emdee
/
tox_profile
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

AddingAnOnionService

emdee 2022-10-28 10:25:21 +00:00
parent afdf4486d4
commit 7bcb68bc73
2 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
AddingAnOnionService.md Normal file

@ -0,0 +1,57 @@
# Serving an Onion Bootstrap node
By design, Tox relies on a small number of BS nodes. As the network
is now, the number of nodes is very small, and all well known. So Tox
is vulnerable to being completely taken down by blocking a small
number of nodes. This is already happening in places like Iran.
It would help if all the BS node operators could also run a Tor client
(not exit node), in addition to running their node. There are no risks
to the BS operator from running a Tor client (not exit node), and the
overhead in negligible. The onion server is a 127.0.0.1 service, so
cannot be seen by your ISP. The BS service is on the opennet anyway
so an onion is just another access method. So we get dozens of Tor
onion nodes running quickly, we could test out running Tox *in* Tor
using Hidden Services. If the Tox nodebase was improved to serve BS
nodes, it would be much more resilient. I'm assuming the adversaries
cannot block .onion addresses within Tor, which I think is a valid
assumption for now.
There are [simple instructions](https://community.torproject.org/onion-services/setup/)
to get Tor up and running, and you can test it by setting you browser
to use the SOCKS proxy on ```127.0.0.1:9050```.
Configure your boostrap server with an extra tcp_port that is not
listed publically in the nodes.json file. We will use 33446 as an example.
In your ```/etc/tor/torrc`` or equivalent, you need to add 2 sections.
The first is:
```
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit,.onion
```
The second is:
```
# Tox hidden service configuration.
HiddenServiceDir /var/lib/tor/tox-hsv3/
HiddenServicePort 33446 127.0.0.1:33446
```
Replace 33446 with your real port number.
The next time tor starts up, a new directory will be created in
```/var/lib/tor/tox-hsv3/``` and it will have a file called
```hostname```. Look in the file for the onion address to your site.
Now add the onion address followed by a colon and post it to the
[mailinglist](https://lists.tox.chat/pipermail/bootstrap/),
along with your node's public key.
You can also add this pair to the onions slot in your entry in the
DHTnodes.json file. If there is not an onions slot, create one.
Details:
* https://git.plastiras.org/emdee/tox_profile/ToxAndTorInChinaAndIran
* https://community.torproject.org/onion-services/setup/

2
Home.md

@ -20,6 +20,8 @@ wrinkles in the concepts.
### Network Resilience
* [[ToxNetworkResilience]]
* [[ToxAndTorInChinaAndIran]]
* [[AddingAnOnionService]]
### Security