How to install Tor?
-
Hello,
I want to do this scenario:I was able to do this once, but now on a new server I can't do it anymore. I get the following error:
ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pkg"I would be grateful if someone could guide me.
Thank you.
-
S stephenw10 moved this topic from Problems Installing or Upgrading pfSense Software
-
I would try fetching the specific required packages from the FreeBSD repos and installing them locally rather than enabling the FreeBSD repos in pfSense. Doing that will cause it to pull in a different pkg version that fails against our repos currently. At least with the included linked repos.
Yup testing this is pulls in the much newer 2.7.5 version of pkg which breaks access:
Installed packages to be UPGRADED: pkg: 1.21.3_4 -> 2.7.5 [FreeBSD] Number of packages to be upgraded: 1 The operation will free 19 MiB. 6 MiB to be downloaded. Proceed with this action? [y/N]: y [1/1] Fetching pkg-2.7.5~2970ef13c8.pkg: 100% 6 MiB 6.3MB/s 00:01 Checking integrity... done (0 conflicting) [1/1] Upgrading pkg from 1.21.3_4 to 2.7.5... [1/1] Extracting pkg-2.7.5: 100% You may need to manually remove /usr/local/etc/pkg.conf if it is no longer needed. ld-elf.so.1: Shared object "libutil.so.10" not found, required by "pkg"It is possible to force downgrade to recover from there if you haven't cleared the pkg cache:
[2.8.1-RELEASE][admin@cedev-3.stevew.lan]/root: pkg-static add -f /var/cache/pkg/pkg-1.21.3_4.pkg pkg-static: Setting ALTABI manually is no longer supported, set ABI and OSVERSION or ABI_FILE instead. pkg-static: Setting ABI requires setting OSVERSION, guessing the OSVERSION as: 1500000 Installing pkg-1.21.3_4... package pkg is already installed, forced install Extracting pkg-1.21.3_4: 100% certctl: Skipping untrusted certificate 5a7722fb (/etc/ssl/untrusted/5a7722fb.0) certctl: Skipping untrusted certificate 66445960 (/etc/ssl/untrusted/66445960.0) certctl: Skipping untrusted certificate 18856ac4 (/etc/ssl/untrusted/18856ac4.0) certctl: Skipping untrusted certificate 5e98733a (/etc/ssl/untrusted/5e98733a.0) certctl: Skipping untrusted certificate 57bcb2da (/etc/ssl/untrusted/57bcb2da.0) certctl: Skipping untrusted certificate 08063a00 (/etc/ssl/untrusted/08063a00.0) certctl: Skipping untrusted certificate 18856ac4 (/etc/ssl/untrusted/18856ac4.0) certctl: Skipping untrusted certificate 08063a00 (/etc/ssl/untrusted/08063a00.0) certctl: Skipping untrusted certificate 5e98733a (/etc/ssl/untrusted/5e98733a.0) certctl: Skipping untrusted certificate 57bcb2da (/etc/ssl/untrusted/57bcb2da.0)But that doesn't get you any closer to installing the tor pkg.
-
Yeah there's no easy way to do this. The FreeBSD repos contain pkgs built for a newer kernel and libs. You would likely have to build the package yourself against pfSense source. For example if you try currently:
[2.8.1-RELEASE][admin@cedev-3.stevew.lan]/root: fetch https://pkg.freebsd.org/FreeBSD:15:amd64/release_0/All/tor-0.4.8.18.pkg tor-0.4.8.18.pkg 3594 kB 4046 kBps 00s [2.8.1-RELEASE][admin@cedev-3.stevew.lan]/root: pkg upgrade Updating pfSense-core repository catalogue... Fetching meta.conf: 0% Fetching data.pkg: 0% pfSense-core repository is up to date. Updating pfSense repository catalogue... Fetching meta.conf: 0% Fetching data.pkg: 0% pfSense repository is up to date. All repositories are up to date. pkg: warning: database version 39 is newer than libpkg(3) version 36, but still compatible Updating database digests format: 100% 1 B 0.0kB/s 00:01 Checking for upgrades (1 candidates): 100% 1 B 0.0kB/s 00:01 Processing candidates (1 candidates): 100% 1 B 0.0kB/s 00:01 Checking integrity... done (0 conflicting) Your packages are up to date. [2.8.1-RELEASE][admin@cedev-3.stevew.lan]/root: pkg add tor-0.4.8.18.pkg pkg: warning: database version 39 is newer than libpkg(3) version 36, but still compatible Installing tor-0.4.8.18... Newer FreeBSD version for package tor: To ignore this error set IGNORE_OSVERSION=yes - package: 1500068 - running kernel: 1500029 Ignore the mismatch and continue? [y/N]: y ===> Creating groups Creating group '_tor' with gid '256' ===> Creating users Creating user '_tor' with uid '256' ===> Creating homedir(s) Extracting tor-0.4.8.18: 100% ===== Message from tor-0.4.8.18: -- To enable the tor server, set tor_enable="YES" in your /etc/rc.conf and edit /usr/local/etc/tor/torrc as desired. (However, note that the /usr/local/etc/rc.d/tor rc.subr script can override some torrc options: see that script for details.) To use the torify script, install the net/torsocks port. Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting: sysctl net.inet.ip.random_id=1 (see sysctl.conf(5)). In order to run additional, independent instances of tor on the same machine set tor_instances="inst1 inst2 ..." in your /etc/rc.conf, and create the corresponding additional configuration files /usr/local/etc/tor/torrc@inst1, ... Alternatively, you can use the extended instance definition to specify all instance parameteres explicitly: inst_name{:inst_conf:inst_user:inst_group:inst_pidfile:inst_data_dir} [2.8.1-RELEASE][admin@cedev-3.stevew.lan]/root: rehash [2.8.1-RELEASE][admin@cedev-3.stevew.lan]/root: tor tor tor-gencert tor-print-ed-signing-cert tor-resolve torify [2.8.1-RELEASE][admin@cedev-3.stevew.lan]/root: tor -v ld-elf.so.1: Shared object "libssl.so.35" not found, required by "tor" -
Hello @stephenw10,
I managed to do this once, but I can't on a real server!!! -
Hello,
I can install Tor on pfSense 2.7.2 without any problem, but on pfSense 2.8.1, I got that error!!! -
Because 2.7.2 is built on FreeBSD 14 and those repos do not contain the incompatible version of pkg.
-
Hello @stephenw10,
So, how can I install Tor on pfSense 2.8.1? -
Like I said above, there's no easy way. You would probably need to build the pkg against the pfSense CE source. Or open a feature request to get it built. https://redmine.pfsense.org/
-
@hack3rcon The proper way is to run Tor in a VM. Put it on its own vlan to isolate it from your network and forward it through the firewall.
