AddingAnOnionService
emdee
parent
afdf4486d4
commit
7bcb68bc73
57
AddingAnOnionService.md
Normal file
57
AddingAnOnionService.md
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
# Serving an Onion Bootstrap node
|
||||||
|
|
||||||
|
By design, Tox relies on a small number of BS nodes. As the network
|
||||||
|
is now, the number of nodes is very small, and all well known. So Tox
|
||||||
|
is vulnerable to being completely taken down by blocking a small
|
||||||
|
number of nodes. This is already happening in places like Iran.
|
||||||
|
|
||||||
|
It would help if all the BS node operators could also run a Tor client
|
||||||
|
(not exit node), in addition to running their node. There are no risks
|
||||||
|
to the BS operator from running a Tor client (not exit node), and the
|
||||||
|
overhead in negligible. The onion server is a 127.0.0.1 service, so
|
||||||
|
cannot be seen by your ISP. The BS service is on the opennet anyway
|
||||||
|
so an onion is just another access method. So we get dozens of Tor
|
||||||
|
onion nodes running quickly, we could test out running Tox *in* Tor
|
||||||
|
using Hidden Services. If the Tox nodebase was improved to serve BS
|
||||||
|
nodes, it would be much more resilient. I'm assuming the adversaries
|
||||||
|
cannot block .onion addresses within Tor, which I think is a valid
|
||||||
|
assumption for now.
|
||||||
|
|
||||||
|
There are [simple instructions](https://community.torproject.org/onion-services/setup/)
|
||||||
|
to get Tor up and running, and you can test it by setting you browser
|
||||||
|
to use the SOCKS proxy on ```127.0.0.1:9050```.
|
||||||
|
|
||||||
|
Configure your boostrap server with an extra tcp_port that is not
|
||||||
|
listed publically in the nodes.json file. We will use 33446 as an example.
|
||||||
|
|
||||||
|
In your ```/etc/tor/torrc`` or equivalent, you need to add 2 sections.
|
||||||
|
|
||||||
|
The first is:
|
||||||
|
```
|
||||||
|
VirtualAddrNetwork 10.192.0.0/10
|
||||||
|
AutomapHostsOnResolve 1
|
||||||
|
AutomapHostsSuffixes .exit,.onion
|
||||||
|
```
|
||||||
|
|
||||||
|
The second is:
|
||||||
|
```
|
||||||
|
# Tox hidden service configuration.
|
||||||
|
HiddenServiceDir /var/lib/tor/tox-hsv3/
|
||||||
|
HiddenServicePort 33446 127.0.0.1:33446
|
||||||
|
```
|
||||||
|
Replace 33446 with your real port number.
|
||||||
|
|
||||||
|
The next time tor starts up, a new directory will be created in
|
||||||
|
```/var/lib/tor/tox-hsv3/``` and it will have a file called
|
||||||
|
```hostname```. Look in the file for the onion address to your site.
|
||||||
|
Now add the onion address followed by a colon and post it to the
|
||||||
|
[mailinglist](https://lists.tox.chat/pipermail/bootstrap/),
|
||||||
|
along with your node's public key.
|
||||||
|
|
||||||
|
You can also add this pair to the onions slot in your entry in the
|
||||||
|
DHTnodes.json file. If there is not an onions slot, create one.
|
||||||
|
|
||||||
|
|
||||||
|
Details:
|
||||||
|
* https://git.plastiras.org/emdee/tox_profile/ToxAndTorInChinaAndIran
|
||||||
|
* https://community.torproject.org/onion-services/setup/
|
||||||
2
Home.md
2
Home.md
@ -20,6 +20,8 @@ wrinkles in the concepts.
|
|||||||
### Network Resilience
|
### Network Resilience
|
||||||
|
|
||||||
* [[ToxNetworkResilience]]
|
* [[ToxNetworkResilience]]
|
||||||
|
* [[ToxAndTorInChinaAndIran]]
|
||||||
|
* [[AddingAnOnionService]]
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user