still manually share it with friends by giving them the IP address and port and key, but more about that later.

If this is just meant to be a private bridge, without running a Tor SOCKS proxy, you will want to add SocksPort 0 to disable it.

If using nano, hit CTRL+X to exit and then when asked to save confirm with Y and ENTER.

Firewall setup and restarting Tor

Make sure to allow port 9001 (TCP) in your firewall!

Now restart the Tor service with systemctl restart tor.

That’s all there is about setting it up! But note that with each startup of Tor, you will have to wait a bit to actually connect to it, as Tor needs to build up a circuit and do other magic!

Testing your bridge in Tor Browser

Now to quickly test your bridge, if opening the Tor browser for the first time and when asked how to connect to Tor, choose that it is censored in your country and then choose to provide a bridge you know. In the text field, enter your IP address and port in the format of 1.2.3.4:9001 and then hit connect. If you have been using the Tor Browser before and are on the latest version, simply go to Preferences and then Tor (or enter about:preferences#tor in the address bar) and check “Use a bridge” and choose “Provide a bridge” and enter IP and port in the format discussed earlier. If it doesn’t work right away and you just started your server, wait a few minutes for Tor to build up a circuit and try again.

If it works, to verify you are connected to a bridge, go to https://duckduckgo.com or any site and then click on the green lock icon. This will show up the Tor Circuit starting with “This browser” and the next node will be “Bridge”.

Testing your Tor speed

If you are curious about the speeds you are reaching, I recommend the site https://speedof.me for a quick speed test. If things are slow, it might be that the relay or exit node is slow or overloaded. You can simply start a new circuit or close and open the Tor Browser and try again.

Getting your bridge’s fingerprint

On the server running tor, simply execute cat /var/lib/tor/fingerprint which will output the name of the node and the fingerprint in uppercase hexadecimal notation. Does the file or directory not exist? Maybe you need to edit /etc/tor/torrc and uncomment DataDirectory /var/lib/tor to make sure that’s where the data, such as the fingerprint file is stored.

Using your bridge

Now, to properly use your bridge, we will do the same setup as when we were testing but this time we will add the fingerprint to the end of the address line. This fingerprint is to verify we are connecting to the server we are intending to, and that no one is in between. The proper line should be IP:PORT FINGERPRINT like 1.2.3.4:9001 0F00ABC123 but of course the actual fingerprint will be much longer.

Test that your new line with the added fingerprint works as well, and if it does, share it with friends!

Sharing your bridge

You just need to share the IP address, port and fingerprint in the format of IP:PORT FINGERPRINT which might look like 1.2.3.4:9001 0F00ABC123 but the actual fingerprint will be much longer. You might also want to help your friends setting up the bridge.

Conclusion

Creating, using and sharing your bridge is a straightforward thing to do and not only gives you speed but also reduces load on the Tor network.
I just recommend that you use a server with a static IP address.

That’s all there is to it! I hope this helped you out.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.