AddingAnOnionService
emdee
parent
afdf4486d4
commit
7bcb68bc73
57
AddingAnOnionService.md
Normal file
57
AddingAnOnionService.md
Normal file
@ -0,0 +1,57 @@
|
||||
# Serving an Onion Bootstrap node
|
||||
|
||||
By design, Tox relies on a small number of BS nodes. As the network
|
||||
is now, the number of nodes is very small, and all well known. So Tox
|
||||
is vulnerable to being completely taken down by blocking a small
|
||||
number of nodes. This is already happening in places like Iran.
|
||||
|
||||
It would help if all the BS node operators could also run a Tor client
|
||||
(not exit node), in addition to running their node. There are no risks
|
||||
to the BS operator from running a Tor client (not exit node), and the
|
||||
overhead in negligible. The onion server is a 127.0.0.1 service, so
|
||||
cannot be seen by your ISP. The BS service is on the opennet anyway
|
||||
so an onion is just another access method. So we get dozens of Tor
|
||||
onion nodes running quickly, we could test out running Tox *in* Tor
|
||||
using Hidden Services. If the Tox nodebase was improved to serve BS
|
||||
nodes, it would be much more resilient. I'm assuming the adversaries
|
||||
cannot block .onion addresses within Tor, which I think is a valid
|
||||
assumption for now.
|
||||
|
||||
There are [simple instructions](https://community.torproject.org/onion-services/setup/)
|
||||
to get Tor up and running, and you can test it by setting you browser
|
||||
to use the SOCKS proxy on ```127.0.0.1:9050```.
|
||||
|
||||
Configure your boostrap server with an extra tcp_port that is not
|
||||
listed publically in the nodes.json file. We will use 33446 as an example.
|
||||
|
||||
In your ```/etc/tor/torrc`` or equivalent, you need to add 2 sections.
|
||||
|
||||
The first is:
|
||||
```
|
||||
VirtualAddrNetwork 10.192.0.0/10
|
||||
AutomapHostsOnResolve 1
|
||||
AutomapHostsSuffixes .exit,.onion
|
||||
```
|
||||
|
||||
The second is:
|
||||
```
|
||||
# Tox hidden service configuration.
|
||||
HiddenServiceDir /var/lib/tor/tox-hsv3/
|
||||
HiddenServicePort 33446 127.0.0.1:33446
|
||||
```
|
||||
Replace 33446 with your real port number.
|
||||
|
||||
The next time tor starts up, a new directory will be created in
|
||||
```/var/lib/tor/tox-hsv3/``` and it will have a file called
|
||||
```hostname```. Look in the file for the onion address to your site.
|
||||
Now add the onion address followed by a colon and post it to the
|
||||
[mailinglist](https://lists.tox.chat/pipermail/bootstrap/),
|
||||
along with your node's public key.
|
||||
|
||||
You can also add this pair to the onions slot in your entry in the
|
||||
DHTnodes.json file. If there is not an onions slot, create one.
|
||||
|
||||
|
||||
Details:
|
||||
* https://git.plastiras.org/emdee/tox_profile/ToxAndTorInChinaAndIran
|
||||
* https://community.torproject.org/onion-services/setup/
|
||||
2
Home.md
2
Home.md
@ -20,6 +20,8 @@ wrinkles in the concepts.
|
||||
### Network Resilience
|
||||
|
||||
* [[ToxNetworkResilience]]
|
||||
* [[ToxAndTorInChinaAndIran]]
|
||||
* [[AddingAnOnionService]]
|
||||
|
||||
### Security
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user