2020-05-12 01:32:38 +02:00
|
|
|
# TOR SUPPORT IN DASH CORE
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2020-08-01 15:10:26 +02:00
|
|
|
It is possible to run Dash Core as a Tor onion service, and connect to such services.
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2015-03-04 21:26:44 +01:00
|
|
|
The following directions assume you have a Tor proxy running on port 9050. Many
|
|
|
|
distributions default to having a SOCKS proxy listening on port 9050, but others
|
2016-04-05 15:39:58 +02:00
|
|
|
may not. In particular, the Tor Browser Bundle defaults to listening on port 9150.
|
|
|
|
See [Tor Project FAQ:TBBSocksPort](https://www.torproject.org/docs/faq.html.en#TBBSocksPort)
|
2015-02-22 21:39:26 +01:00
|
|
|
for how to properly configure Tor.
|
2013-06-16 12:29:23 +02:00
|
|
|
|
|
|
|
|
2020-05-12 01:32:38 +02:00
|
|
|
## 1. Run Dash Core behind a Tor proxy
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2018-08-02 16:22:47 +02:00
|
|
|
The first step is running Dash Core behind a Tor proxy. This will already anonymize all
|
|
|
|
outgoing connections, but more is possible.
|
2013-06-16 12:29:23 +02:00
|
|
|
|
|
|
|
-proxy=ip:port Set the proxy server. If SOCKS5 is selected (default), this proxy
|
|
|
|
server will be used to try to reach .onion addresses as well.
|
2014-11-27 18:09:11 +01:00
|
|
|
|
2020-08-01 15:10:26 +02:00
|
|
|
-onion=ip:port Set the proxy server to use for Tor onion services. You do not
|
2013-09-08 13:54:06 +02:00
|
|
|
need to set this if it's the same as -proxy. You can use -noonion
|
2020-08-01 15:10:26 +02:00
|
|
|
to explicitly disable access to onion services.
|
2014-11-27 18:09:11 +01:00
|
|
|
|
2013-06-16 12:29:23 +02:00
|
|
|
-listen When using -proxy, listening is disabled by default. If you want
|
2020-08-01 15:10:26 +02:00
|
|
|
to run an onion service (see next section), you'll need to enable
|
2013-06-16 12:29:23 +02:00
|
|
|
it explicitly.
|
2014-11-27 18:09:11 +01:00
|
|
|
|
2013-06-16 12:29:23 +02:00
|
|
|
-connect=X When behind a Tor proxy, you can specify .onion addresses instead
|
|
|
|
-addnode=X of IP addresses or hostnames in these parameters. It requires
|
|
|
|
-seednode=X SOCKS5. In Tor mode, such addresses can also be exchanged with
|
|
|
|
other P2P nodes.
|
|
|
|
|
2019-04-15 14:38:21 +02:00
|
|
|
-onlynet=onion Make outgoing connections only to .onion addresses. Incoming
|
|
|
|
connections are not affected by this option. This option can be
|
|
|
|
specified multiple times to allow multiple network types, e.g.
|
|
|
|
ipv4, ipv6, or onion.
|
2015-03-01 22:48:32 +01:00
|
|
|
|
|
|
|
An example how to start the client if the Tor proxy is running on local host on
|
|
|
|
port 9050 and only allows .onion nodes to connect:
|
|
|
|
|
2019-04-15 14:38:21 +02:00
|
|
|
./dashd -onion=127.0.0.1:9050 -onlynet=onion -listen=0 -addnode=ssapp53tmftyjmjb.onion
|
2015-03-01 22:48:32 +01:00
|
|
|
|
2013-06-16 12:29:23 +02:00
|
|
|
In a typical situation, this suffices to run behind a Tor proxy:
|
|
|
|
|
2015-03-19 15:15:08 +01:00
|
|
|
./dashd -proxy=127.0.0.1:9050
|
2013-06-16 12:29:23 +02:00
|
|
|
|
|
|
|
|
2020-05-12 01:32:38 +02:00
|
|
|
## 2. Run a Dash Core hidden server
|
2013-06-16 12:29:23 +02:00
|
|
|
|
|
|
|
If you configure your Tor system accordingly, it is possible to make your node also
|
|
|
|
reachable from the Tor network. Add these lines to your /etc/tor/torrc (or equivalent
|
2020-05-12 01:32:38 +02:00
|
|
|
config file): *Needed for Tor version 0.2.7.0 and older versions of Tor only. For newer
|
|
|
|
versions of Tor see [Section 4](#4-automatically-listen-on-tor).*
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2016-08-19 13:46:30 +02:00
|
|
|
HiddenServiceDir /var/lib/tor/dashcore-service/
|
2023-04-17 10:27:07 +02:00
|
|
|
HiddenServicePort 9999 127.0.0.1:9996
|
|
|
|
HiddenServicePort 19999 127.0.0.1:19996
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2023-04-17 10:27:07 +02:00
|
|
|
The directory can be different of course, but virtual port numbers should be equal to
|
|
|
|
your dashd's P2P listen port (9999 by default), and target addresses and ports
|
|
|
|
should be equal to binding address and port for inbound Tor connections (127.0.0.1:9996 by default).
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2016-07-29 07:30:19 +02:00
|
|
|
-externalip=X You can tell Dash Core about its publicly reachable address using
|
2013-06-16 12:29:23 +02:00
|
|
|
this option, and this can be a .onion address. Given the above
|
2018-08-02 16:22:47 +02:00
|
|
|
configuration, you can find your .onion address in
|
|
|
|
/var/lib/tor/dashcore-service/hostname. For connections
|
2013-06-16 12:29:23 +02:00
|
|
|
coming from unroutable addresses (such as 127.0.0.1, where the
|
2018-08-02 16:22:47 +02:00
|
|
|
Tor proxy typically runs), .onion addresses are given
|
|
|
|
preference for your node to advertise itself with.
|
2014-11-27 18:09:11 +01:00
|
|
|
|
2013-06-16 12:29:23 +02:00
|
|
|
-listen You'll need to enable listening for incoming connections, as this
|
|
|
|
is off by default behind a proxy.
|
2014-11-27 18:09:11 +01:00
|
|
|
|
2013-06-16 12:29:23 +02:00
|
|
|
-discover When -externalip is specified, no attempt is made to discover local
|
|
|
|
IPv4 or IPv6 addresses. If you want to run a dual stack, reachable
|
|
|
|
from both Tor and IPv4 (or IPv6), you'll need to either pass your
|
|
|
|
other addresses using -externalip, or explicitly enable -discover.
|
|
|
|
Note that both addresses of a dual-stack system may be easily
|
|
|
|
linkable using traffic analysis.
|
|
|
|
|
|
|
|
In a typical situation, where you're only reachable via Tor, this should suffice:
|
|
|
|
|
2015-03-19 15:15:08 +01:00
|
|
|
./dashd -proxy=127.0.0.1:9050 -externalip=ssapp53tmftyjmjb.onion -listen
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2018-08-02 16:22:47 +02:00
|
|
|
(obviously, replace the .onion address with your own). It should be noted that you still
|
2015-09-06 17:54:41 +02:00
|
|
|
listen on all devices and another node could establish a clearnet connection, when knowing
|
|
|
|
your address. To mitigate this, additionally bind the address of your Tor proxy:
|
|
|
|
|
2016-02-02 16:28:56 +01:00
|
|
|
./dashd ... -bind=127.0.0.1
|
2015-09-06 17:54:41 +02:00
|
|
|
|
|
|
|
If you don't care too much about hiding your node, and want to be reachable on IPv4
|
|
|
|
as well, use `discover` instead:
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2015-03-19 15:15:08 +01:00
|
|
|
./dashd ... -discover
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2022-02-26 13:19:13 +01:00
|
|
|
and open port 9999 on your firewall (or use port mapping, i.e., `-upnp` or `-natpmp`).
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2018-08-02 16:22:47 +02:00
|
|
|
If you only want to use Tor to reach .onion addresses, but not use it as a proxy
|
2013-06-16 12:29:23 +02:00
|
|
|
for normal IPv4/IPv6 communication, use:
|
|
|
|
|
2015-03-19 15:15:08 +01:00
|
|
|
./dashd -onion=127.0.0.1:9050 -externalip=ssapp53tmftyjmjb.onion -discover
|
2013-06-16 12:29:23 +02:00
|
|
|
|
2015-03-01 22:48:32 +01:00
|
|
|
|
2020-05-12 01:32:38 +02:00
|
|
|
## 3. List of known Dash Core Tor relays
|
2015-03-01 22:48:32 +01:00
|
|
|
|
2019-12-11 12:30:38 +01:00
|
|
|
Note: All these nodes are hosted by masternodehosting.com
|
|
|
|
|
|
|
|
* l7oq3v7ujau5tfrw.onion
|
|
|
|
* vsmegqxisccimsir.onion
|
|
|
|
* 4rbha5nrjso54l75.onion
|
|
|
|
* 3473226fvgoenztx.onion
|
|
|
|
* onn5v3aby2dioicx.onion
|
|
|
|
* w5n7s2p3mdq5yf2d.onion
|
|
|
|
* ec4qdvujskzasvrb.onion
|
|
|
|
* g5e4hvsecwri3inf.onion
|
|
|
|
* ys5upbdeotplam3y.onion
|
|
|
|
* fijy6aikzxfea54i.onion
|
2016-02-02 16:28:56 +01:00
|
|
|
|
2015-11-11 15:08:38 +01:00
|
|
|
|
2020-05-12 01:32:38 +02:00
|
|
|
## 4. Automatically listen on Tor
|
2015-11-11 15:08:38 +01:00
|
|
|
|
|
|
|
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
|
2020-08-01 15:10:26 +02:00
|
|
|
API, to create and destroy 'ephemeral' onion services programmatically.
|
2016-02-02 16:28:56 +01:00
|
|
|
Dash Core has been updated to make use of this.
|
2015-11-11 15:08:38 +01:00
|
|
|
|
2016-06-20 10:48:07 +02:00
|
|
|
This means that if Tor is running (and proper authentication has been configured),
|
2020-08-01 15:10:26 +02:00
|
|
|
Dash Core automatically creates a onion service to listen on. This will positively
|
2016-06-20 10:48:07 +02:00
|
|
|
affect the number of available .onion nodes.
|
2015-11-11 15:08:38 +01:00
|
|
|
|
2016-10-25 07:36:07 +02:00
|
|
|
This new feature is enabled by default if Dash Core is listening (`-listen`), and
|
|
|
|
requires a Tor connection to work. It can be explicitly disabled with `-listenonion=0`
|
|
|
|
and, if not disabled, configured using the `-torcontrol` and `-torpassword` settings.
|
|
|
|
To show verbose debugging information, pass `-debug=tor`.
|
2016-06-20 10:48:07 +02:00
|
|
|
|
2018-08-02 16:22:47 +02:00
|
|
|
Connecting to Tor's control socket API requires one of two authentication methods to be
|
2018-09-02 10:38:11 +02:00
|
|
|
configured. It also requires the control socket to be enabled, e.g. put `ControlPort 9051`
|
|
|
|
in `torrc` config file. For cookie authentication the user running dashd must have read
|
|
|
|
access to the `CookieAuthFile` specified in Tor configuration. In some cases this is
|
2020-08-01 15:10:26 +02:00
|
|
|
preconfigured and the creation of an onion service is automatic. If permission problems
|
2018-08-02 16:22:47 +02:00
|
|
|
are seen with `-debug=tor` they can be resolved by adding both the user running Tor and
|
|
|
|
the user running dashd to the same group and setting permissions appropriately. On
|
|
|
|
Debian-based systems the user running dashd can be added to the debian-tor group,
|
2019-09-13 04:43:26 +02:00
|
|
|
which has the appropriate permissions. Before starting dashd you will need to re-login
|
|
|
|
to allow debian-tor group to be applied. Otherwise you will see the following notice: "tor:
|
|
|
|
Authentication cookie /run/tor/control.authcookie could not be opened (check permissions)"
|
|
|
|
on debug.log.
|
2018-12-04 11:30:14 +01:00
|
|
|
|
|
|
|
An alternative authentication method is the use
|
|
|
|
of the `-torpassword=password` option. The `password` is the clear text form that
|
|
|
|
was used when generating the hashed password for the `HashedControlPassword` option
|
|
|
|
in the tor configuration file. The hashed password can be obtained with the command
|
|
|
|
`tor --hash-password password` (read the tor manual for more details).
|
2016-09-28 16:05:47 +02:00
|
|
|
|
2020-05-12 01:32:38 +02:00
|
|
|
## 5. Privacy recommendations
|
2016-09-28 16:05:47 +02:00
|
|
|
|
2020-08-01 15:10:26 +02:00
|
|
|
- Do not add anything but Dash Core ports to the onion service created in section 2.
|
|
|
|
If you run a web service too, create a new onion service for that.
|
|
|
|
Otherwise it is trivial to link them, which may reduce privacy. Onion
|
2016-09-28 16:05:47 +02:00
|
|
|
services created automatically (as in section 3) always have only one port
|
|
|
|
open.
|