diff --git a/AddingAnOnionService.md b/AddingAnOnionService.md new file mode 100644 index 0000000..758d1e6 --- /dev/null +++ b/AddingAnOnionService.md @@ -0,0 +1,57 @@ +# Serving an Onion Bootstrap node + +By design, Tox relies on a small number of BS nodes. As the network +is now, the number of nodes is very small, and all well known. So Tox +is vulnerable to being completely taken down by blocking a small +number of nodes. This is already happening in places like Iran. + +It would help if all the BS node operators could also run a Tor client +(not exit node), in addition to running their node. There are no risks +to the BS operator from running a Tor client (not exit node), and the +overhead in negligible. The onion server is a 127.0.0.1 service, so +cannot be seen by your ISP. The BS service is on the opennet anyway +so an onion is just another access method. So we get dozens of Tor +onion nodes running quickly, we could test out running Tox *in* Tor +using Hidden Services. If the Tox nodebase was improved to serve BS +nodes, it would be much more resilient. I'm assuming the adversaries +cannot block .onion addresses within Tor, which I think is a valid +assumption for now. + +There are [simple instructions](https://community.torproject.org/onion-services/setup/) +to get Tor up and running, and you can test it by setting you browser +to use the SOCKS proxy on ```127.0.0.1:9050```. + +Configure your boostrap server with an extra tcp_port that is not +listed publically in the nodes.json file. We will use 33446 as an example. + +In your ```/etc/tor/torrc`` or equivalent, you need to add 2 sections. + +The first is: +``` +VirtualAddrNetwork 10.192.0.0/10 +AutomapHostsOnResolve 1 +AutomapHostsSuffixes .exit,.onion +``` + +The second is: +``` +# Tox hidden service configuration. +HiddenServiceDir /var/lib/tor/tox-hsv3/ +HiddenServicePort 33446 127.0.0.1:33446 +``` +Replace 33446 with your real port number. + +The next time tor starts up, a new directory will be created in +```/var/lib/tor/tox-hsv3/``` and it will have a file called +```hostname```. Look in the file for the onion address to your site. +Now add the onion address followed by a colon and post it to the +[mailinglist](https://lists.tox.chat/pipermail/bootstrap/), +along with your node's public key. + +You can also add this pair to the onions slot in your entry in the +DHTnodes.json file. If there is not an onions slot, create one. + + +Details: +* https://git.plastiras.org/emdee/tox_profile/ToxAndTorInChinaAndIran +* https://community.torproject.org/onion-services/setup/ diff --git a/Home.md b/Home.md index 9e64f73..59a13dd 100644 --- a/Home.md +++ b/Home.md @@ -20,6 +20,8 @@ wrinkles in the concepts. ### Network Resilience * [[ToxNetworkResilience]] +* [[ToxAndTorInChinaAndIran]] +* [[AddingAnOnionService]] ### Security