Configuring a Tor relay
The Tor network relies on volunteers to donate bandwidth. The more people who run relays, the faster the Tor network will be. If you have at least 50 kilobytes/s each way, please help out Tor by configuring your Tor to be a relay too.
You can run a Tor relay on pretty much any operating system. Tor relays work best on Linux, OS X Tiger or later, FreeBSD 5.x+, NetBSD 5.x+, and Windows Server 2003 or later.
If you're comfortable editing text files, skip this page and go to our dedicated Relay Configuration Instructions on Debian/Ubuntu page. That page is the best one for relay operators on BSD, Unix, etc as well.
Before you start, you need to make sure that Tor is up and running.
Visit our download page and install the "Installation Bundle" for your OS.
If it's convenient, you might also want to use it as a client for a while to make sure it's actually working.
- Verify that your clock and timezone are set correctly. If possible, synchronize your clock with public time servers.
- Configuring Tor with the Vidalia Graphical Interface:
- Right click on the Vidalia icon in your task bar. Choose Control Panel.
- Click Setup Relaying.
- Choose Relay Traffic for the Tor network if you want to be a public relay (recommended), or choose Help censored users reach the Tor network if you want to be a bridge for users in countries that censor their Internet.
- Enter a nickname for your relay, and enter contact information in case we need to contact you about problems.
- Leave Attempt to automatically configure port forwarding clicked. Push the Test button to see if it works. If it does work, great. If not, see number 3 below.
- Choose the Bandwidth Limits tab. Select how much bandwidth you want to provide for Tor users like yourself.
- Choose the Exit Policies tab. If you want to allow others to use your relay for these services, don't change anything. Un-check the services you don't want to allow people to reach from your relay. If you want to be a non-exit relay, un-check all services.
- Click the Ok button. See Step Three below for confirmation that the relay is working correctly.
- If you are using a firewall, open a hole in your firewall so incoming connections can reach the ports you configured (ORPort, plus DirPort if you enabled it). If you have a hardware firewall (Linksys box, cablemodem, etc) you might like portforward.com. Also, make sure you allow all outgoing connections too, so your relay can reach the other Tor relays.
- Restart your relay. If it logs any warnings, address them.
- Subscribe to the tor-announce mailing list. It is very low volume, and it will keep you informed of new stable releases. You might also consider subscribing to the higher-volume Tor lists too.
- Tor Weather provides an email notification service to any users who want to monitor the status of a Tor node. Upon subscribing, you can specify what types of alerts you would like to receive. The main purpose of Tor Weather is to notify node operators via email if their node is down for longer than a specified period, but other notification types are available.
As soon as your relay manages to connect to the network, it will try to determine whether the ports you configured are reachable from the outside. This step is usually fast, but may take up to 20 minutes. Look for a log entry like Self-testing indicates your ORPort is reachable from the outside. Excellent. If you don't see this message, it means that your relay is not reachable from the outside — you should re-check your firewalls, check that it's testing the IP and port you think it should be testing, etc.
When it decides that it's reachable, it will upload a "server descriptor" to the directories, to let clients know what address, ports, keys, etc your relay is using. You can load one of the network statuses manually and look through it to find the nickname you configured, to make sure it's there. You may need to wait up to one hour to give enough time for it to make a fresh directory.
Read about operational security to get ideas how you can increase the security of your relay.
If you control the name servers for your domain, consider setting your reverse DNS hostname to 'anonymous-relay', 'proxy' or 'tor-proxy', so when other people see the address in their web logs, they will more quickly understand what's going on. Adding the Tor exit notice on a vhost for this name can go a long way to deterring abuse complaints to you and your ISP if you are running an exit node.
When you change your Tor configuration, remember to verify that your relay still works correctly after the change. If you have problems or questions, see the Support section or contact us. Thanks for helping to make the Tor network grow!
As a relay operator, you should subscribe to the tor-relays mailing list.
If you have suggestions for improving this document, please send them to us. Thanks!