Tor Project | OpenBSD

1. Enable Automatic Software Updates

One of the most important things to keep your relay secure is to install security updates timely and ideally automatically so you can not forget about it. Follow the instructions to enable automatic software updates for your operating system.

2. Package installation

Recent OpenBSD systems, since 6.5, already have the repository configured on /etc/installurl so we do not need to bother changing it.

If that's not your case, please adjust the installurl configuration file like this:

# echo "https://cdn.openbsd.org/pub/OpenBSD" > /etc/installurl

Proceed with pkg_add to install the package:

# pkg_add tor

3. Configuration file

Put the configuration file /etc/tor/torrc in place:

Nickname      myNiceRelay  # Change "myNiceRelay" to something you like
ContactInfo   your@e-mail  # Write your e-mail and be aware it will be published
ORPort        443          # You might use a different port, should you want to
ExitRelay     0
SocksPort     0
Log notice    syslog
DataDirectory /var/tor
User          _tor
RunAsDaemon   1

4. Change `openfiles-max` and `maxfiles`

By default, OpenBSD maintains a rather low limit on the maximum number of open files for a process. For a daemon such as Tor's, that opens a connection to each and every other relay (currently around 7000 relays), these limits should be raised.

Append the following section to /etc/login.conf:

tor:\
    :openfiles-max=13500:\
    :tc=daemon:

OpenBSD also stores a kernel-level file descriptor limit in the sysctl variable kern.maxfiles.

Increase it from the default of 7030 to 16000:

# echo "kern.maxfiles=16000" >> /etc/sysctl.conf
# sysctl kern.maxfiles=16000

5. Start the service

Here we set tor to start during boot and call it for the first time:

# rcctl enable tor
# rcctl start tor

To apply our raised open files limits, make sure to start tor with rcctl.

6. Final Notes

Latest version of tor will be made avaliable as package for the most recent OpenBSD release and OpenBSD -current(development snapshot), therefore, remember to upgrade OpenBSD on time and configure automatic software updates.

If you are having trouble setting up your relay, have a look at our help section. If your relay is now running, check out the post-install notes.

Back to previous page: Middle/Guard relay - Edit this page

Middle/Guard relay

OpenBSD