Update Tor docs
This commit is contained in:
Duke Leto
57
doc/tor.md
57
doc/tor.md
@@ -1,18 +1,17 @@
|
||||
*** Warning: Do not assume Tor support does the correct thing in Komodo; better Tor support is a future feature goal. ***
|
||||
*** Warning: Do not assume Tor support does the correct thing in Hush; better Tor support is a future feature goal. ***
|
||||
|
||||
TOR SUPPORT IN ZCASH
|
||||
====================
|
||||
# TOR SUPPORT IN HUSH
|
||||
|
||||
It is possible to run Komodo as a Tor hidden service, and connect to such services.
|
||||
It is possible to run Hush as a Tor hidden service, and connect to such services.
|
||||
|
||||
The following directions assume you have a Tor proxy running on port 9050. Many distributions default to having a SOCKS proxy listening on port 9050, but others may not. In particular, the Tor Browser Bundle defaults to listening on port 9150. See [Tor Project FAQ:TBBSocksPort](https://www.torproject.org/docs/faq.html.en#TBBSocksPort) for how to properly
|
||||
configure Tor.
|
||||
|
||||
|
||||
1. Run Komodo behind a Tor proxy
|
||||
1. Run Hush behind a Tor proxy
|
||||
-------------------------------
|
||||
|
||||
The first step is running Komodo behind a Tor proxy. This will already make all
|
||||
The first step is running Hush behind a Tor proxy. This will already make all
|
||||
outgoing connections be anonymized, but more is possible.
|
||||
|
||||
-proxy=ip:port Set the proxy server. If SOCKS5 is selected (default), this proxy
|
||||
@@ -33,27 +32,27 @@ outgoing connections be anonymized, but more is possible.
|
||||
|
||||
In a typical situation, this suffices to run behind a Tor proxy:
|
||||
|
||||
./komodod -proxy=127.0.0.1:9050
|
||||
./hushd -proxy=127.0.0.1:9050
|
||||
|
||||
|
||||
2. Run a Komodo hidden server
|
||||
2. Run a Hush hidden server
|
||||
----------------------------
|
||||
|
||||
If you configure your Tor system accordingly, it is possible to make your node also
|
||||
reachable from the Tor network. Add these lines to your /etc/tor/torrc (or equivalent
|
||||
config file):
|
||||
|
||||
HiddenServiceDir /var/lib/tor/zcash-service/
|
||||
HiddenServiceDir /var/lib/tor/hush-service/
|
||||
HiddenServicePort 7771 127.0.0.1:7771
|
||||
HiddenServicePort 17771 127.0.0.1:17771
|
||||
|
||||
The directory can be different of course, but (both) port numbers should be equal to
|
||||
your komodod's P2P listen port (7771 by default).
|
||||
your hushd's P2P listen port (7771 by default).
|
||||
|
||||
-externalip=X You can tell Komodo about its publicly reachable address using
|
||||
-externalip=X You can tell Hush about its publicly reachable address using
|
||||
this option, and this can be a .onion address. Given the above
|
||||
configuration, you can find your onion address in
|
||||
/var/lib/tor/zcash-service/hostname. Onion addresses are given
|
||||
/var/lib/tor/hush-service/hostname. Onion addresses are given
|
||||
preference for your node to advertize itself with, for connections
|
||||
coming from unroutable addresses (such as 127.0.0.1, where the
|
||||
Tor proxy typically runs).
|
||||
@@ -70,25 +69,25 @@ your komodod's P2P listen port (7771 by default).
|
||||
|
||||
In a typical situation, where you're only reachable via Tor, this should suffice:
|
||||
|
||||
./komodod -proxy=127.0.0.1:9050 -externalip=zctestseie6wxgio.onion -listen
|
||||
./hushd -proxy=127.0.0.1:9050 -externalip=zctestseie6wxgio.onion -listen
|
||||
|
||||
(obviously, replace the Onion address with your own). It should be noted that you still
|
||||
listen on all devices and another node could establish a clearnet connection, when knowing
|
||||
your address. To mitigate this, additionally bind the address of your Tor proxy:
|
||||
|
||||
./zcashd ... -bind=127.0.0.1
|
||||
./hushd ... -bind=127.0.0.1
|
||||
|
||||
If you don't care too much about hiding your node, and want to be reachable on IPv4
|
||||
as well, use `discover` instead:
|
||||
|
||||
./komodod ... -discover
|
||||
./hushd ... -discover
|
||||
|
||||
and open port 7771 on your firewall (or use -upnp).
|
||||
|
||||
If you only want to use Tor to reach onion addresses, but not use it as a proxy
|
||||
for normal IPv4/IPv6 communication, use:
|
||||
|
||||
./komodod -onion=127.0.0.1:9050 -externalip=zctestseie6wxgio.onion -discover
|
||||
./hushd -onion=127.0.0.1:9050 -externalip=zctestseie6wxgio.onion -discover
|
||||
|
||||
|
||||
3. Automatically listen on Tor
|
||||
@@ -96,54 +95,54 @@ for normal IPv4/IPv6 communication, use:
|
||||
|
||||
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
|
||||
API, to create and destroy 'ephemeral' hidden services programmatically.
|
||||
Komodo has been updated to make use of this.
|
||||
Hush has been updated to make use of this.
|
||||
|
||||
This means that if Tor is running (and proper authentication has been configured),
|
||||
Komodo automatically creates a hidden service to listen on. Komodo will also use Tor
|
||||
Hush automatically creates a hidden service to listen on. Hush will also use Tor
|
||||
automatically to connect to other .onion nodes if the control socket can be
|
||||
successfully opened. This will positively affect the number of available .onion
|
||||
nodes and their usage.
|
||||
|
||||
This new feature is enabled by default if Komodo is listening (`-listen`), and
|
||||
This new feature is enabled by default if Hush is listening (`-listen`), and
|
||||
requires a Tor connection to work. It can be explicitly disabled with `-listenonion=0`
|
||||
and, if not disabled, configured using the `-torcontrol` and `-torpassword` settings.
|
||||
To show verbose debugging information, pass `-debug=tor`.
|
||||
|
||||
Connecting to Tor's control socket API requires one of two authentication methods to be
|
||||
configured. For cookie authentication the user running komodod must have write access
|
||||
configured. For cookie authentication the user running hushd must have write access
|
||||
to the `CookieAuthFile` specified in Tor configuration. In some cases this is
|
||||
preconfigured and the creation of a hidden service is automatic. If permission problems
|
||||
are seen with `-debug=tor` they can be resolved by adding both the user running tor and
|
||||
the user running komodod to the same group and setting permissions appropriately. On
|
||||
Debian-based systems the user running komodod can be added to the debian-tor group,
|
||||
the user running hushd to the same group and setting permissions appropriately. On
|
||||
Debian-based systems the user running hushd can be added to the debian-tor group,
|
||||
which has the appropriate permissions. An alternative authentication method is the use
|
||||
of the `-torpassword` flag and a `hash-password` which can be enabled and specified in
|
||||
Tor configuration.
|
||||
|
||||
|
||||
4. Connect to a Komodo hidden server
|
||||
4. Connect to a Hush hidden server
|
||||
-----------------------------------
|
||||
|
||||
To test your set-up, you might want to try connecting via Tor on a different computer to just a
|
||||
a single Komodo hidden server. Launch komodod as follows:
|
||||
a single Hush hidden server. Launch hushd as follows:
|
||||
|
||||
./komodod -onion=127.0.0.1:9050 -connect=zctestseie6wxgio.onion
|
||||
./hushd -onion=127.0.0.1:9050 -connect=fuckzookoie6wxgio.onion
|
||||
|
||||
Now use komodo-cli to verify there is only a single peer connection.
|
||||
|
||||
komodo-cli getpeerinfo
|
||||
hush-cli getpeerinfo
|
||||
|
||||
[
|
||||
{
|
||||
"id" : 1,
|
||||
"addr" : "zctestseie6wxgio.onion:17770",
|
||||
...
|
||||
"version" : 170002,
|
||||
"subver" : "/MagicBean:1.0.0/",
|
||||
"version" : 170010,
|
||||
"subver" : "/GoldenSandtrout:3.6.0/",
|
||||
...
|
||||
}
|
||||
]
|
||||
|
||||
To connect to multiple Tor nodes, use:
|
||||
|
||||
./komodod -onion=127.0.0.1:9050 -addnode=zctestseie6wxgio.onion -dnsseed=0 -onlynet=onion
|
||||
./hushd -onion=127.0.0.1:9050 -addnode=fuckzookoeie6wxgio.onion -dnsseed=0 -onlynet=onion
|
||||
|
||||
Reference in New Issue
Block a user