>> (p.1)
    Author Topic: How-to Guide: Set-up Tor on Linux (Ubuntu) and connect Bitcoin  (Read 3099 times)

    • BitcoinFX (OP)
    Legendary
    *
    Offline Offline

    Activity: 2646
    Merit: 1723


    https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF


    View Profile WWW
    February 23, 2016, 09:04:16 PM
    Last edit: February 23, 2016, 09:18:16 PM by BitcoinFX
    Merited by ABCbits (4)
     #1
    How-to Guide: Set-up Tor on Linux (Ubuntu) and connect Bitcoin

    With the release of Bitcoin Core version 0.12.0

    - https://bt.irlbtc.com/view/1374377.0

    We see the following developments for using Bitcoin with Tor:

    Automatically use Tor hidden services
    -------------------------------------

    Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
    API, to create and destroy 'ephemeral' hidden services programmatically.
    Bitcoin Core has been updated to make use of this.

    This means that if Tor is running (and proper authorization is available),
    Bitcoin Core automatically creates a hidden service to listen on, without
    manual configuration. Bitcoin Core will also use Tor automatically to connect
    to other .onion nodes if the control socket can be successfully opened. This
    will positively affect the number of available .onion nodes and their usage.

    This new feature is enabled by default if Bitcoin Core is listening, and
    a connection to Tor can be made. It can be configured with the `-listenonion`,
    `-torcontrol` and `-torpassword` settings. To show verbose debugging
    information, pass `-debug=tor`.


    A good guide for how-to easily set-up Tor on Linux (Ubuntu) for use with Bitcoin seemed somewhat lacking, so here goes:

    (Part 1) - Install Tor with ARM Controller.

    Assuming that you already have SSH access to your server:

    Code:
    sudo apt-get update

    Code:
    sudo apt-get dist-upgrade

    Check that you have the following packages installed and/or install them:

    Code:
    sudo apt-get install nano screen ca-certificates openssl ntp ntpdate

    Check your time server offset:

    Code:
    ntpdate -q ntp.ubuntu.com

    Reboot here, if necessary.


    OK. Let's add the Tor official package repository to our sources list:

    Reference: https://www.torproject.org/docs/debian.html#ubuntu

    Code:
    echo 'deb http://deb.torproject.org/torproject.org trusty main' | sudo tee -aetc/apt/sources.list.d/torproject.list

    Import the key:

    Code:
    gpg --keyserver keyserver.ubuntu.com --recv 886DDD89

    or use: gpg --keyserver keys.gnupg.net --recv 886DDD89

    Now export the key:

    Code:
    gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

    Refresh our sources again and we should now see http:// deb. torproject. org being hit a bunch of times.

    Code:
    sudo apt-get update

    Install Tor:

    Code:
    sudo apt-get install tor

    Now Stop Tor, as we need to configure it properly:

    Code:
    sudo service tor stop

    The Tor Project provides a package to keep the signing key current, which is a good thing, so let's install it:

    Code:
    sudo apt-get install deb.torproject.org-keyring

    Install Tor GeoIP data base (might have already installed it):

    Code:
    sudo apt-get install tor-geoipdb

    Install Tor ARM controller:

    Code:
    sudo apt-get install tor-arm apparmor-utils

    Done.


    Next we need to configure how Tor will run. We do this by editing our torrc file.

    Code:
    sudo nanoetc/tor/torrc

    The most important lines in the torrc to add or uncomment (removing the #) for basic CLIENT only (i.e. non-bridge, non-relay, non-exit) Bitcoin operation through Tor are:

    Quote
    ClientOnly 1

    SOCKSPort 9050

    SOCKSPolicy accept 127.0.0.1/8

    Log notice filevar/log/tor/notices.log

    ControlPort 9051

    HiddenServiceStatistics 0

    ORPort 9001

    LongLivedPorts 8333

    ExitPolicy reject *:*

    DisableDebuggerAttachment 0

    See: https://www.torproject.org/docs/tor-manual.html

    - The above torrc config. connects us to the Tor network, as CLIENT only and ensures the SOCKS Port 9050 is accessible from our localhost (127.0.0.1:9050) for Bitcoin to connect through. N.B. This is also considered an optimal config. for hosting your own Bitcoin addnode=.onion Tor 'ephemeral' hidden_service.

    Navigate the torrc screen using your keyboard's arrow keys. When done, Save the torrc config. with:

    Quote
    ctrl + x


    Now we are ready to start Tor and the ARM controller using a separate screen session (which is very convenient when using a VPS).

    Start (restart) Tor:

    Code:
    sudo service tor restart

    Create a new screen session called tor:

    Code:
    screen -S tor

    Now start ARM within the new 'tor' screen session:

    Code:
    sudo -u debian-tor arm

    N.B. if 'sudo' won't run, then just use only > arm

    Success! Now Tor and ARM are running. You can navigate the ARM 'tabs' using the arrow keys on your keyboard.

    To exit ARM's screen session (although keep it running when you exit the VPS or continue to work in another screen) press:

    Quote
    ctrl + A + D

    To re-enter the running screen:

    Code:
    screen -r tor

    N.B. Use this command and not ' screen -S tor ' to check that Tor ARM are running when you next login to your VPS.
    You only need to use ' screen -S tor ' if you restarted the VPS or shut down the screen session.

    You can also use ARM to shut down Tor (closing ARM by pressing q q) , first using the menu tab m in ARM or simply just use:

    Code:
    sudo service tor stop


    N.B. Some VPS servers do not allow using the 'sudo' command as user, so simply omit any reference to 'sudo' in any line above if you encounter this issue.


    OK. Part 2 of this guide will look to cover:

    - Setting up and running bitcoind on your VPS

    - Running a 'dual stack' bitcoind i.e. on clearnet and though Tor.

    - Using 'ephemeral' hidden services as addnode=.onion's


    If this guide was useful for you please consider some 'tips donations' at http://StartOR.org - Cheers!
      
    "Bitcoin OG" 1JXFXUBGs2ZtEDAQMdZ3tkCKo38nT2XSEp | Bitcoin logo™ Enforcer? | Bitcoin is BTC | CSW is NOT Satoshi Nakamoto | I Mine BTC, LTC, ZEC, XMR and GAP | BTC on Tor addnodes Project | Media enquiries : Wu Ming | Enjoy The Money Machine | "You cannot compete with Open Source" and "Cryptography != Banana" | BSV and BCH are COUNTERFEIT.

  • BitcoinFX (OP)
    Legendary
    *
    Offline Offline

    Activity: 2646
    Merit: 1723


    https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF


    View Profile WWW
    February 23, 2016, 09:04:48 PM
     #2
    Part 2

    - Setting up and running bitcoind on your VPS

    - Running a 'dual stack' bitcoind i.e. on clearnet and though Tor.

    - Using 'ephemeral' hidden services as addnode=.onion's

    Available soon.
    "Bitcoin OG" 1JXFXUBGs2ZtEDAQMdZ3tkCKo38nT2XSEp | Bitcoin logo™ Enforcer? | Bitcoin is BTC | CSW is NOT Satoshi Nakamoto | I Mine BTC, LTC, ZEC, XMR and GAP | BTC on Tor addnodes Project | Media enquiries : Wu Ming | Enjoy The Money Machine | "You cannot compete with Open Source" and "Cryptography != Banana" | BSV and BCH are COUNTERFEIT.

  • BitcoinFX (OP)
    Legendary
    *
    Offline Offline

    Activity: 2646
    Merit: 1723


    https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF


    View Profile WWW
    February 24, 2016, 03:26:09 PM
    Merited by ABCbits (6)
     #3
    Additional set-up confg. and package (security) options - also presented for community discussion.

    haveged

    Set-up 'entropy' for your cloud servers using haveged - algorithm (HArdware Volatile Entropy Gathering and Expansion) ?!?

    Code:
    sudo apt-get install haveged

    Code:
    sudo nanoetc/default/haveged

    Check for:

    Quote
    DAEMON_ARGS="-w 1024"

    OK

    Check for start-up at boot:

    Code:
    update-rc.d haveged defaults

    Quote
    System start/stop links foretc/init.d/haveged already exist.


    - https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged

    - https://security.stackexchange.com/questions/34523/is-it-appropriate-to-use-haveged-as-a-source-of-entropy-on-virtual-machines

    ...

    Socks and DNS

    SOCKS DNS 'leaks' with Tor can still remain prevalent:

    - https://www.torproject.org/docs/faq.html.en#SocksAndDNS

    - https://www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks

    Using SafeSocks 1 in our torrc won't can't allow Bitcoin connectivity. So, without using any additional tools, how can we make this 'safer' ?

    Additional torrc settings:

    TorDNS

    "The Tor 0.2.x series provides a built-in DNS forwarder. To enable it add the following lines to the Tor configuration file and restart the daemon:"

    Code:
    sudo nanoetc/tor/torrc

    Quote
    DNSPort 9053
    AutomapHostsOnResolve 1
    AutomapHostsSuffixes .exit,.onion

    "This will allow Tor to accept DNS requests (listening on port 9053 in this example) like a regular DNS server, and resolve the domain via the Tor network. A downside is that it is only able to resolve DNS queries for A-records; MX and NS queries are never answered..."

    Using TorDNS for all DNS queries.

    "It is possible to configure your system, if so desired, to use TorDNS for all queries your system makes, regardless of whether or not you eventually use Tor to connect to your final destination. To do this, configure your system to use 127.0.0.1 as its DNS server and edit the 'DNSPort' line inetc/tor/torrc to show: "

    Quote
    DNSPort 53

    "Alternatively, you can use a local caching DNS server, such as dnsmasq or pdnsd, which will also compensate for TorDNS being a little slower than traditional DNS servers. The following instructions will show how to set up dnsmasq for this purpose.

    Change the tor setting to listen for the DNS request in port 9053 and install dnsmasq.

    Modify its configuration file so that it contains: "

    Code:
    sudo nanoetc/dnsmasq.conf

    Quote
    no-resolv
    server=127.0.0.1#9053
    listen-address=127.0.0.1

    "These configurations set dnsmasq to listen only for requests from the local computer, and to use TorDNS at its sole upstream provider. It is now neccessary to editetc/resolv.conf so that your system will query only the dnsmasq server. "

    Code:
    sudo nanoetc/resolv.conf

    Quote
    nameserver 127.0.0.1

    "Start the dnsmasq daemon.

    Finally if you use dhcpd you would need to change its settings to that it does not alter the resolv configuration file. Just add this line in the configuration file: "

    Code:
    sudo nanoetc/dhcpcd.conf

    Quote
    nohook resolv.conf

    "If you already have an nohook line, just add resolv.conf separated with a comma. "

    Quoted source: https://wiki.archlinux.org/index.php/Tor

    ...

    Tor torrc hidden_service options to consider for our addnode=.onion's

    Source: https://www.torproject.org/docs/tor-manual.html

    CLIENT OPTIONS:

    CloseHSClientCircuitsImmediatelyOnTimeout 0|1

       " If 1, Tor will close unfinished hidden service client circuits which have not moved closer to connecting to their destination hidden service when their internal state has not changed for the duration of the current circuit-build timeout. Otherwise, such circuits will be left open, in the hope that they will finish connecting to their destination hidden services. In either case, another set of introduction and rendezvous circuits for the same destination hidden service will be launched. (Default: 0) "

    CloseHSServiceRendCircuitsImmediatelyOnTimeout 0|1

       " If 1, Tor will close unfinished hidden-service-side rendezvous circuits after the current circuit-build timeout. Otherwise, such circuits will be left open, in the hope that they will finish connecting to their destinations. In either case, another rendezvous circuit for the same destination client will be launched. (Default: 0) "

    HIDDEN SERVICE OPTIONS:

    HiddenServiceMaxStreams N

      " The maximum number of simultaneous streams (connections) per rendezvous circuit. (Setting this to 0 will allow an unlimited number of simultanous streams.) (Default: 0) "

    HiddenServiceMaxStreamsCloseCircuit 0|1

       " If set to 1, then exceeding HiddenServiceMaxStreams will cause the offending rendezvous circuit to be torn down, as opposed to stream creation requests that exceed the limit being silently ignored. (Default: 0) "

    HiddenServiceNumIntroductionPoints NUM

       " Number of introduction points the hidden service will have. You can’t have more than 10. (Default: 3) "

    ...
      
    "Bitcoin OG" 1JXFXUBGs2ZtEDAQMdZ3tkCKo38nT2XSEp | Bitcoin logo™ Enforcer? | Bitcoin is BTC | CSW is NOT Satoshi Nakamoto | I Mine BTC, LTC, ZEC, XMR and GAP | BTC on Tor addnodes Project | Media enquiries : Wu Ming | Enjoy The Money Machine | "You cannot compete with Open Source" and "Cryptography != Banana" | BSV and BCH are COUNTERFEIT.

  • BitcoinFX (OP)
    Legendary
    *
    Offline Offline

    Activity: 2646
    Merit: 1723


    https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF


    View Profile WWW
    February 28, 2016, 11:50:25 AM
     #4
    Optimized sysctl.conf - gbit interface.

    Sources and references:

    - https://www.torservers.net/wiki/setup/server + ( lots of other useful info. )

    - https://www.mail-archive.com/or-talk@freehaven.net/msg14159.html

    Code:
    sudo nanoetc/sysctl.conf

    Quote
    # used on high bandwidth nodes (gbit interface)

    # disabling forwarding first as this will
    # reset some other values back to default (!)
    net.ipv4.ip_forward = 0
    net.ipv4.tcp_syncookies = 1
    #net.ipv4.tcp_synack_retries = 2
    #net.ipv4.tcp_syn_retries = 2
        
    net.ipv4.conf.default.forwarding = 0
    net.ipv4.conf.default.proxy_arp = 0
    net.ipv4.conf.default.send_redirects = 1
    net.ipv4.conf.all.rp_filter = 0
    net.ipv4.conf.all.send_redirects = 0

    kernel.sysrq = 1
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.icmp_ignore_bogus_error_responses = 1

    # optimizations
    net.core.rmem_max = 33554432
    net.core.wmem_max = 33554432
    net.ipv4.tcp_rmem = 4096 87380 33554432
    net.ipv4.tcp_wmem = 4096 65536 33554432  
    net.core.netdev_max_backlog = 262144
    net.ipv4.tcp_no_metrics_save = 1
    net.ipv4.tcp_moderate_rcvbuf = 1
    net.ipv4.tcp_tw_recycle = 1
    net.ipv4.tcp_max_orphans = 262144
    net.ipv4.tcp_max_syn_backlog = 262144
    net.ipv4.tcp_fin_timeout = 4
    vm.min_free_kbytes = 65536
    net.ipv4.netfilter.ip_conntrack_max = 196608
    net.netfilter.nf_conntrack_tcp_timeout_established = 7200
    net.netfilter.nf_conntrack_checksum = 0
    net.netfilter.nf_conntrack_max = 196608
    net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 15
    net.nf_conntrack_max = 196608
    net.ipv4.tcp_keepalive_time = 60
    net.ipv4.tcp_keepalive_intvl = 10
    net.ipv4.tcp_keepalive_probes = 3
    net.ipv4.ip_local_port_range = 1025 65530
    net.core.somaxconn = 20480
    net.ipv4.tcp_max_tw_buckets = 2000000
    net.ipv4.tcp_timestamps = 0
     
    reboot restart
    "Bitcoin OG" 1JXFXUBGs2ZtEDAQMdZ3tkCKo38nT2XSEp | Bitcoin logo™ Enforcer? | Bitcoin is BTC | CSW is NOT Satoshi Nakamoto | I Mine BTC, LTC, ZEC, XMR and GAP | BTC on Tor addnodes Project | Media enquiries : Wu Ming | Enjoy The Money Machine | "You cannot compete with Open Source" and "Cryptography != Banana" | BSV and BCH are COUNTERFEIT.

  • BitcoinFX (OP)
    Legendary
    *
    Offline Offline

    Activity: 2646
    Merit: 1723


    https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF


    View Profile WWW
    February 28, 2016, 12:19:21 PM
    Last edit: March 01, 2016, 06:13:09 PM by BitcoinFX
    Merited by ABCbits (4)
     #5
    Set-up Fail2ban - an intrusion prevention framework.

    Reference: https://help.ubuntu.com/community/Fail2ban

    Install:

    Code:
    sudo apt-get install fail2ban

    Configuration:

    To configure fail2ban, make a 'local' copy of the jail.conf file inetc/fail2ban

    Code:
    cdetc/fail2ban

    Code:
    sudo cp jail.conf jail.local

    Now edit the file:

    Code:
    sudo nano jail.local

    Set the IPs you want fail2ban to ignore, the ban time (in seconds) and maximum number of user attempts to your liking:


    Quote
    [DEFAULT]

    # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
    # ban a host which matches an address in this list. Several addresses can be
    # defined using space separator.
    ignoreip = 127.0.0.1/8

    # "bantime" is the number of seconds that a host is banned.
    bantime  = 3600

    # A host is banned if it has generated "maxretry" during the last "findtime"
    # seconds.
    findtime = 600
    maxretry = 3

    Add your VPS IP address, gateway and DNS hosts to ignoreip =

    You can find this information from;

    Quote
    sudo nanoetc/resolv.conf

    and/or

    Quote
    sudo nanoetc/network/interfaces

    N.B. It's best to check that info. before you install set-up Fail2ban.

    bantime  =

    86400 for 24 hours

    172800 for 48 hours

    604800 for 7 days etc.

    Scroll down and also edit:

    Quote
    [ssh]

    enabled  = true
    port  = ssh
    filter = sshd
    logpath =var/log/auth.log
    maxretry = 3

    [dropbear]

    enabled = true
    port  = ssh
    filter = dropbear
    logpath  =var/log/auth.log
    maxretry = 3

    [ssh-ddos]

    enabled  = true
    port = ssh
    filter = sshd-ddos
    logpath =var/log/auth.log
    maxretry = 3

    N.B. If you run a web server etc., on the same server then you might want to review additional protection settings available in Fail2ban.

    Save using;

    Quote
    ctrl + x

    Code:
    cd

    Once done, restart fail2ban to put those settings into effect;

    Code:
    sudoetc/init.d/fail2ban restart

    Check list iptables for Fail2ban blocks activity with;

    Code:
    sudo iptables -L

    ~ Now be astonished at the number of brute-force blocks from automated (or otherwise) hacking attempts against your VPS instance !!!

      
    "Bitcoin OG" 1JXFXUBGs2ZtEDAQMdZ3tkCKo38nT2XSEp | Bitcoin logo™ Enforcer? | Bitcoin is BTC | CSW is NOT Satoshi Nakamoto | I Mine BTC, LTC, ZEC, XMR and GAP | BTC on Tor addnodes Project | Media enquiries : Wu Ming | Enjoy The Money Machine | "You cannot compete with Open Source" and "Cryptography != Banana" | BSV and BCH are COUNTERFEIT.

  • BitcoinFX (OP)
    Legendary
    *
    Offline Offline

    Activity: 2646
    Merit: 1723


    https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF


    View Profile WWW
    February 28, 2016, 02:09:27 PM
    Last edit: February 28, 2016, 02:20:25 PM by BitcoinFX
    Merited by ABCbits (5)
     #6
    iptables (strict) Linux VPS firewall rules:

    Reference: https://help.ubuntu.com/community/IptablesHowTo

    Code:
    sudo iptables -A INPUT -i lo -j ACCEPT
    // Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0


    Code:
    sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
    // "We can allow established sessions to receive traffic:"

    or

    // "If the line above doesn't work, you may be on a castrated VPS whose provider has not made available the extension, in which case an inferior version can be used as last resort: "
    Quote
    sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    N.B. It's probably best to avoid using conntrack if your running a Tor .exit node.

    Code:
    sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    // Accept incoming port 22 for SSH VPS login. Change this to your own non-standard SSH port if required.

    Code:
    sudo iptables -A INPUT -p tcp --dport 43 -j ACCEPT
    // Accept port 43 for WHOIS protocol Fail2ban look-ups.

    Code:
    sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    Code:
    sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
    // Accept port 53 for DNS.

    Code:
    sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    // Optionally. Accept port 80 for your http web server or Tor DirPort (alternate port 9030).

    Code:
    sudo iptables -A INPUT -p udp --dport 123 -j ACCEPT
    // Accept port 123 UDP for Network Time Protocol (NTP), used for time synchronization.

    Code:
    sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    // Optionally. Accept port 443 for your https web server or Tor ORPort (alternate port 9001).

    Code:
    sudo iptables -A INPUT -p tcp --dport 8332 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
    // Restrict Bitcoin RPC port 8332 to only accept localhost source and destination traffic.

    Code:
    sudo iptables -A INPUT -p tcp --dport 8333 -j ACCEPT
    // Accept port 8333 for Bitcoin incoming connections.

    Code:
    sudo iptables -A INPUT -p tcp --dport 9050 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
    // Restrict Tor SOCKS Port 9050 to only accept localhost source and destination traffic.

    Code:
    sudo iptables -A INPUT -p tcp --dport 9051 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
    // Restrict Tor Control Port 9051 to only accept localhost source and destination traffic.

    N.B. Consider other ports you might need to accept here i.e. for TorDNS, VNC server access, git clone, key servers etc.,

    // Allow several ICMP types
    - http://www.oregontechsupport.com/articles/icmp.txt

    Code:
    sudo iptables -A INPUT -p icmp -m icmp --icmp-type host-unreachable -j ACCEPT
    Code:
    sudo iptables -A INPUT -p icmp -m icmp --icmp-type port-unreachable -j ACCEPT
    Code:
    sudo iptables -A INPUT -p icmp -m icmp --icmp-type fragmentation-needed -j ACCEPT
    Code:
    sudo iptables -A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
    Code:
    sudo iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 2/s -j ACCEPT
    Code:
    sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

    // Drop non-established TCP
    Code:
    sudo iptables -A INPUT -p tcp --syn -j DROP

    // Optionally. Drop everything else !!!
    Code:
    sudo iptables -A INPUT -j DROP

    N.B. Some Tor node operators (pool operators?) might prefer to avoid conntrack and still allow all UDP traffic etc.,

    // Allow outgoing connections
    Code:
    sudo iptables -A OUTPUT -o lo -j ACCEPT

    ...

    Now save your iptables firewall config. with:

    Code:
    sh -c "iptables-save -c >etc/iptables.rules"
    // sudo sh (if required)

    Reload your (saved) iptables firewall rules after a server restart with;

    Code:
    sh -c "iptables-restore -c <etc/iptables.rules"
    // sudo sh (if required)

    // and it's probably best to restart Fail2ban (if we have installed it, see above post)
    Code:
    sudoetc/init.d/fail2ban restart


    // list your iptables with:
    Code:
    sudo iptables -L


    N.B. No firewall solution is perfect, although this example iptables firewall + Fail2ban is a fairly solid solution, which is certainly more effective than having no firewall in place whatsoever.
      
    "Bitcoin OG" 1JXFXUBGs2ZtEDAQMdZ3tkCKo38nT2XSEp | Bitcoin logo™ Enforcer? | Bitcoin is BTC | CSW is NOT Satoshi Nakamoto | I Mine BTC, LTC, ZEC, XMR and GAP | BTC on Tor addnodes Project | Media enquiries : Wu Ming | Enjoy The Money Machine | "You cannot compete with Open Source" and "Cryptography != Banana" | BSV and BCH are COUNTERFEIT.

  • jonnybravo0311
    Legendary
    *
    Offline Offline

    Activity: 1344
    Merit: 1024


    Mine at Jonny's Pool


    View Profile WWW
    February 29, 2016, 09:04:21 PM
     #7
    Have you been able to get tor working with 0.12?  I can get it working fine if I use HashedControlPassword and pass the -torpassword parameter (or put it in bitcoin.conf).  However, I cannot get it to properly authenticate using CookieAuthentication (which is enabled by default when you install tor).  I keep getting errors thrown at me about not being able to read the cookie file.

    Of course, it makes sense since the cookie file (again default installation of tor) gets dropped intovar/run/tor/control.authcookie and file permissions are 640 with owner/group as debian-tor.  The bitcoin core process can't read from there.

    I mean I could change the defaults file to be my bitcoin user, change the location of the cookie file to one the core process can read, etc... or I could just turn off authentication altogether, which should work just fine Tongue

    Thanks for the inputs Smiley
    Jonny's Pool - Mine with us and help us grow!  Support a pool that supports Bitcoin, not a hardware manufacturer's pockets!  No SPV cheats.  No empty blocks.
    Pages: [1]
      Print  
Page 1
Viewing Page: 1

IRLBTC™ © 2025 IRLBTC.com