Dash / Darkcoin Tor Relay

elan

Member
Last edited by a moderator:
Mirror of darkcoin tor docs in onion land: http://darkcoinie7ghp67.onion/tor.txt
Source: https://raw.githubusercontent.com/darkcoin/darkcoin/master/doc/tor.md

Code:
TOR SUPPORT IN DARKCOIN
=======================

It is possible to run Darkcoin as a Tor hidden service, and connect to such services.

The following directions assume you have a Tor proxy running on port 9050. Many
distributions default to having a SOCKS proxy listening on port 9050, but others
may not. In particular, the Tor Browser Bundle defaults to listening on a random
port. See [Tor Project FAQ:TBBSocksPort](https://www.torproject.org/docs/faq.html.en#TBBSocksPort)
for how to properly configure Tor.


1. Run darkcoin behind a Tor proxy
----------------------------------

The first step is running Darkcoin behind a Tor proxy. This will already make all
outgoing connections be anonymized, but more is possible.

   -socks=5  SOCKS5 supports connecting-to-hostname, which can be used instead
    of doing a (leaking) local DNS lookup. SOCKS5 is the default,
    but SOCKS4 does not support this. (SOCKS4a does, but isn't
    implemented).

   -proxy=ip:port  Set the proxy server. If SOCKS5 is selected (default), this proxy
    server will be used to try to reach .onion addresses as well.

   -onion=ip:port  Set the proxy server to use for tor hidden services. You do not
    need to set this if it's the same as -proxy. You can use -noonion
    to explicitly disable access to hidden service.

   -listen  When using -proxy, listening is disabled by default. If you want
    to run a hidden service (see next section), you'll need to enable
    it explicitly.

   -connect=X  When behind a Tor proxy, you can specify .onion addresses instead
   -addnode=X  of IP addresses or hostnames in these parameters. It requires
   -seednode=X  SOCKS5. In Tor mode, such addresses can also be exchanged with
    other P2P nodes.

   -onlynet=tor  Only connect to .onion nodes and drop IPv4/6 connections.

An example how to start the client if the Tor proxy is running on local host on
port 9050 and only allows .onion nodes to connect:

   ./darkcoind -onion=127.0.0.1:9050 -onlynet=tor -listen=0 -addnode=ssapp53tmftyjmjb.onion

In a typical situation, this suffices to run behind a Tor proxy:

   ./darkcoind -proxy=127.0.0.1:9050


2. Run a darkcoin hidden server
-------------------------------

If you configure your Tor system accordingly, it is possible to make your node also
reachable from the Tor network. Add these lines to your /etc/tor/torrc (or equivalent
config file):

   HiddenServiceDir /var/lib/tor/darkcoin-service/
   HiddenServicePort 9999 127.0.0.1:9999
   HiddenServicePort 19999 127.0.0.1:19999

The directory can be different of course, but (both) port numbers should be equal to
your darkcoind's P2P listen port (9999 by default).

   -externalip=X  You can tell darkcoin about its publicly reachable address using
    this option, and this can be a .onion address. Given the above
    configuration, you can find your onion address in
    /var/lib/tor/darkcoin-service/hostname. Onion addresses are given
    preference for your node to advertize itself with, for connections
    coming from unroutable addresses (such as 127.0.0.1, where the
    Tor proxy typically runs).

   -listen  You'll need to enable listening for incoming connections, as this
    is off by default behind a proxy.

   -discover  When -externalip is specified, no attempt is made to discover local
    IPv4 or IPv6 addresses. If you want to run a dual stack, reachable
    from both Tor and IPv4 (or IPv6), you'll need to either pass your
    other addresses using -externalip, or explicitly enable -discover.
    Note that both addresses of a dual-stack system may be easily
    linkable using traffic analysis.

In a typical situation, where you're only reachable via Tor, this should suffice:

   ./darkcoind -proxy=127.0.0.1:9050 -externalip=ssapp53tmftyjmjb.onion -listen

(obviously, replace the Onion address with your own). If you don't care too much
about hiding your node, and want to be reachable on IPv4 as well, additionally
specify:

   ./darkcoind ... -discover

and open port 9999 on your firewall (or use -upnp).

If you only want to use Tor to reach onion addresses, but not use it as a proxy
for normal IPv4/IPv6 communication, use:

   ./darkcoind -onion=127.0.0.1:9050 -externalip=ssapp53tmftyjmjb.onion -discover


3. List of known darkcoin Tor relays
------------------------------------

* [darkcoinie7ghp67.onion](http://darkcoinie7ghp67.onion/)
* [drktalkwaybgxnoq.onion](http://drktalkwaybgxnoq.onion/)
* [ssapp53tmftyjmjb.onion](http://ssapp53tmftyjmjb.onion/)

http://darkcoinie7ghp67.onion/
 
It now lists the recently connected peers, so we get a a list of nodes over time.

Code:
Recent peers
  -addnode=darkcoinie7ghp67.onion
  -addnode=ssapp53tmftyjmjb.onion
  -addnode=drkcoinooditvool.onion
  -addnode=j2dfl3cwxyxpbc7s.onion
  -addnode=darkcoxbtzggpmcc.onion
  -addnode=vf6d2mxpuhh2cbxt.onion

http://darkcoinie7ghp67.onion/
 
I am also sponsoring a node at drktor3ptxfon444.onion Enjoy!
Cool, just noticed. My auto-updating script seems to work!

Code:
Recent peers
-addnode=darkcoinie7ghp67.onion
-addnode=ssapp53tmftyjmjb.onion
-addnode=drkcoinooditvool.onion
-addnode=j2dfl3cwxyxpbc7s.onion
-addnode=drktor3ptxfon444.onion
-addnode=darkcoxbtzggpmcc.onion
-addnode=vf6d2mxpuhh2cbxt.onion

I couldnt figure out how to query peers.dat though. I'm taking them from the debug.log.
getpeerinfo only lists the peers as 127.0.0.1:44263 (through the Tor proxy).
 
I couldnt figure out how to query peers.dat though. I'm taking them from the debug.log.
getpeerinfo only lists the peers as 127.0.0.1:44263 (through the Tor proxy).

That is normal behavior. All IP's on Hidden services are 127.0.0.1.
 
yes but some report an externalip like drktor3ptxfon444.onion which is not always visible in getpeerinfo but only in the debug logs.

Yea, because most likely the IP address on "getpeerinfo" is captured by looking at the endpoint of a connected socket which in all cases using Tor hidden service will be 127.0.0.1.
 
I can't tell. All displaying localhost.
Yea. That's the whole point of a Tor hidden service. In blockchain, it will also say "Relayed by 127.0.0.1". If you were not using a hidden service, it would display the exit-node IP address.

Hidden services are about twice as anonymous (6 nodes) as normal clearnet browsing(3 nodes). To deanonymize a hidden service using traffic confirmation attacks you need to control 4 nodes instead of 2. You could also run Tor through Tor which would make it a living nightmare for an interested party. Running Tor through a bridge is also a good idea.

Hidden services also offer better security than SSL.

Paranoid people should run their hidden service behind a VPN and connect to the VPN through Tor.
 
eduffield We need GUI for the Tor stuff in Darkcoin-QT. Does the Darkcoin-QT support the arguments needed for Tor or is it only for darkcoind? There also should be some warnings that without Tor being installed Darkcoin won't be able to talk to Tor nodes.
 
eduffield We need GUI for the Tor stuff in Darkcoin-QT. Does the Darkcoin-QT support the arguments needed for Tor or is it only for darkcoind? There also should be some warnings that without Tor being installed Darkcoin won't be able to talk to Tor nodes.

Actually the functionality to use TOR with Darkcoin-QT is already in the client. All you need to do is download the TOR Browser Bundle (https://www.torproject.org) and install and run. Under the Network section of the Darkcoin-QT settings make sure you are using the proxy 127.0.0.1 port 9150 and voila! you are using TOR with Darkcoin-QT!

There is a great set of documents on how to set up TOR in the thread https://darkcointalk.org/threads/overview-tor-guides-for-darkcoin.4227/
 
Actually the functionality to use TOR with Darkcoin-QT is already in the client. All you need to do is download the TOR Browser Bundle (https://www.torproject.org) and install and run. Under the Network section of the Darkcoin-QT settings make sure you are using the proxy 127.0.0.1 port 9150 and voila! you are using TOR with Darkcoin-QT!

You are partially wrong. This should enable communication with Tor-nodes however you cannot become a full tor-node just by enabling proxy in Darkcoin-qt. We need another field where to enter the hidden service address.

Edit: I think some users would like to use Tor only when they really have to(when communicating with Tor-only nodes) so this option would be great too.
 
You are partially wrong. This should enable communication with Tor-nodes however you cannot become a full tor-node just by enabling proxy in Darkcoin-qt. We need another field where to enter the hidden service address.

That issue is fully discussed in the link I posted to the thread on setting up TOR. I was just giving you a starting point. I set up my darkcoin.conf file with the various "addnode" addresses and other config options so that my client only connects to the .onion addresses.
 
That issue is fully discussed in the link I posted to the thread on setting up TOR. I was just giving you a starting point. I set up my darkcoin.conf file with the various "addnode" addresses and other config options so that my client only connects to the .onion addresses.

This has nothing to do with what I said. You're still talking about communication with Tor nodes but I presented the problem when you can't become a Tor-node with using GUI-only.
 
Back
Top